GLPI is the Information Resource-Manager with an additional Administration- Interface. You can use it to build up a database with an inventory for your company (computer, software, printers...). It has enhanced functions to make the daily life for the administrators easier, like a job-tracking-system with mail-notification and methods to (...)
21 September 2013
A security update (GLPI 0.84.2) was published on September 12th 2013 in order to correct a security issue in the installation process.
As always, we have highly incited our users to update their GLPI.
We have just discovered that a company is publishing on the web a complete script which enables to massively exploit this security issue.
In order to avoid any malevolence, we strongly and urgently recommend all our users to update their GLPI with the 0.84.2 version.
If you can’t update your GLPI, you can simply delete the ’intall/’ directory along with its content.
We totally disapprove of this kind of behaviour which, on the one hand, goes against the open-source ethics and on the other hand jeopardizes our users who are not responsible of our own mistakes.
Over the past tens years, we have always quoted and thanked the people who find security issues in our application. When such a problem occurs, our team of volunteers, who respect our users, work day and night to publish as quickly as possible a corrected version. It seems that not everyone is as respectful of users as we are...