{"id":424556,"date":"2023-03-28T11:47:38","date_gmt":"2023-03-28T09:47:38","guid":{"rendered":"https:\/\/glpi-project.org\/?p=424556"},"modified":"2025-06-16T13:18:11","modified_gmt":"2025-06-16T12:18:11","slug":"new-version-glpi-10-0-7","status":"publish","type":"post","link":"https:\/\/www.glpi-project.org\/fr\/new-version-glpi-10-0-7\/","title":{"rendered":"GLPI 10.0.7 is available!"},"content":{"rendered":"<p><strong>New version GLPI 10.0.7: A new GLPI version is available<\/strong>.<\/p><p>This release fixes several security issues that have been recently discovered. Update is recommended!<\/p><p>You can download the&nbsp;<strong><a href=\"https:\/\/github.com\/glpi-project\/glpi\/releases\/download\/10.0.7\/glpi-10.0.7.tgz\" target=\"_blank\" rel=\"noreferrer noopener\">GLPI 10.0.7 archive<\/a><\/strong>&nbsp;on GitHub.<br>We still maintain maintain the 9.5 branch for security fixes and we also release a new version for it:&nbsp;<strong><a href=\"https:\/\/github.com\/glpi-project\/glpi\/releases\/download\/9.5.13\/glpi-9.5.13.tgz\" target=\"_blank\" rel=\"noreferrer noopener\">GLPI 9.5.13 archive<\/a><\/strong><\/p><p>You will find below the list of security issues fixed in this bugfixes version:<\/p><ul class=\"wp-block-list\"><li class=\"\">[SECURITY - High] SQL injection and Stored XSS via inventory agent request (CVE-2023-28849).<\/li><li class=\"\">[SECURITY - High] Account takeover by authenticated user (CVE-2023-28632).<\/li><li class=\"\">[SECURITY - High] SQL injection through dynamic reports (CVE-2023-28838).<\/li><li class=\"\">[SECURITY - Moderate] Stored XSS through dashboard administration (CVE-2023-28852).<\/li><li class=\"\">[SECURITY - Moderate] Stored XSS on external links (CVE-2023-28636).<\/li><li class=\"\">[SECURITY - Moderate] Reflected XSS in search pages (CVE-2023-28639).<\/li><li class=\"\">[SECURITY - Moderate] Privilege Escalation from technician to super-admin (CVE-2023-28634).<\/li><li class=\"\">[SECURITY - Low] Blind Server-Side Request Forgery (SSRF) in RSS feeds (CVE-2023-28633).<\/li><\/ul><p>Also, here is a short list of main changes done in this version:<\/p><ul class=\"wp-block-list\"><li class=\"\">[SECURITY] Optional GLPI router to be able to use a safer web server root directory.<\/li><li class=\"\">[FEATURE] Support of SMTP OAuth authentication.<\/li><li class=\"\">[FEATURE] Improved inventory file upload feature.<\/li><li class=\"\">[FIX] Many fixes and improvements on native inventory.<\/li><li class=\"\">[FIX] Some bugs on PHP 8.2.<\/li><li class=\"\">[FIX] Caching issues on entities.<\/li><li class=\"\">[FIX] Boolean FullText operator not working on knowledge base search.<\/li><li class=\"\">[FIX] Unexpected search results when using negative condition on ticket actors.<\/li><li class=\"\">[FIX] Issues with LDAP filters\/DN.<\/li><li class=\"\">[FIX] Unexpected results when searching on knowledge base categories.<\/li><\/ul><p>The&nbsp;<strong><a href=\"https:\/\/github.com\/glpi-project\/glpi\/milestone\/59?closed=1\" target=\"_blank\" rel=\"noreferrer noopener\">full changelog is available<\/a><\/strong>&nbsp;for more details.<\/p><p>We would like to thank all people who contributed to this new version and all those who contributes regularly to the GLPI project!<\/p><p>Download GLPI now: <a href=\"https:\/\/glpi-project.org\/downloads\/\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/glpi-project.org\/downloads\/<\/a><\/p><p>Regards.<\/p>","protected":false},"excerpt":{"rendered":"<p>New version GLPI 10.0.7: A new GLPI version is available. This release fixes several security issues that have been recently discovered. Update is recommended! You can download the&nbsp;GLPI 10.0.7 archive&nbsp;on GitHub.We still maintain maintain the 9.5 branch for security fixes and we also release a new version for it:&nbsp;GLPI 9.5.13 archive You will find below [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"categories":[155],"tags":[7,42,22,72],"class_list":["post-424556","post","type-post","status-publish","format-standard","hentry","category-versions","tag-glpi","tag-glpi-releases","tag-new-release","tag-version-10-0-7"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.glpi-project.org\/fr\/wp-json\/wp\/v2\/posts\/424556","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.glpi-project.org\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.glpi-project.org\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.glpi-project.org\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.glpi-project.org\/fr\/wp-json\/wp\/v2\/comments?post=424556"}],"version-history":[{"count":1,"href":"https:\/\/www.glpi-project.org\/fr\/wp-json\/wp\/v2\/posts\/424556\/revisions"}],"predecessor-version":[{"id":436344,"href":"https:\/\/www.glpi-project.org\/fr\/wp-json\/wp\/v2\/posts\/424556\/revisions\/436344"}],"wp:attachment":[{"href":"https:\/\/www.glpi-project.org\/fr\/wp-json\/wp\/v2\/media?parent=424556"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.glpi-project.org\/fr\/wp-json\/wp\/v2\/categories?post=424556"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.glpi-project.org\/fr\/wp-json\/wp\/v2\/tags?post=424556"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}