{"id":440336,"date":"2026-04-29T10:00:00","date_gmt":"2026-04-29T09:00:00","guid":{"rendered":"https:\/\/www.glpi-project.org\/?p=440336"},"modified":"2026-04-29T11:17:51","modified_gmt":"2026-04-29T10:17:51","slug":"glpi-new-versions-11-0-7-and-10-0-25","status":"publish","type":"post","link":"https:\/\/www.glpi-project.org\/fr\/glpi-new-versions-11-0-7-and-10-0-25\/","title":{"rendered":"Nouvelles versions de GLPI : 11.0.7 et 10.0.25"},"content":{"rendered":"\n<h3 class=\"wp-block-heading\">Two new GLPI versions are available!<\/h3>\n\n\n\n<p>Today, we ship <strong>11.0.7<\/strong> and <strong>10.0.25<\/strong>. These releases contain security fixes, and we encourage you to update.<\/p>\n\n\n\n<p>Many bug fixes have also been made. Read the changelogs for more details:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/github.com\/glpi-project\/glpi\/milestone\/86?closed=1\" target=\"_blank\" rel=\"noopener\">11.0.7 changelog<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/github.com\/glpi-project\/glpi\/milestone\/87?closed=1\" target=\"_blank\" rel=\"noopener\">10.0.25 changelog<\/a><\/li>\n<\/ul>\n\n\n\n<p>You can download the new archives on GitHub:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/github.com\/glpi-project\/glpi\/releases\/download\/11.0.7\/glpi-11.0.7.tgz\" target=\"_blank\" rel=\"noopener\">11.0.7 archive<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/github.com\/glpi-project\/glpi\/releases\/download\/10.0.25\/glpi-10.0.25.tgz\" target=\"_blank\" rel=\"noopener\">10.0.25 archive<\/a><\/li>\n<\/ul>\n\n\n\n<p>You will find below the list of security issues fixed in these bugfix versions:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>[SECURITY - Low 10.0 &amp; 11.0] Unauthorized update of configuration<\/li>\n\n\n\n<li>[SECURITY - Low 10.0 &amp; 11.0] Unauthorized IMAP connection probing<\/li>\n\n\n\n<li>[SECURITY - Low 11.0] Unauthorized reading of a specific asset object<\/li>\n\n\n\n<li>[SECURITY - Low 11.0] Unauthorized modification of webhook payload templates<\/li>\n\n\n\n<li>[SECURITY - Low 11.0] Unauthorized Webhook CRA Validation SSRF<\/li>\n\n\n\n<li>[SECURITY - Low 11.0] Webhook CRA signature bypass<\/li>\n\n\n\n<li>[SECURITY - Low 11.0] Unauthorized resending of queued webhooks<\/li>\n\n\n\n<li>[SECURITY -\u00a0<mark>Medium<\/mark>\u00a011.0] Unauthorized export of form structure (CVE-2026-32312)<\/li>\n\n\n\n<li>[SECURITY -\u00a0<mark>Medium<\/mark>\u00a010.0 &amp; 11.0] Arbitrary files access (CVE-2026-42320)<\/li>\n\n\n\n<li>[SECURITY -\u00a0<mark>High<\/mark>\u00a010.0] Stored XSS in asset locks (CVE-2026-42321)[SECURITY -\u00a0<mark>High<\/mark>\u00a011.0] Stored XSS in knowledge base (CVE-2026-5385)<\/li>\n\n\n\n<li>[SECURITY -\u00a0<mark>High<\/mark>\u00a011.0] Stored XSS in ITIL Costs (CVE-2026-40108)<\/li>\n\n\n\n<li>[SECURITY -\u00a0<mark>High<\/mark>\u00a010.0 &amp; 11.0] Arbitrary item deletion via planning (CVE-2026-42318)<\/li>\n\n\n\n<li>[SECURITY -\u00a0<mark>High<\/mark>\u00a010.0 &amp; 11.0] Arbitrary files deletion by technician (CVE-2026-42317)<\/li>\n<\/ul>\n\n\n\n<p>We would like to thank all people who contributed to this new version and all those who contribute regularly to the GLPI project!<\/p>\n\n\n\n<p>Regards.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Two new GLPI versions are available! Today, we ship 11.0.7 and 10.0.25. These releases contain security fixes, and we encourage you to update. Many bug fixes have also been made. Read the changelogs for more details: You can download the new archives on GitHub: You will find below the list of security issues fixed in [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":440338,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"categories":[155],"tags":[],"class_list":["post-440336","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-versions"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.glpi-project.org\/fr\/wp-json\/wp\/v2\/posts\/440336","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.glpi-project.org\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.glpi-project.org\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.glpi-project.org\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.glpi-project.org\/fr\/wp-json\/wp\/v2\/comments?post=440336"}],"version-history":[{"count":3,"href":"https:\/\/www.glpi-project.org\/fr\/wp-json\/wp\/v2\/posts\/440336\/revisions"}],"predecessor-version":[{"id":440358,"href":"https:\/\/www.glpi-project.org\/fr\/wp-json\/wp\/v2\/posts\/440336\/revisions\/440358"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.glpi-project.org\/fr\/wp-json\/wp\/v2\/media\/440338"}],"wp:attachment":[{"href":"https:\/\/www.glpi-project.org\/fr\/wp-json\/wp\/v2\/media?parent=440336"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.glpi-project.org\/fr\/wp-json\/wp\/v2\/categories?post=440336"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.glpi-project.org\/fr\/wp-json\/wp\/v2\/tags?post=440336"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}