All Versions
16
Latest Version
Avg Release Cycle
23 days
Latest Release
46 days ago

Changelog History
Page 1

  • v4.9.2

    April 09, 2020

    πŸ†• New in v4.9.2

    πŸš€ IMPORTANT: This release requires PHP 7.1.3 or greater.

    πŸš€ This is a small bug fix release that handles a minor style regression from the previous version, and addresses an issue where the admin settings would not save (and would provide no useful error) if Slack settings were incomplete.

    πŸ›  Fixed

    • πŸ›  Fixed issue where incomplete Slack info would prevent other settings (on other settings pages) from being saved while returning no useful error message
    • πŸ›  Fixed CSS issue where logo text was the wrong color if you use text-only logos

    πŸ‘Œ Improved

    • πŸ‘Œ Improved error messages in LDAP errors

    ⬆️ Upgrading

    ⬆️ For general upgrading instructions, click here. Users who installed Snipe-IT via Git (recommended) can just run php upgrade.php.

    πŸ‘€ For a full list of changes, see the changelog.

    ⬆️ After completing the upgrade process, be sure to clear your browser cookies.

    ⬆️ Upgrading from v3

    ⬆️ Please see the upgrade instructions here.

  • v4.9.1

    April 08, 2020

    πŸ†• New in v4.9.1

    πŸš€ IMPORTANT: This release requires PHP 7.1.3 or greater.

    πŸš€ This release brings a ton of accessibility fixes, a set of new dark-mode skins (and a new high-contrast skin), a few bug fixes, and a few UI improvements.

    High Contrast:

    Screen Shot 2020-04-01 at 4 06 33 AM

    Example of colored skin in dark mode:

    Screen Shot 2020-04-01 at 4 07 16 AM

    To use these new skins, go to Admin Settings > Branding and select them from the dropdown.

    πŸ‘Œ Improved "Add field to fieldset" UI

    Screen Shot 2020-04-01 at 4 34 53 AM

    Search filter for Admin Settings

    filter

    πŸ›  Fixed

    • πŸ›  Fixed (#7879) - search by serial or tag even if they have slashes in them
    • πŸ›  Fixed (#7882) user with the correct permissions couldn't update manufacturers
    • πŸ›  Fixed typo in CSP which prevented import UI from loading correctly
    • πŸ›  Fixed compact($id) errors when an asset/license/location/etc was not found
    • ⚑️ (Developers only) Updated faker library to be compatible with PHP 7.4

    πŸ‘Œ Improved

    • πŸ‘Œ Improved highlight on selected asset rows (yellow now, instead of a slightly darker grey)
    • βž• Added search filtering to settings page to allow faster access to specific sections
    • πŸ‘Œ Improved "add custom field to fieldset" UI so that you have to click the submit button
    • (Developers only) - dark skins .less files are now processed with npm run prod

    βž• Added

    • βž• Added permissions on user api (#7883)
    • βž• Added new dark background skins
    • βž• Added #7940 - update of local instance of composer.phar on upgrade (if it's being used)
    • Added #7947 - rtd_location_id to API search

    ⬆️ Upgrading

    ⬆️ For general upgrading instructions, click here. Users who installed Snipe-IT via Git (recommended) can just run php upgrade.php.

    πŸ‘€ For a full list of changes, see the changelog.

    ⬆️ After completing the upgrade process, be sure to clear your browser cookies.

    ⬆️ Upgrading from v3

    ⬆️ Please see the upgrade instructions here.

  • v4.9.0

    March 05, 2020

    πŸ†• New in v4.9.0

    πŸš€ IMPORTANT: This release requires PHP 7.1.3 or greater.

    πŸ›  This is mostly a security/bugfix release, handling some smaller bugs.

    πŸ›  Fixed

    • βž• Added slightly friendlier error handling for assets without models
    • Include correct license, asset, etc count on user show API call
    • βœ‚ Remove not existent variable id in the redirect causing error (#7732)
    • πŸ›  Fix for weird JSON parsing in actionlogs when new custom fields are added and have no value and the asset is saved again (#7753)
    • πŸ›  Fixed #7752 - reformat /api/v1/users/me to use transformer
    • πŸ›  Fixed offset to use the actual item count as override instead of 0 (#7788)
    • 🍱 Use β€œinvalid barcode” image and suppress errors when barcode format is not compatible with existing assets
    • πŸ›  Fixed #7870: fixed SSL connectivity for PaaS DBs (#7874)
    • βž• Added validation to reject email addresses over 250 characters in password reset to prevent buffer overflow
    • πŸ›  Fix for CVE-2019-10772

    πŸ‘Œ Improved

    • 🚚 Moved ldap import ini settings to config (#7679)
    • Disallow 0 as a number for labels per page

    βž• Added

    • βž• Added license() endpoint for users
    • βž• Added 'requestable' to fillable attributes. (#7787)
    • βž• Added update() method for Departments (#7804)

    ⬆️ Upgrading

    ⬆️ For general upgrading instructions, click here. Users who installed Snipe-IT via Git (recommended) can just run php upgrade.php.

    πŸ‘€ For a full list of changes, see the changelog.

    ⬆️ After completing the upgrade process, be sure to clear your browser cookies.

    ⬆️ Upgrading from v3

    ⬆️ Please see the upgrade instructions here.

  • v4.8.0

    December 06, 2019

    πŸ†• New in v4.8.0

    πŸš€ IMPORTANT: This release requires PHP 7.1.3 or greater.

    πŸ›  This is mostly a security/bugfix release, handling some smaller bugs and correcting an issue where users could no longer search on child assets.

    πŸ”’ We have also issued a fix for a security issue discovered in some versions of symfony/http-foundation, and have patched a persistent XSS vulnerability in the image uploads for most models where a malicious authorized user could potentially upload an SVG with a javascript payload. The severity of this issue is reduced due to the fact that the attack requires user interaction. Specifically, the attacker would have to trick an unsuspecting victim into opening the malicious asset model image in a new tab or from within an IFRAME. (Many thanks to Metin Kandemir for reporting that issue.)

    πŸ›  Fixed

    • πŸ›  Fixed maintenances permissions check to allow users who can edit assets to edit maintenances
    • ⚠ Fixed an error on audit due list when no audit_warning_days had been set in Admin Preferences
    • πŸ›  Fixed bug where deleted consumable would throw an error on print page
    • βž• Adding Dept to license seats display (#7609)
    • βœ‚ Removed escaping on custom fields in presenter (#7631)
    • ⚑️ Updated child assets to reflect asset parent location (#7458)
    • ⚑️ Updated symfony/http-foundation from 3.4.30 to 3.4.36 to address a security vulnerably in that dependency (#7638)
    • πŸ›  Fixed XSS vulnerability in SVG image uploads (#7639)
    • πŸ›  Fixed an issue where child locations where no longer searchable (#7646)

    πŸ‘Œ Improved

    • πŸ–¨ #6440 Print All Assigned now opens in new tab (#7135)
    • ⚑️ Updated translations

    ⬆️ Upgrading

    ⬆️ For general upgrading instructions, click here. Users who installed Snipe-IT via Git (recommended) can just run php upgrade.php.

    πŸ‘€ For a full list of changes, see the changelog.

    ⬆️ After completing the upgrade process, be sure to clear your browser cookies.

    ⬆️ Upgrading from v3

    ⬆️ Please see the upgrade instructions here.

  • v4.7.8

    October 28, 2019

    πŸ†• New in v4.7.8

    πŸš€ IMPORTANT: This release requires PHP 7.1.3 or greater.

    πŸ›  This is mostly a bugfix release, addressing an issue when importing assets with custom fields, and fixing a latency issue when an install has a very large number of locations.

    πŸ›  Fixed

    • 🚀 Limit license seats to 999 to prevent latency
    • πŸ›  Fixes nested location selectlist (#7483)
    • βœ‚ Remove unused variable
    • βž• Added software support and hardware support to maintenance types
    • βž• Added 4260352 to ldapsync enabled account constraint for AD

    ⬆️ Upgrading

    ⬆️ For general upgrading instructions, click here. Users who installed Snipe-IT via Git (recommended) can just run php upgrade.php.

    πŸ‘€ For a full list of changes, see the changelog.

    ⬆️ After completing the upgrade process, be sure to clear your browser cookies.

    ⬆️ Upgrading from v3

    ⬆️ Please see the upgrade instructions here.

  • v4.7.7

    September 04, 2019

    πŸ†• New in v4.7.7

    πŸš€ IMPORTANT: This release requires PHP 7.1.3 or greater.

    πŸ’₯ This is mostly a bugfix release, however it does introduce a breaking change to the API which caps the number of results returned at 500 by default. More details below. Additionally, we added a rekey console command that allows you to rotate your APP_KEY (in the event of a security breach where your APP_KEY was disclosed or discovered) which will decrypt any encrypted custom fields you have, generate a new key, and re-encrypt them using the newly generated key.

    Usage:

    php artisan snipeit:rotate-key

    Screen Shot 2019-08-06 at 9 34 26 PM

    πŸ’₯ BREAKING CHANGE:

    0️⃣ The maximum number of items returned is now capped at 500 by default. This is to prevent server timeouts and memory issues when someone (usually a custom script) naively tries to request 100k items at one time. You can increase this limit by adding MAX_RESULTS to your .env file and setting that value to a higher number. Otherwise you should use standard pagination using the offset parameter to get your complete data set.

    πŸ›  Fixed

    • πŸ›  Fixed CVE-2019-10742
    • πŸ›  History importer fixes
    • πŸ›  Fixed #7289 - git fetch before git checkout in upgrade.php
    • πŸ›  Fixed #7259 - upgraded phpdocumentor/reflection-docblock to v4
    • Smaller chunking for custom report, add max_execution_time
    • βœ‚ Removed erroneous withErrors() on JSON response

    βž• Added

    • βž• Added #7321 - link to Helm Chart repo
    • βž• Added console rekey tool (#7330)
    • Limit API request results per page (#7405)

    ⬆️ Upgrading

    ⬆️ For general upgrading instructions, click here. Users who installed Snipe-IT via Git (recommended) can just run php upgrade.php.

    πŸ‘€ For a full list of changes, see the changelog.

    ⬆️ After completing the upgrade process, be sure to clear your browser cookies.

    ⬆️ Upgrading from v3

    ⬆️ Please see the upgrade instructions here.

  • v4.7.6

    July 26, 2019

    πŸ†• New in v4.7.6

    πŸš€ IMPORTANT: This release requires PHP 7.1.3 or greater.

    πŸ›  Fixed

    • πŸ›  Fixed an issue displaying assets due for audit if no audit interval was set in the settings
    • πŸ›  Fixed an issue with the Users API that would prevent a user from being created if it didn't validate, but did not provide useful validation messages in the JSON RESPONSE
    • πŸ›  Fixed an issue where custom fields would not correctly validate
    • πŸ›  Fixed an issue where users could enter large number of warranty months that would cause a syntax error (now capped at 20 years)
    • πŸ›  Fixed a crashing count() issue on user deletion where it checks if other items are checked out
    • πŸ›  Fixed #7186 - has() vs filled() in User API blanking out groups if no groups were passed in the API request
    • πŸ›  Fixed #6910 where consumables could sometimes return no results
    • πŸ›  Fixed #7250 - permission issue for API fieldsets and fields endpoints
    • πŸ›  Fixed #7270 - Checking-in Assets via API would remove the asset name

    βž• Added

    • Command to fix custom field unicode conversion differences between PHP versions
    • πŸ‘ CORS support for API

    ⬆️ Upgrading

    ⬆️ For general upgrading instructions, click here. Users who installed Snipe-IT via Git (recommended) can just run php upgrade.php.

    πŸ‘€ For a full list of changes, see the changelog.

    ⬆️ After completing the upgrade process, be sure to clear your browser cookies.

    ⬆️ Upgrading from v3

    ⬆️ Please see the upgrade instructions here.

  • v4.7.5

    June 24, 2019

    πŸ†• New in v4.7.5

    πŸš€ IMPORTANT: This release requires PHP 7.1.3 or greater.

    πŸš€ This release fixes a bug in the LDAP settings where the LDAP password could be blanked out when saving your LDAP settings.

    βž• Additionally, this release renames the groups table to permission_groups to avoid reserved name conflicts with later versions of MySQL. This should only be relevant to folks who have set up custom/third-party scripts that directly interface with the database. API endpoints, etc remain unchanged.

    πŸ›  Fixed

    • πŸ›  Fixed LDAP password blanking on save
    • πŸ›  Fixed #7164, #7145 - change table name to permission_groups
    • ⬇️ Reduce minimum group name length to 2 (from 3)
    • πŸ›  Small fixes for phpleague CSV reader v9

    πŸ‘Œ Improved

    • πŸ‘Œ Improved error checking in locations importer

    ⬆️ Upgrading

    ⬆️ For general upgrading instructions, click here. Users who installed Snipe-IT via Git (recommended) can just run php upgrade.php.

    πŸ‘€ For a full list of changes, see the changelog.

    ⬆️ After completing the upgrade process, be sure to clear your browser cookies.

    ⬆️ Upgrading from v3

    ⬆️ Please see the upgrade instructions here.

  • v4.7.4

    May 31, 2019

    πŸ†• New in v4.7.4

    πŸš€ IMPORTANT: This release requires PHP 7.1.3 or greater.

    πŸš€ This is a point release that fixes a bug in the backup notifications, which were previously trying to send email to you@example.com due to the default backup package config.

    If you would like to be emailed when a backup has completed (or failed to complete, etc), add the following to your .env file:

    MAIL_BACKUP_NOTIFICATION_ADDRESS=you@example.com

    πŸš€ This release also fixes a bug in bulk asset editing where it could potentially remove model_id information if none was passed (as would be the case if you were not changing the asset model).

    Additionally, this release fixes an error that was being thrown on checkin if the entity being checked in from wasn't a person.

    ⚑️ And finally, we've updated a few language strings, and added Filipino to the selectable dropdown list of languages.

    πŸ›  We know there have been a lot of releases this week (not uncommon after an upgrade to the underlying framework), but our philosophy has always been that it's a bad idea to hold onto bugfixes for political/appearance reasons. Some folks only want to upgrade from a tagged release, so it makes more sense to us to get fixes in your hands sooner rather than later, so we release often.

    Have a great weekend! Change details are below!

    πŸ›  Fixed

    • πŸ›  Fixed #7099 - set email to null by default for backup notifications
    • πŸ›  Fixed #7100 - Check if $user isset on checkin
    • πŸ”„ Changed has() to filled() to fix bug in bulk asset editing that could remove a model_id

    βž• Added

    • βž• Added Filipino, corrected order for Spanish variations

    πŸ‘Œ Improved

    • Increased throttle to 120 requests per minute

    ⬆️ Upgrading

    ⬆️ For general upgrading instructions, click here. Users who installed Snipe-IT via Git (recommended) can just run php upgrade.php.

    πŸ‘€ For a full list of changes, see the changelog.

    ⬆️ After completing the upgrade process below, be sure to clear your browser cookies.

    ⬆️ Upgrading from v3

    ⬆️ Please see the upgrade instructions here.

  • v4.7.3

    May 29, 2019

    πŸ†• New in v4.7.3

    πŸš€ IMPORTANT: This release requires PHP 7.1.3 or greater. This version of Snipe-IT is compatible with PHP 7.3.

    πŸš€ This is a point release that fixes a bug in the path for deleting generated backup files, and that also resolves in issue that was preventing certain users from being able to load the users/locations/etc select lists.

    πŸ”§ The select-list issue would typically only present itself if the Snipe-IT installation is running behind some configurations of proxies, or if they have unusual DNS masking or port numbers.

    πŸ›  Fixed

    • πŸ›  Fixed #7098 - updated backup config for deleteFile() method
    • πŸ›  Fixed #7092 - handle weird port forwarding/port numbers for baseUrl

    ⬆️ Upgrading

    ⬆️ For general upgrading instructions, click here. Users who installed Snipe-IT via Git (recommended) can just run php upgrade.php.

    πŸ‘€ For a full list of changes, see the changelog.

    ⬆️ After completing the upgrade process below, be sure to clear your browser cookies.

    ⬆️ Upgrading from v3

    ⬆️ Please see the upgrade instructions here.