www/glpi: update to 10.0.15 (CVE-2024-31456, CVE-2024-29889) (35c59aa6) · Commits · FreeBSD / FreeBSD ports · GitLab

Commit 35c59aa6 authored Apr 29, 2024 by Mathias Monnerville Committed by Vladimir Druzenko Apr 29, 2024

www/glpi: update to 10.0.15 (CVE-2024-31456, CVE-2024-29889)

Mostly a security release (2 high severity security fixes).

ChangeLog:
https://github.com/glpi-project/glpi/releases/tag/10.0.15

This release fixes a few security issues that have been recently discovered.
Update is recommended!
You will find below the list of security issues fixed in this bugfixes version:
* [SECURITY - high] Authenticated SQL injection from map search (CVE-2024-31456)
* [SECURITY - high] Account takeover via SQL Injection in saved searches feature
(CVE-2024-29889)

Also, here is a short list of main changes done in this version:
* [FIX] Fix used right by reservation form.
* [FIX] Do not rely on input to apply rules rights.
* [FIX] Always store updated SMTP Oauth refresh token.
* [TASK] Upgrade tinymce.

PR:		278641
MFH:		2024Q2

parent 4f20488e

Hide whitespace changes

Inline Side-by-side

Mathias Monnerville @voidscale
mentioned in commit 1492fce2
· Apr 29, 2024

mentioned in commit 1492fce2

mentioned in commit 1492fce2c6ad1c5b069735ed1fbc83bfe5fc5399

Toggle commit list

Please register or to comment