Skip to content

v5.4.0
Compare
Choose a tag to compare
@snipe snipe released this 25 Feb 03:13
· 6523 commits to master since this release
v5.4.0
336d8e6
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

⚠️ IMPORTANT: Later versions of Snipe-IT will require PHP 7.4 or greater. It is highly recommended you upgrade your version of PHP NOW.

(This is a requirement in order for us to be able to pull forward the dependencies that will allow us to support PHP8 and beyond moving forward.)

New in v5.4.0

This is tagged as a minor release specifically because it introduces a potentially breaking change, ironically, because of something we fixed. Somewhere along the line, a few versions back, the API throttling/rate limiting functionality stopped working. We’ve corrected that behavior and now rate liming is working as expected again, which is good news overall, but if you have an integration set up that really beats up the server, you’re going to have to increase the rate limit by setting the new API_THROTTLE_PER_MINUTE environment variable to override the default-but-generous 120 requests per minute limit. (We’ll update the docs shortly.)

We also improved (fixed?) an issue where if we didn’t specifically trap and handle an API error (404, where we tell you the endpoint isn’t found, for example) we were returning a 405 Method Not Allowed status code, which was dumb. We still try to give you a useful error message from the API if you’re querying the wrong endpoint, etc - but we’re at least preserving the original HTTP status code, which should provide more useful debugging information. If your integration is always expecting a 405 regardless of error, you may want to revisit your code, since the API will now only return a 405 if that’s actually what’s wrong.

Fixed

  • Fixed CORS implementation that was broken for a few versions [#10735]
  • Fixed broken API throttling [#10734]
  • Fixed bug where the asset importer would copy the “Notes” column into the asset and the newly created asset model
  • Added a few missing permission gate checks
  • Fixed potential security issue with forgotten password requests where an attacker could potentially determine whether an email address is registered by checking the response time. CVE-2022-0622
  • Fixed an issue with the 2FA cookie

Added

  • Added #10436 - option to force SAML logins (never allow local logins) [#10722]
  • Added deleted endpoint filter for licenses (/api/v1/licenses?deleted=true)
  • Updating the “Audit Interval” in Admin > Settings will now update the existing next_audit_date for all assets that have a non-null next_audit_date value.

Improved

  • Return better error messages for API HTTP errors

For a full list of changes, see the complete changelog.

Upgrading

For general upgrading instructions, click here. Users who installed Snipe-IT via Git (recommended) can just run php upgrade.php.

Assets 2