Security update GLPI 9.5.2

Security update GLPI 9.5.2


Repository: glpi-project/glpi · Tag: 9.5.2 · Commit: 677b4b8 · Released by: trasher

This is a security release, upgrading is highly recommended

Note: some of fixed vulnerabilities are present since a long time (0.68).

Non exhaustive list of changes:

  • [security] SQL injection with a query parameter of user form (CVE-2020-15176)
  • [security] Removal of .htaccess file in the files folder via a plugin endpoint (CVE-2020-15175)
  • [security] Leakage issue with knowledge base (CVE-2020-15217)
  • [security] Stored XSS in install script (CVE-2020-15177)
  • [security] Minor SQL Injection in Search API (CVE-2020-15226)
  • several mailgate issues
  • several dashboards issues
  • dashboards improvements: personnal filters, new summary and articles widgets, …
  • and more!

See changelog for details.—

This release has 3 assets:

  • glpi-9.5.2.tgz
  • Source code (zip)
  • Source code (tar.gz)

Visit the release page to download them.

Source: GLPI Network

Leave a Reply

Your email address will not be published.