10.0.12
trasher
released this
01 Feb 09:26
·
417 commits
to 10.0/bugfixes
since this release
This is a security release, upgrading is recommended
This release fixes a few security issues that have been recently discovered. Update is recommended!
You can download the GLPI 10.0.12 archive on GitHub.
You will find below the list of security issues fixed in this bugfixes version:
- [SECURITY - moderate] Reflected XSS in reports pages (CVE-2024-23645)
- [SECURITY - moderate] LDAP Injection during authentication (CVE-2023-51446)
Also, here is a short list of main changes done in this version:
- [FIX] Regression with entity selector missing cache invalidation
- [FIX] Better handling of connection issues during LDAP synchronization
- [PERF] The entity selector get significant reduction of load time in some cases
The full changelog is available for more details.
We would like to thank all people who contributed to this new version and all those who contributes regularly to the GLPI project!
Regards.