This version specifically fixes 2 critical security issues related to MSI packaging on windows:
CVE-2024-28240: A local user could modify the GLPI Agent configuration to gain higher privileges.
CVE-2024-28241: A local user could modify the GLPI-Agent installation to gain higher privileges, but only when GLPI Agent is not installed in the default installation folder.
These security issues impact all Windows installation performed with MSI packaging.
We encourage you to upgrade all these agents as soon as possible!
Anyway you don’t need to upgrade to 1.7.2 after updating to 1.7.1 if your GLPI Agent was not installed on windows with the MSI package.
Une nouvelle version de GLPI est disponible.
Due to a few regressions in the last (10.0.13), an early release is available.
The 1.7.1 version specifically fixes SSL connections problems introduced with 1.7 version update for windows and MacOSX agents but only when you’re using windows keystore or macosx keychain to publish the ssl chain validation for your GLPI server.
You don’t need to update to 1.7.1 after updating to 1.7 if you’re not in that case.
GLPI Agent 1.7 has been released.
You're encouraged to upgrade your GLPI agents or migrate if you're still using FusionInventory agents.
Here is a summary of the most important changes of the 1.7 version:
some important fixes have been made on ToolBox plugin in relation with NetDiscovery and RemoteInventory tasks:
the defined timeout will only apply on connection tries during discovery where the agent backend-collect-timeout configuration will apply on the inventory
a possible locking issue while running the discovery has been fixed
we updated the way we define the “Agent Folder” local target in inventory tasks configuration to have a more appropriate sens when the agent is running as a service
an issue blocking the submission of JSON remote inventory was fixed
for NetDiscovery and NetInventory tasks, we also have:
an enhanced support of Toshiba printers
a fix related to the support of LLDP connection datas analysis
for ToolBox plugin, we also fixed the export button on the results page
the RemoteInventory task also includes:
a fix for the inventory of softwares from a windows remote with a windows agent
a fix for computer FQDN and domain inventory
an update to support timezone inventory
an update to support printer inventory via ssh using perl mode
a fix for an error preventing ssh inventory because of a wrong option in the “ssh” mode
the ESX task has been fixed to work as expected with the GlpiInventory plugin without living the job in a “ko” status with just “n/a” as description while the inventory is still normally integrated
the Inventory task has received few improvements:
the support of SentinelOne antivirus on linux. It was implemented by a community contributor, many thanks to him !
the assetname-support option has been updated to authorize forcing the asset name with its FQDN on linux. Also that option also changes the computing of the agent name in the same way.
a fix related to the inventory of network cards on linux
an update to find the wifi card network speed on linux
the MacOSX package has been udpated to use OpenSSL 3.2.0
the Apple AppID for the MacOSX package has been updated
the 1.6 and 1.6.1 linux perl installers had a problem generating an error during agent update and this is now fixed
to optimize the running time while using a server url with SSL support, we decided to no more try to export the ssl key store if any of the options providing SSL server certificate authentication is still used
About the MSI windows installer, it appears the used perl version is now completely outdated and requires a very big update. This essentially concerns the OpenSSL and libssh2 libraries, the last been used for remote inventory. As we use StrawberryPerl and this project decided to no more support the 32 bits perl version, we decided the 1.7 version will be the last to provide GLPI Agent in 32 bits. This perl update will be the main goal of the next 1.8 version.
Une nouvelle version de GLPI est disponible.
This release fixes a few security issues that have been recently discovered. Update is recommended!
[SECURITY - high] SQL injection through inventory agent request (CVE-2023-46727)
[SECURITY - high] Remote code execution from LDAP server configuration form on PHP 7.4 (CVE-2023-46726)
On this last point, we wanted to recall the 7.4 version of PHP is very outdated and not supported anymore by the developers! You should upgrade on a recent version, at least 8.2 (8.0 will be outdated at the end of the year and 8.1 will be only with security fixes).
Also, here is a short list of main changes done in this version:
[UX] Enhance pending reasons display
[FIX] various LDAP fixes (timeout, location import, deletion/restoration scenarios)
[FIX] several inventory fixes (unmanaged assets reconciliation, rules for phones, rules logs for discovery, Cisco stacks, removal of remote management)
[FIX] several performance enhancements (defer entity tree loading, strong enhancement on actors loading, all assets query execution time, web cron removal, dual ajax call for tab loading)
[TASK] highlights of security requirements on install/update page. Some options like PHP versions, web folder setup are suggested with a strong visual.
However, on a factory reset or when reinstalling the inventory agent, this UUID changes. And when an inventory is uploaded, GLPI will create a new device (because the serial number is different). It is now possible to define a serial number (with the one already stored in GLPI) to avoids duplication in the GLPI inventory.
The Agent Config plugin has also been updated, to feature a new QRCode / Deeplink on the device file containing the serial number.
Android compatibility
From Android 4 (Jelly Bean) to Android 13 (Sdk 33)
The 1.6.1 version specifically fixes SSL connections problems introduced with 1.6 version update for windows and MacOSX agents.
Here is a summary of the most important changes of the 1.6 version:
The NetDiscovery and NetInventory tasks has been heavily reworked:
the Parallel: ForlManager library is used as more stable on some environments,
the NetDiscovery task now supports the discovery of remote computers and can run ESX and RemoteInventory tasks. This feature is currently only used by the ToolBox plugin.
network device support has been enhanced again for different manufacturers like Cisco, Zebra, Aruba, Checkpoint, Citrix and Synology.
The ToolBox plugin now offers a full tasks management support and permits to configure the discovery of remote computers using ESX and RemoteInventory tasks. In ToolBox, the NetDiscovery task including automatic inventory tasks run is named “netscan”:
the inventory management page is now a list of local and remote inventory tasks,
the credentials management page permits to create credentials for ESX, WinRM and SSH,
a scheduling management page permits to define how to planify tasks runs,
the “remotes” page becomes obsolete and will be removed in next version,
a new option is available to add a navigation link toward the agent index page
The RemoteInventory task includes a fix on SSH connections and supports the connection timeouts configured by ToolBox plugin,
The ESX task has been enhanced to support the “netscan” task started from ToolBox plugin,
The Proxy plugin has been fixed to support compressed requests and store JSON inventories with a better file name when local storage option is enabled,
The Inventory task has also received many enhancements and fixes including:
the antivirus inventory support on MacOSX (Defender) and Linux (Defender and BitDefender),
the support for latest RustDesk versions for remote management discovery,
an enhanced support for LXC and LXD containers based virtualization on linux.
The MacOSX package has been udpated to use OpenSSL 3.1.4 and zlib 1.3,
The linux perl installer includes fixes and supports installation on many new systems,
The MSI windows installer includes few updates:
the GLPI-AgentMonitor community tool has been updated to 1.2.3 version and now supports spanish and russian languages,
a new installer option permits to just reconfigure the installed agent,
the deletion of log, var et etc folders has been fixed during uninstallation,
the VBS script has been fixed to check installation and especially avoid an installation failure is the MSI service is still in use.
This version is compatible with GLPI 10.0.10 or later.
⚠️ The plugin allows you to use GLPI 10.0.6 or older, but there are known incompatibilities, including fatal errors (due to some bugfixes / improvements). If you use an out-of-date maintenance release, update it first!
Bug Fixes
restoring ticket may create inconsistency in DB (3cf3e4ebd)
abstractitiltarget: ITIL category from template shall not take precedence (8f8d9a7c4)
category: translation feature of dropdowns not handled (6287f1b34)
Pour offrir les meilleures expériences, nous utilisons des technologies telles que les cookies pour stocker et/ou accéder aux informations des appareils. Le fait de consentir à ces technologies nous permettra de traiter des données telles que le comportement de navigation ou les ID uniques sur ce site. Le fait de ne pas consentir ou de retirer son consentement peut avoir un effet négatif sur certaines caractéristiques et fonctions.
Fonctionnel
Toujours activé
L’accès ou le stockage technique est strictement nécessaire dans la finalité d’intérêt légitime de permettre l’utilisation d’un service spécifique explicitement demandé par l’abonné ou l’utilisateur, ou dans le seul but d’effectuer la transmission d’une communication sur un réseau de communications électroniques.
Préférences
L’accès ou le stockage technique est nécessaire dans la finalité d’intérêt légitime de stocker des préférences qui ne sont pas demandées par l’abonné ou l’internaute.
Statistiques
Le stockage ou l’accès technique qui est utilisé exclusivement à des fins statistiques.Le stockage ou l’accès technique qui est utilisé exclusivement dans des finalités statistiques anonymes. En l’absence d’une assignation à comparaître, d’une conformité volontaire de la part de votre fournisseur d’accès à internet ou d’enregistrements supplémentaires provenant d’une tierce partie, les informations stockées ou extraites à cette seule fin ne peuvent généralement pas être utilisées pour vous identifier.
Marketing
L’accès ou le stockage technique est nécessaire pour créer des profils d’internautes afin d’envoyer des publicités, ou pour suivre l’utilisateur sur un site web ou sur plusieurs sites web ayant des finalités marketing similaires.
