Maintainer Pavel Zilke in the sisyphus branch: Information
Maintainer name: Pavel Zilke (zidex)
Built source packages in this branch: 4
Last changes
Mar 25, 2024, 11:34 PM
#343562 sent by Pavel Zilke
IT and asset management software
March 25, 2024 Pavel Zilke:
- New version 10.0.14 - Due to a few regressions in the last (10.0.13), an early release is available.
Feb 18, 2024, 05:37 PM
#340947 sent by Pavel Zilke
IT and asset management software
Feb. 2, 2024 Pavel Zilke:
- New version 10.0.12 - This release fixes a security issue that has been recently discovered. Update is recommended! - Security fixes: + CVE-2024-23645 : Reflected XSS in reports pages + CVE-2023-51446 : LDAP Injection during authentication ()
Jan 4, 2024, 11:22 AM
#337677 sent by Pavel Zilke
IT Operations Portal
Jan. 4, 2024 Pavel Zilke:
- New version 3.1.1.1 - Security fixes: + CVE-2023-48710 : Restrict pages/exec.php to PHP files + CVE-2023-48709 : Fix CSV injection in Excel from an iTop CSV export file + CVE-2023-46734 : Fix potential XSS vulnerabilities in TWIG CodeExtension filters + CVE-2023-47123 : Fix XSS vulnerability in n:n relations "tagset" widget + CVE-2023-47622 : Fix XSS vulnerabilities in ajax operations + CVE-2023-47626 : Fix XSS vulnerabilities in authent token + CVE-2023-44396 : Fix XSS vulnerabilities in dashlet ajax operations + CVE-2023-43790 : Fix XSS vulnerabilities in friendlyname in object details + CVE-2023-38511 : Fix dashboard allowing to load multiple files and urls + CVE-2023-45808 : Fix object creation in non allowed org by forging http query in both Console and Portal
Dec 19, 2023, 11:54 AM
#336741 sent by Pavel Zilke
Dec 15, 2023, 12:35 AM
#336499 sent by Pavel Zilke
IT and asset management software
Dec. 14, 2023 Pavel Zilke:
- New version 10.0.11 - This release fixes a security issue that has been recently discovered. Update is recommended! - Security fixes: + CVE-2023-43813 : Authenticated SQL Injection + CVE-2023-46727 : SQL injection through inventory agent request + CVE-2023-46726 : Remote code execution from LDAP server configuration form on PHP 7.4 - Deleted glpi-php8.0
Oct 7, 2023, 12:52 AM
#331146 sent by Pavel Zilke
IT and asset management software
Oct. 1, 2023 Pavel Zilke:
- New version 10.0.10 - This release fixes a security issue that has been recently discovered. Update is recommended! - Security fixes: + CVE-2023-42802 : Unallowed PHP script execution + CVE-2023-41320 : Account takeover via SQL Injection in UI layout preferences + CVE-2023-41326 : Account takeover via Kanban feature + CVE-2023-41324 : Account takeover through API + CVE-2023-42462 : File deletion through document upload process + CVE-2023-41321 : Sensitive fields enumeration through API + CVE-2023-41322 : Privilege Escalation from technician to super-admin + CVE-2023-41323 : Users login enumeration by unauthenticated user + CVE-2023-41888 : Phishing through a login page malicious URL + CVE-2023-42461 : SQL injection in ITIL actors
Oct 7, 2023, 12:34 AM
#331144 sent by Pavel Zilke
IT Operations Portal
Aug. 11, 2023 Pavel Zilke:
- New version 3.1.0.2 - Security fixes: + CVE-2022-24894 : Prevent storing cookie headers in HttpCache (Symfony framework vulnerability) + CVE-2022-31402 : XSS vulnerability via /itop/webservices/export-v2.php + CVE-2022-39261 : Twig lib vulnerability - Added itop-php8.1 - Deleted itop-php8.0
Jul 26, 2023, 12:16 AM
#325568 sent by Pavel Zilke
IT and asset management software
July 13, 2023 Pavel Zilke:
- New version 10.0.9 - This release fixes several security issues that has been recently discovered. Update is recommended! - Security fixes: + CVE-2023-37278 : SQL injection in dashboard administration - Deleted glpi-php7
May 25, 2023, 06:45 PM
#321861 sent by Pavel Zilke
IT Operations Portal
May 25, 2023 Pavel Zilke:
- New version 3.0.3 - Security fixes: + CVE-2021-46743 : Firebase PHP-JWT key/algorithm type confusion + CVE-2022-31403 : XSS vulnerability via /itop/pages/ajax.render.php + CVE-2022-31402 : XSS vulnerability via /itop/webservices/export-v2.php - Added itop-php8.0 - Deleted itop-php7
May 15, 2023, 11:22 AM
#320515 sent by Pavel Zilke
IT and asset management software
May 13, 2023 Pavel Zilke:
- New version 10.0.7 - This release fixes several security issues that has been recently discovered. Update is recommended! - Security fixes: + CVE-2023-28849 : SQL injection and Stored XSS via inventory agent request + CVE-2023-28632 : Account takeover by authenticated user + CVE-2023-28838 : SQL injection through dynamic reports + CVE-2023-28852 : Stored XSS through dashboard administration + CVE-2023-28636 : Stored XSS on external links + CVE-2023-28639 : Reflected XSS in search pages + CVE-2023-28634 : Privilege Escalation from technician to super-admin + CVE-2023-28633 : Blind Server-Side Request Forgery (SSRF) in RSS feeds
Mar 18, 2023, 01:08 PM
#316952 sent by Pavel Zilke
IT and asset management software
Jan. 24, 2023 Pavel Zilke:
- New version 10.0.6 - This release fixes several security issues that has been recently discovered. Update is recommended! - Security fixes: + CVE-2023-22500 : Unauthorized access to inventory files + CVE-2023-22722 : XSS on browse views + CVE-2023-22725 : XSS on external links + CVE-2023-22724 : XSS in RSS Description Link + CVE-2023-23610 : Unauthorized access to data export + CVE-2022-41941 : Stored XSS inside Standard Interface Help Link href attribute - Added glpi-php8.2
Nov 4, 2022, 09:56 PM
#309499 sent by Pavel Zilke
IT and asset management software
Nov. 4, 2022 Pavel Zilke:
- New version 10.0.4 - This release fixes several security issues that has been recently discovered. Update is recommended! - Security fixes: + CVE-2022-39276 : Blind SSRF in RSS feeds and planning + CVE-2022-39372 : Stored XSS in user information + CVE-2022-39373 : Stored XSS in entity name + CVE-2022-39376 : Improper input validation on emails links + CVE-2022-39370 : Improper access to debug panel + CVE-2022-39234 : User's session persist after permanently deleting his account + CVE-2022-39262 : Stored XSS on login page + CVE-2022-39277 : XSS in external links + CVE-2022-39375 : XSS through public RSS feed + CVE-2022-39323 : SQL Injection on REST API + CVE-2022-39371 : Stored XSS through asset inventory
Sep 15, 2022, 04:08 AM
#306812 sent by Pavel Zilke
IT and asset management software
Sept. 14, 2022 Pavel Zilke:
- New version 10.0.3 - This release fixes several critical security issues that has been recently discovered. Update is strongly recommended! - Security fixes: + CVE-2022-35945 : XSS through registration API + CVE-2022-31143 : Leak of sensitive information through login page error + CVE-2022-31187 : Stored XSS through global search (CVE-2022-31187) + CVE-2022-35914 : [critical] Command injection using a third-party library script + CVE-2022-35946 : SQL injection through plugin controller + CVE-2022-35947 : [critical] Authentication via SQL injection + CVE-2022-36112 : Blind Server-Side Request Forgery (SSRF) in RSS feeds and planning
Jul 23, 2022, 12:03 AM
#304144 sent by Pavel Zilke
IT and asset management software
July 22, 2022 Pavel Zilke:
- New version 10.0.2 - This is a security release, upgrading is recommended - Security fixes: + CVE-2022-31061 : Unauthenticated SQL injection on login page + CVE-2022-31056 : SQL injection on actor part in assistance forms + CVE-2022-31068 : Unauthenticated Sensitive Data Exposure on Refused Inventory Files
Jun 10, 2022, 11:20 PM
#301769 sent by Pavel Zilke
IT and asset management software
June 10, 2022 Pavel Zilke:
- New version 10.0.1 - This is a security release, upgrading is recommended - The GLPI licence has been moved to GPLv3+
May 20, 2022, 11:53 PM
#300291 sent by Pavel Zilke
IT and asset management software
April 20, 2022 Pavel Zilke:
- New version 10.0.0 - Added glpi-php8.0 - Added glpi-php8.1
Mar 11, 2022, 10:50 AM
#296500 sent by Pavel Zilke
IT and asset management software
Jan. 27, 2022 Pavel Zilke:
- New version 9.5.7 - This is a security release, upgrading is recommended - Security fixes: + CVE-2022-21720 : SQL injection using custom CSS administration form + CVE-2022-21719 : Reflected XSS using reload button
Oct 13, 2021, 02:39 AM
#286922 sent by Pavel Zilke
IT and asset management software
Oct. 12, 2021 Pavel Zilke:
- New version 9.5.6 - This is a security release, upgrading is recommended - Security fixes: + CVE-2021-39211 : Disclosure of GLPI and server informations in telemetry endpoint + CVE-2021-39210 : Autologin cookie accessible by scripts + CVE-2021-39209 : Bypassable CSRF protection on ajax endpoints + CVE-2021-39213 : Bypassable IP restriction on GLPI API using custom header injection
May 13, 2021, 01:09 AM
#271713 sent by Pavel Zilke
IT and asset management software
May 13, 2021 Pavel Zilke:
- New version 9.5.5 - This is a security release, upgrading is recommended - Security fixes: + CVE-2021-3486 : Stored XSS in plugins information
Mar 31, 2021, 07:35 PM
#268732 sent by Pavel Zilke
IT and asset management software
March 31, 2021 Pavel Zilke:
- New version 9.5.4 - This is a security release, upgrading is recommended - Security fixes: + CVE-2021-21326 : Horizontal Privilege Escalation + CVE-2021-21255 : entities switch IDOR + CVE-2021-21258 : XSS injection in ajax/kanban + CVE-2021-21314 : XSS injection on ticket update + CVE-2021-21312 : Stored XSS on documents + CVE-2021-21313 : XSS on tabs + CVE-2021-21325 : Stored XSS in budget type + CVE-2021-21327 : Unsafe Reflection in getItemForItemtype() + CVE-2021-21324 : Insecure Direct Object Reference (IDOR) on "Solutions"
Dec 25, 2020, 02:40 AM
#263868 sent by Pavel Zilke
IT and asset management software
Dec. 5, 2020 Pavel Zilke:
- New version 9.5.3 - This is a security release, upgrading is recommended - Security fixes: + CVE-2020-27662 : Insecure Direct Object Reference on ajax/comments.php + CVE-2020-27663 : Insecure Direct Object Reference on ajax/getDropdownValue.php + CVE-2020-26212 : Any CalDAV calendars is read-only for every authenticated user
Oct 27, 2020, 02:25 PM
#260499 sent by Pavel Zilke
Jul 13, 2020, 10:29 PM
#254895 sent by Pavel Zilke
IT and asset management software
June 7, 2020 Pavel Zilke:
- New version 9.4.6 - This is a security release, upgrading is highly recommended
Apr 9, 2020, 09:59 PM
#249700 sent by Pavel Zilke
IT Operations Portal
April 9, 2020 Pavel Zilke:
- New version 2.6.3 - Security fixes: + CVE-2019-19821 : Improper Privilege Management - Removed Python requirements
Dec 29, 2019, 08:03 AM
#243687 sent by Pavel Zilke
Jun 25, 2019, 10:27 AM
#233139 sent by Pavel Zilke
IT and asset management software
June 25, 2019 Pavel Zilke:
- New version 9.4.2 - This is a security release, upgrading is highly recommended
Apr 17, 2019, 10:01 AM
#227264 sent by Pavel Zilke
IT and asset management software
April 17, 2019 Pavel Zilke:
- New version 9.4.2 - This is a security release, upgrading is highly recommended
Apr 16, 2019, 07:39 PM
#227235 sent by Pavel Zilke
Apr 9, 2019, 07:38 PM
#226945 sent by Pavel Zilke
Mar 6, 2019, 05:29 PM
#223905 sent by Pavel Zilke
deleted ocsinventory-server
March 6, 2019 Pavel Zilke:
- package removed
Mar 6, 2019, 04:22 PM
#223902 sent by Pavel Zilke
IT Operations Portal
March 6, 2019 Pavel Zilke:
- New version 2.6.0 - Added PHP7 support - Deleted PHP5 support - Deleted Apache1 support
Mar 5, 2019, 04:30 PM
#223803 sent by Pavel Zilke
Feb 28, 2019, 12:37 PM
#223213 sent by Pavel Zilke
Feb 13, 2019, 04:35 PM
#221411 sent by Pavel Zilke
Jan 26, 2019, 07:38 AM
#219970 sent by Pavel Zilke
IT and asset management software
Dec. 30, 2018 Pavel Zilke:
- New verion 9.3.3 - PHP7 support
Sep 22, 2017, 12:11 AM
#188639 sent by Pavel Zilke
Apr 15, 2017, 01:31 AM
#181766 sent by Pavel Zilke
Aug 25, 2016, 11:06 AM
#168882 sent by Pavel Zilke
IT and asset management software
Aug. 25, 2016 Pavel Zilke:
- Conf for Apache2 moved to sites-available
Aug 25, 2016, 10:03 AM
#168879 sent by Pavel Zilke
Jun 20, 2015, 03:12 PM
#145614 sent by Pavel Zilke
IT and asset management software
June 20, 2015 Pavel Zilke:
- This version correct several minor bugs.
Jan 22, 2015, 10:05 PM
#139055 sent by Pavel Zilke
IT and asset management software
Jan. 22, 2015 Pavel Zilke:
- This version correct several minor bugs.
Jan 10, 2015, 05:19 AM
#138268 sent by Pavel Zilke
Jan 10, 2015, 05:00 AM
#138266 sent by Pavel Zilke
IT and asset management software
Jan. 7, 2015 Pavel Zilke:
- This version fix several minor bugs and a security bug
Oct 20, 2014, 11:28 PM
#132751 sent by Pavel Zilke
IT and asset management software
Oct. 20, 2014 Pavel Zilke:
- This version fix several minor bugs and a security bug.
Oct 1, 2014, 11:57 PM
#131348 sent by Pavel Zilke
IT and asset management software
Aug. 9, 2014 Pavel Zilke:
- New version 0.84.5 This version correct several minor bugs.
Mar 20, 2014, 11:05 PM
#116745 sent by Pavel Zilke
Mar 13, 2014, 10:53 PM
#116350 sent by Pavel Zilke
IT and asset management software
March 13, 2014 Pavel Zilke:
- New version 0.84.5 This version correct several minor bugs.
Feb 10, 2014, 03:37 PM
#113856 sent by Pavel Zilke
IT and asset management software
Feb. 7, 2014 Pavel Zilke:
- New version 0.84.4 This version correct several minor bugs.
Nov 17, 2013, 03:53 PM
#108694 sent by Pavel Zilke
Sep 20, 2013, 11:55 PM
#104571 sent by Pavel Zilke
IT and asset management software
Sept. 20, 2013 Pavel Zilke:
- Security fixes: + CVE-2013-5696 : SQL Injection, PHP Code Execution, CSRF