9.5.0

Official announcement / Annonce officielle / Anuncio oficial

Major features:

• Marketplace,
• Impact and relationship management,
• Dashboards,
• Follow-up templates,
• Kanban for projects,
• Timezones,
• Impersonate,
• Password security policy,
• and more!

See changelog for details.

9.5.0-rc2

Second look at GLPI 9.5

Following the publishing of the Release Candidate of GLPI version 9.5 15 days ago, you have reported a number of small issues that have been fixed, including:

• Planning display was broken,
• The warning about missing dependencies during installation or update was absent,
• Inability to register to access the marketplace,
• Missing translations,
• and others

Today, we are releasing new RC version for you to test the improvements.

Unless a major problem is detected, the next version will be the final stable release.

How can you help us ?

Download the rc archive, test the migration and the new features (you may also test the existing ones) and report us the issues you encounter on the bug tracker (tag it as [RC feedback]).

Translators, please, add missing sentences for your language on transifex.

9.5.0-rc1

First look at GLPI 9.5

In some weeks we will launch the new major version of GLPI: 9.5.
A lot of new features will be available, here is a short list:

• New marketplace for plugins.
• Impacts and dependencies vizualisation for assets.
• New graphical and customizable dashboards.
• New canned responses for follow-up form.
• Support for field templates for Problems and Changes.
• Kanban board for project management.
• Enhanced planning view and a new full caldav server.
• Timezones support.
• Impersonate function for super-admins.
• Various improvements in UI and UX.

Consult the full changelog for a more complete list.

Please note, we dropped Kerberos support in mail collector setup as we needed to move to another library for mail support that does not provide this option. Please contact us if it's an issue for you.

Today, we release a release candidate archive for this version.

How can you help us ?

Download the rc archive, test the migration and the new features (you may also test the existing ones) and report us the issues you encounter on the bug tracker (tag it as [RC feedback]).

Translators, please, add missing sentences for your language on transifex.

9.4.6

This is a security release, upgrading is highly recommended

Non exhaustive list of changes:

• (security) Prevent execution of SQL injection while assigning a technician,
• (security) Permit to change key used to store passwords,
• (security) Improve CSRF token,
• (security) Fix several possible XSS,
• (security) Fix a few possible SQL injections,
• Fix SCSS caching issues,
• Fix inline images handling on item update,
• Fix PHP 7.4 compatibility,
• Connect to database using socket,
• and more!

See changelog for details.

9.4.5

Non exhaustive list of changes:

• add link PDU on tickets,
• fix several issues on search queries,
• fix LDAP group import,
• fix linking on ITIL objects depending on status
• fix case issues synchronizing Active Directoy emails
• and more!

See changelog for details.

9.4.4

This is a security release, upgrading is highly recommended

Non exhaustive list of changes:

• [security] Prevent account takeover vulnerability ,
• [security] Prevent execution of XSS on rich text,
• fix cache key lenght issues,
• fix user picture removal at login,
• several fixes on recurring tickets,
• fix some transfer errors related to entities among others,
• and more!

See changelog for details.

9.4.3

This is a security release, upgrading is highly recommended

Non exhaustive list of changes:

• [security] Prevent execution of XSS on rich text,
• [security] Prevent xss attack on user picture,
• Fix performance issues when using entities,
• New “Prevent take into account” action on tickets business rules,
• New “Status” criterion on tickets business rules,
• Change and problem tasks can now be marked as private,
• and more!

See changelog for details.

9.4.2

This is a security release, upgrading is highly recommended

Non exhaustive list of changes:

• [security] Prevent external redirections
• Fix some performances issues
• Fix various issues on plugins loading (cache conflict, bad locales)
• Fix display of documents in tickets
• Fix display of user's pictures
• Fix lost of some relations and sql errors when transferring items
• Feature: add Historical tab on config page
• And many more!

See changelog for details.

9.3.4

This is a security release, upgrading is highly recommended

Non exhaustive list of changes:

• [security] Bad chevrons rendering on dropdowns (#5468)
• [security] Iframe and forms are rendered in rich text contents (#5519)
• [security] Type juggling authentication bypass (#5520)
• [security] Malicious images upload (#5580)
• [security] Password token date was not reset (#5577)
• [security] Prevent timed attack and enforce cookie security (#5562)
• [security] Prevent external redirections
• And more!

9.4.1 (9.4.1.1)

This is a security release, upgrading is hightly recommended

Non exhaustive list of changes:

• [security] Bad chevrons rendering on dropdowns (#5468)
• [security] Iframe and forms are rendered in rich text contents (#5519)
• [security] Type juggling authentication bypass (#5520)
• [security] Malicious images upload (#5580)
• [security] Password token date was not reset (#5577)
• [security] Prevent timed attack and enforce cookie security (#5562)
• Search on dropdowns now displays fuzzy matches (#5149)
• All components were deleted when permanently deleting a computer (#5459)
• Unable to display network ports (#5460, #5461)
• Preferences not applied (#5372)
• Unable to use “forgotten password” feature (#5386)
• And many more!

You may notice displayed and archive versions are 9.4.1.1; this is because we've decided to integrate two more fixes we found after release has been prepared!

See changelog and minor changelog for details.