9.5.3

This is a security release, upgrading is recommended

Note: those are medium security issues.

Non exhaustive list of changes:

• [security] Insecure Direct Object Reference on ajax/comments.php and ajax/getDropdownValue.php (CVE-2020-27662 and CVE-2020-27663)
• [security] Any CalDAV calendars is read-only for every authenticated user (CVE-2020-26212)
• several dashboards issues
• several fixes and enhancements with mail collector
• new dashboard filters on tech users and tech groups
• PHP8 compatibility
• and more!

See changelog for details.

9.5.2

This is a security release, upgrading is highly recommended

Note: some of fixed vulnerabilities are present since a long time (0.68).

Non exhaustive list of changes:

• [security] SQL injection with a query parameter of user form (CVE-2020-15176)
• [security] Removal of .htaccess file in the files folder via a plugin endpoint (CVE-2020-15175)
• [security] Leakage issue with knowledge base (CVE-2020-15217)
• [security] Stored XSS in install script (CVE-2020-15177)
• [security] Minor SQL Injection in Search API (CVE-2020-15226)
• several mailgate issues
• several dashboards issues
• dashboards improvements: personnal filters, new summary and articles widgets, ...
• and more!

See changelog for details.

9.5.1

This is a security release, upgrading is highly recommended

Non exhaustive list of changes:

• (security) SQL injection on new clone feature
• alignment of some table columns
• added domains in global search and Assets > global
• fixed several problems with email retrieval via email collectors
• fixed several display problems in the planning
• correction (and error display) of marketplace registration key input
• and more!

See changelog for details.

9.5.0

Official announcement / Annonce officielle / Anuncio oficial

Major features:

• Marketplace,
• Impact and relationship management,
• Dashboards,
• Follow-up templates,
• Kanban for projects,
• Timezones,
• Impersonate,
• Password security policy,
• and more!

See changelog for details.

9.5.0-rc2

Second look at GLPI 9.5

Following the publishing of the Release Candidate of GLPI version 9.5 15 days ago, you have reported a number of small issues that have been fixed, including:

• Planning display was broken,
• The warning about missing dependencies during installation or update was absent,
• Inability to register to access the marketplace,
• Missing translations,
• and others

Today, we are releasing new RC version for you to test the improvements.

Unless a major problem is detected, the next version will be the final stable release.

How can you help us ?

Download the rc archive, test the migration and the new features (you may also test the existing ones) and report us the issues you encounter on the bug tracker (tag it as [RC feedback]).

Translators, please, add missing sentences for your language on transifex.

9.5.0-rc1

First look at GLPI 9.5

In some weeks we will launch the new major version of GLPI: 9.5.
A lot of new features will be available, here is a short list:

• New marketplace for plugins.
• Impacts and dependencies vizualisation for assets.
• New graphical and customizable dashboards.
• New canned responses for follow-up form.
• Support for field templates for Problems and Changes.
• Kanban board for project management.
• Enhanced planning view and a new full caldav server.
• Timezones support.
• Impersonate function for super-admins.
• Various improvements in UI and UX.

Consult the full changelog for a more complete list.

Please note, we dropped Kerberos support in mail collector setup as we needed to move to another library for mail support that does not provide this option. Please contact us if it's an issue for you.

Today, we release a release candidate archive for this version.

How can you help us ?

Download the rc archive, test the migration and the new features (you may also test the existing ones) and report us the issues you encounter on the bug tracker (tag it as [RC feedback]).

Translators, please, add missing sentences for your language on transifex.

9.4.6

This is a security release, upgrading is highly recommended

Non exhaustive list of changes:

• (security) Prevent execution of SQL injection while assigning a technician,
• (security) Permit to change key used to store passwords,
• (security) Improve CSRF token,
• (security) Fix several possible XSS,
• (security) Fix a few possible SQL injections,
• Fix SCSS caching issues,
• Fix inline images handling on item update,
• Fix PHP 7.4 compatibility,
• Connect to database using socket,
• and more!

See changelog for details.

9.4.5

Non exhaustive list of changes:

• add link PDU on tickets,
• fix several issues on search queries,
• fix LDAP group import,
• fix linking on ITIL objects depending on status
• fix case issues synchronizing Active Directoy emails
• and more!

See changelog for details.

9.4.4

This is a security release, upgrading is highly recommended

Non exhaustive list of changes:

• [security] Prevent account takeover vulnerability ,
• [security] Prevent execution of XSS on rich text,
• fix cache key lenght issues,
• fix user picture removal at login,
• several fixes on recurring tickets,
• fix some transfer errors related to entities among others,
• and more!

See changelog for details.

9.4.3

This is a security release, upgrading is highly recommended

Non exhaustive list of changes:

• [security] Prevent execution of XSS on rich text,
• [security] Prevent xss attack on user picture,
• Fix performance issues when using entities,
• New “Prevent take into account” action on tickets business rules,
• New “Status” criterion on tickets business rules,
• Change and problem tasks can now be marked as private,
• and more!

See changelog for details.