{"id":422014,"date":"2022-11-03T11:29:49","date_gmt":"2022-11-03T10:29:49","guid":{"rendered":"https:\/\/glpi-project.org\/?p=422014"},"modified":"2025-06-16T13:19:09","modified_gmt":"2025-06-16T12:19:09","slug":"new-glpi-version-10-0-4","status":"publish","type":"post","link":"https:\/\/www.glpi-project.org\/en\/new-glpi-version-10-0-4\/","title":{"rendered":"New GLPI version 10.0.4"},"content":{"rendered":"<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>A new GLPI version is available.<\/p><p>This release fixes several security issues that has been recently discovered. <strong>Update is recommended!<\/strong><\/p><\/blockquote><p>You can download the <strong><a href=\"https:\/\/github.com\/glpi-project\/glpi\/releases\/download\/10.0.4\/glpi-10.0.4.tgz\" target=\"_blank\" rel=\"noopener\">GLPI 10.0.4 archive<\/a><\/strong> on GitHub.<br>We also provide a security release for 9.5 branch : <strong><a href=\"https:\/\/github.com\/glpi-project\/glpi\/releases\/download\/9.5.10\/glpi-9.5.10.tgz\" target=\"_blank\" rel=\"noopener\">GLPI 9.5.10 archive<\/a><\/strong><\/p><p>You will find below the list of <strong>security issues fixed<\/strong> in this bugfixes version:<\/p><ul class=\"wp-block-list\"><li>[SECURITY - Low] Blind SSRF in RSS feeds and planning (CVE-2022-39276)<\/li><li>[SECURITY - Low] Stored XSS in user information (CVE-2022-39372)<\/li><li>[SECURITY - Low] Stored XSS in entity name (CVE-2022-39373)<\/li><li>[SECURITY - Low] Improper input validation on emails links (CVE-2022-39376)<\/li><li>[SECURITY - Moderate] Improper access to debug panel (CVE-2022-39370)<\/li><li>[SECURITY - Moderate] User's session persist after permanently deleting his account (CVE-2022-39234)<\/li><li>[SECURITY - Moderate] Stored XSS on login page (CVE-2022-39262)<\/li><li>[SECURITY - Moderate] XSS in external links (CVE-2022-39277)<\/li><li>[SECURITY - Moderate] XSS through public RSS feed (CVE-2022-39375)<\/li><li>[SECURITY - High] SQL Injection on REST API (CVE-2022-39323)<\/li><li>[SECURITY - High] Stored XSS through asset inventory (CVE-2022-39371)<\/li><\/ul><p>Also, here is a short list of <strong>main changes<\/strong> done in this version:<\/p><ul class=\"wp-block-list\"><li>[FIX] Increase significantly dashboards performance<\/li><li>[FIX] Several bugs on images pasting<\/li><li>[FIX] Fixed and improved inventory locks management<\/li><li>[FIX] Display of printer cartridges<\/li><li>[FIX] Display and hide actors tooltips in tickets<\/li><li>[FIX] Improve display of headers above forms<\/li><li>[FIX] Move breakpoints on responsive displays<\/li><li>[SECURITY] Inventory API is now disabled by default<\/li><li>[FEATURE] Dedicated rights has been added for inventory<\/li><\/ul><p>The <strong><a href=\"https:\/\/github.com\/glpi-project\/glpi\/milestone\/54?closed=1\" target=\"_blank\" rel=\"noopener\">full changelog is available<\/a><\/strong> for more details.<\/p><blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>We would like to thank all people who contributed to this new version and all those who contributes regularly to the GLPI project!<\/p><p>Regards.<\/p><\/blockquote>","protected":false},"excerpt":{"rendered":"<p>A new GLPI version is available. This release fixes several security issues that has been recently discovered. Update is recommended! You can download the GLPI 10.0.4 archive on GitHub.We also provide a security release for 9.5 branch : GLPI 9.5.10 archive You will find below the list of security issues fixed in this bugfixes version: [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"categories":[155],"tags":[7,42,67],"class_list":["post-422014","post","type-post","status-publish","format-standard","hentry","category-versions","tag-glpi","tag-glpi-releases","tag-release"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.glpi-project.org\/en\/wp-json\/wp\/v2\/posts\/422014","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.glpi-project.org\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.glpi-project.org\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.glpi-project.org\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.glpi-project.org\/en\/wp-json\/wp\/v2\/comments?post=422014"}],"version-history":[{"count":1,"href":"https:\/\/www.glpi-project.org\/en\/wp-json\/wp\/v2\/posts\/422014\/revisions"}],"predecessor-version":[{"id":436363,"href":"https:\/\/www.glpi-project.org\/en\/wp-json\/wp\/v2\/posts\/422014\/revisions\/436363"}],"wp:attachment":[{"href":"https:\/\/www.glpi-project.org\/en\/wp-json\/wp\/v2\/media?parent=422014"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.glpi-project.org\/en\/wp-json\/wp\/v2\/categories?post=422014"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.glpi-project.org\/en\/wp-json\/wp\/v2\/tags?post=422014"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}