Package itop: Information

    Source package: itop
    Version: 3.1.1.1-alt1
    Build time:  Mar 30, 2024, 09:54 PM
    Category: Networking/Other
    Report package bug
    License: AGPL-3.0
    Summary: IT Operations Portal
    Description: 
    IT Operations Portal: a complete open source, ITIL, web based service
    management tool including a fully customizable CMDB, a helpdesk system
    and a document management tool.
    iTop also offers mass import tools and web services to integrate with your IT

    List of RPM packages built from this SRPM:
    itop (noarch)
    itop-apache2 (noarch)
    itop-php8.1 (noarch)

    Maintainer: Pavel Zilke


      1. rpm-macros-webserver-common

    Last changed


    Jan. 4, 2024 Pavel Zilke 3.1.1.1-alt1
    - New version 3.1.1.1
    - Security fixes:
     + CVE-2023-48710 : Restrict pages/exec.php to PHP files
     + CVE-2023-48709 : Fix CSV injection in Excel from an iTop CSV export file
     + CVE-2023-46734 : Fix potential XSS vulnerabilities in TWIG CodeExtension filters
     + CVE-2023-47123 : Fix XSS vulnerability in n:n relations "tagset" widget
     + CVE-2023-47622 : Fix XSS vulnerabilities in ajax operations
     + CVE-2023-47626 : Fix XSS vulnerabilities in authent token
     + CVE-2023-44396 : Fix XSS vulnerabilities in dashlet ajax operations
     + CVE-2023-43790 : Fix XSS vulnerabilities in friendlyname in object details
     + CVE-2023-38511 : Fix dashboard allowing to load multiple files and urls
     + CVE-2023-45808 : Fix object creation in non allowed org by forging http query in both Console and Portal
    Aug. 11, 2023 Pavel Zilke 3.1.0.2-alt1
    - New version 3.1.0.2
    - Security fixes:
     + CVE-2022-24894 : Prevent storing cookie headers in HttpCache (Symfony framework vulnerability)
     + CVE-2022-31402 : XSS vulnerability via /itop/webservices/export-v2.php
     + CVE-2022-39261 : Twig lib vulnerability
    - Added itop-php8.1
    - Deleted itop-php8.0
    May 25, 2023 Pavel Zilke 3.0.3-alt1
    - New version 3.0.3
    - Security fixes:
     + CVE-2021-46743 : Firebase PHP-JWT key/algorithm type confusion
     + CVE-2022-31403 : XSS vulnerability via /itop/pages/ajax.render.php
     + CVE-2022-31402 : XSS vulnerability via /itop/webservices/export-v2.php
    - Added itop-php8.0
    - Deleted itop-php7