Snipe IT v4.8.0 Release Notes
Release Date: 2019-12-06 // over 4 years ago-
🆕 New in v4.8.0
🚀 IMPORTANT: This release requires PHP 7.1.3 or greater.
🛠 This is mostly a security/bugfix release, handling some smaller bugs and correcting an issue where users could no longer search on child assets.
🔒 We have also issued a fix for a security issue discovered in some versions of
symfony/http-foundation, and have patched a persistent XSS vulnerability in the image uploads for most models where a malicious authorized user could potentially upload an SVG with a javascript payload. The severity of this issue is reduced due to the fact that the attack requires user interaction. Specifically, the attacker would have to trick an unsuspecting victim into opening the malicious asset model image in a new tab or from within an IFRAME. (Many thanks to Metin Kandemir for reporting that issue.)🛠 Fixed
- 🛠 Fixed maintenances permissions check to allow users who can edit assets to edit maintenances
- ⚠ Fixed an error on audit due list when no
audit_warning_dayshad been set in Admin Preferences - 🛠 Fixed bug where deleted consumable would throw an error on print page
- ➕ Adding Dept to license seats display (#7609)
- ✂ Removed escaping on custom fields in presenter (#7631)
- ⚡️ Updated child assets to reflect asset parent location (#7458)
- ⚡️ Updated
symfony/http-foundationfrom 3.4.30 to 3.4.36 to address a security vulnerably in that dependency (#7638) - 🛠 Fixed XSS vulnerability in SVG image uploads (#7639)
- 🛠 Fixed an issue where child locations where no longer searchable (#7646)
👌 Improved
⬆️ Upgrading
⬆️ For general upgrading instructions, click here. Users who installed Snipe-IT via Git (recommended) can just run
php upgrade.php.👀 For a full list of changes, see the changelog.
⬆️ After completing the upgrade process, be sure to clear your browser cookies.
⬆️ Upgrading from v3
⬆️ Please see the upgrade instructions here.