10.0.6

This is a security release, upgrading is recommended

This release fixes several security issues that has been recently discovered. Update is recommended!

You can download the GLPI 10.0.6 archive on GitHub.

You will find below the list of security issues fixed in this bugfixes version:

• [SECURITY - High] Unauthorized access to inventory files (CVE-2023-22500)
• [SECURITY - Moderate] XSS on browse views (CVE-2023-22722)
• [SECURITY - Moderate] XSS on external links (CVE-2023-22725)
• [SECURITY - Moderate] XSS in RSS Description Link (CVE-2023-22724)
• [SECURITY - Moderate] Unauthorized access to data export (CVE-2023-23610)
• [SECURITY - Low] Stored XSS inside Standard Interface Help Link href attribute (CVE-2022-41941)

Also, here is a short list of main changes done in this version:

• [FEATURE] Unmanaged devices can be handled like a real asset.
• [FEATURE] Handle more actions for stale inventory agents.
• [FEATURE] Added new dictionnary rules for OS.
• [CHANGED] Removed glpi: prefix on console commands.
• [FIX] PHP 8.2 support.
• [FIX] Many fixes and improvements on native inventory.
• [FIX] Reservation display on self-service profile.
• [FIX] Mail collector issues with emails sent from Outlook.
• [FIX] Dashboard issues on "All" tab.
• [FIX] Ticket input is restored when submitted form is not complete.
• [FIX] Notification was not sent when ticket status was set to "pending".

The full changelog is available for more details.

We would like to thank all people who contributed to this new version and all those who contributes regularly to the GLPI project!

Regards.