Security update GLPI 9.5.3

Security update GLPI 9.5.3


Repository: glpi-project/glpi · Tag: 9.5.3 · Commit: 54b199d · Released by: trasher

This is a security release, upgrading is recommended

Note: those are medium security issues.

Non exhaustive list of changes:

  • [security] Insecure Direct Object Reference on ajax/comments.php and ajax/getDropdownValue.php (CVE-2020-27662 and CVE-2020-27663)
  • [security] Any CalDAV calendars is read-only for every authenticated user (CVE-2020-26212)
  • several dashboards issues
  • several fixes and enhancements with mail collector
  • new dashboard filters on tech users and tech groups
  • PHP8 compatibility
  • and more!

See changelog for details.

This release has 3 assets:

  • glpi-9.5.3.tgz
  • Source code (zip)
  • Source code (tar.gz)

Visit the release page to download them.