Releases: grokability/snipe-it
v8.3.6
Caution
For some reason, Github's built-in redirect from snipe/snipe-it to grokability/snipe-it has stopped working. If you're trying to upgrade or pull and you get a "not found" response or a login prompt from Github, do the following to set your origin to the correct Github URL:
git remote remove origin
git remote add origin https://github.com/grokability/snipe-it
git fetch --all git reset --hard origin/masterHappy Monday! Snipe-IT v8.3.6 is out! We've made some improvements to the Unaccepted Items report, added file uploads to suppliers, and also added color tags to Locations, Companies, Departments, Suppliers, Categories, and Manufacturers. (Check out the docs here.) The new tag_color field is also available via the API for the affected object types.
We're also now sending an additional email header (X-System-Sender: Snipe-IT) for all notifications. This wouldn't affect anything related to notifications other than it allows clever folks to potentially apply filters on emails going to their inbox that have that header.
Additionally, if you have quite a lot of users and were unable to get the groups page to load in between v8.3.5 and v.8.3.6, that issue should be fixed. (It's a long, boring story related to default settings for max_input_vars and max_multipart_body_parts.) If you're still having problems, set your MAX_UNPAGINATED in your .env to something under 5000.
We know this isn't ideal, since being able to add users to from the groups page was a great new feature, but for users with very large user sets, this was a bit of a dealbreaker. Don't worry - we're working on figuring out a way that makes sense from a UX perspective. (For example, "select all users" when the user list is paginated would take a very long time, since you'd have to select them all individually.)
API changes
- Added
tag_colorto Locations, Companies, Departments, Suppliers, Categories, and Manufacturers - If you were incorrectly passing the
filterparameter to the Assets or Users endpoints (for example,/api/v1/users?filter=email:[email protected]), it would previously 500. It now returns a validation error, as that endpoint is looking for JSON (for example/api/v1/users?filter={"email":"[email protected]"}.)
What's Changed
- Fixed #15664 - Adds Accessories, Components, Consumables, and Licenses to Unaccepted Assets report by @Godmartinz in #17913
- Actiontype enum redux by @uberbrady in #18141
- Fixed #12451 - Add file upload support to suppliers, changed notes field to text (from varchar) by @snipe in #18177
- Fixes #18138 - Fixed redirect to Previous Page from accessories edit screen by @Godmartinz in #18164
- Improved overdue checkin alert by @snipe in #18190
- Set a limit on number of users for group user loading by @snipe in #18191
- Fixes CVE-2025-64500: Incorrect parsing of PATH_INFO can lead to limited authorization by @joelpittet in #18193
- Fixes FD-51910 requestable asset model available quantity count by @Godmartinz in #18192
- Fixed #18189 - added option to pick the day the week starts on by @snipe in #18195
- Added #18185 added tag color to companies, suppliers, manufacturers, categories and departments by @snipe in #18201
- Fixed potential exception while filtering in users index endpoint by @marcusmoore in #18208
- Renamed L6009 -> L4736 and added correct L6009 by @chruoss in #18122
- Fixed #18202 - copy to clipboard adding spaces in FF by @snipe in #18213
- Fixed #18024 License Seat update/patch method by @Godmartinz in #18216
- Fixed #18114 - include declined item name, added app headers by @snipe in #18223
- Fixes FD-52005 - Adds null safe operators to unacceptable items report by @Godmartinz in #18217
- Fixes RB-19608 adds safe guards, adds Audit notification for google workspace, adds tests by @Godmartinz in #18226
- Added filter form request to validate JSON by @snipe in #18232
- Merging from dev by @snipe in #18233
- Bump actions/checkout from 5 to 6 by @dependabot[bot] in #18236
New Contributors
Full Changelog: v8.3.5...v8.3.6
Contributors
Assets 2
v8.3.5
Caution
This version of Snipe-IT REQUIRES PHP 8.2.0 or greater, 8.3+ recommended.
Happy Monday! This release better handles how the system handles partially broken LDAP configurations, makes some improvements to notifications, adds the ability to set 2D barcodes to non-URL values, revamps the permission groups section, and tightens up some other UI elements.
Screen.Recording.2025-11-06.at.8.45.26.PM.mov
Screen.Recording.2025-10-25.at.6.37.18.PM.mov
(Note: The add-users section looks like the first video, not this one.)
Screen.Recording.2025-10-25.at.6.39.07.PM.mov
Quick mobile update: Progress is moving along quickly! We don't yet have a timeline for when TestFlights will be available, but we'll let you know here, on our social media (Bluesky & Mastodon), and on our discord.
And as always, you can see what we're working on and what's up next via our Milestones.
Breaking API change:
We did make a change to the API in #18150 that slightly changes the shape of the response. If you're using the Departments API and depend on the payload on PUT or PATCH responses, please update your code accordingly. (It now returns in the same shape as a GET request.)
What's Changed:
- Fixed #18065: Ensure that
private_key_bitsis always an int by @smarsching in #18066 - Fixed audit images not displaying inline by @snipe in #18074
- Fixed
adminparameter acceptance notifications by @Godmartinz in #18070 - Perform Ldap fetch for dn (Distinguished Name) before logging-in (fixed) by @uberbrady in #18058
- Adds admin to decline notification, fix asset and model name translations on asset notification by @Godmartinz in #18077
- Fixes admin alerts when a location doesnt have a manager by @Godmartinz in #18080
- Moved import time limit inside class, added new backup time limit by @uberbrady in #18091
- Fixed fieldset colors on dark themes by @Godmartinz in #18094
- Groups UI improvements, ability to add users from the group edit screen by @snipe in #18078
- Bump actions/upload-artifact from 4 to 5 by @dependabot[bot] in #18098
- Fixed expiring warranties not being included in the expiring alerts notification by @Godmartinz in #18093
- Moved Traits into its directory and modify the FCO's to point to them by @uberbrady in #18076
- Fixed #18097: check for CJK in field labels as well as content by @snipe in #18099
- Fixed issue when viewing user that does not have permissions set by @marcusmoore in #18102
- Possible fix for 504 gateway timeout on unreachable LDAP server by @snipe in #18105
- Added null safe operator in case of missing license by @marcusmoore in #18100
- Fixed: LDAP test needs to be fixed to match new behavior by @uberbrady in #18108
- Limit the upcoming audit email to 30 records, added optional --with-output by @snipe in #18109
- Fixed #18107: normalize "to" strings by @snipe in #18110
- Fixed #16914: better ldap sync phrasing by @snipe in #18111
- Fixed #18112: fix consumable and license acceptances by @marcusmoore in #18115
- Added #17433:
is_nullcheck to import handler for custom fields by @Godmartinz in #18113 - Fixed: update
mysqldumpoptions to use--ssl-mode=DISABLEDfor modern versions by @mohammad-ahmadi1 in #18044 - Fixed #17329: Audit Warning Threshold could be negative by @akemidx in #18116
- Fixed form label alignments in settings section by @snipe in #18120
- Added form row component by @snipe in #18125
- Fixed #17738: accurately represent checkbox on category edit screen by @marcusmoore in #18128
- Adds a null check for items and threshold in inventory alert notification by @Godmartinz in #18131
- Fixed #18082: Added user company to checked out licenses by @snipe in #18139
- Fixed #18136: Added copy to clipboard to asset name by @snipe in #18142
- Fixed #18101: Make copy to clipboard alignment more consistent by @snipe in #18143
- Adds Form Request for Creating Departments by @spencerrlongg in #16973
- Fixed #18148 and #17451 - return
intfor user_count, fixed validation by @snipe in #18150 - Re-apply #18020, fixed #15107 (mostly) - added prefix and more options to 2D barcodes by @snipe in #18152
- Fix Content-Type Header not being set correctly for testWebhook by @MarvelousAnything in #18151
- Override
unique_undeletedin the form request by @snipe in #18155 - Fixed #18119: double formatting for acceptance/decline date by @snipe in #18156
- FD-50838: Fixes 24mm_E label sizing by @Godmartinz in #18161
- Fixed #18157: only partial information stored on group save if lower
max_input_varsand/ormax_multipart_body_partsby @snipe in #18170 - Fixes #18140 Changes border color of create New in Dark modes by @Godmartinz in #18165
New Contributors
- @smarsching made their first contribution in #18066
- @mohammad-ahmadi1 made their first contribution in #18044
- @MarvelousAnything made their first contribution in #18151
Full Changelog: v8.3.4...v8.3.5
Contributors
Assets 2
v8.3.4
Caution
This version of Snipe-IT REQUIRES PHP 8.2.0 or greater, 8.3+ recommended.
Happy Friday, everyone!
This is a quality-of-life release that smoothes out some UI quirks.
We also fixed the advanced search on assets, made the display for highlighted search results a little nicer to look at by removing a tiny bit of right-side padding, fixed a small UI glitch where the user selector wouldn't show up on some interfaces depending on previous sessions, and made some of the <legend> sections of the forms nicer to look at and more helpful.
Additionally, we added a migration to move the files from storage/private_uploads/assetmodels to storage/private_uploads/models directory that was introduced a few weeks ago. (Git should have renamed/moved that directory, but in some circumstances it was not.)
We also upgraded a few JS packages that were a little out of date and have CVEs associated with them. They're used largely via our build cycles and don't affect the end product, but it's always good to stay on top of these things.
Also - in very exciting news - our mobile app is now on TestFlight! For those interested, we'll be giving some folks access soon.
What's Changed
Added
- Fixed #17910 - added counts to mobile view for assets by @snipe in #17995
- Fixed #17924 - added url to maintenances by @snipe in #17997
- Improved upcoming audit email layout and cli feedback by @snipe in #17999
- Added command to remove invalid "upload deleted" entries from the action log by @marcusmoore in #17992
- Added
expected_checkinto user’s View Assigned page by @snipe in #18056 - New legend styles and additional help hints for LDAP by @snipe in #18063
Fixed
- Fixed [FD-50921] - base64-encoded image files for asset creation was broken by @uberbrady in #18003
- Fixed #17670 - advanced search on relationships not working by @snipe in #18001
- Fixed #18002 - use correct path for audit images to determine validity by @snipe in #18009
- Fixed exception when rolling back migrations by @marcusmoore in #18005
- Added migration to move asset model private uploads by @snipe in #18032
- Fixed #8709 - Added bulk deletion of categories, suppliers, and suppliers by @spencerrlongg in #17573
- Fixed bulk error display to be more consistent and correct HTML by @snipe in #18035
- Fixed LDAP sync not syncing all user fields by @boteroTradebe in #18038
- Fixed #17363 - Emdash Character Encoding error by @akemidx in #18019
- Fixed #18053 and #18007 - user selector missing on page load without cookies by @snipe in #18057
Misc/Code Quality/UX
- Removed date and time display format form macros by @marcusmoore in #17975
- Normalize advanced search by @snipe in #18018
- Bump github/codeql-action from 3 to 4 by @dependabot[bot] in #18029
- Fixed #18034 - Shows success message on partial bulk delete success by @snipe in #18036
- Use new fieldset component by @snipe in #18064
New Contributors
- @boteroTradebe made their first contribution in #18038
Full Changelog: v8.3.3...v8.3.4
Contributors
Assets 2
v8.3.3 - Security Release
Caution
This version of Snipe-IT REQUIRES PHP 8.2.0 or greater, 8.3 recommended.
Happy Monday, all! This release adds tooltips to the table headers, changes the styles on them to make them more clear as actual filters, handles some validation issues, lots of little quality-of-life fixes, and also handles a potential issue where signature and/or logo PDFs might not show in the acceptance PDFs if the temp directory where TCPDF creates the PDFs isn't writable.
This also addresses CVE-2025-63601 and all users are advised to upgrade.
What's Changed
- Fixed #17896 - Prevent assigned assets from being bulk checked out by @marcusmoore in #17897
- Fixed #17804 - make columns searchable in column picker by @snipe in #17904
- Fix #17908: typo in storage location of backups by @spacjalex in #17909
- Fixed #17404 - Prevent bulk checkout of assets across companies by @marcusmoore in #17887
- Fixed #17919 - correct the behavior of the checkout type selector by @uberbrady in #17923
- Adds option to disable auto generating action log from acceptance factory by @Godmartinz in #17925
- With
--no-interactive, make composer non-interactive as well by @kingspride in #17945 - Fixed #17914 - Improve UX around attempted bulk checkout of assigned assets by @marcusmoore in #17933
- Fixed excessive api requests on bulk checkout page by @marcusmoore in #17888
- Added Purchase Cost Report Filter by @akemidx in #17883
- Added api endpoint for retrieving components checked out to asset by @marcusmoore in #17869
- Adds Brother Label TZe_24mm_E variant by @Godmartinz in #17868
- Fixed #17932 - incorrect number for remaining assets in asset models by @snipe in #17950
- Fixes #17958 - handle accessing deleted model during bulk asset update by @marcusmoore in #17959
- Fixed #17956 - handle accessing deleted model during asset update by @marcusmoore in #17957
- Fixed CJK on labels by @snipe in #17877
- Cleanups and improvements to output on snipeit:restore command by @uberbrady in #17966
- Fixed #17206 - replace Form::name_display_format macro by @marcusmoore in #17980
- Fixed #17977: Term date on license report by @akemidx in #17979
- Replaced Form::checkbox with raw html by @marcusmoore in #17974
- Fixed #17972 - set last_checkin if asset is checked in during an update by @marcusmoore in #17973
- Fixed #17205 - replace Form:: email_format by @marcusmoore in #17978
- Expiring alerts improvements, UI tweaks, tooltips on BS tables buttons by @snipe in #17982
- Fixed #17940 - pngs not showing in acceptance PDFs by @snipe in #17989
- Fixed #17963 - over eager deletion of asset files via api by @marcusmoore in #17967
New Contributors
- @spacjalex made their first contribution in #17909
- @kingspride made their first contribution in #17945
Full Changelog: v8.3.2...v8.3.3
Contributors
Assets 2
v8.3.2
Caution
This version of Snipe-IT REQUIRES PHP 8.2.0 or greater, 8.3 recommended.
This release fixes some small issues largely based around localization, namely making the purchase cost field larger and better support of RTL text in the asset acceptance PDFs.
We've also fixed an issue with Google's LDAP implementation where client-side TLS certificates weren't working, added the ability for admins to set serial as a required field on a per-model basis, and added the ability to filter between active licenses and licenses that have expired or have passed their termination date.
What's Changed
- Fixes #9978 - Added payload to accessories API by @snipe in #17769
- Fixed #17780 - Added
withTrashed()to allow viewing files on deleted objects by @snipe in #17781 - Fixed #10107 - remember checkout to type by @snipe in #17771
- Fixed company name reference in location print by @marcusmoore in #17783
- Fixed #17759 - translation used in asset check in/out notifications by @Godmartinz in #17760
- Fixed #17777 - Log upload deletion by @snipe in #17788
- Adds require serial as Asset Model option by @Godmartinz in #16947
- Fixed #17791 - increase size of purchase cost field by @snipe in #17795
- Fixed #17798 - added
require_serialto model importer by @snipe in #17799 - Upload log file in GitHub Action tests by @marcusmoore in #17800
- Allows check-ins of unreassignable licenses by @Godmartinz in #16063
- Improve expiring alerts notification layout by @marcusmoore in #17752
- Fixed #17796 - search on model name and number on importer by @snipe in #17797
- Fixed issues around accessory acceptance by @marcusmoore in #17703
- Bump actions/stale from 9 to 10 by @dependabot[bot] in #17818
- Fixed #17756 - Duplicate checkout emails by @Godmartinz in #17827
- Tighter controls on license deletion, also fixes #16227 adding more tables to location print by @snipe in #17833
- Fixed #17586 - Display accurate quantity in banner by @marcusmoore in #17828
- New GH issue form by @snipe in #17838
- Adds #8799 Prevention of checkout of expired or terminated licenses by @Godmartinz in #17842
- Fixed typo in UnreassignableCount by @Godmartinz in #17849
- Fixed #17585 - Display accessory checkout qty in subject line and intro text by @marcusmoore in #17826
- Ignore expiring licenses with past termination date by @snipe in #17858
- Fixed #17414 - client-side TLS certificate didn't work in Google LDAP by @uberbrady in #17857
- Fixed potentially incorrect qty in component checkout email by @marcusmoore in #17851
- Fixed #10052 - Added api endpoint for retrieving assets checked out to asset by @marcusmoore in #17835
- Added status label to user's "view assigned assets" table by @snipe in #17863
- Show inactive licenses by @snipe in #17865
- Rewords Purchase cost to Unit Cost for Accessories, Components, Consumables by @Godmartinz in #17850
- Fixed nesting in orWhere by @snipe in #17875
- Add new index to users over deleted_at and location_id by @uberbrady in #17876
- Fixed #14744 and #17808 - Added CJK and Arabic font support for asset acceptance by @snipe in #17866
- Fixed #17873 - Added EULA tab to user view by @snipe in #17881
- Adds total cost to Accessories, Consumables, Components by @Godmartinz in #17882
- Fixed #8859 - adds purchase sums on model view by @snipe in #17885
- Fixed #17891 - missing maintenance file deletion route by @snipe in #17892
Full Changelog: v8.3.1...8.4.0
Contributors
Assets 2
v8.3.1
Caution
This version of Snipe-IT REQUIRES PHP 8.2.0 or greater, 8.3 recommended.
What's Changed
- Added laravel telescope for dev environment by @snipe in #17680
- Moved model traits into proper directory by @snipe in #17743
- Fixed user display name in expiring asset notification by @marcusmoore in #17751
- Patch #17751 to master by @marcusmoore in #17754
- Fixed #17742 - fixed file deleting by @Speedyduck300000 in #17768
- Fixed #17488 (Part 2) - Nav dropdown link color and skin names by @Godmartinz in #17745
- Added #10969 - Parent location to Asset Checked out to info by @Godmartinz in #17748
New Contributors
- @Speedyduck300000 made their first contribution in #17768
Full Changelog: v8.3.0...v8.3.1
Contributors
Assets 2
v8.3.0
Caution
This version of Snipe-IT REQUIRES PHP 8.2.0 or greater, 8.3 recommended.
Happy Thursday, nerds!
There is a security fix in this release for those who are using SVG images, so all users are encouraged to upgrade.
This release adds some exciting features such as images and uploads for asset maintenances, the ability to copy images when cloning items, support for display_name in users for LDAP sync, user import and SCIM, and some improvements to the info we include in notifications. We've also made some fixes to some of the custom fields validations.
We've also added support for .ods, .odp, and .odt file uploads, as we slowly watch much of the EU transition away from Microsoft products.
We've also been continuing to improve our documentation, with new, more specific Importer documentation, and info on the recently improved LDAP Troubleshooter.
What's Changed
- Fixed #17441 - hardware listings "remembered" page numbers between statuses by @snipe in #17459
- Library dependency upgrades by @snipe in #17478
- Optimize javascript for smaller files and faster builds (Rebase of #15175) by @uberbrady in #17487
- Fixed #17500 [FD-50045] - Make "Create Manufacturers" seeder button work by @uberbrady in #17501
- Use the file uploads API for file listing tables, adds gallery view for file uploads by @snipe in #17493
- Added table buttons and admin filter by @snipe in #17508
- Fixed #17498 - added
serialto user acceptance by @snipe in #17510 - Added ability to copy images on cloning by @snipe in #17514
- Added dropdown menu for users by @snipe in #17515
- Fixed #9511 - Validation For Encrypted Custom Fields by @spencerrlongg in #17456
- Fixed #17518: Adds printer line break after signatures on multiple-print-all-assigned by @snipe in #17521
- [FD-50162] Put remaining seats back on license view for now by @snipe in #17532
- Fixed #10357 - Add maintenance image upload by @snipe in #17537
- Allowed setting
idon location-select component by @marcusmoore in #17080 - Fixed #17073 - delete old checkout requests by @marcusmoore in #17417
- Removed debugging
dump()in test by @marcusmoore in #17541 - Fixed 500 when sending non-string for
serialproperty by @marcusmoore in #17540 - AssetPolicy class import by @akemidx in #17542
- Fixed potential failure in license checkin due to redirect option by @marcusmoore in #17520
- Salutation target fix by @Godmartinz in #17543
- Fixed #17485 - nicer alert menu if no items are below qty by @snipe in #17489
- Fixes #17457 - Previous Page redirect option by @Godmartinz in #17523
- Added file uploads to maintenances by @snipe in #17539
- Renamed table from
asset_maintenancestomaintenancesandtitletonamefor maintenances by @snipe in #17549 - Added basic logging for maintenances by @snipe in #17550
- Fixed #17547 - asset model images not loading by @snipe in #17553
- Fixed #17490 - use numeric for purchase cost by @snipe in #17555
- Added #13997 - API endpoint to sync users via LDAP by @snipe in #17554
- Move the object type mapping and such to the base controller to de-dupe by @snipe in #17551
- Added mail log for #17491 and some improvements on log errors by @mckaygerhard in #17538
- Show all icons on location table, even if no results by @snipe in #17566
- Fixed #11754 - nicer menu alignment for dropdowns by @snipe in #17567
- Fixed #10284 - Added mobile phone to users by @snipe in #17569
- Added sidenav to filter on activated vs inactive users by @snipe in #17570
- Fixes CVE-2025-55166 by @joelpittet in #17601
- Fixes #17488 - Added more info text colors by @Godmartinz in #17607
- Fixed #17600 - Added checkout date to accessories tab in user view by @snipe in #17610
- Fixed #17380 - Added admin name to acceptance emails by @Godmartinz in #17593
- Fixed #17312 - Fix nulling checkboxes on checkbox custom fields by @spencerrlongg in #17584
- Fixed invalid custom fields being used for filtering by @marcusmoore in #17544
- Fixed #17507 - Added Category and Model No. to accessory checkout markdown by @Godmartinz in #17524
- Fixed #9965 - Fallback to category images (if there are any) by @snipe in #17611
- Fixed #17620 -
DELETEmethod on custom fields causing method not allowed error by @snipe in #17625 - Fixed #17606 - use
getImageUrl()to determine if local or S3 by @snipe in #17626 - Fixed #17367 - Small adjustment to
css-padlockby @snipe in #17635 - Fixed #17627 - custom fields not sorting correctly by @snipe in #17636
- Adds
asset_tagto subject line of check in check out by @Godmartinz in #17638 - Fixed #17641 - map mobile number via SCIM by @snipe in #17648
- Add new indexes to
category_idanddeleted_atby @uberbrady in #17655 - Fixed #17653 - changes translation from "checked out by" to "administrator" by @Godmartinz in #17663
- Added support for Dymo 11354 Labels. by @FlorestanII in #17664
- Fixed #17674 - added
.ods,.odp, and.odtas acceptable upload types by @snipe in #17679 - Fixed #17440 - Added serial number column to Expiring Assets Report by @Godmartinz in #17591
- Fixed components presenting wrong URLs by @qay21 in #17691
- Used nicer locale for purchase date by @snipe in #17695
- Fixed [FD-49550] - added a
created_atindex to the models table by @uberbrady in #17696 - Added null checks to MS Teams Audit notification by @Godmartinz in #17714
- Bump actions/checkout from 4 to 5 by @dependabot[bot] in #17711
- Added display name to users for LDAP/SCIM, added new sync fields (replaced #17650) by @snipe in #17709
- Added support for label sheets Avery L4736 & L6009 by @akaspeh1 in #17710
- Improved LDAP field sync preview by @snipe in #17721
- Fixed #17704 - retain linebreaks on custom field clipboard copy by @snipe in #17722
- Fixed #17386 - Added SAML key size to env - possible alternative to #17387 by @snipe in #17692
- Fixes #17642 Checkouts to location email for Assets and Accessories by @Godmartinz in #17724
- Improved ldap certificate ignoring by @uberbrady in #17723
- Put LDAP troubleshooter's decrypt in a try/catch to avoid crashing if it cannot decrypt the password by @snipe in #17729
- Added #9000 - Item type to Account Asset Acceptance index by @Godmartinz in #17730
- Added #5554 - locale for acceptance notifications and checkin/out emails by @Godmartinz in #17713
- Fixed #17726 - add welcome email to new user form by @snipe in #17734
- Renamed User test for consistency by @snipe in #17740
- Improved user create tests by @snipe in #17741
- Fixed #17431 - EULA not displaying on asset acceptance page by @oolivero45 in #17432
New Contributors
- @mckaygerhard made their first contribution in https://gi...
Contributors
Assets 2
v8.2.1
Caution
This version of Snipe-IT REQUIRES PHP 8.2.0 or greater.
Hi again folks - just a small update to one of the notifications and a patch for user history that wasn't behaving the way it was supposed to.
What's Changed
- Fixed #17394 - Changes the acceptance letter salutation to target by @Godmartinz in #17436
- Fixed an issue where user history was showing more information than was relevant
Full Changelog: v8.2.0...v8.2.1
Contributors
Assets 2
v8.2.0
Caution
This is a security release. All Snipe-IT users are encouraged to upgrade. This version of Snipe-IT REQUIRES PHP 8.2.0 or greater.
Happy Wednesday, everyone! This is a security release due to CVE-2025-54068 in Livewire announced last week. We were patched on the master branch hours after the CVE announcement came out, but this is the official tagged release for the patch.
Beyond that, we have some fixes for custom fields, lots of new tests to better support the team as we continue to work towards improving notifications to make them more flexible and nuanced.
Potentially Breaking Changes
User Permissions Change
It was already true that only superusers could assign new permission groups and promote other users to superadmin, but we've tighten a few more of these controls to disallow editing email address, username, password, and ability to login by users with lower privileges then the user they're trying to edit - meaning admins cannot edit superadmin usernames, email, etc - and regular users who have user editing permission cannot modify those settings for either admins or superadmins, though they can still edit those properties for other regular users. See #17423 for more info there.
User Welcome Emails
We've removed the ability to include credentials for newly created users via import or through the GUI, instead replacing it with the ability to send them a password reset "invitation". Sending passwords via email has been considered a bad idea for a while, so this method seems better. Note that if the newly created user doesn't have an email address in the import, we obviously cannot send them a password reset email, so those emails won't go out.
What's Changed
- Fixed #17310 - 500 on redirect when checking in a license seat by @Godmartinz in #17362
- Fixed #7957 - custom field
textareainput not retaining when switching Asset Models with shared custom fields by @Godmartinz in #17361 - Fixed [FD-49538] - use a
<video>tag for video files for non-Safari usage by @uberbrady in #17374 - Better indicate via submit button colors and messaging that something is about to be accepted or declined by @snipe in #17376
- Code formatting fixes:
app/Modelsby @snipe in #17378 - Fixed #17383 - re-add
/hardware/as an object type in the file upload API by @snipe in #17385 - Fixed redirect option being
NULLby @Godmartinz in #17390 - Fixed display of acceptance button if signature is not required by @snipe in #17407
- Remove password from welcome email, prompt for reset instead by @snipe in #17410
- [FD-47386, FD-49095] New Artisan command to clean checkout acceptances by @uberbrady in #17415
- Bumped livewire to v3.6.4 by @marcusmoore in #17424
- Bump codacy/codacy-analysis-cli-action from 4.4.5 to 4.4.7 by @dependabot[bot] in #17434
- Fixed #13844 - Adds Webhook and Mail Notifications for Components by @Godmartinz in #17391
- Use standard model transformer for asset model API response by @snipe in #17389
- Fixed #17194 - Return to bulk edit with errors and inputs by @Godmartinz in #17292
- Attempt to fix flaky file upload tests by @snipe in #17438
- Attempt to fix flaky file upload tests pt2 by @marcusmoore in #17439
- Fixed #17071 - Adding various tests of the contents of ActionLogs for lots of events by @uberbrady in #17300
- Fixed FD-49886 - Optimize user queries by @snipe in #17442
- Tighter permissions on non-admins and demo modes by @snipe in #17423
- Adds disabled cursor on uneditable fields in user create/edit by @snipe in #17443
- Fixed #17445 - move
jobtitleunderassigned_toin AssetTransformer by @marcusmoore in #17446 - Added #17133 - Copy ability to all Custom fields by @Godmartinz in #17447
- Fixed #17447 - decrypt before copying to clipboard by @snipe in #17450
- Fixed #17316 - handle checkboxes correctly in checkin/checkout by @snipe in #17453
Full Changelog: v8.1.18...v8.2.0
Contributors
Assets 2
v8.1.18
Caution
This version of Snipe-IT REQUIRES PHP 8.2.0 or greater.
Happy Tuesday! This is a small patch release that contains a few bug fixes, and a few small long-awaited features, namely video/audio uploads, smaller EULA PDF files, and the ability for users to request an emailed version of their signed EULA after accepting the asset - in addition to some query optimizations that should speed things up for folks with a lot of companies when viewing their company listings.
What's Changed
- Add escaping to
user_agentandremote_ipvariables for API results by @uberbrady in #17330 - Fixed #17326 - sorting on dashboard by @snipe in #17333
- Use safer deserialization defaults by @uberbrady in #17336
- Fixed #17112 - set location ID to null instead of 0 by @snipe in #17337
- Fixed #1909 - small depreciation tweaks (re-added 0 months as a viable value) by @snipe in #17338
- [FD-49538] - added video/audio uploads by @snipe in #17346
- Fixed #17193 - perform
Orderbybefore collection in Bulk Assets Controller by @Godmartinz in #17341 - Fixed #17349 - enable
enable_font_subsettingin PDFs by @snipe in #17351 - Fixed #17302 - tighter control on company by @snipe in #17350
- Fixed #12094 - added focus to select2 in bulk checkout by @Godmartinz in #17291
- Fixed #15861 - added a redirect option for asset model and previous page by @Godmartinz in #17327
- Fixed #17273 - switch to HTML table from markdown by @snipe in #17352
- Fixed #14295 - allow user to receive an email PDF upon signing by @snipe in #17353
- [FD-49569] - show only assigned in license tab by @snipe in #17356
Full Changelog: v8.1.17...v8.1.18