Two new GLPI versions are available.

Wednesday, December 3, 11.0.3 and 10.0.21 were shipped, but soon after a few annoying regressions has been detected, and so a need for new releases.

Many bug fixes have also been made, read changelogs for more details:

• 11.0.3 changelog
• 10.0.21 changelog

You can download the new archives on GitHub:

• 11.0.4 archive
• 10.0.22 archive

You will find below the list of security issues fixed in theses bugfix version:

• [SECURITY - HIGH - 11.0/10.0] Unauthorized access to documents (CVE-2025-64516)
• [SECURITY - HIGH - 11.0] Unauthenticated SQL injection (CVE-2025-66417)

• [SECURITY - MODERATE - 10.0] Unauthenticated Stored XSS through the inventory endpoint (CVE-2025-59935)
• [SECURITY - MODERATE - 10.0] Unauthorized access to Knowledge Base items through the API (CVE-2025-64520)

We would like to thank all people who contributed to this new version and all those who contributes regularly to the GLPI project!

Regards.

A new GLPI version is available: GLPI 11.0.2

You can download the GLPI 11.0.2 archive on GitHub. 

Also, here is a short list of important bug fixes included in this version:

• Various fixes and additions to the native forms feature
• Several session issues, warnings, and errors in the CLI context
• Improvements to GenericObjects, FormCreator and Fields plugins migrations

There are also a lot of additions in the new HLAPI, now in 2.1 version, to add fields (notably in Tickets) previously missing. We also ship support for the following objects:

• Config
• Service levels
• Reminders
• RSS Feeds 
• Reservations

The full changelog is available for more details.

We would like to thank all people who contributed to this new version and all those who contributes regularly to the GLPI project!

Regards.

Follow GLPI on social media for more news!

A new GLPI version is available: GLPI 11.0.1

Following the major release of GLPI 11, here is the first bugfixes version, correcting most of reported issues.

We will continue to fix the remaining reported issues in the coming weeks. In the meantime if you experience an issue, feel free to check if there is already a report and make one if not so that it can be addressed.

You can download the GLPI 11.0.1 archive on GitHub. 

Also, here is a short list of important bugfixes done in this version:

• Revert auto association of a technician with a ticket if he is assigned a ticket task (#21232)
• Fix secured Inventory endpoint when HLAPI is disabled (#21238)
• Dashboard not saving correctly after changes (#21239)
• Search page display issues on sort/default search (#21147)
• Add missing information on define itemtype rules for Network Equipments (#21271)

The full changelog is available for more details.

We would like to thank all people who contributed to this new version and all those who contributes regularly to the GLPI project!

Regards.

Follow GLPI on social media for more news!

We are proud to announce the official release of GLPI 11, the latest major version of our open-source software. After months of development and community testing, GLPI 11 is now stable and ready for production.

What’s new ?

While the full list of changes can be found in the detailed changelog, here are some of the most important highlights:

• 📦 Native custom assets: Create any type of assets to be included in the first menu, adapt theirs behaviors and their fields
• 📝 Integrated forms: With a new interactive editor, create pretty forms for your technicians and end-users.
• 🛎️ New self-service portal: Help your users to discover the services you offer.
• 🛡️ 2FA: Strengthen the authentication to GLPI
• ⚡ Webhooks: Triggers HTTP calls to external applications
• and more…

Get Started with GLPI 11 Today

You can download the new stable release here:

• 📦 GLPI 11 Archive
• 🐳 Official Docker Image

Documentation has also been updated to guide you through the upgrade process and help you make the most of GLPI 11.

What’s Next?

In the coming months, we’ll continue to:

• Monitor feedback and release patches when needed.
• Expand integrations and plugins to enrich the ecosystem.
• Explore new innovations to keep GLPI a modern, reliable ITSM platform.

🩵 A huge thank you to our community for their contributions in testing, translating, all the help given to complete this version.

A new GLPI version is available.

Some bug fixes have also been made since GLPI 10.0.19, read the full changelog for more details.

You can download the GLPI 10.0.20 archive on GitHub.

We would like to thank all people who contributed to this new version and all those who contributes regularly to the GLPI project!

Regards.

Follow us on our social networks for more news

A new GLPI version is available.

Many bug fixes have also been made, read the full changelog for more details.

You can download the GLPI 10.0.19 archive on GitHub.

You will find below the list of security issues fixed in this bugfixes version:

• Stored XSS on projects kanban (CVE-2025-27514)
• Blind SSRF in RSS feeds and planning (CVE-2025-52567)
• XSS and open redirection in planning (CVE-2025-52897)
• Mail receiver credentials exfiltration (CVE-2025-53008)
• Reservations modification by unauthorized user (CVE-2025-53357)
• Access to unallowed items information through external links (CVE-2025-53113)
• Data exposure to non allowed users (CVE-2025-53111)
• Data removal from allowed users (CVE-2025-53112)
• Unauthorized rules execution order update (CVE-2025-53105)

We would like to thank all people who contributed to this new version and all those who contributes regularly to the GLPI project!

GLPI Agent 1.15 has been released.

We are proud to announce this new release comes with signed windows MSI package and signed windows binaries.

You can download it on the GLPI Agent github project: https://github.com/glpi-project/glpi-agent/releases/tag/1.15

This version comes with some fixes and enhancements and here are the essential ones:

• Agent deviceid will be updated on startup if assetname-support option or even hostname changes
• Fixed “No Valid Agentid set on HTTP Client” error during ToolBox remote inventory tasks run
• Fixed CrowdStrike Falcon AV support on linux
• Fixed TeamViewer ID remote management inventory on linux
• Added support for Astra Linux distribution inventory
• Fixed MSSQL database inventory
• Also support inventory task event for server target if not partial
• Fixed virtualmachine type for linux Hyper-V VMs
• Fixed fqdn support on linux
• Fixed one possible perl error during ESX inventory
• Fixed glpi-injector when submitting a json inventory from stdin
• Added Digipower PDUs SNMP Support

About packaging, here is what you should retain:

• Windows MSI installer and windows binaries are now signed
• On Windows, Perl is built using a patched 5.40.2 version including a patch fixing perl CVE-2025-40909. It uses now OpenSSL 3.5.0, libxml2 library v2.14.3, GLPI-AgentMonitor 1.4.1 and dmidecode 3.6-update-1. Also Perl locale support has been disabled as not used.
• The MacOSX packaging now uses OpenSSL 3.5.0.

You can check changes details in the official online Changelog available here: https://github.com/glpi-project/glpi-agent/blob/1.15/Changes

As usual, we invite you to update your agents to take advantage of these improvements.

Stay connected! Follow us on our social media platforms!

We’re excited to introduce a powerful new feature in our OauthSSO plugin!

The latest major release of OauthSSO brings expanded compatibility with the addition of a new authentication provider: Apple.

This means users can now log in using their Apple account, alongside the existing authentication options—making access to GLPI even more seamless.

📘 Learn more by checking out the full documentation.

🔔 Reminder: This plugin is available starting from the Basic subscription level and is included in our Cloud offer.

Please feel free to share this news and start exploring the new feature today!

We are pleased to announce that GLPI Agent 1.14 is now available — update now!

You can download it from the official project page on GitHub: https://github.com/glpi-project/glpi-agent/releases/tag/1.14

This version brings a few fixes and improvements, including:

• We have a new minor fix related to task triggering from the local HTTP interface
• SNMP inventory now supports advanced configuration which can be used to inventory Snom IP phones
• MS Defender antivirus detection is fixed on Windows Server
• Inventory of Crowdstrike Falcon antivirus has been added for Windows, Linux, and MacOSX
• We fixed the MS Store inventory when software still appears installed for a deleted user
• PostgreSQL database inventory has been fixed for Windows
• We also improved network inventory for HP printers and storage, Netgear stacked devices, Dell EMC devices, Katusha printers, and Quantum Linux appliances
• The Collect task now supports retrieval of REG_MULTI_SZ type registry keys

Regarding packages, here are the highlights:

• On Windows, Perl is now compiled with version 5.40.2 (patched), msys2-base 20250221, and libxml2 v2.14.1
• The MacOSX package now uses Perl v5.40.2

You can review the full changelog in the official Changelog available online here: https://github.com/glpi-project/glpi-agent/blob/1.14/Changes

We recommend updating your agents to take advantage of these improvements.

Stay connected! Follow us on social media so you don’t miss any updates!

Download GLPI Agent 1.13 Now!

You can download it from the official project page on GitHub: https://github.com/glpi-project/glpi-agent/releases/tag/1.13

This version brings a few fixes and improvements, including:

• We fixed a regression introduced in 1.12 where the Deploy task was no longer executed when triggered from the local HTTP interface
• On first contact with a GLPI 10+ server, the GLPI agent will now also send supported tasks
• On systems where a proxy is defined by environment variables, you can now set proxy to none to not use this proxy system configuration
• We introduced a new required-category setting to help use GLPI business rules when full inventory reporting is enabled. This forces inclusion of a category in partial inventory even if content has not changed.
• We added itemtype and esx-itemtype configurations if the server supports generic asset types like GLPI 11+ will
• MS Defender and SentinelOne antivirus are now inventoried on Windows Server
• HP printer wifi ports are now recognized as wireless
• Improved support for FortiSwitch and TP-Link Omada network devices

Regarding packages, here's what to note:

• The Windows MSI installer wrongly suggested that user and password were for proxy authentication; we corrected this and clarified the corresponding installer window to show they are for basic HTTP authentication, a common method supported by GLPI-Network Cloud
• The corrected MSI installer window now also allows setting OAuth id and secret if the server supports OAuth authentication like GLPI 11+ will
• On Windows, Perl is now compiled in version 5.40.1 with OpenSSL v3.4.1 support, msys2-base 20241208, libxml2 library v2.13.6 and dmidecode 3.6
• The MacOSX package now uses Perl v5.40.1 and OpenSSL v3.4.1

You can check the full list of changes in the official Changelog available here: https://github.com/glpi-project/glpi-agent/blob/1.13/Changes

As usual, we recommend updating your agents to take advantage of these improvements.

Stay connected! Follow us on social media to never miss an update!