A free open source IT asset/license management system
AGPL-3.0 License
Bot releases are visible (Hide)
Published by snipe over 4 years ago
This is mostly a security/bugfix release, handling some smaller bugs.
id
in the redirect causing error (#7732)/api/v1/users/me
to use transformerlicense()
endpoint for usersupdate()
method for Departments (#7804)For general upgrading instructions, click here. Users who installed Snipe-IT via Git (recommended) can just run php upgrade.php
.
For a full list of changes, see the changelog.
After completing the upgrade process, be sure to clear your browser cookies.
Please see the upgrade instructions here.
Published by snipe almost 5 years ago
This is mostly a security/bugfix release, handling some smaller bugs and correcting an issue where users could no longer search on child assets.
We have also issued a fix for a security issue discovered in some versions of symfony/http-foundation
, and have patched a persistent XSS vulnerability in the image uploads for most models where a malicious authorized user could potentially upload an SVG with a javascript payload. The severity of this issue is reduced due to the fact that the attack requires user interaction. Specifically, the attacker would have to trick an unsuspecting victim into opening the malicious asset model image in a new tab or from within an IFRAME. (Many thanks to Metin Kandemir for reporting that issue.)
audit_warning_days
had been set in Admin Preferencessymfony/http-foundation
from 3.4.30 to 3.4.36 to address a security vulnerably in that dependency (#7638)For general upgrading instructions, click here. Users who installed Snipe-IT via Git (recommended) can just run php upgrade.php
.
For a full list of changes, see the changelog.
After completing the upgrade process, be sure to clear your browser cookies.
Please see the upgrade instructions here.
Published by snipe almost 5 years ago
This is mostly a bugfix release, addressing an issue when importing assets with custom fields, and fixing a latency issue when an install has a very large number of locations.
For general upgrading instructions, click here. Users who installed Snipe-IT via Git (recommended) can just run php upgrade.php
.
For a full list of changes, see the changelog.
After completing the upgrade process, be sure to clear your browser cookies.
Please see the upgrade instructions here.
Published by snipe about 5 years ago
This is mostly a bugfix release, however it does introduce a breaking change to the API which caps the number of results returned at 500 by default. More details below. Additionally, we added a rekey console command that allows you to rotate your APP_KEY
(in the event of a security breach where your APP_KEY
was disclosed or discovered) which will decrypt any encrypted custom fields you have, generate a new key, and re-encrypt them using the newly generated key.
php artisan snipeit:rotate-key
The maximum number of items returned is now capped at 500 by default. This is to prevent server timeouts and memory issues when someone (usually a custom script) naively tries to request 100k items at one time. You can increase this limit by adding MAX_RESULTS
to your .env
file and setting that value to a higher number. Otherwise you should use standard pagination using the offset
parameter to get your complete data set.
git fetch
before git checkout
in upgrade.php
phpdocumentor/reflection-docblock
to v4max_execution_time
withErrors()
on JSON responseFor general upgrading instructions, click here. Users who installed Snipe-IT via Git (recommended) can just run php upgrade.php
.
For a full list of changes, see the changelog.
After completing the upgrade process, be sure to clear your browser cookies.
Please see the upgrade instructions here.
Published by snipe about 5 years ago
count()
issue on user deletion where it checks if other items are checked outhas()
vs filled()
in User API blanking out groups if no groups were passed in the API requestFor general upgrading instructions, click here. Users who installed Snipe-IT via Git (recommended) can just run php upgrade.php
.
For a full list of changes, see the changelog.
After completing the upgrade process, be sure to clear your browser cookies.
Please see the upgrade instructions here.
Published by snipe over 5 years ago
This release fixes a bug in the LDAP settings where the LDAP password could be blanked out when saving your LDAP settings.
Additionally, this release renames the groups
table to permission_groups
to avoid reserved name conflicts with later versions of MySQL. This should only be relevant to folks who have set up custom/third-party scripts that directly interface with the database. API endpoints, etc remain unchanged.
permission_groups
For general upgrading instructions, click here. Users who installed Snipe-IT via Git (recommended) can just run php upgrade.php
.
For a full list of changes, see the changelog.
After completing the upgrade process, be sure to clear your browser cookies.
Please see the upgrade instructions here.
Published by snipe over 5 years ago
This is a point release that fixes a bug in the backup notifications, which were previously trying to send email to [email protected]
due to the default backup package config.
If you would like to be emailed when a backup has completed (or failed to complete, etc), add the following to your .env
file:
This release also fixes a bug in bulk asset editing where it could potentially remove model_id information if none was passed (as would be the case if you were not changing the asset model).
Additionally, this release fixes an error that was being thrown on checkin if the entity being checked in from wasn't a person.
And finally, we've updated a few language strings, and added Filipino to the selectable dropdown list of languages.
We know there have been a lot of releases this week (not uncommon after an upgrade to the underlying framework), but our philosophy has always been that it's a bad idea to hold onto bugfixes for political/appearance reasons. Some folks only want to upgrade from a tagged release, so it makes more sense to us to get fixes in your hands sooner rather than later, so we release often.
Have a great weekend! Change details are below!
$user
isset on checkinhas()
to filled()
to fix bug in bulk asset editing that could remove a model_idFor general upgrading instructions, click here. Users who installed Snipe-IT via Git (recommended) can just run php upgrade.php
.
For a full list of changes, see the changelog.
After completing the upgrade process below, be sure to clear your browser cookies.
Please see the upgrade instructions here.
Published by snipe over 5 years ago
This is a point release that fixes a bug in the path for deleting generated backup files, and that also resolves in issue that was preventing certain users from being able to load the users/locations/etc select lists.
The select-list issue would typically only present itself if the Snipe-IT installation is running behind some configurations of proxies, or if they have unusual DNS masking or port numbers.
For general upgrading instructions, click here. Users who installed Snipe-IT via Git (recommended) can just run php upgrade.php
.
For a full list of changes, see the changelog.
After completing the upgrade process below, be sure to clear your browser cookies.
Please see the upgrade instructions here.
Published by snipe over 5 years ago
We had the bad luck of releasing just as Github was having some technical issues, so the version bump to v4.7.1 in the version file got missed in the 4.7.1 point release. So, we find ourselves releasing again, hoping Github doesn't bomb out again. Technology, amirite?
This is a point release just for docker users, which brings the version of PHP used in the docker file up to Snipe-IT v4.7 minimums.
For a full list of changes, see the changelog.
After completing the upgrade process, be sure to clear your browser cookies.
Please see the upgrade instructions here.
Published by snipe over 5 years ago
We've updated all of the package dependencies in this release and fixed a few small edge-case bugs. Users are encouraged to upgrade to v4.7 as soon as possible, as this release includes some security fixes for the underlying framework and package dependencies.
AssignedSearch()
to prevent confusing data in results$backto
if asset is checked out to a non-useruser_exists
constraint on department saveFor general upgrading instructions, click here. Users who installed Snipe-IT via Git (recommended) can just run php upgrade.php
.
For a full list of changes, see the changelog.
After completing the upgrade process, be sure to clear your browser cookies.
Please see the upgrade instructions here.
Published by snipe over 5 years ago
This release is intended as a legacy release for users who will not be able to upgrade their version of PHP. If you are already running PHP7, you can skip this update and instead upgrade to 4.7, which will be released later today.
We upgraded some package dependencies to later versions for this release, however the we cannot upgrade the laravel framework itself due to PHP version constraints. Doing so would break the installations for everyone who is currently still running PHP 5x.
Users are strongly advised to upgrade their version of PHP so that they're ready for v4.7 and then v5.
For general upgrading instructions, click here. Users who installed Snipe-IT via Git (recommended) can just run php upgrade.php
.
For a full list of changes, see the changelog.
Snipe-IT v4.x is not compatible with PHP 7.3. You'll need to use a version of PHP between 5.6.4 and 7.2.x. This is due to a limitation of the underlying framework. The upcoming v5 will support 7.3+.
Users running MariaDB 10.2.7 and later may have an issue upgrading or installing, due to a change in the way MariaDB stores null defaults. This issue will be fixed once the open pull request in the Doctrine repo is merged and a new version of Doctrine is released with these fixes. You can read more about that issue here.
After completing the upgrade process below, be sure to clear your browser cookies.
Please see the upgrade instructions here.
Published by snipe over 5 years ago
For general upgrading instructions, click here. Users who installed Snipe-IT via Git (recommended) can just run php upgrade.php
.
For a full list of changes, see the changelog.
Snipe-IT v4.x is not compatible with PHP 7.3. You'll need to use a version of PHP between 5.6.4 and 7.2.x. This is due to a limitation of the underlying framework. The upcoming v5 will support 7.3+.
Users running MariaDB 10.2.7 and later may have an issue upgrading or installing, due to a change in the way MariaDB stores null defaults. This issue will be fixed once the open pull request in the Doctrine repo is merged and a new version of Doctrine is released with these fixes. You can read more about that issue here.
After completing the upgrade process below, be sure to clear your browser cookies.
Please see the upgrade instructions here.
Published by snipe over 5 years ago
Version 4.6.16 of Snipe-IT introduces a few small features and includes a bugfix for users who are getting an empty Assets listing if they have a null EOL date set for some or all assets.
If you're already using the built-in scheduler, this will be included automatically. To run it manually, you would use php artisan snipeit:upcoming-audits
.
This adds two new sidenav items into the Assets menu that bring you to a report of assets that are due soon (using whatever your audit threshold is set to in Admin Settings > Notifications) and what is overdue.
Two new GET
endpoints have been added, /api/v1/hardware/audit/due
and /api/v1/hardware/audit/overdue
.
These actually use the main index
Asset API controller, because there would have been a lot of copypasta otherwise, and that method is already a workhorse, but we wanted to provide a more semantic endpoint.
For general upgrading instructions, click here. Users who installed Snipe-IT via Git (recommended) can just run php upgrade.php
.
For a full list of changes, see the changelog.
Snipe-IT v4.x is not compatible with PHP 7.3. You'll need to use a version of PHP between 5.6.4 and 7.2.x. This is due to a limitation of the underlying framework. The upcoming v5 will support 7.3+.
Users running MariaDB 10.2.7 and later may have an issue upgrading or installing, due to a change in the way MariaDB stores null defaults. This issue will be fixed once the open pull request in the Doctrine repo is merged and a new version of Doctrine is released with these fixes. You can read more about that issue here.
After completing the upgrade process below, be sure to clear your browser cookies.
Please see the upgrade instructions here.
Published by snipe over 5 years ago
image_source
field for asset create/edit API endpointauto_increment_prefix
nullablecategory_id
Awesome! First things first, you should NOT test this in production yet, as it's a beta release. If you'd like to help us test, make a new copy of Snipe-IT and upgrade your copy to v5.0.0-beta-1.0, that way your data is safe. You should treat this test instance as a version you could easily throw away when you're done testing. (Hopefully it won't come to that, but hey, computers are hard.)
Things we're very interested in folks testing:
If you need to create new bug reports for this beta release, please make sure you include the beta release version in the Github issue title so we can easily see that it's an issue specific to this beta.
For general upgrading instructions, click here. Users who installed Snipe-IT via Git (recommended) can just run php upgrade.php
.
For a full list of changes, see the changelog.
Please see the upgrade instructions here. After completing the upgrade below, be sure to clear your browser cookies.
Special thanks to @jwhulette, @patrict, @VELIKII-DIVAN, @liquidhorse, @Seldaek, @inietov, @benrubson, @NMathar, @smb, @Sxderp, @fanta8897, @andreybolonin, @shinayoshi, @reuser, @KeenRivals, @omyno, @jackka, @herroworrd, @colin-campbell, @HinchK, and @uberbrady for helping bring v5 to life!
Published by snipe over 5 years ago
Version 4.6.15 of Snipe-IT is a hotfix release that addresses an issue that users who have two-factor enabled have been experiencing because Google Image Charts turned off their API. (This was apparently announced quite some time ago, but because no API key is required, there wasn't really a super-efficient way of letting third-parties using their library know about it.) The new implementation should work seamlessly with older, already-enrolled devices, and is a more secure way of implementing 2FA, since we generate the QR enrollment barcode locally now, instead of reaching out to Google's API.
We'll be rolling this update out to our hosted customers over the next 24 hours.
Developers: this fix has been forward-ported to the develop
branch.
For general upgrading instructions, click here. Users who installed Snipe-IT via Git (recommended) can just run php upgrade.php
.
For a full list of changes, see the changelog.
Snipe-IT v4.x is not compatible with PHP 7.3. You'll need to use a version of PHP between 5.6.4 and 7.2.x. This is due to a limitation of the underlying framework. The upcoming v5 will support 7.3+.
Users running MariaDB 10.2.7 and later may have an issue upgrading or installing, due to a change in the way MariaDB stores null defaults. This issue will be fixed once the open pull request in the Doctrine repo is merged and a new version of Doctrine is released with these fixes. You can read more about that issue here.
After completing the upgrade process below, be sure to clear your browser cookies.
Please see the upgrade instructions here.
Published by snipe over 5 years ago
array_flip()
errors on import in badly mapped import files.)For general upgrading instructions, click here. Users who installed Snipe-IT via Git (recommended) can just run php upgrade.php
.
For a full list of changes, see the changelog.
Snipe-IT v4.x is not compatible with PHP 7.3. You'll need to use a version of PHP between 5.6.4 and 7.2.x. This is due to a limitation of the underlying framework. The upcoming v5 will support 7.3+.
Users running MariaDB 10.2.7 and later may have an issue upgrading or installing, due to a change in the way MariaDB stores null defaults. This issue will be fixed once the open pull request in the Doctrine repo is merged and a new version of Doctrine is released with these fixes. You can read more about that issue here.
After completing the upgrade process below, be sure to clear your browser cookies.
Please see the upgrade instructions here.
Published by snipe over 5 years ago
This release fixes a potential issue introduced in #6693, where we added the ability to nullify values via the API. It's a migration that sets several fields in the database to be nullable where they were sometimes previously not. (Fields are typically nullable by default, as we enforce those rules at the model level, however versions of Snipe-IT installed using a different version of MySQL may have had those fields created without the nullable attribute correctly set.)
In those cases, attempting to create assets, locations, users, etc with blank fields (even fields that are not required through the UI) could result in the MySQL error: Illuminate\Database\QueryException: SQLSTATE[23000]: Integrity constraint violation: 1048 Column 'foo' cannot be null
.
The issue was introduced by implementing the ConvertEmptyStringsToNull()
middleware, which is necessary by the API to nullify values (versus passing empty strings), but also caused issues for folks for whom those fields were not already nullable.
For general upgrading instructions, click here. Users who installed Snipe-IT via Git (recommended) can just run php upgrade.php
.
For a full list of changes, see the changelog.
Snipe-IT v4.x is not compatible with PHP 7.3. You'll need to use a version of PHP between 5.6.4 and 7.2.x. This is due to a limitation of the underlying framework. The upcoming v5 will support 7.3+.
Users running MariaDB 10.2.7 and later may have an issue upgrading or installing, due to a change in the way MariaDB stores null defaults. This issue will be fixed once the open pull request in the Doctrine repo is merged and a new version of Doctrine is released with these fixes. You can read more about that issue here.
After completing the upgrade process below, be sure to clear your browser cookies.
Please see the upgrade instructions here.
Published by snipe over 5 years ago
This release fixes a small bug that was introduced in the last release which inadvertently changed the auto_increment_prefix
to a boolean field. If you skipped the 4.6.11 release, this won't affect you, but we changed that migration in-place and then created an additional migration for folks who may have already upgraded. You may need to reset your auto increment prefix in the settings if you had upgraded to v4.6.11.
For general upgrading instructions, click here. Users who installed Snipe-IT via Git (recommended) can just run php upgrade.php
.
For a full list of changes, see the changelog.
Snipe-IT v4.x is not compatible with PHP 7.3. You'll need to use a version of PHP between 5.6.4 and 7.2.x. This is due to a limitation of the underlying framework. The upcoming v5 will support 7.3+.
Users running MariaDB 10.2.7 and later may have an issue upgrading or installing, due to a change in the way MariaDB stores null defaults. This issue will be fixed once the open pull request in the Doctrine repo is merged and a new version of Doctrine is released with these fixes. You can read more about that issue here.
After completing the upgrade process below, be sure to clear your browser cookies.
Please see the upgrade instructions here.
Published by snipe over 5 years ago
Happy Valentines Day! To show you our love, we have a new release for you!
This release fixes a few very small bugs, one related to password confirmation validation, one related to the category not being respected in the consumables by category listing, and one more that addresses an issue where the pagination on one type of item could impact another, making it look like you have no items in that listing who you really do.
password_confirmation
to be passed in API called when creating a new user, and it must match the password
field.For general upgrading instructions, click here. Users who installed Snipe-IT via Git (recommended) can just run php upgrade.php
.
For a full list of changes, see the changelog.
Snipe-IT v4.x is not compatible with PHP 7.3. You'll need to use a version of PHP between 5.6.4 and 7.2.x. This is due to a limitation of the underlying framework. The upcoming v5 will support 7.3+.
Users running MariaDB 10.2.7 and later may have an issue upgrading or installing, due to a change in the way MariaDB stores null defaults. This issue will be fixed once the open pull request in the Doctrine repo is merged and a new version of Doctrine is released with these fixes. You can read more about that issue here.
After completing the upgrade process below, be sure to clear your browser cookies.
Please see the upgrade instructions here.
Published by snipe over 5 years ago
This is a tiny release that fixes two bugs that would only affect a select group of users. While we hate to release multiple times in a day, we thought it prudent to get these fixes in your hot little hands as soon as possible, and we only just uncovered and fixed one of these bugs right after the 4.6.9 release went out.
The first issue would only happen for users who have full multiple company support enabled, and are not logged in as a superadmin. In that case, searching in the asset select list (for example, when checking a license out to an asset) would return an error that looks like Integrity constraint violation: 1052 Column 'company_id' in where clause is ambiguous
.
The second issue affected only the /api/v1/hardware/byserial
API endpoint, where we were applying the incorrect permission, so users that were NOT superadmins would get a permissions error.
scopeCompanyables()
$arrays
collection, just check that the user can view assetsFor general upgrading instructions, click here. Users who installed Snipe-IT via Git (recommended) can just run php upgrade.php
.
For a full list of changes, see the changelog.
Snipe-IT v4.x is not compatible with PHP 7.3. You'll need to use a version of PHP between 5.6.4 and 7.2.x. This is due to a limitation of the underlying framework. The upcoming v5 will support 7.3+.
Users running MariaDB 10.2.7 and later may have an issue upgrading or installing, due to a change in the way MariaDB stores null defaults. This issue will be fixed once the open pull request in the Doctrine repo is merged and a new version of Doctrine is released with these fixes. You can read more about that issue here.
After completing the upgrade process below, be sure to clear your browser cookies.
Please see the upgrade instructions here.