Skip to content

10.0.2
Compare
Choose a tag to compare
@trasher trasher released this 28 Jun 12:12
· 2084 commits to 10.0/bugfixes since this release
10.0.2
1087370

This is a security release, upgrading is recommended

Download it

A lot of issues have been fixed since GLPI 10.0.1 version.
Below, you'll find a short list of key points of this release:

  • [SECURITY] Unauthenticated SQL injection on login page (CVE-2022-31061)
  • [SECURITY] SQL injection on actor part in assistance forms (CVE-2022-31056)
  • [SECURITY] Unauthenticated Sensitive Data Exposure on Refused Inventory Files (CVE-2022-31068)
  • FIX adding actors to ITIL Objects (#11796, #11957)
  • FIX unwanted "promote to ticket" feature on self-service interface (#11834)
  • FIX native inventory do not inject switch information (#11864)
  • FIX entity for software creation (#11887, #11837)
  • FEAT permits global lock on entity (#11853)

The full changelog is available for more details.

We would like to thank all people who contributed to this new version and all those who contribute regularly to the GLPI project!

Assets 3