25 January 2023
GLPI version 10.0.6 is now available (security release).
Upgrading to GLPI 10.0.6
GLPI 10.0.6 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply GLPI updates as new versions are released, or use Installatron's Clone feature to duplicate an existing GLPI install to test the 10.0.6 upgrade prior to applying it live. Get started managing your GLPI installations with Installatron
What's New in GLPI 10.0.6
- Unauthorized access to inventory files (CVE-2023-22500)
- XSS on browse views (CVE-2023-22722)
- XSS on external links (CVE-2023-22725)
- XSS in RSS Description Link (CVE-2023-22724)
- Unauthorized access to data export (CVE-2023-23610)
- Stored XSS inside Standard Interface Help Link href attribute (CVE-2022-41941)
Bug Fixes and Changes
- Unmanaged devices can be handled like a real asset.
- Handle more actions for stale inventory agents.
- Added new dictionnary rules for OS.
- Removed glpi: prefix on console commands.
- PHP 8.2 support.
- Many fixes and improvements on native inventory.
- Reservation display on self-service profile.
- Mail collector issues with emails sent from Outlook.
- Dashboard issues on “All” tab.
- Ticket input is restored when submitted form is not complete.
- Notification was not sent when ticket status was set to “pending”.