CVE-2022-24869: Release 10.0.0 · glpi-project/glpi

GLPI 10.0.0

We are happy to announce the new major release of GLPI 🥳
In a few words:

• New Modern interface with Bootstrap + tabler.io + Twig
• Redesign of Helpdesk objects
• Native automatic inventory
• and more…

Features

(Click to expand / see details)

New interface

• Modern interface by Bootstrap and Tabler
• Redesign of the timeline of ITIL objects
• Two new menu display modes: vertical on the left / horizontal at the top
• “Go to…” button
• Enhanced Dark Mode
• Add photos / images for CMDB objects
• Saved searches: the list is displayed on the left of the search results
• Saved search: possibility to anchor the list so it does not disappear
• Saved search: the list is adapted to the browsing context
• Possibility to completely hide the search criteria block
• Dynamic refresh (AJAX) of search results
• Possibility to classify / sort the results of several columns at the same time
• The titles of the columns of the results remain displayed even if you scroll down the page
• Option to choose the timeline direction: natural (last followed at bottom) or inverted (last followed at top)
• Improve browser tab names: now starting with Itemtype and Item ID
• Browse items by category tree (when this field exists)
• Add emoticon picker on rich text editor

Assistance

• Kanban view for ITIL objects
• Linking contracts and tickets
• Add ability to mention users in ITIL objects
• Management of “pending status” reasons
• “Pending status” reasons: option to automatically reissue a ticket
• “Pending status” reasons: option to automatically close a ticket after X reminders
• Management of recurring changes
• New: search criteria “Myself” (assigned to technician - myself)
• Expanded text for validations
• Option to anonymize technicians / groups in the simplified interface
• Observers can now add a follow-up (new right)
• New massive action to link multiple tickets to a problem
• Business rules: action to add a task (from a template)
• Business rules: action to assign an “Application”
• Business rules: action to modify the global validation status
• Business rules: “Validation” criteria
• Add emoticon picker on rich text editor
• Add task promotion to ticket
• Business rules: add Writer to RuleTicket Criteria
• Highlight TTO/TTR only when exceeded
• Make SolutionTemplate translatable
• Remove global_validation field from ITIL forms
• Knowledge base: several categories per article, target self-service users

Inventory / CMDB

• Native dynamic inventory (retrieving data from inventory agents)
• Support for partial inventories (an agent can send part of the inventory to GLPI)
• New objects supported by dynamic inventory (examples: telephones, applications, racks, etc.)
• Overhaul of import rules and equipment binding
• Improved management of rejected equipment
• Possibility of remaking import of refused equipment
• Automatic action to purge refused equipment
• Automatic action to purge inventory files
• Possibility to add PCI / USB vendors (dropdown)
• Adding database inventory
• Add device “Camera”
• Automatic action to remove software versions without installation
• Automatic action to remove software without versions
• Possibility to add manual links (in addition to external links)
• Add PassiveDCEquipment to global search types
• Add four columns to computers list "Number of [Monitor/Periph/Printer/Phone]"
• Add problems to impact “status” badge
• Add Color for Expiration Date field for domains & certificates
• Supplier and contact: add administrative number

Inventory Agent

• New inventory agent “GLPI Agent”
• Remote inventory without agent installation: WinRM (windows), SSH (Linux/Unix)
• Local administration interface to the agent (tools / toolbox)
• New plugins “proxy”, “ssl”, “inventory-collector”
• New communication protocol in JSON format supporting partial inventory
• Soon, management of remote inventory tasks, including for ESX polls
• Improved Windows support including MSI packages
• Native support for MacOSX Big Sur and the new Apple Silicon M1 chip

Various

• Add vars in templates
• Possibility to modify the criteria of a saved search
• Support for authentication with CERT / KEY file for LDAPS
• Option to set the timeout for LDAP authentications
• Report of the same modifications on the status.php page
• Redesign of the Gantt view on Projects
• Redesign of the “Tools> Reservations” view
• New button to empty user’s synchronization field
• Button to copy the search results (“Name” column only) to the clipboard
• Massive actions now are on the old plugins´ page
• Possibility to export the results of “History” tab in CSV format
• Improve requirements checks
• Make rules sortable by drag&drop
• Display avatars in user list
• Ability to run massive actions from API
• Possibility to choose entity / profile from the URL (force_entity, force_profile)
• LDAP User Restoration Process
• Added changelog icon if plugin declares any (xml:changelog_url)
• Added rule action to skip remaining rules
• Add ability to define From and No-Reply addresses in entity config
• Ability to disable central warning with define variable GLPI_CENTRAL_WARNINGS
• Add filters for Kanban
• Drop autocomplete feature on “name” fields

Console

• Added commands for utf8mb4 migration:
  • bin/console glpi:migration:dynamic_row_format convert database tables to “Dynamic” row format (required for “utf8mb4” character support)
  • bin/console glpi:migration:utf8mb4 convert database character set from “utf8” to “utf8mb4”
• Added command to migrate “signed” INT keys to “unsigned” INT:
  • bin/console glpi:migration:unsigned_keys
• Improvement of the system:status command in the CLI console to:
  • filter services to monitor (see list_services command)
  • configure the return format (plain-text format / json)
• Added list_services command:
  • bin/console glpi:system:list_services list system services (for status command)
• Added marketplace command in CLI console:
  • bin/console marketplace:download download plugin from the GLPI marketplace
  • bin/console marketplace:info get information about a plugin
  • bin/console marketplace:search search GLPI marketplace
• Added Database Plugin Migration Script:
  • bin/console glpi:migration:databases_plugin_to_core
• Added cache commands:
  • bin/console glpi:cache:clear clear GLPI cache (rename from glpi:system:clear_cache)
  • bin/console glpi:cache:configure define cache configuration
  • bin/console glpi:cache:debug debug GLPI cache
  • bin/console glpi:cache:set_namespace_prefix define cache namespace prefix
• Added glpi:tools:check_database_* commands:
  • bin/console glpi:tools:check_database_keys check database for missing and errounous keys
  • bin/console glpi:tools:check_database_schema_consistency check database schema consistency
• Added cleansoftware command:
  • bin/console glpi:assets:cleansoftware remove software versions with no installation and software with no version

Framework

• Removed support for PHP versions lower than 7.3
• Removed support for MySQL version lower than 5.7
• Removed support for MariaDB version lower than 10.2
• Use utf8mb4 MySQL character set
• Use unsigned INT keys
• PHP 8.1 compatibility
• PHP PSR-4 autoload
• PHP PSR-12
• Add hook for custom debug tabs (debug_tabs)
• Force usage of node v16 and npm v8
• Usage of XML-RPC API is deprecated
• Add getWebDir to twig “Plugin” extension
• Debug mode: expose SQL warnings
• Support ‘multiple’ option for item dropdowns
• Add a new hook filter_actors
• Add timeline hook for plugins (show_in_timeline, timeline_actions, timeline_answer_actions)
• Hook constants / Hooks Manager classes
• Replace TCPDF by mPDF

See full changelog for detail.