freebsd-ports/www/glpi/distinfo at ed919666b65788a22619ae4f956a482a3380de94 - kpriv/freebsd-ports - Disroot Forgejo: Brace yourself, merge conflicts ahead.

kpriv/freebsd-ports

Mathias Monnerville 6fd976d1b3 www/glpi: Security Update to 10.0.7

ChangeLog: https://github.com/glpi-project/glpi/releases/tag/10.0.7

 * [SECURITY - High] SQL injection and Stored XSS via inventory agent request
 * [SECURITY - High] Account takeover by authenticated user
 * [SECURITY - High] SQL injection through dynamic reports
 * [SECURITY - Moderate] Stored XSS through dashboard administration
 * [SECURITY - Moderate] Stored XSS on external links
 * [SECURITY - Moderate] Reflected XSS in search pages
 * [SECURITY - Moderate] Privilege Escalation from technician to super-admin
 * [SECURITY - Low] Blind Server-Side Request Forgery
 * [SECURITY] Optional GLPI router to be able to use a safer web server root
   directory.
 * [FEATURE] Support of SMTP OAuth authentication.
 * [FEATURE] Improved inventory file upload feature.
 * [FIX] Many fixes and improvements on native inventory.
 * [FIX] Some bugs on PHP 8.2.
 * [FIX] Caching issues on entities.
 * [FIX] Boolean FullText operator not working on knowledge base search.
 * [FIX] Unexpected search results when using negative condition on ticket
   actors.
 * [FIX] Issues with LDAP filters/DN.
 * [FIX] Unexpected results when searching on knowledge base categories.

PR:		271286
Reported by:	mathias@monnerville.com (maintainer)
Security:	CVE-2023-28632
		CVE-2023-28633
		CVE-2023-28634
		CVE-2023-28636
		CVE-2023-28639
		CVE-2023-28838
		CVE-2023-28849
		CVE-2023-28852

2023-05-08 14:59:03 +02:00

3 lines

149 B

Text

Raw Blame History

	`TIMESTAMP = 1683389004`
	`SHA256 (glpi-10.0.7.tgz) = 0d51de960272d3d5b322e83d74a8261423d4baefad5ef815402591e8ead04e53`
	`SIZE (glpi-10.0.7.tgz) = 56550228`