This version is compatible with GLPI 10.0.
⚠️ File / image upload removed from public forms
In GLPI 10.0.5 contains a fix which breaks ability to upload files from a public form. It not possible restore this feature without introducing a security problem. Therefore, in this version, it is no longer possible to add a question of type File in a public form. Questions of type Textarea won't allow users to upload pictures anymore.
It is recommended to update your public forms to remove questions of type File. If you don't, then requesters will encounter problems when they try to upload files.
Upgrade from 2.13.0 or later
A database sanity check is done before running the upgrade. If the tables of the plugin have a difference with the expected schema the upgrade will fail with a message similar to the following:
The database schema is not consistent with the installed Formcreator 2.13.0. To see the logs enable the plugin and run the command bin/console glpi:database:check_schema_integrity -p formcreator
It is required to fix the database, using the diff produced by the CLI command given in the message. Once done, try again to upgrade.
ℹ️ If you know what you are doing you may bypass the sanity check from CLI with the following command.
bin/console glpi:plugin:install formcreator -f -p skip-db-check
Bug Fixes
- add missing domain for public forms translation (#3162) (970f183c6)
- duplicate key when updating a profile (1bd6a2ab6)
- remote glpi prefix for commands (651444a27)
- abstractitiltarget: set priority from urgency and impact (#3178) (1269edd51)
- checkboxes: better display (f8fe93a63)
- checkboxes: padding between items (a62f879ce)
- condition: infinite loop detection (172d5e8eb)
- dropdownfield: prevent ambiguous column name (b54523219)
- form: remove obsolete translations on update (3cc58ac7d)
- form: rename form answer properties tab (a3395179d)
- form_language: avoid persistent rich editor toolbar when closing modal (11a8808b5)
- form_language: display problems when translating (93073e656)
- form_language: filter out obsolete translations (b38555c5e)
- formanswer: access restriction (a9451d982)
- install: distinguish error messages for sanity check (b798bf264)
- notifications: missing lang tags (3cad18562)
- question: missing conditions count after update (ea185beb8)
- question: updating a question returns sanitized label (936ccd475)
- radios: update escaping of valies (c940e1764)
- radiosfield: better display (fe6c2e8d0)
- restrictedformcriteria: bad key when generating error message (6cabca1fe)
- targetchange,targetproblem: harmonize implemetnation with targetticket (1ba402de0)
- targetchange,targetproblem: missed code refactor (e24d2fc13)
- targetticket: wrong property label (fd3d30973)
- textareafield: target ticket shows HTML when image uploaded (56fc8d54d)
- translation: avoid rn when using formatted rich (html) text (24113a353)
Fonctionnalités
This version is compatible with GLPI 10.0.
Upgrade from 2.13.0 or later
A database sanity check is done before running the upgrade. If the tables of the plugin have a difference with the expected schema the upgrade will fail with a message similar to the following:
The database schema is not consistent with the installed Formcreator 2.13.0. To see the logs enable the plugin and run the command bin/console glpi:database:check_schema_integrity -p formcreator
It is required to fix the database, using the diff produced by the CLI command given in the message. Once done, try again to upgrade.
ℹ️ If you know what you are doing you may bypass the sanity check from CLI with the following command.
bin/console glpi:plugin:install formcreator -f -p skip-db-check
Bug Fixes
- handle undefined setting for service catalog homepage (411ae3597)
- typo in french locale (f61ded17a)
- abstractitiltarget: multiple tag questions set but not displayed in designer (90f2a95d8)
- checkboxesfield,multiselectfield: default value not displayed (8f36ab726)
- composite: ignore link to non existing ticket (8502d4b16)
- condition: allow longer texts (eecdf8a2a)
- condition: display of tested question shows wrong item (5d34da8b4)
- condition: width of question dropdown (ce0389efd)
- dropdownfield: empty SQL IN statement when restricted tickets rights (5c5244a85)
- form: image upload handling in header field (5dc66a5ef)
- formanswer: default search filter hides legit access (2dc9f8e3f)
- formanswer: malformed search option (5339b7912)
- formanswer: missing newline between sections of fullform tag (61122bc93)
- formanswer: temporary disable debug mode (e9e8da484)
- formanswer, textfield, textareafield: escaping (3e0666d4d)
- glpiselectfield: cannot set empty value by default for entity question (fe2130bbe)
- glpiselectfield: restore entity restriction for users (e525b3a82)
- helpdesk: better handling of users that can't see tickets (a93f03126)
- install: add empty schema for new version (817a9ec7e)
- install: resync not needed in upgrade to 2.13.4 (d66a12017)
- install: typo in method name (eac5d77ac)
- issue: follow entity change on ticket transfer (434bd3572)
- issues: Tooltip consistency with core (c45d21550)
- question: subtype plural and appliance in bad group (1f780370a)
- tagfield: php warning (cc4b673a8)
- targetticket: allow more itemtypes to associated elements (#3155) (cee504c24)
- textfield: useless HTML entity encode (c3d03b51e)
Fonctionnalités
- drop support for GLPI 10.1 (a99a8bcb2)
- dropdownfield: always show ticket id (0190adac9)
- issue: access tickets from service catalog (a6b4f19d0)
- question: add support for database sub itemtype (45126012d)
- wizard: selectable home page in service catalog (95103fe54)
Une nouvelle version de GLPI est disponible.
This release fixes several security issues that have been recently discovered. Update is recommended!
You can download the GLPI 10.0.6 archive on GitHub.
We still maintain maintain the 9.5 branch for security fixes and we also release a new version for it: GLPI 9.5.12 archive
Vous trouverez ci-dessous la liste des problèmes de sécurité corrigés dans cette version corrective :
- [SECURITY - High] Unauthorized access to inventory files (CVE-2023-22500)
- [SECURITY - Moderate] XSS on browse views (CVE-2023-22722)
- [SECURITY - Moderate] XSS on external links (CVE-2023-22725)
- [SECURITY - Moderate] XSS in RSS Description Link (CVE-2023-22724)
- [SECURITY - Moderate] Unauthorized access to data export (CVE-2023-23610)
- [SECURITY - Low] Stored XSS inside Standard Interface Help Link href attribute (CVE-2022-41941)
Also, here is a short list of main changes done in this version:
- [FEATURE] Unmanaged devices can be handled like a real asset.
- [FEATURE] Handle more actions for stale inventory agents.
- [FEATURE] Added new dictionnary rules for OS.
- [CHANGED] Removed
glpi: prefix on console commands. - [FIX] PHP 8.2 support.
- [FIX] Many fixes and improvements on native inventory.
- [FIX] Reservation display on self-service profile.
- [FIX] Mail collector issues with emails sent from Outlook.
- [FIX] Dashboard issues on “All” tab.
- [FIX] Ticket input is restored when submitted form is not complete.
- [FIX] Notification was not sent when ticket status was set to “pending”.
Le journal des modifications complet est disponible pour plus de détails.
Nous tenons à remercier toutes les personnes qui ont contribué à cette nouvelle version et tous ceux qui contribuent régulièrement au projet GLPI !
Cordialement.
We are happy to announce our longterm partner in Spain - TICGAL has become a GOLD level!
TICGAL is a company built around GLPI. In our short history, they have helped more than 200 clients set up the standard solution or reshape GLPI to fit their needs by integrating standard and custom-tailored solutions.
Beyond the ITSM & ITAM native GLPI capabilities, TICGAL has transformed it into a CMMS or an ESM. They also edit a successful multiplatform mobile solution with geolocation capabilities.
Among many solutions, TICGAL offers:
- GLPI Support: consulting, installation, migrations, development, integrations and hosting;
- GLPI Developments: Plugins and extensions;
- GApp: a GLPI App, a project born from the need to provide an easy mobile access to GLPI, specially for end users, a.k.a. self-service.
Website: https://tic.gal/en/
We are excited that GLPI ITSM solution is becoming more and more represented all over the world and GLPI Network (our support offer for on-premises – get your IT Infrastructure secured) subscription service will be available for more customers through our new partners.
Our large partnership network is always open for new collaborations. If you are interested in representing one of our products in your country, get in touch with us: https://portal.glpi-network.com/marketplace/formcreator/front/formdisplay.php?id=15
Being a partner means:
- Having an a direct access to the Teclib´s tech expertise;
- Get special discounts;
- Access official support;
- Many other tools which will help you to gain more customers and increase reputation on the market by adding open source ITSM to your portfolio.
Discover all benefits of being a partner here: https://glpi-project.org/partners/
This version is compatible with GLPI 9.5.5 or later only. Users of GLPI 10 must use Formcreator 2.13 or later. Support of GLPI 9.5.4 and earlier has been dropped, see notes of version 2.11.3 to know the reason.
⚠️ Version 2.12.6 had missing files for LDAP questions. This release address this problem.
Help / Contribution needed
- Locales updates: Some languages don't have maintainer, or are late (many untranslated content). Please contribute on Transifex.
- documentation review and updates
Bug Fixes
This version is compatible with GLPI 10.0.
Upgrade from 2.13.0 or later
A database sanity check is done before running the upgrade. If the tables of the plugin have a difference with the expected schema the upgrade will fail with a message similar to the following:
The database schema is not consistent with the installed Formcreator 2.13.0. To see the logs enable the plugin and run the command bin/console glpi:database:check_schema_integrity -p formcreator
It is required to fix the database, using the diff produced by the CLI command given in the message. Once done, try again to upgrade.
ℹ️ If you know what you are doing you may bypass the sanity check from CLI with the following command.
bin/console glpi:plugin:install formcreator -f -p skip-db-check
Possible encoding problems in tickets created in GLPI 9.5 or older
⚠️ GLPI 10.0 encodes rich text content in a different way compared to GLPI 9.5. This revealed some bugs in the plugin in previous versions and GLPI may display old tickets with HTML tags. A CLI tool is available to fix 3 types of inconsistencies. You should test the command in a testing environment or do a backup first.
bin/console glpi:plugins:formcreator:clean_tickets
Bug Fixes
- abstractitiltarget: copy may generate unwanted ouput to navigator (8792ed3dc)
- abstracttarget: support for sla and ola from question (e4c6ffeb6)
- category: do not access page if the plugin is not active (a959839c7)
- category: don't activate plugin to access categories (4cd4f600e)
- checkboxesfield: back to BR (c8908f265)
- checkboxesfield: back to BR (56d1e7e94)
- checkboxesfield, radiosfield: checkboxes and radios backslashes (#3050) (47da0ea0a)
- common: captcha check (b2b7efc89)
- dashboard: fix dashboard height (712bdc8ad)
- datefield: change event and comparison (9da947783)
- filefield: do not assume index of files (a02a9c7ce)
- form: delete question does not reset preview tab (ad87ddc87)
- form: prevent SQL error (17aa94309)
- form: prevent sending two csrf tokens (c04c71bab)
- form: tab name must obey 'show count' setting (b89232eb3)
- form_language: call to undefined method (137a66047)
- formanswer: page switching loose filter (14d3ed7ac)
- install: bad command in error message (f357d9ca4)
- install: handle possible null while changing fields (0a847af4c)
- issue: access to saved searches from service catalog (b7481825a)
- issue: default joint for issue (631888e47)
- issue: show save button for followup edit (810c854f1)
- issue: sync issue fails when a ticket has several validators (3f51fbdd9)
- issue: useless criteria nesting (369fdb57b)
- selectfield: too many unescaping (706b70faa)
- targetticket: set request source if no rule specified (2e04680eb)
- textareadifield: error when deduplicating uploads (666d81395)
- wizard: consistent breadcrumb on several pages (6639cda03)
Fonctionnalités
This version is compatible with GLPI 9.5.5 or later only. Users of GLPI 10 must use Formcreator 2.13 or later. Support of GLPI 9.5.4 and earlier has been dropped, see notes of version 2.11.3 to know the reason.
⚠️ This version intends to fix compatibility with GLPI 9.5.10 and 9.5.11 which contains an upgrade of TinyMCE (used for rich text editors). Some other fixes are also available in this release; see the changelog.
⚠️ Important note: Some administrators use business rules relying on the request source field in tickets to distinguish tickets created by Formcreator. A change has been done in the plugin to allow customization of the request source via ticket templates. Target ticktets without template will lose the request source "Formcreator". If business rules use the request source "Formcreator" it is recommended to add a ticket template to target tickets, with a predefiend field "request source" set to "Formcreator".
Bug Fixes
- abstracttarget: retrieve sub itemtype from question (eccf3d1a)
- condition: empty sql IN statement (8e4d0491)
- dropdownfield,glpiselectfield: shiw item ID only on user preference (53dc3aeb)
- form: lightbulb always gray in darker theme (76a42bb4)
- glpiselectfield: bad WHERE criteria with entities (154a3531)
- glpiselectfield: comparison with regex (e6986b04)
- issue: performance problem in sync issue query (0e1761c9)
- issue: performance problem in sync issue query (74b38ec0)
- issue: requester replaced by author on ticket update (a8580a79)
- issue: sync issues problem when a ticket has several validators (backport 2.12) (#2971) (e3011590)
- radiosfield: accessibility from keyboard (e528aae7)
- targetticket: assign group actor from object (42aaadd4)
- textareafield: compatibility with GLPI 9.10 (a325a948)
- textareafield: compatibility with GLPI 9.5.10 (7f2ff1a9)
- textfield: remove invalid 'r' tokens (#3065) (da9d8dca)
- wizard: bad label when searching KB items (f469d048)
Fonctionnalités
- ldapselectfield: lazy loading (1afc6753)
Help / Contribution needed
- Locales updates: Some languages don't have maintainer, or are late (many untranslated content). Please contribute on Transifex.
- documentation review and updates
Following the last releases of 10.0.4 and 9.5.10, an annoying issue has been detected in one of the security fixes provided.
The user is logged out when he tries to switch to another entity.
So, we release new versions to address the bug, you can download them on github:
Une nouvelle version de GLPI est disponible.
This release fixes several security issues that has been recently discovered. Update is recommended!
You can download the GLPI 10.0.4 archive on GitHub.
We also provide a security release for 9.5 branch : GLPI 9.5.10 archive
You will find below the list of security issues fixed in this bugfixes version:
- [SECURITY - Low] Blind SSRF in RSS feeds and planning (CVE-2022-39276)
- [SECURITY - Low] Stored XSS in user information (CVE-2022-39372)
- [SECURITY - Low] Stored XSS in entity name (CVE-2022-39373)
- [SECURITY - Low] Improper input validation on emails links (CVE-2022-39376)
- [SECURITY - Moderate] Improper access to debug panel (CVE-2022-39370)
- [SECURITY - Moderate] User's session persist after permanently deleting his account (CVE-2022-39234)
- [SECURITY - Moderate] Stored XSS on login page (CVE-2022-39262)
- [SECURITY - Moderate] XSS in external links (CVE-2022-39277)
- [SECURITY - Moderate] XSS through public RSS feed (CVE-2022-39375)
- [SECURITY - High] SQL Injection on REST API (CVE-2022-39323)
- [SECURITY - High] Stored XSS through asset inventory (CVE-2022-39371)
Also, here is a short list of main changes done in this version:
- [FIX] Increase significantly dashboards performance
- [FIX] Several bugs on images pasting
- [FIX] Fixed and improved inventory locks management
- [FIX] Display of printer cartridges
- [FIX] Display and hide actors tooltips in tickets
- [FIX] Improve display of headers above forms
- [FIX] Move breakpoints on responsive displays
- [SECURITY] Inventory API is now disabled by default
- [FEATURE] Dedicated rights has been added for inventory
The full changelog is available for more details.
Nous tenons à remercier toutes les personnes qui ont contribué à cette nouvelle version et tous ceux qui contribuent régulièrement au projet GLPI !
Cordialement.
This version is compatible with GLPI 10.0.
Upgrade from 2.13.0 or later
A database sanity check is done before running the upgrade. If the tables of the plugin have a difference with the expected schema the upgrade will fail with a message similar to the following:
The database schema is not consistent with the installed Formcreator 2.13.0.
To see the logs enable the plugin and run the command bin/console glpi:database:check_schema_integrity -p formcreator
It is required to fix the database, using the diff produced by the CLI command given in the message. Once done, try again to upgrade.
ℹ️ If you know what you are doing you may bypass the sanity check from CLI with the following command.
bin/console glpi:plugin:install formcreator -f -p skip-db-check
Possible encoding problems in tickets created in GLPI 9.5 or older
⚠️ GLPI 10.0 encodes rich text content in a different way compared to GLPI 9.5. This revealed some bugs in the plugin in previous versions and GLPI may display old tickets with HTML tags. A CLI tool is available to fix 2 types of inconsistencies. You should test the command in a testing environment or do a backup first.
bin/console glpi:plugins:formcreator:clean_tickets
Bug Fixes
- just reencode br (cce2e7e1c)
- show KB items without category (91f4deb75)
- abstractitiltarget: email addresses were ignored (4c28a09b8)
- docs: mix of single and singular/plural locales (dc8f38cc3)
- dropdownfield: tree depth not restored in design dialog (af4096bba)
- fields: add default value to prevent SQL error (#2965) (19f039569)
- form: risk of selecting the wrong form in DOM (bb31fd163)
- form: submit once (b00844208)
- form: unescape form name (5b802658a)
- formanswer: PHP 8.1 compatbility, error message if invalid JSON detected (8ff7ff91a)
- formanswer: PHP 8.1 compatibility: null passed instead of string (297fb2713)
- formanswer: redirect after submission of targetless form (4d60239d1)
- requesttypefield: warning if comparing against empty value (dca5afb82)
- section: label for conditions in designer (01e570319)
- wizard: FAQ list (#3031) (bb0732ca7)
Fonctionnalités
- tool to repair escaping problem in some tickets (68db0ffda)
- form: submit forms once (abed86101)
- formanswer: notification with URL to generated objets (fa6a360f0)
- formanswer: restore toasts when craeting targets (f43df3ebb)
- install: show the DB diff when upgrade runs from CLI (#2994) (4abb099a6)
Help / Contribution needed
Locales updates: Some languages don’t have maintainer, or are late (many untranslated content). Please contribute on Transifex.
