GLPI 10.0.9
12 July 2023
GLPI version 10.0.9 is now available (security release).
Upgrading to GLPI 10.0.9
GLPI 10.0.9 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply GLPI updates as new versions are released, or use Installatron's Clone feature to duplicate an existing GLPI install to test the 10.0.9 upgrade prior to applying it live. Get started managing your GLPI installations with Installatron
What's New in GLPI 10.0.9
This release fixes several security issues that have been recently discovered. Update is recommended!
10.0.9
Unspecified changes.
10.0.8
Security
- SQL injection via inventory agent request (CVE-2023-35924).
- SQL injection through Computer Virtual Machine information (CVE-2023-36808).
- Unauthorized access to Dashboard data (CVE-2023-35939).
- Unauthenticated access to Dashboard data (CVE-2023-35940).
- Reflected XSS in search pages (CVE-2023-34244).
- Unauthorized access to knowledge base items (CVE-2023-34107).
- Unauthorized access to user data (CVE-2023-34106).
Bug Fixes and Changes
- Improve mail grouping (#14296)
- Add deleted status in item’s header (#14382)
- Add option to control the display of dropdowns labels (#14472)
- Permits to check DB schema from GLPI versions >= 0.80 (#14666)
- Improve performance of plugins init (#14511)
- Improve performance of kanban views (#14525, #14599, #14764)
- Ldap issues with PHP versions >= 8.1 (#14561)
- SLA waiting time duration (#14937)
- Notification encoding for MS Outlook (#14959)
- A lot of fixes in native inventory