After several weeks, Teclib is happy to announce the release of GLPI 9.4.1 bugfixes.

This release fixes several security issues that have been recently discovered. Update is strongly recommended.

You can download the GLPI archive on GitHub.

You’ll find below the changes of these bugfixes versions:

  • [security] Bad chevrons rendering on dropdowns
  • [security] Iframe and forms are rendered in rich text contents
  • [security] Type juggling authentication bypass
  • [security] Malicious images upload
  • [security] Password token date was not reset
  • Search on dropdowns now displays fuzzy matches
  • All components were deleted when permanently deleting a computer
  • Unable to display network ports
  • Preferences not applied
  • Unable to use “forgotten password” feature
  • And many more!

The full changelog is available for more details.

We’d like to thank all people who contributed to this new version and all those who contributes regularly to the GLPI project.

Reminder: we launched services website for GLPI-Network.
If you need support or services from our partners, check