We are happy to announce our longterm partner in Spain - TICGAL has become a GOLD level!
TICGAL is a company built around GLPI. In our short history, they have helped more than 200 clients set up the standard solution or reshape GLPI to fit their needs by integrating standard and custom-tailored solutions.
Beyond the ITSM & ITAM native GLPI capabilities, TICGAL has transformed it into a CMMS or an ESM. They also edit a successful multiplatform mobile solution with geolocation capabilities.
Among many solutions, TICGAL offers:
- GLPI Support: consulting, installation, migrations, development, integrations and hosting;
- GLPI Developments: Plugins and extensions;
- GApp: a GLPI App, a project born from the need to provide an easy mobile access to GLPI, specially for end users, a.k.a. self-service.
Website: https://tic.gal/en/
We are excited that GLPI ITSM solution is becoming more and more represented all over the world and GLPI Network (our support offer for on-premises – get your IT Infrastructure secured) subscription service will be available for more customers through our new partners.
Our large partnership network is always open for new collaborations. If you are interested in representing one of our products in your country, get in touch with us: https://portal.glpi-network.com/marketplace/formcreator/front/formdisplay.php?id=15
Being a partner means:
- Having an a direct access to the Teclib´s tech expertise;
- Get special discounts;
- Access official support;
- Many other tools which will help you to gain more customers and increase reputation on the market by adding open source ITSM to your portfolio.
Discover all benefits of being a partner here: https://glpi-project.org/partners/
This version is compatible with GLPI 9.5.5 or later only. Users of GLPI 10 must use Formcreator 2.13 or later. Support of GLPI 9.5.4 and earlier has been dropped, see notes of version 2.11.3 to know the reason.
⚠️ Version 2.12.6 had missing files for LDAP questions. This release address this problem.
Help / Contribution needed
- Locales updates: Some languages don't have maintainer, or are late (many untranslated content). Please contribute on Transifex.
- documentation review and updates
Bug Fixes
This version is compatible with GLPI 10.0.
Upgrade from 2.13.0 or later
A database sanity check is done before running the upgrade. If the tables of the plugin have a difference with the expected schema the upgrade will fail with a message similar to the following:
The database schema is not consistent with the installed Formcreator 2.13.0. To see the logs enable the plugin and run the command bin/console glpi:database:check_schema_integrity -p formcreator
It is required to fix the database, using the diff produced by the CLI command given in the message. Once done, try again to upgrade.
ℹ️ If you know what you are doing you may bypass the sanity check from CLI with the following command.
bin/console glpi:plugin:install formcreator -f -p skip-db-check
Possible encoding problems in tickets created in GLPI 9.5 or older
⚠️ GLPI 10.0 encodes rich text content in a different way compared to GLPI 9.5. This revealed some bugs in the plugin in previous versions and GLPI may display old tickets with HTML tags. A CLI tool is available to fix 3 types of inconsistencies. You should test the command in a testing environment or do a backup first.
bin/console glpi:plugins:formcreator:clean_tickets
Bug Fixes
- abstractitiltarget: copy may generate unwanted ouput to navigator (8792ed3dc)
- abstracttarget: support for sla and ola from question (e4c6ffeb6)
- category: do not access page if the plugin is not active (a959839c7)
- category: don't activate plugin to access categories (4cd4f600e)
- checkboxesfield: back to BR (c8908f265)
- checkboxesfield: back to BR (56d1e7e94)
- checkboxesfield, radiosfield: checkboxes and radios backslashes (#3050) (47da0ea0a)
- common: captcha check (b2b7efc89)
- dashboard: fix dashboard height (712bdc8ad)
- datefield: change event and comparison (9da947783)
- filefield: do not assume index of files (a02a9c7ce)
- form: delete question does not reset preview tab (ad87ddc87)
- form: prevent SQL error (17aa94309)
- form: prevent sending two csrf tokens (c04c71bab)
- form: tab name must obey 'show count' setting (b89232eb3)
- form_language: call to undefined method (137a66047)
- formanswer: page switching loose filter (14d3ed7ac)
- install: bad command in error message (f357d9ca4)
- install: handle possible null while changing fields (0a847af4c)
- issue: access to saved searches from service catalog (b7481825a)
- issue: default joint for issue (631888e47)
- issue: show save button for followup edit (810c854f1)
- issue: sync issue fails when a ticket has several validators (3f51fbdd9)
- issue: useless criteria nesting (369fdb57b)
- selectfield: too many unescaping (706b70faa)
- targetticket: set request source if no rule specified (2e04680eb)
- textareadifield: error when deduplicating uploads (666d81395)
- wizard: consistent breadcrumb on several pages (6639cda03)
Features
This version is compatible with GLPI 9.5.5 or later only. Users of GLPI 10 must use Formcreator 2.13 or later. Support of GLPI 9.5.4 and earlier has been dropped, see notes of version 2.11.3 to know the reason.
⚠️ This version intends to fix compatibility with GLPI 9.5.10 and 9.5.11 which contains an upgrade of TinyMCE (used for rich text editors). Some other fixes are also available in this release; see the changelog.
⚠️ Important note: Some administrators use business rules relying on the request source field in tickets to distinguish tickets created by Formcreator. A change has been done in the plugin to allow customization of the request source via ticket templates. Target ticktets without template will lose the request source "Formcreator". If business rules use the request source "Formcreator" it is recommended to add a ticket template to target tickets, with a predefiend field "request source" set to "Formcreator".
Bug Fixes
- abstracttarget: retrieve sub itemtype from question (eccf3d1a)
- condition: empty sql IN statement (8e4d0491)
- dropdownfield,glpiselectfield: shiw item ID only on user preference (53dc3aeb)
- form: lightbulb always gray in darker theme (76a42bb4)
- glpiselectfield: bad WHERE criteria with entities (154a3531)
- glpiselectfield: comparison with regex (e6986b04)
- issue: performance problem in sync issue query (0e1761c9)
- issue: performance problem in sync issue query (74b38ec0)
- issue: requester replaced by author on ticket update (a8580a79)
- issue: sync issues problem when a ticket has several validators (backport 2.12) (#2971) (e3011590)
- radiosfield: accessibility from keyboard (e528aae7)
- targetticket: assign group actor from object (42aaadd4)
- textareafield: compatibility with GLPI 9.10 (a325a948)
- textareafield: compatibility with GLPI 9.5.10 (7f2ff1a9)
- textfield: remove invalid 'r' tokens (#3065) (da9d8dca)
- wizard: bad label when searching KB items (f469d048)
Features
- ldapselectfield: lazy loading (1afc6753)
Help / Contribution needed
- Locales updates: Some languages don't have maintainer, or are late (many untranslated content). Please contribute on Transifex.
- documentation review and updates
Following the last releases of 10.0.4 and 9.5.10, an annoying issue has been detected in one of the security fixes provided.
The user is logged out when he tries to switch to another entity.
So, we release new versions to address the bug, you can download them on github:
A new GLPI version is available.
This release fixes several security issues that has been recently discovered. Update is recommended!
You can download the GLPI 10.0.4 archive on GitHub.
We also provide a security release for 9.5 branch : GLPI 9.5.10 archive
You will find below the list of security issues fixed in this bugfixes version:
- [SECURITY - Low] Blind SSRF in RSS feeds and planning (CVE-2022-39276)
- [SECURITY - Low] Stored XSS in user information (CVE-2022-39372)
- [SECURITY - Low] Stored XSS in entity name (CVE-2022-39373)
- [SECURITY - Low] Improper input validation on emails links (CVE-2022-39376)
- [SECURITY - Moderate] Improper access to debug panel (CVE-2022-39370)
- [SECURITY - Moderate] User's session persist after permanently deleting his account (CVE-2022-39234)
- [SECURITY - Moderate] Stored XSS on login page (CVE-2022-39262)
- [SECURITY - Moderate] XSS in external links (CVE-2022-39277)
- [SECURITY - Moderate] XSS through public RSS feed (CVE-2022-39375)
- [SECURITY - High] SQL Injection on REST API (CVE-2022-39323)
- [SECURITY - High] Stored XSS through asset inventory (CVE-2022-39371)
Also, here is a short list of main changes done in this version:
- [FIX] Increase significantly dashboards performance
- [FIX] Several bugs on images pasting
- [FIX] Fixed and improved inventory locks management
- [FIX] Display of printer cartridges
- [FIX] Display and hide actors tooltips in tickets
- [FIX] Improve display of headers above forms
- [FIX] Move breakpoints on responsive displays
- [SECURITY] Inventory API is now disabled by default
- [FEATURE] Dedicated rights has been added for inventory
The full changelog is available for more details.
We would like to thank all people who contributed to this new version and all those who contributes regularly to the GLPI project!
Regards.
This version is compatible with GLPI 10.0.
Upgrade from 2.13.0 or later
A database sanity check is done before running the upgrade. If the tables of the plugin have a difference with the expected schema the upgrade will fail with a message similar to the following:
The database schema is not consistent with the installed Formcreator 2.13.0.
To see the logs enable the plugin and run the command bin/console glpi:database:check_schema_integrity -p formcreator
It is required to fix the database, using the diff produced by the CLI command given in the message. Once done, try again to upgrade.
ℹ️ If you know what you are doing you may bypass the sanity check from CLI with the following command.
bin/console glpi:plugin:install formcreator -f -p skip-db-check
Possible encoding problems in tickets created in GLPI 9.5 or older
⚠️ GLPI 10.0 encodes rich text content in a different way compared to GLPI 9.5. This revealed some bugs in the plugin in previous versions and GLPI may display old tickets with HTML tags. A CLI tool is available to fix 2 types of inconsistencies. You should test the command in a testing environment or do a backup first.
bin/console glpi:plugins:formcreator:clean_tickets
Bug Fixes
- just reencode br (cce2e7e1c)
- show KB items without category (91f4deb75)
- abstractitiltarget: email addresses were ignored (4c28a09b8)
- docs: mix of single and singular/plural locales (dc8f38cc3)
- dropdownfield: tree depth not restored in design dialog (af4096bba)
- fields: add default value to prevent SQL error (#2965) (19f039569)
- form: risk of selecting the wrong form in DOM (bb31fd163)
- form: submit once (b00844208)
- form: unescape form name (5b802658a)
- formanswer: PHP 8.1 compatbility, error message if invalid JSON detected (8ff7ff91a)
- formanswer: PHP 8.1 compatibility: null passed instead of string (297fb2713)
- formanswer: redirect after submission of targetless form (4d60239d1)
- requesttypefield: warning if comparing against empty value (dca5afb82)
- section: label for conditions in designer (01e570319)
- wizard: FAQ list (#3031) (bb0732ca7)
Features
- tool to repair escaping problem in some tickets (68db0ffda)
- form: submit forms once (abed86101)
- formanswer: notification with URL to generated objets (fa6a360f0)
- formanswer: restore toasts when craeting targets (f43df3ebb)
- install: show the DB diff when upgrade runs from CLI (#2994) (4abb099a6)
Help / Contribution needed
Locales updates: Some languages don’t have maintainer, or are late (many untranslated content). Please contribute on Transifex.
This version is compatible with GLPI 10.0.
⚠️ You must upgrade from a previous stable version. Upgrading from a development or testing version is not supported.
Bug Fixes
- inverted existence test on ticket update (2acc5cd4)
- log more errors, and update obsolete error logging (ae28ed6d)
- restore page redirections existing in v2.12 (582f926c)
- update obsolete error logging (da8929e0)
- abstractitiltarget: glpi 10.0.3 will require a data with a valid value (5f385bb8)
- actorfield: default value not saved (c3baebbe)
- actorfield: php warning (6d3e98d1)
- checkboxesfield: replace div with p in checkbowes answers (9ef95343)
- composite: php warning breaks JSON if a ticket is not generated (2108983c)
- descriptionfield: bad form rendering (87a74058)
- filefield: php error when switching field type to file (a03c7a0a)
- form: javascript (f05bc697)
- form: list on self service homepage (ba6d4a58)
- form: undefined var (169d2c8e)
- form: url to form answer lists may be invalid (6cd29e6d)
- install: avoid alter table fail (4dadea8a)
- install: missing method in upgrade to 2.13.1 (7e9cdcd5)
- issue: issue not deleted when tichet goes to trash bin (c977b1ca)
- issue: purge issue when deleting associated ticket (76444ecc)
- issue: recreate when restore ticket (2656e284)
- item_targetticket: uuid to ID conversion (e9f326c0)
- section: name encoding in designer and rendered form" (491dcb69)
- targetticket: bad constant name (48dda4f3)
- targetticket: table structure inconsistency (ff56f3f1)
- targetticket: table structure inconsistency (892a83c3)
- targetticket,targetchange: tags from queestion or specific tags not saved (ec08d95e)
Features
- prepare compatibility with PHP 8.2 (#2966) (4bb7f3c3)
- formanswer,issue: show title in navigation header (1878e4b0)
- kb: preselect see all categorie (1b669d4f)
Help / Contribution needed
Locales updates: Some languages don’t have maintainer, or are late (many untranslated content). Please contribute on Transifex.
A new GLPI version is available.
This release fixes several critical security issues that has been recently discovered. Update is strongly recommended!
You can download the GLPI 10.0.3 archive on GitHub.
Exceptionally, as we have critical security issues that affects GLPI 9.5, we also release a GLPI 9.5.9 archive.
You’ll find below the list of security issues fixed in this bugfixes version:
- [SECURITY] XSS through registration API (CVE-2022-35945)
- [SECURITY] Leak of sensitive information through login page error (CVE-2022-31143)
- [SECURITY] Stored XSS through global search (CVE-2022-31187)
- [SECURITY] [critical] Command injection using a third-party library script (CVE-2022-35914)
- [SECURITY] SQL injection through plugin controller (CVE-2022-35946)
- [SECURITY] [critical] Authentication via SQL injection (CVE-2022-35947)
- [SECURITY] Blind Server-Side Request Forgery (SSRF) in RSS feeds and planning (CVE-2022-36112)
Also, here is a short list of main changes done in this version:
- [FEATURE] More precise rights checks on inventory (#12610)
- [FEATURE] Display of last inventoried value for locked fields (#12602)
- [FEATURE] Permit to use rules to add computers as virtual machines (#12572)
- [SECURITY] Delegate session cookies security to sysadmin (#12302)
- [FIX] Prevent collector failure on invalid mail header (#12232)
- [FIX] Many fixes on network inventory
The full changelog is available for more details.
We would like to thank all people who contributed to this new version and all those who contributes regularly to the GLPI project!
Regards.
This version is compatible with GLPI 10 only.
documentation review and updates
Bug Fixes
- cannot delete a ticket from service catalog (acec9bb8)
- abstractitiltarget: alternative email lost if no requester user (78fd8450)
- abstracttarget: uuid should not be updated (b1e492d3)
- checkboxesfield: avoid HTML br tag (c3a60bbb)
- condition: compatibility with Advanced forms validation (6685b943)
- descriptinfield: conversion to target requires escaping (b79cfa95)
- filefield: mandatory check may cause exception (3f711a54)
- form: PHP warning (844ef96c)
- form: bad URL when using advanced form validation plugin (adb9fba5)
- formanswer: grid style updated for current version of gridstack (85b6a686)
- formanswer: select inherited class if needed (955dc969)
- formanswer: update gridstack css (70deaa06)
- glpiselectfield: missing entity restrict (40c9ab73)
- install: prevent useless warnings (001d12f5)
- install: use modern settings for tables (f04e4181)
- issue: remove duplicate item in status dropdown (27f9f313)
- ldapselectfield: log LDAP error instead of showing it to user (e170dc6f)
- ldapselectfield: no translation for items (d170c79c)
- targetticket: prevent exception in inconsistent target ticket (ba6ed88e)
- textarea: on change event broken (9fb70edb)
- textarea: rn chars added between lines (66571b80)
- textarea, entityconfig: embedded image question description (#2901) (0d78db1a)
- textareafield: embedded image upload broken (d58075cd)
- textareafield: missing escape before compare (ba78e935)
Features
- formanswer: order formanswers by date desc (7fdeda51)
- ldapselectfield: lazy loading (bffcb5b7)
Help / Contribution needed
Locales updates: Some languages don’t have maintainer, or are late (many untranslated content). Please contribute on Transifex.
Check the changelog & download
