Package itop: Information
Binary package: itop
Version: 3.2.2-alt1
Architecture: noarch
Build time: Nov 11, 2025, 09:52 PM in the task #399752
Source package: itop
Category: Networking/Other
Report package bugDownload: itop-3.2.2-alt1.noarch.rpm
Home page: https://github.com/Combodo/iTop
License: AGPL-3.0
Summary: IT Operations Portal
Description:
IT Operations Portal: a complete open source, ITIL, web based service management tool including a fully customizable CMDB, a helpdesk system and a document management tool. iTop also offers mass import tools and web services to integrate with your IT
Maintainer: Pavel Zilke
Last changed
Aug. 22, 2025 Pavel Zilke 3.2.2-alt1
- New version 3.2.2 - Security fixes: + CVE-2025-47286 : Remote Code Execution in the backup creation functionality + CVE-2025-49145 : Webhooks: check that callbacks signatures meet the documented expectation
June 29, 2025 Pavel Zilke 3.2.1.1-alt1
- New version 3.2.1.1 - Security fixes: + CVE-2024-52601 : Secure Direct Object Reference + prevent Mass Data Leak + CVE-2025-24021 : Prevent mass assignment of fields not present in form + CVE-2025-24022 : Prevent Portal code injection + CVE-2025-24026 : Fix redos in regex (snyk.io) + CVE-2024-56157 : Fix self XSS in CSV Import
Jan. 17, 2025 Pavel Zilke 3.2.0.2-alt1
- New version 3.2.0.2 - Added itop-php8.2 - Added itop-php8.3 - Security fixes: + CVE-2023-46734 : Potential XSS vulnerabilities in TWIG CodeExtension filters + CVE-2023-45808 : Can create objects in non allowed org by forging http query in both Console and Portal + CVE-2023-43790 : XSS in friendlyname in object details + CVE-2023-44396 : XSS vulnerabilities in dashlet ajax operations + CVE-2023-47626 : Fix stored XSS in authent token + CVE-2023-48709 : Fix CSV injection in Excel from an iTop CSV export file + CVE-2023-48710 : Limit pages/exec.php script to PHP files + CVE-2024-31448 : Fix XSS vulnerability in link CSV import + CVE-2024-32870 : itop hub connector Information disclosure