Package itop: Information
Source package: itop
Version: 3.1.1.1-alt1
Build time: Mar 29, 2024, 03:54 PM in the task #343621
Category: Networking/Other
Report package bugHome page: http://www.combodo.com/-Overview-.html
License: AGPL-3.0
Summary: IT Operations Portal
Description:
IT Operations Portal: a complete open source, ITIL, web based service management tool including a fully customizable CMDB, a helpdesk system and a document management tool. iTop also offers mass import tools and web services to integrate with your IT
Maintainer: Pavel Zilke
Last changed
Jan. 4, 2024 Pavel Zilke 3.1.1.1-alt1
- New version 3.1.1.1 - Security fixes: + CVE-2023-48710 : Restrict pages/exec.php to PHP files + CVE-2023-48709 : Fix CSV injection in Excel from an iTop CSV export file + CVE-2023-46734 : Fix potential XSS vulnerabilities in TWIG CodeExtension filters + CVE-2023-47123 : Fix XSS vulnerability in n:n relations "tagset" widget + CVE-2023-47622 : Fix XSS vulnerabilities in ajax operations + CVE-2023-47626 : Fix XSS vulnerabilities in authent token + CVE-2023-44396 : Fix XSS vulnerabilities in dashlet ajax operations + CVE-2023-43790 : Fix XSS vulnerabilities in friendlyname in object details + CVE-2023-38511 : Fix dashboard allowing to load multiple files and urls + CVE-2023-45808 : Fix object creation in non allowed org by forging http query in both Console and Portal
Aug. 11, 2023 Pavel Zilke 3.1.0.2-alt1
- New version 3.1.0.2 - Security fixes: + CVE-2022-24894 : Prevent storing cookie headers in HttpCache (Symfony framework vulnerability) + CVE-2022-31402 : XSS vulnerability via /itop/webservices/export-v2.php + CVE-2022-39261 : Twig lib vulnerability - Added itop-php8.1 - Deleted itop-php8.0
May 25, 2023 Pavel Zilke 3.0.3-alt1
- New version 3.0.3 - Security fixes: + CVE-2021-46743 : Firebase PHP-JWT key/algorithm type confusion + CVE-2022-31403 : XSS vulnerability via /itop/pages/ajax.render.php + CVE-2022-31402 : XSS vulnerability via /itop/webservices/export-v2.php - Added itop-php8.0 - Deleted itop-php7