www/glpi: Security Update to 10.0.7
6fd976d1b3a5
Actions

Description

www/glpi: Security Update to 10.0.7

[SECURITY - High] SQL injection and Stored XSS via inventory agent request
[SECURITY - High] Account takeover by authenticated user
[SECURITY - High] SQL injection through dynamic reports
[SECURITY - Moderate] Stored XSS through dashboard administration
[SECURITY - Moderate] Stored XSS on external links
[SECURITY - Moderate] Reflected XSS in search pages
[SECURITY - Moderate] Privilege Escalation from technician to super-admin
[SECURITY - Low] Blind Server-Side Request Forgery
[SECURITY] Optional GLPI router to be able to use a safer web server root directory.
[FEATURE] Support of SMTP OAuth authentication.
[FEATURE] Improved inventory file upload feature.
[FIX] Many fixes and improvements on native inventory.
[FIX] Some bugs on PHP 8.2.
[FIX] Caching issues on entities.
[FIX] Boolean FullText operator not working on knowledge base search.
[FIX] Unexpected search results when using negative condition on ticket actors.
[FIX] Issues with LDAP filters/DN.
[FIX] Unexpected results when searching on knowledge base categories.

PR: 271286
Reported by: mathias@monnerville.com (maintainer)
Security: CVE-2023-28632

		CVE-2023-28633
		CVE-2023-28634
		CVE-2023-28636
		CVE-2023-28639
		CVE-2023-28838
		CVE-2023-28849
		CVE-2023-28852

Provenance

Mathias Monnerville <mathias@monnerville.com>	Authored on May 8 2023, 9:38 AM
fernape	Committed on May 8 2023, 12:59 PM

Parents

R11:65f968e4d623: textproc/R-cran-vroom: Update to 1.6.3

Branches

Unknown

Tags

Unknown

Path

Size

www/

glpi/