Группа :: Сети/Прочее
Пакет: glpi
Главная Изменения Спек Патчи Sources Загрузить Gear Bugs and FR Repocop
22 июля 2022 Pavel Zilke <zidex at altlinux.org> 10.0.2-alt1
- New version 10.0.2
- This is a security release, upgrading is recommended
- Security fixes:
+ CVE-2022-31061 : Unauthenticated SQL injection on login page
+ CVE-2022-31056 : SQL injection on actor part in assistance forms
+ CVE-2022-31068 : Unauthenticated Sensitive Data Exposure on Refused Inventory Files
- New version 10.0.1
- This is a security release, upgrading is recommended
- The GLPI licence has been moved to GPLv3+
- New version 10.0.0
- Added glpi-php8.0
- Added glpi-php8.1
- New version 9.5.7
- This is a security release, upgrading is recommended
- Security fixes:
+ CVE-2022-21720 : SQL injection using custom CSS administration form
+ CVE-2022-21719 : Reflected XSS using reload button
- New version 9.5.6
- This is a security release, upgrading is recommended
- Security fixes:
+ CVE-2021-39211 : Disclosure of GLPI and server informations in telemetry endpoint
+ CVE-2021-39210 : Autologin cookie accessible by scripts
+ CVE-2021-39209 : Bypassable CSRF protection on ajax endpoints
+ CVE-2021-39213 : Bypassable IP restriction on GLPI API using custom header injection
- New version 9.5.5
- This is a security release, upgrading is recommended
- Security fixes:
+ CVE-2021-3486 : Stored XSS in plugins information
- New version 9.5.4
- This is a security release, upgrading is recommended
- Security fixes:
+ CVE-2021-21326 : Horizontal Privilege Escalation
+ CVE-2021-21255 : entities switch IDOR
+ CVE-2021-21258 : XSS injection in ajax/kanban
+ CVE-2021-21314 : XSS injection on ticket update
+ CVE-2021-21312 : Stored XSS on documents
+ CVE-2021-21313 : XSS on tabs
+ CVE-2021-21325 : Stored XSS in budget type
+ CVE-2021-21327 : Unsafe Reflection in getItemForItemtype()
+ CVE-2021-21324 : Insecure Direct Object Reference (IDOR) on "Solutions"
- New version 9.5.3
- This is a security release, upgrading is recommended
- Security fixes:
+ CVE-2020-27662 : Insecure Direct Object Reference on ajax/comments.php
+ CVE-2020-27663 : Insecure Direct Object Reference on ajax/getDropdownValue.php
+ CVE-2020-26212 : Any CalDAV calendars is read-only for every authenticated user
- Changed PHP7 dependencies
- Fixed spec
- New version 9.5.2
- Security fixes:
+ CVE-2020-15176 : SQL injection with a query parameter of user form
+ CVE-2020-15175 : Removal of .htaccess file in the files folder via a plugin endpoint
+ CVE-2020-15217 : Leakage issue with knowledge base
+ CVE-2020-15177 : Stored XSS in install script
+ CVE-2020-15226 : Minor SQL Injection in Search API
- New version 9.5.1
- New version 9.4.6
- This is a security release, upgrading is highly recommended
- New version 9.4.5
- New version 9.4.4
- This is a security release, upgrading is highly recommended
- New version 9.4.3
- This is a security release, upgrading is highly recommended
- New version 9.4.2
- This is a security release, upgrading is highly recommended
- New version 9.4.1
- Deleted glpi-php5
- New version 9.4.0
- Fixed glpi-apache2 postun
- New verion 9.3.3
- PHP7 support
- Delete glpi-apache
- New version 9.1.6
- New version 9.1.3
- New version 9.1.2
- New version 9.1
- Conf for Apache2 moved to sites-available
- New version 0.90.5
- Include bugfixes and some minor features
- New version 0.90
- This is maintenance release to fix several minor bugs.
- This version correct several minor bugs.
- This version fix several minor bugs and a security bug
- This version correct several minor bugs.
- This version fix several minor bugs and a security bug
- New version 0.85
- This version fix several minor bugs and a security bug.
- New version 0.84.5 This version correct several minor bugs.
- New version 0.84.5 This version correct several minor bugs.
- New version 0.84.4 This version correct several minor bugs.
- New version 0.84.3
- Security fixes:
+ CVE-2013-5696 : SQL Injection, PHP Code Execution, CSRF
- New version 0.84.1
- New version 0.84
- Security fixes:
+ CVE-2013-2225 + CVE-2013-2227 : Security fix ( serialize + filter classname for autoload) (ALT #29189)
- New version 0.83.8
- New version 0.83.7
- New version 0.83.6
- New version 0.83.4
- New version 0.83.2
- New version 0.83.1
- New version 0.83
- New version 0.80.7
- New version 0.80.61
- New version 0.80.5
- New version 0.80.4
- New version 0.80.1 This version correct several bugs.
- New version 0.80
- New version 0.78.3
- New version 0.78.2
- New version 0.78.1
- New version 0.78
- New version 0.72.4
- remove Thumbs.db files
- New version 0.72.3
- spec bugfix
- New version 0.72.21
- fixed export to pdf
- fixed import from OCS Inventory NG
- New version 0.72.1-alt1
- Fixed README.ALT location
- New version 0.71.6-alt1
- First build for ALT Linux