Skip to content

@snipe snipe released this Dec 6, 2019 · 5 commits to master since this release

New in v4.8.0

IMPORTANT: This release requires PHP 7.1.3 or greater.

This is mostly a security/bugfix release, handling some smaller bugs and correcting an issue where users could no longer search on child assets.

We have also issued a fix for a security issue discovered in some versions of symfony/http-foundation, and have patched a persistent XSS vulnerability in the image uploads for most models where a malicious authorized user could potentially upload an SVG with a javascript payload. The severity of this issue is reduced due to the fact that the attack requires user interaction. Specifically, the attacker would have to trick an unsuspecting victim into opening the malicious asset model image in a new tab or from within an IFRAME. (Many thanks to Metin Kandemir for reporting that issue.)

Fixed

  • Fixed maintenances permissions check to allow users who can edit assets to edit maintenances
  • Fixed an error on audit due list when no audit_warning_days had been set in Admin Preferences
  • Fixed bug where deleted consumable would throw an error on print page
  • Adding Dept to license seats display (#7609)
  • Removed escaping on custom fields in presenter (#7631)
  • Updated child assets to reflect asset parent location (#7458)
  • Updated symfony/http-foundation from 3.4.30 to 3.4.36 to address a security vulnerably in that dependency (#7638)
  • Fixed XSS vulnerability in SVG image uploads (#7639)
  • Fixed an issue where child locations where no longer searchable (#7646)

Improved

  • #6440 Print All Assigned now opens in new tab (#7135)
  • Updated translations

Upgrading

For general upgrading instructions, click here. Users who installed Snipe-IT via Git (recommended) can just run php upgrade.php.

For a full list of changes, see the changelog.

After completing the upgrade process, be sure to clear your browser cookies.

Upgrading from v3

Please see the upgrade instructions here.

Assets 2
You can’t perform that action at this time.