Releases: glpi-project/glpi
11.0.6
This is a security release, upgrading is recommended
You will find below the list of security issues fixed in this bugfixes version:
- [SECURITY - Critical] Server-Side Template Injection (CVE-2026-26026)
- [SECURITY - High] Stored XSS via Inventory (CVE-2026-26027)
- [SECURITY - High] Unauthenticated SQL Injection via Search engine (CVE-2026-26263)
- [SECURITY - Moderate] MFA bypass (CVE-2026-25937)
- [SECURITY - Moderate] Authenticated SQL Injection (CVE-2026-25936)
- [SECURITY - High] Authenticated SQL Injection (CVE-2026-29047)
The full changelog is available for more details.
We would like to thank all people who contributed to this new version and all those who contributes regularly to the GLPI project!
Regards.
10.0.24
This is a security release, upgrading is recommended
This release fixes a few security issues that have been recently discovered. Update is recommended!
You will find below the list of security issues fixed in this bugfixes version:
- [SECURITY - High] Stored XSS in Supplier CVE-2026-25932)
- [SECURITY - High] Authenticated SQL Injection (CVE-2026-29047)
Many bug fixes have also been made, read the full changelog is available for more details.
We would like to thank all people who contributed to this new version and all those who contributes regularly to the GLPI project!
Regards.
11.0.5
This is a security release, upgrading is recommended
You will find below the list of security issues fixed in this bugfixes version:
- [SECURITY - MODERATE] Session stealing on externally authenticated user change (CVE-2026-23624)
- [SECURITY - HIGH] Remote Code Execution via malicious upload (CVE-2026-22248)
- [SECURITY - MODERATE] SSRF via Webhooks (CVE-2026-22247)
The full changelog is available for more details.
We would like to thank all people who contributed to this new version and all those who contributes regularly to the GLPI project!
Regards.
10.0.23
This is a security release, upgrading is recommended
This release fixes a few security issues that have been recently discovered. Update is recommended!
You will find below the list of security issues fixed in this bugfixes version:
- [SECURITY - MODERATE] Authenticated SQL Injection (CVE-2026-22044)
- [SECURITY - MODERATE] Session stealing on externally authenticated user change (CVE-2026-23624)
Many bug fixes have also been made, read the full changelog is available for more details.
We would like to thank all people who contributed to this new version and all those who contributes regularly to the GLPI project!
Regards.
11.0.4
This is a security release, upgrading is recommended
Yesterday, 11.0.3 was shipped, but soon after a few annoying regressions has been detected, and so a need for new release.
You can download the GLPI 11.0.4 archive on GitHub.
You will find below the list of security issues fixed in this bugfixes version:
- [SECURITY - HIGH] Unauthorized access to documents (CVE-2025-64516)
- [SECURITY - HIGH] Unauthenticated SQL injection (CVE-2025-66417)
The full changelog is available for more details.
We would like to thank all people who contributed to this new version and all those who contributes regularly to the GLPI project!
Regards.
10.0.22
This is a security release, upgrading is recommended
Yesterday, 10.0.21 was shipped, but soon after a few annoying regressions has been detected, and so a need for new release.
This release fixes a few security issues that have been recently discovered. Update is recommended!
You can download the GLPI 10.0.22 archive on GitHub.
You will find below the list of security issues fixed in this bugfixes version:
- [SECURITY - HIGH] Unauthorized access to documents (CVE-2025-64516)
- [SECURITY - MODERATE] Unauthenticated Stored XSS through the inventory endpoint (CVE-2025-59935)
- [SECURITY - MODERATE] Unauthorized access to Knowledge Base items through the API (CVE-2025-64520)
Many bug fixes have also been made, read the full changelog is available for more details.
We would like to thank all people who contributed to this new version and all those who contributes regularly to the GLPI project!
Regards.
11.0.3
This is a security release, upgrading is recommended
You can download the GLPI 11.0.3 archive on GitHub.
You will find below the list of security issues fixed in this bugfixes version:
- [SECURITY - HIGH] Unauthorized access to documents (CVE-2025-64516)
- [SECURITY - HIGH] Unauthenticated SQL injection (CVE-2025-66417)
The full changelog is available for more details.
We would like to thank all people who contributed to this new version and all those who contributes regularly to the GLPI project!
Regards.
10.0.21
This is a security release, upgrading is recommended
This release fixes a few security issues that have been recently discovered. Update is recommended!
You can download the GLPI 10.0.21 archive on GitHub.
You will find below the list of security issues fixed in this bugfixes version:
- [SECURITY - HIGH] Unauthorized access to documents (CVE-2025-64516)
- [SECURITY - MODERATE] Unauthenticated Stored XSS through the inventory endpoint (CVE-2025-59935)
- [SECURITY - MODERATE] Unauthorized access to Knowledge Base items through the API (CVE-2025-64520)
Many bug fixes have also been made, read the full changelog is available for more details.
We would like to thank all people who contributed to this new version and all those who contributes regularly to the GLPI project!
Regards.
11.0.2
You can download the GLPI 11.0.2 archive on GitHub.
Also, here is a short list of important bug fixes included in this version:
- Various fixes and additions to the native forms feature
- Several session issues, warnings, and errors in the CLI context
- Improvements to GenericObjects, FormCreator and Fields plugins migrations
There are also a lot of additions in the new HLAPI, now in 2.1 version, to add fields (notably in Tickets) previously missing. We also ship support for the following objects:
- Config
- Service levels
- Reminders
- RSS Feeds
- Reservations
The full changelog is available for more details.
We would like to thank all people who contributed to this new version and all those who contributes regularly to the GLPI project!
Regards.
11.0.1
Following the major release of GLPI 11, here is the first bugfixes version, correcting most of reported issues.
We will continue to fix the remaining reported issues in the coming weeks. In the meantime if you experience an issue, feel free to check if there is already a report and make one if not so that it can be addressed.
You can download the GLPI 11.0.1 archive on GitHub.
Also, here is a short list of important bugfixes done in this version:
- Revert auto association of a technician with a ticket if he is assigned a ticket task #21232
- Fix secured Inventory endpoint when HLAPI is disabled #21238
- Dashboard not saving correctly after changes #21239
- Search page display issues on sort/default search #21147
- Add missing information on define itemtype rules for Network Equipments #21271
Many bug fixes have been made, read the full changelog is available for more details.
The full changelog is available for more details.
We would like to thank all people who contributed to this new version and all those who contributes regularly to the GLPI project!
Regards.