GLPI 10.0.5
8 November 2022
GLPI version 10.0.5 is now available (security release).
Upgrading to GLPI 10.0.5
GLPI 10.0.5 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply GLPI updates as new versions are released, or use Installatron's Clone feature to duplicate an existing GLPI install to test the 10.0.5 upgrade prior to applying it live. Get started managing your GLPI installations with Installatron
What's New in GLPI 10.0.5
10.0.5
Bug Fixes
- The user is logged out when he tries to switch to another entity.
10.0.4
Security
- Blind SSRF in RSS feeds and planning (CVE-2022-39276)
- Stored XSS in user information (CVE-2022-39372)
- Stored XSS in entity name (CVE-2022-39373)
- Improper input validation on emails links (CVE-2022-39376)
- Improper access to debug panel (CVE-2022-39370)
- User’s session persist after permanently deleting his account (CVE-2022-39234)
- Stored XSS on login page (CVE-2022-39262)
- XSS in external links (CVE-2022-39277)
- XSS through public RSS feed (CVE-2022-39375)
- SQL Injection on REST API (CVE-2022-39323)
- Stored XSS through asset inventory (CVE-2022-39371)
Bug Fixes and Changes
- Increase significantly dashboards performance
- Several bugs on images pasting
- Fixed and improved inventory locks management
- Display of printer cartridges
- Display and hide actors tooltips in tickets
- Improve display of headers above forms
- Move breakpoints on responsive displays
- Inventory API is now disabled by default
- Dedicated rights has been added for inventory