v5.3.6

⚠️ IMPORTANT: Later versions of Snipe-IT will require PHP 7.4 or greater. It is highly recommended you upgrade your version of PHP NOW.

(This is a requirement in order for us to be able to pull forward the dependencies that will allow us to support PHP8 and beyond moving forward.)

New in v5.3.6

• Fixed minor CSRF vulnerability reported by @Haxatron via Huntr.dev
• Fixed an issue where incorrect number of IDs would be calculated on bulk actions
• Added jobtitle column to custom reports
• Fixed an issue where Slack settings were not being saved

For a full list of changes, see the complete changelog.

Upgrading

For general upgrading instructions, click here. Users who installed Snipe-IT via Git (recommended) can just run php upgrade.php.

Snipe-IT v5.3.5 - Security Release

⚠️ IMPORTANT: Later versions of Snipe-IT will require PHP 7.4 or greater. It is highly recommended you upgrade your version of PHP NOW.

(This is a requirement in order for us to be able to pull forward the dependencies that will allow us to support PHP8 and beyond moving forward.)

New in v5.3.5

• Fixed minor XSS vulnerability reported by @laladee via Huntr.dev

For a full list of changes, see the complete changelog.

Upgrading

For general upgrading instructions, click here. Users who installed Snipe-IT via Git (recommended) can just run php upgrade.php.

Snipe-IT v5.3.4

⚠️ IMPORTANT: Later versions of Snipe-IT will require PHP 7.4 or greater. It is highly recommended you upgrade your version of PHP NOW.

(This is a requirement in order for us to be able to pull forward the dependencies that will allow us to support PHP8 and beyond moving forward.)

New in v5.3.4

• Removed 'actionlog' from the ::with() clause in the asset query API for faster load times on asset listings with many updates
• Fixed an issue where some LDAP translation strings were missing
• Updated all translations from CrowdIn to latest
• Fixed access control issue on Asset Model Cloning (#10406)
• Added stricter slack webhook validation

For a full list of changes, see the complete changelog.

Upgrading

For general upgrading instructions, click here. Users who installed Snipe-IT via Git (recommended) can just run php upgrade.php.

v5.3.3

⚠️ IMPORTANT: Later versions of Snipe-IT will require PHP 7.4 or greater. It is highly recommended you upgrade your version of PHP NOW.

(This is a requirement in order for us to be able to pull forward the dependencies that will allow us to support PHP8 and beyond moving forward.)

New in v5.3.3

• Change the [END] directive in .htaccess to [L] for backwards apache compatibilities
• Fixed #10344 and #9135 - whitespace prepended to exported HTML
• Apply trim() function when storing Custom Fields names to prevent wrongly formatted headers from being skipped
• Added Rocky Linux Support
• Fixed defaultValue() function in custom fields with date formatted default model fields
• Fixed some incorrectly paired HTML tags in modal headers
• Added Debian 11 (Bullseye) install script support
• Fixed XSS vulnerability in accessories checkedout API call

For a full list of changes, see the complete changelog.

Upgrading

For general upgrading instructions, click here. Users who installed Snipe-IT via Git (recommended) can just run php upgrade.php.

v5.3.2 - Security release

⚠️ IMPORTANT: Later versions of Snipe-IT will require PHP 7.4 or greater. It is highly recommended you upgrade your version of PHP NOW.

(This is a requirement in order for us to be able to pull forward the dependencies that will allow us to support PHP8 and beyond moving forward.)

New in v5.3.2

This is a security release that handles a few data outputs that were not being properly cleaned for data-safe output and routes that were previously GET routes (that should not have been) were converted into POST requests.

For a full list of changes, see the complete changelog.

Upgrading

For general upgrading instructions, click here. Users who installed Snipe-IT via Git (recommended) can just run php upgrade.php.

v5.3.1

⚠️ IMPORTANT: Later versions of Snipe-IT will require PHP 7.4 or greater. It is highly recommended you upgrade your version of PHP NOW.

(This is a requirement in order for us to be able to pull forward the dependencies that will allow us to support PHP8 and beyond moving forward.)

New in v5.3.1

This is just a point release that primarily restores the "clone" functionality in the asset listing, caused by a regression in the API permissions JSON. We also fixed an error that could arise if you set default_label to null when using the API. This value now defaults to 0 instead.

Added

• Added import for min_amt for consumables
• Exclude deleted assets by default when doing lookup by serial

Fixed

• Fix branding logo URL path for S3
• Fixed permissions array to handle missing clone button
• Set default_label to 0 instead of null in API if value submitted is blank
• Fixed #10231: use correct python binary for exit listener

For a full list of changes, see the complete changelog.

Upgrading

For general upgrading instructions, click here. Users who installed Snipe-IT via Git (recommended) can just run php upgrade.php.

v5.3.0

⚠️ IMPORTANT: Later versions of Snipe-IT will require PHP 7.4 or greater. It is highly recommended you upgrade your version of PHP NOW.

(This is a requirement in order for us to be able to pull forward the dependencies that will allow us to support PHP8 and beyond moving forward.)

New in v5.3.0

Version 5.3.0 of Snipe-IT fixes some minor XSS security issues and includes some additions to the API, as well as some small bug-fixes. We're tagging this as v5.3.0 to encourage users to upgrade for the security improvements. (Yes, we know bumping it to a full minor version is not strictly adherent to semver, but we really want folks to upgrade.)

Added

• Added #10062: Added Support for Heroku Deployments [#10063]
• Added #9973 - add use_default_eula to category API endpoint [#10069]
• Added #9969 - added color, show_in_nav, and default_label to status label API [#10070]
• Upgraded Docker to PHP 7.4 [#10080]
• Added rewrite rule for Let's Encrypt certificates [#10082]
• Bumped number per page up to 1000
• Added totals to depreciation report footer [#10115]
• Add user permissions message if the user is not an admin or better
• Added assigned components to assets API (pass ?components=true to the assets endpoint) [#10124]
• Force revalidation headers when user logs out [#10164]

Fixed

• Fixed #10015 - Archived Assets Showing Under Locations/'Print All Assigned' Feature [#10079]
• Check for valid category name on print view of "print all assigned assets"
• Fixed issue where created_at date was not showing on uploads
• Fixed issue where show_in_nav was null (instead of zero) if no value passed
• Fixed extraneous asset search in depreciation report [#10086]
• Improved Category API for category_type with strtolower() to make it case insensitive [#10112]
• Fixed sorting on non-asset relations in API (FD23117) [#10114]
• Fixed issue where we tried to delete the file if there is no log entry in AssetFilesController.php
• Check for admin rights before displaying admin permission options
• Fixed API Issue when checking out a component where remaining qty was 1 but the API would not allow you to checkout [#10122]
• Fixed JS code to handle the "enter key" / auto selections which had broken
• Fixed #9789 and Fixed #10088 and Fixed [fd23442] - Fix currency problems especially with European currency format [#10141]
• Fixed new department error importing users. [#10150]
• Fixed ownership of cache directory in Docker
• Set restore actions to POST requests instead of GET [#10165]
• Fixed SVG XSS vuln [#10171]
• Fixed models preview - Use Storage:: facade [#10172]
• Throttle password reset requests to 5 every 60 seconds [#10180]
• Fixed possible XSS on all-file-types export [#10201]

For a full list of changes, see the complete changelog.

Upgrading

For general upgrading instructions, click here. Users who installed Snipe-IT via Git (recommended) can just run php upgrade.php.

v5.2.0

⚠️ IMPORTANT: Later versions of Snipe-IT will require PHP 7.3 or greater. It is highly recommended you upgrade your version of PHP NOW.

(This is a requirement in order for us to be able to pull forward the dependencies that will allow us to support PHP8 and beyond moving forward.)

This release contains a ton of bug-fixes and improvements/additions to the API - but perhaps more importantly, we have introduced official support for Google Secure LDAP for User Listings.

Google Secure LDAP Support for User Listings

You'll find two new fields in the Admin Settings > LDAP configuration of the UI, LDAP Client-Side TLS key and LDAP Client-Side TLS Certificate. If you are NOT using Google Secure LDAP, you do not need to change anything in your settings and these fields are not required. Note that since Google Secure LDAP does not currently support logging in via Secure LDAP, you'll want to configure your Snipe-IT instance to work with Google's SAML setup instead. (This is a limitation in Google, not with Snipe-IT.) More details in the docs.

We're still updating the API documentation, so hang tight - those parts in the documentation should be up shortly.

Added

• Added image upload capabilities to API (Fixes #9594, #9483, #9413, #5007) [#9767]
• Added Components checkin/checkout via API
• Added cookie option to assets Bootstrap Table to save the state of the maintenances table [#9808]
• Added the field model_number to Accessory importer mappable fields [#9856]
• Added restore functionalty to asset API [#9931]
• Added additional fields to users API search: activated, country, manager_id, first_name, last_name, employee_num, state, zip
• Added depreciation report endpoint and ajax-ified the depreciation report table, to prevent page timeouts on databases with tens of thousands of assets [#10034]
• Updated language translations from CrowdIn
• Added better debugging output, and remove non-PHP-7.3-compatible option for RestoreFromBackup.php artisan command [#9774]

Fixed

• Fixed #9745 - added searchable, sortable notes field to status labels
• Fixed APP_ENV/APP_DEBUG typo overwriting the APP_ENV in Vagrant Playbook [#9768]
• Fixed a department bug in the User Importer when the department doesn't exist [#9778]
• Fixed Vue issue with the importer [#9778]
• Fixed potential for bad linefeeds in custom settings section of SAML [#9809]
• Fixed some CSS zebra-striping on non-default skins [#9765]
• Updated demo photos of iPhones to be more modern [#9837]
• Fixed issue updating departments if Full Company Support is enabled [#9880]
• Fixed Integrity constraint violation when emailing password reset (#9881)
• Fixed #9909 and #9714 - applies v6 currency formatter to v5 [ch16628]
• Fixed weird layout on bulk audit [ch17146]
• Fixed an issue where the pie chart colors did not match admin settings [#9950]
• Fixed sum total calculation on Bootstrap Table pages [#9953]
• Fixed issue where consumables model number was not searchable
• Fixed issue where custom fields with quotes were not holding value [#9980]
• Fixed issue where when using API CheckIn assets, there will be two CheckIn records in the Activity Report log for each asset
• Fixed condition to return the actual max upload size allowed to files
• Fixed issue with action_date was not displayed if overwritten by created_at in activity log
• Fixed - Delete checkout acceptances when an asset is checked in without response
• Fixed value of column 'checkout type' in CSV file to lowercase [#10059]
• Fixed issue where sidebar showed total from assets in all companies if using Full Multiple Company Support [#9709]
• Fixed #9853 - Consumables/Accessories not correctly displayed via Locations [#9861]

For a full list of changes, see the complete changelog.

Upgrading

For general upgrading instructions, click here. Users who installed Snipe-IT via Git (recommended) can just run php upgrade.php.

v5.1.8 - Bugfix Release

⚠️ IMPORTANT: Later versions of Snipe-IT will require PHP 7.4 or greater. It is highly recommended you upgrade your version of PHP NOW.

This release corrects a bug that was introduced in v5.1.7 where the Vue.js screens would not load (API keys, importer, default custom field values in asset models).

For a full list of changes, see the complete changelog.

Upgrading

For general upgrading instructions, click here. Users who installed Snipe-IT via Git (recommended) can just run php upgrade.php.

v5.1.7 - Security Release

⚠️ IMPORTANT: Later versions of Snipe-IT will require PHP 7.4 or greater. It is highly recommended you upgrade your version of PHP NOW.

(This is a requirement in order for us to be able to pull forward the dependencies that will allow us to support PHP8 and beyond moving forward.)

This is a security release that fixes a Time-of-check Time-of-use (TOCTOU) Race Condition in league/flysystem. While we do not believe this particular security issue impacts Snipe-IT due to the way we implement this package, we also take security very seriously and always try to make security fixes available ASAP.

More information is available here.

Fixed

• Fixed an issue when tried to upload a file to an user without actually selecting a file. [ch16471] #9640
• Fixed #9680: Use Eloquent’s withCount() method to count Statuslabel assets
• Fixed #9705 Prevent syntax error in startup.sh
• Allow to bulk update min_amt in Accessory API
• Disable company select if full company support is activated #9720
• Fixed #9666 Asset checkin via api doesn't send notification. #9676
• Updated league/flysystem to 1.1.4 for critical security update

For a full list of changes, see the complete changelog.

Upgrading

For general upgrading instructions, click here. Users who installed Snipe-IT via Git (recommended) can just run php upgrade.php.