====================================================================

                             CERT-Renater

                 Note d'Information No. 2021/VULN220
_____________________________________________________________________

DATE                : 14/04/2021

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running GLPI versions prior to 9.5.5.

=====================================================================
https://glpi-project.org/glpi-9-5-5/
_____________________________________________________________________

GLPI 9.5.5

 Posted 13 April 2021

After several weeks, Teclib’ is happy to announce the release of GLPI
9.5.5.

This release fixes a security issue that has been recently discovered.
Update is recommended!

You can download the GLPI 9.5.5 archive on GitHub.

You’ll find below the list of changes in this bugfixes version:

    [security] Stored XSS in plugins information (CVE-2021-3486 by
        @n3k00n3)
    fix entity creation
    removal of raw html in massive actions list
    fix issue with date_creation fields updated with older instances of
        MySQL servers
    fix wrong count of software counts in assets
    Fix Core API errors on deprecation checks

The full changelog is available for more details.

We would like to thank all people who contributed to this new version
and all those who contributes regularly to the GLPI project!


=========================================================
+ CERT-RENATER       |    tel : 01-53-94-20-44          +
+ 23/25 Rue Daviel   |    fax : 01-53-94-20-41          +
+ 75013 Paris        |    email:cert@support.renater.fr +
=========================================================