
Die Open Source ITIL ITSM und CMDB Webanwendung iTop, erheilt das Bugfix Update 3.0.3. Das Update schließt 6 Sicherheitslücken, behebt Fehler im Webhook und bringt Änderungen für User, Administratoren und Entwickler.
Das Update kann seit iTop 2.7.0 bequem über das Menü System -> Anwendungsupgrade durchgeführt werden.
iTOP 3.0.3 Release Notes
For users
- N°5919 – Add missing linkset descriptions in french and other languages
- N°5849 – Fix wrong encoding of external keys in “Header with statstics” dashlet
- N°5317 – Handle overlapping tables when table cells have fixed widths
- N°6068 – Setup : restore formatting of error messages
- N°6023 – Restore upload of SVG file in AttributeImage
- N°5918 – Restore activity panel display when DoCheckToWrite fails
- N°5865 – Restore DoCheckToWrite error messages in portal
- N°5834 – Restore activity panel display when creating a Ticket in ‘resolved’ state
- N°5784 – PHP 8.0: restore mandatory attribute in transition form, fixing emptiness test
- N°5729 – Fix disabled button in bulk update/transition when picking a value in a drop-down list
- N°5603 – Restore autocomplete for an external key pointing to an abstract class with no friendlyname
- N°5530 – Fix list of impacted elements (Impact Analysis) due to mixup in async JS files loading
- N°5922 – Ext. key widget: Add class selection on “+” button if child classes exist
- N°2916 – Fix CSV import of IPv6 addresses failing when reconciliation is done on the IP
- N°5428 – Request template: fix autocomplete fields, which could not be master field
- N°6014 – AttributeURL : default validation pattern not handling PRTG URL (containing commas)
- N°5423 – Fix AttributeURL when changing the validation pattern, with a not compliant old value
- N°5625 – Fix dict error when opening a DocumentFile with the ES language
- N°2244 – Fix image attributes not being visible in PDF exports
- N°5588 – Improve PDF export robustness when AttributeImage dimensions cannot be determined
For administrators
- N°5553 – OAuth 2 : secure Client Secret in DB and any change force token regeneration
- N°5430 – OAuth authentication : customize redirect landing URL
- N°5333 – OAuth2: Redirect URL, Client ID or Client Secret changes trigger a message as the token must be regenerated
- N°5867 – Display binary data size in SynchroReplica details
- N°5727 – Fix REST API/get_related when using [impacts, up] with [redundancy: true]
- N°6019 – Increase PHP min version to 7.1.3 to enable dependencies update
- N°5535 – Fix PHP 8.0.x wrongly repported as not supported in iTop 3.0.2+
- N°5490 – PHP 8.0: Fix crash of bulk modify with email notification / email approval request
- N°5216 – Error “Invalid ID given” when sending ActionEmail using cron on a system with french locale
- N°4974 – Avoid session fixation in login
- N°5414 – Log invalid placeholders in Notification
- N°5893 – Log more information when a trigger fails and raises an exception
- N°5897 – Improve deprecated logs relevance for PHP “trigger_deprecation”
- N°5611 – Fix missing composer files in itop-oauth-client
- N°3805 – Fix collectors not working on itop 3.0 in seldom situations
- N°5944 – Fix error on fresh install: APPLICATION_EVENT_METAMODEL_STARTED not registered
- N°5765 – Setup: Never cache folder permissions test response
- N°6016 – Setup : improve missing dependencies log
- N°5235 – Setup : check temp dir permissions
- N°5758 – Change setup test for GDPR consent
- N°5523 – Setup wizard : use the ITOP_APPLICATION constant instead of hardcoded “iTop” string
- N°5543 – Fix Warning on empty case log
- N°5901 – Fix warnings in file system tab
- N°5797 – Use LoadConfig method in all Email children classes
- N°6020 – Decode method for \utils::EscapeHtml
- N°5608 – Reorganize tests folders for better maintenance and contribution
- N°5496 – Add <constants/> in itop-structure
- N°4660 – Fix data synchro unit test failure due to another setting incorrect permissions on iTop conf file
WebHook 1.2.0
- N°5368 – Allow all HTTP methods (not just GET / POST)
- N°5589 – Fix sent request incorrect HTTP method due to new cURL options
- N°5366 – Add “path” attribute in generic “ActionWebhook” for better compatibility with third-party webservices
- N°5796 – Fix typo in ActionWebhook::GetRemoteApplicationConnectionFromActionWebhok()
- N°5774 – De-hardcode webhooks configuration rights
- N°5252 – Added Other/Generic type of Remote Application Connection
- N°5367 – Fix non-string values (boolean, null) converted into empty string
- N°5179 – Add chinese translations (thanks to @bdejin)
- N°5266 – Add dutch translations (thanks to @jbostoen)
- N°5050 – Add spanish translations (thanks to Miguel Turrubiates)
- N°5473 – On JSON format exception, more context log and specific Exception impl (InvalidJsonValueException)
Security
- N°6017 – CVE-2021-46743: Firebase PHP-JWT key/algorithm type confusion
- N°5741 – Deny use of get_config_parameter in Twigs
- N°5725 – Prevent Twig privilege elevation to run system commands
- N°5724 – CVE-2022-31403 : XSS vulnerability via /itop/pages/ajax.render.php
- N°5722 – CVE-2022-31402 : XSS vulnerability via /itop/webservices/export-v2.php
- N°5685 – Upgrade apereo/phpcas lib to fix vulnerability
For developers
- N°3769 – Add missing HTML meta data on attributes in transition forms
- N°4947 – Fix Email always picking “production” env config file
- N°4449 – Console dashboard export : use relative path (full path disclosure)