Teclib’ is happy to announce the release of GLPI 9.5.3.

This release fixes medium security issues that has been recently discovered. Update is recommended!

You can download the GLPI 9.5.3 archive on GitHub.

Here is the list of security cases detected and fixed in this version:

  • [security] Any CalDAV calendars is read-only for every authenticated user (CVE-2020-26212)
  • [security] Insecure Direct Object References in ajax files (CVE-2020-27662 && CVE-2020-27663)

Note that some are present since a long time (version 0.68), but this time none of these issues was considered as high/critical.

We also fixed a lot of bugs, here are important ones:

  • we continue the work on stabilizing the usage of laminas/mail library:
    • Attachments were not imported as documents with specific content-disposition.
    • Some HTML mails were imported as text (and html was present in the description of the ticket).
  • For the dashboards:
    • Bars and lines graphs were animated not correct inn recent versions of chromium based browsers.
    • Default pages for users without dashboard were empty.
    • Adding some missing filters: tech users and tech groups.
  • Misc:
    • A new cli command to set GLPI configuration values.
    • Response time on personnal tab of index is now improved.
    • PHP8 compatibility.

The full changelog is available for more details.

We would like to thank all people who contributed to this new version and all those who contributes regularly to the GLPI project!