{"id":441050,"date":"2026-06-23T10:00:00","date_gmt":"2026-06-23T08:00:00","guid":{"rendered":"https:\/\/www.glpi-project.org\/?p=441050"},"modified":"2026-06-23T15:39:47","modified_gmt":"2026-06-23T13:39:47","slug":"glpi-agent-1-18-has-been-released","status":"publish","type":"post","link":"https:\/\/www.glpi-project.org\/fr\/glpi-agent-1-18-has-been-released\/","title":{"rendered":"GLPI-Agent 1.18 est d\u00e9sormais disponible"},"content":{"rendered":"\n<p>You can download it on the GLPI Agent github project:&nbsp;<a href=\"https:\/\/github.com\/glpi-project\/glpi-agent\/releases\/tag\/1.18\" target=\"_blank\" rel=\"noopener\">https:\/\/github.com\/glpi-project\/glpi-agent\/releases\/tag\/1.18<\/a><\/p>\n\n\n\n<p>This new version is essentially a security fix release for the following security issues:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>[SECURITY -&nbsp;High] ToolBox plugin can allow unauthenticated path traversal (CVE-2026-40936)<\/li>\n\n\n\n<li>[SECURITY -&nbsp;High] MySQL and PostgreSQL database inventory command injection (CVE-2026-46615)<\/li>\n\n\n\n<li>[SECURITY -&nbsp;High] MongoDB database inventory Javascript injection (CVE-2026-45621)<\/li>\n\n\n\n<li>[SECURITY -&nbsp;High] Command injection via unsecured ToolBox plugin installation (CVE-2026-49285)<\/li>\n\n\n\n<li>[SECURITY -&nbsp;High] MSSQL database inventory command injection (CVE-2026-52764)<\/li>\n\n\n\n<li>[SECURITY -&nbsp;High] RCE in ToolBox Remotes page (CVE-2026-TODO)<\/li>\n\n\n\n<li>[SECURITY -&nbsp;Medium] File injection with Proxy plugin and rarely used configuration (CVE-2026-42187)<\/li>\n\n\n\n<li>[SECURITY -&nbsp;Medium] Oracle and DB2 database inventory SQL injection (CVE-2026-52765)<\/li>\n\n\n\n<li>[SECURITY -&nbsp;Medium] Deploy task Path Traversal in Tools::Archive (CVE-2026-52768)<\/li>\n\n\n\n<li>[SECURITY -&nbsp;Low] XSS on shared fields via unsecured ToolBox plugin installation<\/li>\n\n\n\n<li>[SECURITY -&nbsp;Low] XSS on credentials fields via unsecured ToolBox plugin installation<\/li>\n\n\n\n<li>[SECURITY -&nbsp;Low] Server-controlled regex compilation in Collect task<\/li>\n\n\n\n<li>[SECURITY -&nbsp;Low] Unvalidated process username use during Oracle database inventory<\/li>\n<\/ul>\n\n\n\n<p>The release also includes few bug fixes:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>NVMe SSD storage disks support on MacOSX<\/li>\n\n\n\n<li>Lxd containers inventory update on Linux<\/li>\n\n\n\n<li>Network inventory update to support NetApp, Ubnt and Digi devices<\/li>\n\n\n\n<li>ToolBox plugin security has been enhanced<\/li>\n\n\n\n<li>DWService Remote_management inventory support<\/li>\n<\/ul>\n\n\n\n<p>You can check changes details in the official online Changelog available here:&nbsp;<a href=\"https:\/\/github.com\/glpi-project\/glpi-agent\/blob\/1.18\/Changes\" target=\"_blank\" rel=\"noopener\">https:\/\/github.com\/glpi-project\/glpi-agent\/blob\/1.18\/Changes<\/a><\/p>\n\n\n\n<p>About packaging, here is what you should retain:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>On Windows, GLPI Agent uses Perl 5.42.2, OpenSSL 3.5.7 and updated building toolchain<\/li>\n\n\n\n<li>The MacOSX packaging now uses Perl 5.42.2 and OpenSSL 3.5.7<\/li>\n\n\n\n<li>The Linux Snap packaging now uses Perl 5.42.2<\/li>\n\n\n\n<li>The Linux perl script installer was updated to fix upgrade against nightly build installation<\/li>\n<\/ul>\n\n\n\n<p><strong>This time, we strongly encourage you to update your agents.<\/strong><\/p>\n\n\n\n<div class=\"wp-block-buttons is-layout-flex wp-block-buttons-is-layout-flex\">\n<div class=\"wp-block-button\"><a class=\"wp-block-button__link wp-element-button\" href=\"https:\/\/github.com\/glpi-project\/glpi-agent\/releases\/tag\/1.18\" target=\"_blank\" rel=\"noreferrer noopener\">Download GLPI Agent 1.18<\/a><\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>You can download it on the GLPI Agent github project:&nbsp;https:\/\/github.com\/glpi-project\/glpi-agent\/releases\/tag\/1.18 This new version is essentially a security fix release for the following security issues: The release also includes few bug fixes: You can check changes details in the official online Changelog available here:&nbsp;https:\/\/github.com\/glpi-project\/glpi-agent\/blob\/1.18\/Changes About packaging, here is what you should retain: This time, we strongly [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":441320,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"categories":[155],"tags":[],"class_list":["post-441050","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-versions"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.glpi-project.org\/fr\/wp-json\/wp\/v2\/posts\/441050","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.glpi-project.org\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.glpi-project.org\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.glpi-project.org\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.glpi-project.org\/fr\/wp-json\/wp\/v2\/comments?post=441050"}],"version-history":[{"count":6,"href":"https:\/\/www.glpi-project.org\/fr\/wp-json\/wp\/v2\/posts\/441050\/revisions"}],"predecessor-version":[{"id":441331,"href":"https:\/\/www.glpi-project.org\/fr\/wp-json\/wp\/v2\/posts\/441050\/revisions\/441331"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.glpi-project.org\/fr\/wp-json\/wp\/v2\/media\/441320"}],"wp:attachment":[{"href":"https:\/\/www.glpi-project.org\/fr\/wp-json\/wp\/v2\/media?parent=441050"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.glpi-project.org\/fr\/wp-json\/wp\/v2\/categories?post=441050"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.glpi-project.org\/fr\/wp-json\/wp\/v2\/tags?post=441050"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}