Package itop: Information

    Source package: itop
    Version: 3.2.0.2-alt0.c9f2.1
    Build time:  Mar 14, 2025, 05:34 PM in the task #377822
    Category: Networking/Other
    Report package bug
    Gear: https://git.altlinux.org/gears/i/itop.git?a=tree;hb=a84999773ba0…
    Home page: https://github.com/Combodo/iTop
    License: AGPL-3.0
    Summary: IT Operations Portal
    Description: 
    IT Operations Portal: a complete open source, ITIL, web based service
management tool including a fully customizable CMDB, a helpdesk system
and a document management tool.
iTop also offers mass import tools and web services to integrate with your IT
    List of RPM packages built from this SRPM:
    itop (noarch)
    itop-apache2 (noarch)
    itop-php8.1 (noarch)
    Maintainer: Pavel Zilke
    List of contributors:
    Alexander Danilov
    Pavel Zilke
    Andrey Bychkov
    Igor Vlasenko
      1. rpm-macros-webserver-common

    Last changed

    March 13, 2025 Alexander Danilov 3.2.0.2-alt0.c9f2.1
    - backport to c9f2
    Jan. 17, 2025 Pavel Zilke 3.2.0.2-alt1
    - New version 3.2.0.2
- Added itop-php8.2
- Added itop-php8.3
- Security fixes:
 + CVE-2023-46734 : Potential XSS vulnerabilities in TWIG CodeExtension filters
 + CVE-2023-45808 : Can create objects in non allowed org by forging http query in both Console and Portal
 + CVE-2023-43790 : XSS in friendlyname in object details
 + CVE-2023-44396 : XSS vulnerabilities in dashlet ajax operations
 + CVE-2023-47626 : Fix stored XSS in authent token
 + CVE-2023-48709 : Fix CSV injection in Excel from an iTop CSV export file
 + CVE-2023-48710 : Limit pages/exec.php script to PHP files
 + CVE-2024-31448 : Fix XSS vulnerability in link CSV import
 + CVE-2024-32870 : itop hub connector Information disclosure
    Jan. 4, 2024 Pavel Zilke 3.1.1.1-alt1
    - New version 3.1.1.1
- Security fixes:
 + CVE-2023-48710 : Restrict pages/exec.php to PHP files
 + CVE-2023-48709 : Fix CSV injection in Excel from an iTop CSV export file
 + CVE-2023-46734 : Fix potential XSS vulnerabilities in TWIG CodeExtension filters
 + CVE-2023-47123 : Fix XSS vulnerability in n:n relations "tagset" widget
 + CVE-2023-47622 : Fix XSS vulnerabilities in ajax operations
 + CVE-2023-47626 : Fix XSS vulnerabilities in authent token
 + CVE-2023-44396 : Fix XSS vulnerabilities in dashlet ajax operations
 + CVE-2023-43790 : Fix XSS vulnerabilities in friendlyname in object details
 + CVE-2023-38511 : Fix dashboard allowing to load multiple files and urls
 + CVE-2023-45808 : Fix object creation in non allowed org by forging http query in both Console and Portal
    VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
    Version: v25.2.1
    Back to top