This is a security release, upgrading is highly recommended
Note: some of fixed vulnerabilities are present since a long time (0.68).
Non exhaustive list of changes:
- [security] SQL injection with a query parameter of user form (CVE-2020-15176)
- [security] Removal of
.htaccessfile in the
filesfolder via a plugin endpoint (CVE-2020-15175)
- [security] Leakage issue with knowledge base (CVE-2020-15217)
- [security] Stored XSS in install script (CVE-2020-15177)
- [security] Minor SQL Injection in
- several mailgate issues
- several dashboards issues
- dashboards improvements: personnal filters, new summary and articles widgets, …
- and more!
See changelog for details.—
This release has 3 assets:
- Source code (zip)
- Source code (tar.gz)
Visit the release page to download them.
Source: GLPI Network