iTOP ITIL ITSM und CMDB Bugfix und Security Update 3.1 veröffentlicht

Die Open Source ITIL ITSM und CMDB Webanwendung iTop, erhielt das Update 3.1. Das Update behebt nicht nur Fehler, schließt Sicherheitslücken, sondern bringt auch einige Neuerungen und Verbesserungen.

Alle Infos zur neuen Version unter: iTop 3.1 Community [iTop Documentation] (itophub.io)

iTop 3.1 Changelog

For users

• N°3200 – New “Filter list…” icon on datatables widgets
• N°6147 – Filter list : tooltip and new action
• N°3190 – Edit n:n LinkedSetIndirect in object details using a tagset-like widget
• N°1212 – Bulk actions on links attributes of an n:n relation
• N°803 – Allow display & edition of attributes on n:n relations on Portal
• N°6398 – Portal: Allow linkset visible attributes to be limited to attributes defined in a zlist
• N°5972 – Allow User creation in Pop-up from details of a Person
• N°6347 – 1:n Add nice french dico entry on standard 1:n relationship
• N°6339 – n:n Add nice french dico entry on standard lnk
• N°6223 – 1:n & n:n – Pop-up creation/edit: set key to host in read-only
• N°6219 – 1:n Read: tooltip, modal title and message on Add-Edit-Remove-Delete
• N°6212 – Report Target class info on Trigger, so it can be displayed in complementary_name
• N°6154 – n:n Read – tooltip, confirmation title and message on Add-Edit-Remove
• N°6153 – n:n – Polish edition in Tagset
• N°5976 – Add modal creation for linksets displayed with tagset-like widget
• N°6148 – Add icon on Ticket class standard datamodel and other classes
• N°5920 – Add linkset’s description as corresponding tab’s tooltip in object details
• N°3213 – Order transition attributes as in the “details”
• N°6200 – Harmonize menu entries
• N°5042 – “Problem” tickets display is inconsistent with other types of tickets
• N°6392 – New icon for adding a search criteria
• N°6203 – Improve standard DM to use overcard and complementary name
• N°6159 – Improve Mail Notification display (columns, status, fieldset, tooltips)
• N°5908 – Add a description on “known error” tab on UserRequest and Incident
• N°6357 – Prevent entering same password on change user password
• N°4838 – Redirect to login page automatically on logoff
• N°6240 – Improve display of picture in read or edit mode
• N°5971 – Prevent changing the Org of a Person having Portal User with Allowed Orgs
• N°6338 – Add organization and location on standard classes: all Interfaces, LogicalVolume & NASFileSystem
• N°6331 – Add Service tab in Provider Contract
• N°4703 – Add “chat” / “in person” as possible “origin” value for tickets
• N°3889 – Add default search criterion on SLA and SLT
• N°4702 – DataModel : fix attribute type for SLA.customercontracts_list

• N°5822 – Do not display the tab separator in scroll mode when there is only one tab
• N°5335 – Inactive hyperlink attributs on list with radio or checkbox displayed within an object in edition
• N°681 – Fix multi-lines attribut not supported in n:n edition
• N°3067 – LinkedSet multilines attributes are editable in pop-up
• N°6188 – Fix cancellation of creation in pop-up from parent object edition, no more returns to object list
• N°6169 – Prevent Profile creation from Link object
• N°5923 – Align panel’s header within another panel when it has no icon
• N°5529 – Fixed notification on object creation with $this→xxxx_list$ placeholders
• N°4148 & N°5350 – Fix in 1:n in place edition, deleted object re-appears
• N°2250 – Fix DisplayObject with ormLinkSet ignoring Removed
• N°2212 – Fix tracking level on AttributeLinkedSetIndirect (probably fixed in 2.7.x)
• N°6054 – Fix display of LinkedSet indirect with an UNION OQL using different aliases
• N°5609 – Fix regression when displaying a list in a transition
• N°1876 – Fix regression on LinkedSet, new object and prefill of read_only attribute
• N°5906 – Fix Impact Analys not updated after link class modification in details mode (EVENT_DB_LINKS_CHANGED)
• N°5825 – Add label, friendlyname, details view, uniqueness rules on Link classes
• N°5871 – Navigation menu: Show ellipsis on long menu group labels
• N°5872 – Navigation menu: Wrap menu group label instead of ellipsis in drawer
• N°5681 – Add support for “Ctrl + Enter” and “Meta (Cmd) + Enter” submit on multi-line fields
• N°5575 – Mouseover Tooltips for tabs
• N°4852 – iTop menu : use “+” dict entries
• N°4737 – Adjust button position in iTop hub connector
• N°4798 – Change attribute “description” of Service class, from string to text
• N°5124 – Fix edition of relation between a NetworkDevice and a ConnectableCI
• N°5703 – Fix navigation menu drawer under dashlets on Safari
• N°5174 – Fix tagset edition on small window & too many tags
• N°6174 – Fix download from the portal of attachments on objects without org_id
• N°6250 – Fix PHP 8 issue on datatable when one or more column are before the friendlyname
• N°6216 – Fix line-height being too big in the attachments table
• N°5423 – Fix invalid value on AttributeURL with custom validation pattern
• N°1608 – Fix organization attachments not visible for some users
• N°5671 – Fix Excel export of query phrase
• N°5834 – Fix activity panel disappearing when creating a Ticket in ‘resolved’ state
• N°6077 – Attachments: set values for creation_date and user_id fields if not provided

For Administrators

• N°5960 – Configurable Login Screen
• N°6370 – Replace Audit Category menu by a dashboard
• N°1350 – Audit: Introduce audit domains and ability to choose one before running the audit
• N°918 – Translate placeholder in notifications
• N°6320 – Add Password Expiration Enforcement and User authentication by token
• N°5873 – Audit : Set threshold level and colors by Rule
• N°2199 – Request history tables without the Admin profile
• N°5559 – Enable User anonymization created then obsoleted by a DataSynchro
• N°4010 – MTT: prevent production configuration file overwritte with test version
• N°2889 – Add counter & triggers on file attributes / attachments downloads
• N°6311 – User management, add a Caselog on User class
• N°5993 – Add purge mechanism for log files
• N°2639 – Improve tooltips dictionnary entries and details of technical classes
• N°4921 – Add support for attcode & attvalue parameters in URL to access an object
• N°4454 – Measuring the use of the query phrase book
• N°5915 – Display n:n in Trigger and Action using tagset widget
• N°5841 – Non-admin managing User can’t see Administrator Users
• N°5106 – New Users tab on Person, visible to User manager only
• N°4919 – Application upgrade: new ‘Launch iTop setup“ button
• N°6305 – Fix export of RemoteApplicationConnection and ActionWebhook classes
• N°5897 – Improve deprecated logs relevance for PHP “trigger_deprecation”
• N°2013 – Setup: Cannot execute if existing config file contains an inaccessible MySQL server
• N°6198 – Trigger OnObjectUpdate is not executed when attribute is updated via OnUpdate
• N°6009 – Fix click twice to restore a backup

For customization

• N°6213 – Enable iTop User to suscribe or unsuscribe to a Ticket Notifications
• N°3191 – Introduce summary cards for objects hyperlinks
• N°6381 – Add rank on Enums of default DataModel
• N°5968 – Add structural data for Brand, OSFamily and OSVersion
• N°6236 – Read Request template data though the REST/JSON API
• N°5368 – Allow all HTTP methods (not just GET / POST)
• N°5366 – Add “path” field to ActionWebhook
• N°1646 – Add possibility to sort Attribute[Meta]Enum either by code (default), rank or label
• N°1345 – Add possibility to sort transitions automatically
• N°4756 – Ease extensibility for CRUD operations : Event Service
• N°6324 – CRUD Event for one time treatment before creation and before update
• N°5916 – Generic message on Link Uniqueness rules
• N°6385 – New optional “edit_mode” XML tag on AttributeLinkedSet (n:n) actions/none defaut action
• N°6384 – Flag LinkedSet (Indirect) when the attribute is concerned by CheckToWrite

Technical bugs

• N°2883 – Improve XML compiler robustness on branding logos
• N°3070 – Menu creation fails when parent menu has also a parent menu
• N°3141 – Deprecate legacy SQL build
• N°3769 – Add missing HTML meta data on attributes in transition forms
• N°3824 – History: Remove deprecated APIs from 2.7 and older
• N°4280 – Fix module loading crash when ‘datamodel’ file doesn’t exists (model.*.php)
• N°4287 – Portal: Factorize TWIG extensions between portal and backoffice
• N°4527 – Cleanup utils::GetImageSize()
• N°4577 – Move service dependencies from “itop-bridge-cmdb-ticket” to another module
• N°4621 – Fix naming inconsistencies of dirs inside /sources
• N°4837 – Fix wrong date conversion in approval base on reject messages
• N°4875 – Compiler : do not force the model.*.php file to be present in the module.*.php file (‘datamodel’ key)
• N°4978 – Check incorrect condition in Action class
• N°5066 – Clean CMDBSource methods
• N°5072 – Fix default priority to undefined (not fixed if ComputePriority is overloaded)
• N°5073 – Implements line actions in a datatable
• N°5085 – Fix moving menu – compilation handle parent menu hierarchy
• N°5172 – Add internal helpers to keep usage of null value in native PHP methods
• N°5367 – Fix non-string values (boolean, null) converted into empty string
• N°5369 – Fix BrowseBrick tree “opening_target” mode for “self” and “new” values
• N°5391 – Incoherent UTF8 data length control
• N°5410 – Handle non existing auloader files
• N°5473 – Better logs when invalid JSON
• N°5496 – Add <constants/> in itop-structure
• N°5522 – Fix session storage (breadcrumbs) not cleared on logout
• N°5551 – System information database size is way off
• N°5622 – Fix backup cannot be done if TLS enabled with no CA
• N°5659 – Introduce modal helper for the backoffice
• N°5766 – Fix linkset not iterable as intended in DBObject::AfterUpdate
• N°5779 – update-xml : ease XML migrations
• N°5793 – HTML Sanitizer: Allow ‘start’, ‘type’, ‘reversed’ attributes in ‘ol’ tag and ‘value’ attribute in ‘li’ tag
• N°5796 – Fix typo in method name
• N°5944 – Fix new install error: Event APPLICATION_EVENT_METAMODEL_STARTED is not registered
• N°6040 – Extensibility: Add prerequisites for future attribute type – Compilation & Designer extensibility
• N°6041 – Extensibility: Add prerequisites for future attribute type – Portal extensibility
• N°6042 – Extensibility: Add prerequisites for future attribute type – Console extensibility
• N°6055 – Fix undefined offset error in synchro_exec.php
• N°6100 – ObjectFormManager::OnSubmit : better log for DBWrite exceptions
• N°6104 – Fix exception when silo attcode is not ‘org_id’
• N°6105 – Cleanup unnecessary use of dirname(FILE)
• N°6125 – Issue with GetAttributeFlags and GetInitialStateAttributeFlags within iTop 3.0.2
• N°6131 – Improve robustness of tooltips helper when no DOM element passed to CombodoTooltip::InitTooltipFromMarkup()
• N°6139 – Add HTML metadata on activity panel to be aligned with regular fields
• N°6140 – Add HTML metadata on custom fields to be aligned with regular fields
• N°6172 – Remove fallback when no curl available
• N°6179 – Tooltip attribute in field component (in Twig)
• N°6265 – Improve performance due to too many call to current person in DB

Maintenance

Deprecation and libraries upgrade

• N°3717 – History API : allow to set a non persisted current change
• N°6388 – Fix MetaModel::IsValidClass on classes without fields and a php parent
• N°6135 – Booking : hide / display on conditions
• N°6132 – Add capability to disable/enable tabs dynamically
• N°2783 – Add support for custom zlists
• N°6261 – Deprecate \DataTableUIBlockFactory::MakeForRenderingObject() method
• N°6102 – Deprecate JQuery Hotkeys plugin
• N°5311 – Deprecate old backoffice stylesheets
• N°5302 – Replace deprecated php strlen usages
• N°5232 – Deprecate \CMDBObject::DBCloneTracked
• N°4690 – Deprecate “FilterCodes” and remove some unused methods
• N°4415 – Remove SetupPage::log*
• N°3607 – Improve SCSS compiler method to include current variables so they can be used by extension’s stylesheets
• N°3357 – Deprecate core/expression.class.inc.php
• N°2779 – Introduce auto-routing mechanism for backoffice pages
• N°2363 – API : deprecate old linkedset update pattern

• N°5412 – Upgrade to PHPUnit 9 to fix PHPUnit 8.5 error with PHP 8.1
• N°5618 – Setup : Compatibility PHP 8.1
• N°6101 – run_query : change ctrl+enter shortcut detection
• N°3795 – Replace JS alert native calls with centralized informative modals
• N°5985 – PHP 8.1: Fix FunctionExpression::Evaluate() “TO_DAYS” misalignment due to PHP 8.1 bug fix
• N°4985 – Bugs PHP 8.0 on support/2.7 branch
• N°4307 – Replace SwiftMailer by laminas-mail
• N°4224 – Handle phpunit/phpunit-mock-objects E_DEPRECATED notices
• N°5281 – Symfony 5.4 extensions controllers registration
• N°3091 – Update unmaintained PHPUnit 6 to PHPUnit 8.5
• N°5651 – Fix GetAbsoluteUrlModulePage() JS method not reporting parameters values
• N°5279 – PHP 8.1: Migrate usages of deprecated strftime() function
• N°5270 – Move “apereo/phpcas” lib from “authent-cas” module to core composer.json
• N°5108 – Update embedded libs for PHP 8.0 (3.0 branch)
• N°4822 – unattended_install : warning thrown in PHP 8.1
• N°4628 – Upgrade bulma lib to avoid hack from N°4481
• N°4517 – PHP 8.1 compatibility
• N°4072 – Deprecate ajax.render.php xlsx_* operations
• N°4034 – Deprecate duplicated TWIG extensions class
• N°3950 – Deprecate old unreferenced methods that are @deprecated
• N°3895 – Remove tests on “apc_xxx” methods presence
• N°3390 – Upgrade from Symfony 3.4 to Symfony 5.4
• N°2743 – Upgrade libraries

Localization

• N°5947 – Error in a french translation – incident status
• N°5946 – Error in a french translation – user preference
• N°5792 – Update dutch translations thanks to @jbostoen
• N°5625 – Dict error when opening a DocumentFile with the ES language
• N°5571 – Fix some unused translations
• N°5550 – Add missing french translation for “Other Transitions” button
• N°5507 – Impact analysis: title of pages that display the dependencies is wrong
• N°6419 – Update hungarian translations thanks to @tacsaby
• N°6417 – Update chinese translations thanks to @purplegrape
• N°6376 – Portal french menu naming (Requête ⇒ Demande)
• N°6121 – Update hungarian translations (thanks to @tacsaby)
• N°6013 – Update hungarian translations thanks to @tacsaby
• N°5929 – Update hungarian translations thanks to @tacsaby
• N°5706 – Update polish translations thanks to @DudekArtur !
• N°4765 – Update brazilian translations thanks to @eduardomozart
• N°6418 – Fix dutch translations on impact relation view

Security

• N°6396 – [SECU] CSRF vulnerability in the run_query.php page
• N°6359 – Cross-site Scripting (XSS) – DOM XSS in activity panel
• N°6358 – CSRF (Cross Site Request Forgery).on API Rest
• N°6350 – [SECU] XSS vulnerability on pages/ajax.render.php
• N°6349 – [SECU] XSS vulnerability on pages/preferences.php
• N°6348 – [SECU] XSS vulnerability on pages/UI.php
• N°6002 – CVE-2022-24894: Prevent storing cookie headers in HttpCache (Symfony framework vulnerability)
• N°5722 – CVE-2022-31402 : XSS vulnerability via /itop/webservices/export-v2.php
• N°5564 – CVE-2022-39261 – Twig lib vulnerability
• N°6238 – guzzlehttp/psr7 vulnerability
• N°3863 – exec.php : security eforcementr

Quelle: iTop Change Log [iTop Documentation] (itophub.io)