GLPI v9.5.4 Release Notes

Release Date: 2021-03-02 // 2 months ago
  • ๐Ÿ”„ Changed

    • ๐Ÿ‘ iframe elements are not anymore allowed in rich text unless GLPI_ALLOW_IFRAME_IN_RICH_TEXT constant is defined to true

    API changes

    ๐Ÿ—„ Deprecated

    • Search::getMetaReferenceItemtype()

Previous changes from v9.5.3

  • ๐Ÿš€ This is a security release, upgrading is recommended

    ๐Ÿ”’ Note: those are medium security issues.

    ๐Ÿš€ Download it

    Non exhaustive list of changes:

    • ๐Ÿ”’ [security] Insecure Direct Object Reference on ajax/comments.php and ajax/getDropdownValue.php (CVE-2020-27662 and CVE-2020-27663)
    • ๐Ÿ”’ [security] Any CalDAV calendars is read-only for every authenticated user (CVE-2020-26212)
    • several dashboards issues
    • ๐Ÿ›  several fixes and enhancements with mail collector
    • ๐Ÿ†• new dashboard filters on tech users and tech groups
    • PHP8 compatibility
    • and more!

    ๐Ÿ‘€ See changelog for details.