Menü Schließen

iTOP ITIL ITSM und CMDB Security und Bugfix Update 3.0.3

iTop Logo

Die Open Source ITIL ITSM und CMDB Webanwendung iTop, erheilt das Bugfix Update 3.0.3. Das Update schließt 6 Sicherheitslücken, behebt Fehler im Webhook und bringt Änderungen für User, Administratoren und Entwickler.

Das Update kann seit iTop 2.7.0 bequem über das Menü System -> Anwendungsupgrade durchgeführt werden.

iTOP 3.0.3 Release Notes

For users

  • N°5919 – Add missing linkset descriptions in french and other languages
  • N°5849 – Fix wrong encoding of external keys in “Header with statstics” dashlet
  • N°5317 – Handle overlapping tables when table cells have fixed widths
  • N°6068 – Setup : restore formatting of error messages
  • N°6023 – Restore upload of SVG file in AttributeImage
  • N°5918 – Restore activity panel display when DoCheckToWrite fails
  • N°5865 – Restore DoCheckToWrite error messages in portal
  • N°5834 – Restore activity panel display when creating a Ticket in ‘resolved’ state
  • N°5784 – PHP 8.0: restore mandatory attribute in transition form, fixing emptiness test
  • N°5729 – Fix disabled button in bulk update/transition when picking a value in a drop-down list
  • N°5603 – Restore autocomplete for an external key pointing to an abstract class with no friendlyname
  • N°5530 – Fix list of impacted elements (Impact Analysis) due to mixup in async JS files loading
  • N°5922 – Ext. key widget: Add class selection on “+” button if child classes exist
  • N°2916 – Fix CSV import of IPv6 addresses failing when reconciliation is done on the IP
  • N°5428 – Request template: fix autocomplete fields, which could not be master field
  • N°6014 – AttributeURL : default validation pattern not handling PRTG URL (containing commas)
  • N°5423 – Fix AttributeURL when changing the validation pattern, with a not compliant old value
  • N°5625 – Fix dict error when opening a DocumentFile with the ES language
  • N°2244 – Fix image attributes not being visible in PDF exports
  • N°5588 – Improve PDF export robustness when AttributeImage dimensions cannot be determined

For administrators

  • N°5553 – OAuth 2 : secure Client Secret in DB and any change force token regeneration
  • N°5430 – OAuth authentication : customize redirect landing URL
  • N°5333 – OAuth2: Redirect URL, Client ID or Client Secret changes trigger a message as the token must be regenerated
  • N°5867 – Display binary data size in SynchroReplica details
  • N°5727 – Fix REST API/get_related when using [impacts, up] with [redundancy: true]
  • N°6019 – Increase PHP min version to 7.1.3 to enable dependencies update
  • N°5535 – Fix PHP 8.0.x wrongly repported as not supported in iTop 3.0.2+
  • N°5490 – PHP 8.0: Fix crash of bulk modify with email notification / email approval request
  • N°5216 – Error “Invalid ID given” when sending ActionEmail using cron on a system with french locale
  • N°4974 – Avoid session fixation in login
  • N°5414 – Log invalid placeholders in Notification
  • N°5893 – Log more information when a trigger fails and raises an exception
  • N°5897 – Improve deprecated logs relevance for PHP “trigger_deprecation”
  • N°5611 – Fix missing composer files in itop-oauth-client
  • N°3805 – Fix collectors not working on itop 3.0 in seldom situations
  • N°5944 – Fix error on fresh install: APPLICATION_EVENT_METAMODEL_STARTED not registered
  • N°5765 – Setup: Never cache folder permissions test response
  • N°6016 – Setup : improve missing dependencies log
  • N°5235 – Setup : check temp dir permissions
  • N°5758 – Change setup test for GDPR consent
  • N°5523 – Setup wizard : use the ITOP_APPLICATION constant instead of hardcoded “iTop” string
  • N°5543 – Fix Warning on empty case log
  • N°5901 – Fix warnings in file system tab
  • N°5797 – Use LoadConfig method in all Email children classes
  • N°6020 – Decode method for \utils::EscapeHtml
  • N°5608 – Reorganize tests folders for better maintenance and contribution
  • N°5496 – Add <constants/> in itop-structure
  • N°4660 – Fix data synchro unit test failure due to another setting incorrect permissions on iTop conf file

WebHook 1.2.0

  • N°5368 – Allow all HTTP methods (not just GET / POST)
  • N°5589 – Fix sent request incorrect HTTP method due to new cURL options
  • N°5366 – Add “path” attribute in generic “ActionWebhook” for better compatibility with third-party webservices
  • N°5796 – Fix typo in ActionWebhook::GetRemoteApplicationConnectionFromActionWebhok()
  • N°5774 – De-hardcode webhooks configuration rights
  • N°5252 – Added Other/Generic type of Remote Application Connection
  • N°5367 – Fix non-string values (boolean, null) converted into empty string
  • N°5179 – Add chinese translations (thanks to @bdejin)
  • N°5266 – Add dutch translations (thanks to @jbostoen)
  • N°5050 – Add spanish translations (thanks to Miguel Turrubiates)
  • N°5473 – On JSON format exception, more context log and specific Exception impl (InvalidJsonValueException)


  • N°6017 – CVE-2021-46743: Firebase PHP-JWT key/algorithm type confusion
  • N°5741 – Deny use of get_config_parameter in Twigs
  • N°5725 – Prevent Twig privilege elevation to run system commands
  • N°5724 – CVE-2022-31403 : XSS vulnerability via /itop/pages/ajax.render.php
  • N°5722 – CVE-2022-31402 : XSS vulnerability via /itop/webservices/export-v2.php
  • N°5685 – Upgrade apereo/phpcas lib to fix vulnerability

For developers

  • N°3769 – Add missing HTML meta data on attributes in transition forms
  • N°4947 – Fix Email always picking “production” env config file
  • N°4449 – Console dashboard export : use relative path (full path disclosure)

Quelle: iTop Change Log [iTop Documentation] (

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert