Skip to content

Releases: snipe/snipe-it

v7.1.14 - Security Release

14 Nov 00:19
Compare
Choose a tag to compare

Caution

This is a security release. All Snipe-IT users are strongly encouraged to upgrade.

Warning

FYI, in our excitement to get this released, we mistakenly tagged this as 7.1.14 instead of 7.0.14 (yay, automation, amirite?) Unfortunately, deleting tags makes this more difficult for our docker users, so we're just running with it. Sorry for the confusion, but you didn't miss anything, it was just a simple typo. We'll update the version.php file so at least they both agree. There are no new server requirements or libraries required outside of the standard 7.x.x requirements to handle this upgrade.

liz-lemon-wednesday

We seem to be getting a lot of mileage from that gif these days. 🫠

This is a security release that handles several CVEs, including CVE-2024-52301, which was just patched in the Laravel core yesterday.

While hosted customers were NOT affected (we do not have register_argc_argv enabled on any of our servers), self-hosted community users and support-only customers are encouraged to upgrade as soon as possible, or at the very least make sure that setting is not enabled in your php.ini.

In addition to the security patches, we have also added some new features, such as:

  • Ability to import Asset Models (without accompanying assets) via the Importer
  • Ability to override or null out the EOL date for assets via the asset bulk edit screen
  • Optimized some queries and indexes to speed things up a bit
  • Fixed a bug where OU was accidentally required to create locations via the GUI
  • Miscellaneous UI improvements and fixes
  • Full changelog can be found below

As always, still lots more on deck.

PS - we will likely be discontinuing posting updates on our Twitter account moving forward. Instead, find us in these other places:

What's Changed

Read more

v7.0.13

02 Oct 11:56
Compare
Choose a tag to compare

Caution

Snipe-IT now requires PHP 8.1.2 or greater

liz-lemon-wednesday

Happy Wednesday, everyone! We're pleased to announce Snipe-IT v7.13 is out. The most notable fix in this release is for folks who suddenly couldn't create asset models with the same name but different model number. That was a temporary issue in validation and should be fixed now.

We've also added the long-requested ability to sort numerically on numeric custom fields. (Folks who are not using MySQL/MariaDB, please let us know if this breaks stuff for you, even though we don't officially support non-MySQL databases.)

We've also added a new bulk option for users, which is the ability to print all items associated with multiple selected users, if that's the sort of thing you're likely to do.

And finally, on most list views, you can now see (and sort by) which administrator created the item.

Warning

API Change

We've added a created_by field to additional endpoints. This field replaces the previous user_id API object, which was only being returned in a few places. The user_id object will still be returned as normal, but you should plan on making that switch in your API integrations moving forward, as it will eventually be removed.

What's Changed

Full Changelog: v7.0.12...v7.0.13

v7.0.12

10 Sep 18:04
Compare
Choose a tag to compare

What's Changed

New Contributors

Full Changelog: v7.0.11...v7.0.12

v7.0.11

15 Aug 09:58
Compare
Choose a tag to compare

Caution

Snipe-IT now requires PHP 8.1.2 or greater

Happy Thursday everyone! This release comes with a bunch of small UX/UI improvements, and a few additional features, including the ability to optionally update the asset's status on quick scan checkin.

We've also added the ability to play sounds on the "quick" bulk tasks like auditing for better accessibility. (You will have to enable this in your profile.)

We've also added a command-line utility that can help some folks who may have used the API to checkout assets without specifying an assigned_type, and could get a 500 error when trying to view those assets. (We have since improved the API validation to require the assigned_type, but older assets created via API could have had this issue.) See the docs on that utility here.

Up next, the ability to checkout accessories to assets and locations. The functionality has been built, but there are some safeguards we still have to put in to make sure you cannot delete locations or assets that still have accessories associated with them. We have a PR up for that and are working on it.

What's Changed

New Contributors

Full Changelog: v7.0.10...v7.0.11

v7.0.10

29 Jul 17:44
Compare
Choose a tag to compare

Caution

Snipe-IT now requires PHP 8.1.2 or greater

Hey everyone!

While this is just a point release, we're really excited for this one. We've a bunch of small bug fixes, but also added some UX sugar that we think will make everyone's workflows a little bit easier. You can now decide where you want to go after creating, editing, or checking in/out a first class object (Assets, Accessories, Licenses, Users, etc). You can also now check out more than one accessory at a time, if that's a thing that comes up in your workflow.

Also: If your table listings text ("Showing x of y pages") defaulted to Chinese, this release handles that (via #15133).

We've been doing a ton of under the hood stuff that won't seem very obvious as users, but it puts us in a much better position to move more quickly on a lot of things.

Another important technical note: this release mitigates a difficult to exploit but possible attack. If someone had access to your APP_KEY, it was possible to perform an RCE attack. We mitigated this by disabling cookie serialization, but I'd still argue that if someone has your APP_KEY, you're going to have a bad time in a bunch of other ways, so this is just a gentle reminder than your APP_KEY should never, ever be shared with anyone, for any reason, and you should never use the default APP_KEY values we have in some of our example env files. If you have encrypted custom fields and need to roll your APP_KEY because you feel it could have been compromised, we have a cli utility to handle that.

Next up: Custom fields for users, and the ability to check out accessories to assets and locations.

What's Changed

New Contributors

Full Changelog: v7.0.9...v7.0.10

v7.0.9

11 Jul 18:11
Compare
Choose a tag to compare

Caution

Snipe-IT now requires PHP 8.1.2 or greater

Another small patch release which largely handles missing translations and the some refinements on the upgrade.php script to make upgrading a little smoother, and added a boatload more automated tests. We also tightened up some queries on the consumables side, so hopefully those with much larger data sets for consumables will notice speedier load times there.

Additionally, we identified and fixed an issue where in some circumstances, custom field data could be lost when auditing an asset, and we also added better history tracking for consumables.

What's Changed

  • General cleanup - Docblock fixes, adding type hinting, added tests, added asset model form validator by @snipe in #15029
  • Fixed API key missing translations by @snipe in #15055
  • Fixed missing print user assigned filter by @Godmartinz in #15059
  • Fixes Potential Exception by @spencerrlongg in #15057
  • upgrade.php: More helpful output when we can't read .upgrade_requirements.json by @jerm in #15051
  • upgrade.php: If we're on windows, make sure we can load intermediate certificates by @jerm in #15052
  • Small consumables optimizations by @snipe in #15071
  • Fixed inconsistent attributes order in Print All Assigned report by @FlorentDotMe in #15069

New Contributors

Full Changelog: v7.0.8...v7.0.9

v7.0.8

08 Jul 15:05
Compare
Choose a tag to compare

Caution

Snipe-IT now requires PHP 8.1.2 or greater

Happy Monday, nerds! This release fixes some missing translations, adds some improvements for merging users, fixes a bug where custom field data could be lost when auditing under certain conditions, and also adds some query optimizations for speed. Enjoy!

What's Changed

Full Changelog: v7.0.7...v7.0.8

v7.0.7

02 Jul 08:50
Compare
Choose a tag to compare

Caution

Snipe-IT now requires PHP 8.1.2 or greater

Happy Tuesday! This point release handles the unusual (but possible) use-case where the language in APP_LOCALE had not been updated correctly to use the four/five letter ISO code and was still using the two-letter code, so users might have seen issues with translation strings related to FALLBACK_APP_LOCALE. This also fixes the upgrade script where the requirements checks would fail if you did not have gd installed, but you do have Imagemagick installed. Plus, a new label template for endless 62mm Brother printer rolls!

What's Changed

New Contributors

Full Changelog: v7.0.6...v7.0.7

v7.0.6

26 Jun 12:49
Compare
Choose a tag to compare

Caution

Snipe-IT now requires PHP 8.1.2 or greater

This is a small point release that should handle a few translation issues as well as fixing some configuration issues for docker users and users behind a reverse proxy server using SAML.

What's Changed

Full Changelog: v7.0.5...v7.0.6

v7.0.5

24 Jun 21:13
Compare
Choose a tag to compare

Caution

Snipe-IT now requires PHP 8.1.2 or greater

This release largely handles some translation issues (especially related to backup notification emails), a few small importer issues related to date importing, and a bunch of additional automated tests. We also added the feature of being able to disallow your users to edit their profiles at all (via Admin > General Settings), and fixed an issue around the ability to delete users.

What's Changed

Full Changelog: v7.0.4...v7.0.5