{"id":414438,"date":"2021-03-02T15:23:45","date_gmt":"2021-03-02T14:23:45","guid":{"rendered":"https:\/\/glpi-project.org\/?p=414438"},"modified":"2025-06-16T13:23:02","modified_gmt":"2025-06-16T12:23:02","slug":"glpi-9-5-4","status":"publish","type":"post","link":"https:\/\/www.glpi-project.org\/en\/glpi-9-5-4\/","title":{"rendered":"GLPI 9.5.4"},"content":{"rendered":"<blockquote>\n<p><strong><a href=\"https:\/\/www.teclib-edition.com\/en\/\" target=\"_blank\" rel=\"noopener\">Teclib\u2019<\/a> is happy to announce the release of GLPI 9.5.4.<\/strong><\/p>\n<p>\u00a0<\/p>\n<\/blockquote>\n<p>This release fixes several\u00a0<strong>medium<\/strong>\u00a0security issues that has been recently discovered. Update is recommended!<\/p>\n<p>You can download the\u00a0<strong><a href=\"https:\/\/github.com\/glpi-project\/glpi\/releases\/download\/9.5.4\/glpi-9.5.4.tgz\" target=\"_blank\" rel=\"noreferrer noopener\">GLPI 9.5.4 archive<\/a><\/strong>\u00a0on GitHub.<\/p>\n<p>Here is the list of security cases detected and fixed in this version:<\/p>\n<ul>\n<li class=\"\">[security] Horizontal Privilege Escalation (CVE-2021-21326 by <a href=\"https:\/\/github.com\/indevi0us\" target=\"_blank\" rel=\"noreferrer noopener\">@indevi0us<\/a>)<\/li>\n<li class=\"\">[security] Entities switch IDOR (CVE-2021-21255 by\u00a0<a href=\"https:\/\/github.com\/indevi0us\" target=\"_blank\" rel=\"noreferrer noopener\">@indevi0us<\/a>)<\/li>\n<li class=\"\">[security] XSS injection in ajax\/kanban (CVE-2021-21258 by\u00a0<a href=\"https:\/\/github.com\/lbpierre\" target=\"_blank\" rel=\"noreferrer noopener\">@lbpierre<\/a>)<\/li>\n<li class=\"\">[security] XSS injection on ticket update (CVE-2021-21314 by\u00a0<a href=\"https:\/\/github.com\/ArianeBlow\" target=\"_blank\" rel=\"noreferrer noopener\">@ArianeBlow<\/a>)<\/li>\n<li class=\"\">[security] Stored XSS on documents (CVE-2021-21312 by\u00a0<a href=\"https:\/\/github.com\/RedShellSec\" target=\"_blank\" rel=\"noreferrer noopener\">@RedShellSec<\/a>)<\/li>\n<li class=\"\">[security] XSS on tabs (CVE-2021-21313 by\u00a0<a href=\"https:\/\/github.com\/RedShellSec\" target=\"_blank\" rel=\"noreferrer noopener\">@RedShellSec<\/a>)<\/li>\n<li class=\"\">[security] Stored XSS in budget type (CVE-2021-21325 by\u00a0<a href=\"https:\/\/github.com\/lbpierre\" target=\"_blank\" rel=\"noreferrer noopener\">@lbpierre<\/a>)<\/li>\n<li class=\"\">[security] Remote objects instantiation (CVE-2021-21327 by\u00a0<a href=\"https:\/\/github.com\/vadymsoroka\" target=\"_blank\" rel=\"noreferrer noopener\">@vadymsoroka<\/a>)<\/li>\n<li class=\"\">[security] Insecure Direct Object Reference (IDOR) on \u201cSolutions\u201d (CVE-2021-21324 by\u00a0<a href=\"https:\/\/github.com\/indevi0us\" target=\"_blank\" rel=\"noreferrer noopener\">@indevi0us<\/a>)<\/li>\n<\/ul>\n<p>\u00a0<\/p>\n<p>Note that some are present since a long time (version 0.68), but this time none of these issues were considered as high\/critical.<\/p>\n<p>\u00a0<\/p>\n<p><strong>We also fixed a lot of bugs, here are the important ones:<\/strong><\/p>\n<ul>\n<li class=\"\">We continue the work on stabilising the usage of laminas\/mail library:\n<ul>\n<li class=\"\">Handle RFC5987 format in Content-Disposition header<\/li>\n<li class=\"\">Fix email attachement decoding logic<\/li>\n<li class=\"\">Fix tickets ID fetching from email headers<\/li>\n<\/ul>\n<\/li>\n<li class=\"\">For the dashboards:\n<ul>\n<li class=\"\">Fix graph counts<\/li>\n<li class=\"\">Add search filter criteria for widget by year<\/li>\n<li class=\"\">New filter \u2018my groups\u2019<\/li>\n<\/ul>\n<\/li>\n<li class=\"\">Misc:\n<ul>\n<li class=\"\">Populate meta criteria in a generic way<\/li>\n<li class=\"\">Make custom css from entity inheritables<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>The\u00a0<strong><a href=\"https:\/\/github.com\/glpi-project\/glpi\/milestone\/45?closed=1\" target=\"_blank\" rel=\"noreferrer noopener\">full changelog is available<\/a><\/strong>\u00a0for more details.<\/p>\n<p>We would like to thank all people who contributed to this new version and all those who contributes regularly to the GLPI project!\u00a0<\/p>\n<p>\u00a0<\/p>\n<blockquote>\n<p><strong>Need professional support? Check our options here: <a href=\"https:\/\/glpi-project.org\/subscriptions\/\">https:\/\/glpi-project.org\/subscriptions\/<\/a><\/strong><\/p>\n<\/blockquote>\n<p>\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Teclib\u2019 is happy to announce the release of GLPI 9.5.4. \u00a0 This release fixes several\u00a0medium\u00a0security issues that has been recently discovered. Update is recommended! You can download the\u00a0GLPI 9.5.4 archive\u00a0on GitHub. Here is the list of security cases detected and fixed in this version: [security] Horizontal Privilege Escalation (CVE-2021-21326 by @indevi0us) [security] Entities switch IDOR [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"categories":[155],"tags":[],"class_list":["post-414438","post","type-post","status-publish","format-standard","hentry","category-versions"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.glpi-project.org\/en\/wp-json\/wp\/v2\/posts\/414438","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.glpi-project.org\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.glpi-project.org\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.glpi-project.org\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.glpi-project.org\/en\/wp-json\/wp\/v2\/comments?post=414438"}],"version-history":[{"count":1,"href":"https:\/\/www.glpi-project.org\/en\/wp-json\/wp\/v2\/posts\/414438\/revisions"}],"predecessor-version":[{"id":436426,"href":"https:\/\/www.glpi-project.org\/en\/wp-json\/wp\/v2\/posts\/414438\/revisions\/436426"}],"wp:attachment":[{"href":"https:\/\/www.glpi-project.org\/en\/wp-json\/wp\/v2\/media?parent=414438"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.glpi-project.org\/en\/wp-json\/wp\/v2\/categories?post=414438"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.glpi-project.org\/en\/wp-json\/wp\/v2\/tags?post=414438"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}