However, on a factory reset or when reinstalling the inventory agent, this UUID changes. And when an inventory is uploaded, GLPI will create a new device (because the serial number is different). It is now possible to define a serial number (with the one already stored in GLPI) to avoids duplication in the GLPI inventory.
The Agent Config plugin has also been updated, to feature a new QRCode / Deeplink on the device file containing the serial number.
Android compatibility
From Android 4 (Jelly Bean) to Android 13 (Sdk 33)
The 1.6.1 version specifically fixes SSL connections problems introduced with 1.6 version update for windows and MacOSX agents.
Here is a summary of the most important changes of the 1.6 version:
The NetDiscovery and NetInventory tasks has been heavily reworked:
the Parallel: ForlManager library is used as more stable on some environments,
the NetDiscovery task now supports the discovery of remote computers and can run ESX and RemoteInventory tasks. This feature is currently only used by the ToolBox plugin.
network device support has been enhanced again for different manufacturers like Cisco, Zebra, Aruba, Checkpoint, Citrix and Synology.
The ToolBox plugin now offers a full tasks management support and permits to configure the discovery of remote computers using ESX and RemoteInventory tasks. In ToolBox, the NetDiscovery task including automatic inventory tasks run is named “netscan”:
the inventory management page is now a list of local and remote inventory tasks,
the credentials management page permits to create credentials for ESX, WinRM and SSH,
a scheduling management page permits to define how to planify tasks runs,
the “remotes” page becomes obsolete and will be removed in next version,
a new option is available to add a navigation link toward the agent index page
The RemoteInventory task includes a fix on SSH connections and supports the connection timeouts configured by ToolBox plugin,
The ESX task has been enhanced to support the “netscan” task started from ToolBox plugin,
The Proxy plugin has been fixed to support compressed requests and store JSON inventories with a better file name when local storage option is enabled,
The Inventory task has also received many enhancements and fixes including:
the antivirus inventory support on MacOSX (Defender) and Linux (Defender and BitDefender),
the support for latest RustDesk versions for remote management discovery,
an enhanced support for LXC and LXD containers based virtualization on linux.
The MacOSX package has been udpated to use OpenSSL 3.1.4 and zlib 1.3,
The linux perl installer includes fixes and supports installation on many new systems,
The MSI windows installer includes few updates:
the GLPI-AgentMonitor community tool has been updated to 1.2.3 version and now supports spanish and russian languages,
a new installer option permits to just reconfigure the installed agent,
the deletion of log, var et etc folders has been fixed during uninstallation,
the VBS script has been fixed to check installation and especially avoid an installation failure is the MSI service is still in use.
This version is compatible with GLPI 10.0.10 or later.
⚠️ The plugin allows you to use GLPI 10.0.6 or older, but there are known incompatibilities, including fatal errors (due to some bugfixes / improvements). If you use an out-of-date maintenance release, update it first!
Bug Fixes
restoring ticket may create inconsistency in DB (3cf3e4ebd)
abstractitiltarget: ITIL category from template shall not take precedence (8f8d9a7c4)
category: translation feature of dropdowns not handled (6287f1b34)
A new GLPI version is available.This release fixes a critical security issue that have been recently discovered. Update is strongly recommended!You can download the GLPI 10.0.10 archive on GitHub.You will find below the list of security issues fixed in this bugfixes version:
[FIX] Fix some issues on SLA/OLA escalation levels computation.
[FIX] Fix some issues on search on numeric and dates fields.
The full changelog is available for more details.Download GLPI 10.0.10We would like to thank all people who contributed to this new version and all those who contributes regularly to the GLPI project!Regards.
This version is compatible with GLPI 10.0.⚠️ This release requires some bugfixes in GLPI to work properly. These bugfixes are included in GLPI 10.0.9 or later. Please, ensure your GLPI is up to date to prevent useless bug reports.
Bug Fixes
Adding READ right for display reservations menu tab (03e6281e)
Following the last releases of 10.0.8, a few annoying issues has been detected:
Update script uses a SQL function incompatible with MySQL 5.7 (#15141)
Private follow-ups and tasks are invisible to users with appropriate rights (#15128)
In the same time, a moderate security advisory has been reported (SQL injection in dashboard administration - CVE-2023-37278) and fixed in this release.
We released a new version to address these bugs, you can download the GLPI 10.0.9 archive on GitHub.
Une nouvelle version de GLPI est disponible.
This release fixes several security issues that have been recently discovered. Update is recommended!
This release includes a security fix related to CVE-2023-34254. You’ll only be concerned by this security alert if you’re using the remoteinventory task in the case of unix/linux remote inventory via ssh.
Here is a summary of the most important changes:
libxml2 library is now required for all the features using XML,
Windows keystore support has been extended to support more stores to ease GLPI SSL certificate validation,
inventory task has a lot of enhancements. In particular, some WMI timeouts has been fixed on windows and a new assetname-support option permits to choose to set asset name from short hostname or fqdn on unix/linux,
remoteinventory task includes several important fixes and has been enhanced to support remote inventory multi-threading thanks to the new remote-workers option,
netdiscovery and netinventory tasks also had their bunch of fixes and many new devices are now supported,
deploy, collect and ESX tasks also had few fixes and enhancements,
the embedded HTTPD interface can now use a basic authentication plugin to secure even more access, like for the ToolBox interface,
MacOSX packages have been updated to use OpenSSL 3.1.1 and zlib 1.2.13,
the 3.5 version of dmidecode has been included in windows and MacOSX packages,
the linux perl installer includes several fixes and now supports Oracle Linux 7 installation,
MSI packaging now permits to install GLPI-AgentMonitor community tool which provides interesting features for users via a systray icon, check the following project for more details: https://github.com/glpi-project/glpi-agentmonitor
Speaking about the MSI packaging, we decided to not sign the packages and provided binaries as code-signing SSL certificate providers are failing to provide us the required certificate in a reasonable time. So you may experience some security alerts until the MSI packages reputation has been nicely established.
⚠️ This release contains a fix which solves loss of file uploads when a validator edits the requester's answers before approval. This fix requires a patch for GLPI 10.0.7 or older. It is recommended to apply it. The patch is available here.
⚠️ This release contains a fix to prevent multiple form submission, causing requesters to submit several times their request. This fix depends on an other fix in GLPI 10.0.7 or older available here.
New version GLPI 10.0.7: A new GLPI version is available.
This release fixes several security issues that have been recently discovered. Update is recommended!
You can download the GLPI 10.0.7 archive on GitHub. We still maintain maintain the 9.5 branch for security fixes and we also release a new version for it: GLPI 9.5.13 archive
Vous trouverez ci-dessous la liste des problèmes de sécurité corrigés dans cette version corrective :
[SECURITY - High] SQL injection and Stored XSS via inventory agent request (CVE-2023-28849).
[SECURITY - High] Account takeover by authenticated user (CVE-2023-28632).
[SECURITY - High] SQL injection through dynamic reports (CVE-2023-28838).
[SECURITY - Moderate] Stored XSS through dashboard administration (CVE-2023-28852).
[SECURITY - Moderate] Stored XSS on external links (CVE-2023-28636).
[SECURITY - Moderate] Reflected XSS in search pages (CVE-2023-28639).
[SECURITY - Moderate] Privilege Escalation from technician to super-admin (CVE-2023-28634).
Pour offrir les meilleures expériences, nous utilisons des technologies telles que les cookies pour stocker et/ou accéder aux informations des appareils. Le fait de consentir à ces technologies nous permettra de traiter des données telles que le comportement de navigation ou les ID uniques sur ce site. Le fait de ne pas consentir ou de retirer son consentement peut avoir un effet négatif sur certaines caractéristiques et fonctions.
Fonctionnel
Toujours activé
L’accès ou le stockage technique est strictement nécessaire dans la finalité d’intérêt légitime de permettre l’utilisation d’un service spécifique explicitement demandé par l’abonné ou l’utilisateur, ou dans le seul but d’effectuer la transmission d’une communication sur un réseau de communications électroniques.
Préférences
L’accès ou le stockage technique est nécessaire dans la finalité d’intérêt légitime de stocker des préférences qui ne sont pas demandées par l’abonné ou l’internaute.
Statistiques
Le stockage ou l’accès technique qui est utilisé exclusivement à des fins statistiques.Le stockage ou l’accès technique qui est utilisé exclusivement dans des finalités statistiques anonymes. En l’absence d’une assignation à comparaître, d’une conformité volontaire de la part de votre fournisseur d’accès à internet ou d’enregistrements supplémentaires provenant d’une tierce partie, les informations stockées ou extraites à cette seule fin ne peuvent généralement pas être utilisées pour vous identifier.
Marketing
L’accès ou le stockage technique est nécessaire pour créer des profils d’internautes afin d’envoyer des publicités, ou pour suivre l’utilisateur sur un site web ou sur plusieurs sites web ayant des finalités marketing similaires.
