Revisions of phpipam
Eric Schirra (ecsos)
committed
(revision 39)
Eric Schirra (ecsos)
committed
(revision 38)
- UPdate to 1.6.0 Enhancements, changes: ---------------------------- + php8.3 compatibility; + MySQL 5.5.3+ is now required (support for utf8mb4); + Reverse-proxy users should review the new config.php $trust_x_forwarded_headers setting; Security Fixes: ---------------------------- + SQL injection in custom field enum/set types; + Directory traversal possible in RIPE query; + XSS (reflected) in 'bw-calulator-result.php'; + XSS (reflected) by invalid email address response; + XSS (reflected) by /app/tools/subnet-masks/popup.php (#3738); + XSS (stored) in user widget settings; + XSS and LDAP injection in ad-search-result.php; + XSS and LDAP injection in ad-search-group-result.php; + Restrict find_full_subnets.php to CLI; + Ensure confidentiality of database password;
Eric Schirra (ecsos)
accepted
request 1074329
from
Eric Schirra (ecsos)
(revision 37)
rollback to 1.5.2
Eric Schirra (ecsos)
committed
(revision 36)
- Update to 1.5.2+master because of php8.
Eric Schirra (ecsos)
committed
(revision 35)
- Update to 1.5.2 Bugfixes: ---------------------------- Fixed MySQL server has gone away error (#3759); Security Fixes: ---------------------------- + SQL injection in custom field enum/set types; + Directory traversal possible in RIPE query; + XSS (reflected) by /app/tools/subnet-masks/popup.php (#3738); + XSS (stored) in user widget settings; + XSS and LDAP injection in ad-search-group-result.php;
Eric Schirra (ecsos)
committed
(revision 34)
- Also remove subpackage apache when uninstalling the main package.
Eric Schirra (ecsos)
committed
(revision 33)
- Update to 1.5.1 Security Fixes: ---------------------------- + XSS (reflected) in 'bw-calulator-result.php'; + XSS (reflected) by invalid email address response; + XSS and LDAP injection in ad-search-result.php; + Restrict find_full_subnets.php to CLI; + Ensure confidentiality of database password;
Eric Schirra (ecsos)
committed
(revision 32)
- Update to 1.5.0 New features: ------------ + Mark subnet as isPool to allocate network and broadcast addresses; + Optionally hide section subnet menus; + L2 Domains user permissions; + Add scanPingType==none option to disable scanning; + Custom fields on IP request forms (#2956); + Added subnet free space map for each possible subnet mask; + Added Vaults (Certificate andf password storing); + Added Tools->Duplicate subnets & IP page; + Added config.php offline_mode to disable server-side Internet lookups (#3462); + Added MAC vendor lookup widget; Enhancements, changes: ---------------------------- + php7.4 compatibility; + SameSite attribute enabled for site cookies; + SAML2 + php-saml updated to 3.4.1 (#3055); + Removal of php-mcrypt dependancy; + Drop support for idpcertfingerprint; + MAP_SAML_USER and SAML_USERNAME config.php configuration moved to db; + php-saml protocol debugging; + Support for signed assertions; + SAML usernames can be extracted from assertion attributes (#2948); + JIT auto-provisioning of accounts (#3389); + Selectable mask for number of subnets/hosts in subnet masks; + Switch from Google Maps to OpenStreeMap and Nominatim; Bugfixes:
Eric Schirra (ecsos)
committed
(revision 31)
- Update to 1.4.7 Bugfixes: ---------------------------- + Fix for SAML/2FA/login redirections (#3492, #3435, #3517) Security Fixes: ---------------------------- + XXS (reflected) in ripe-arin-query; + XSS (reflected) in import previews;
Eric Schirra (ecsos)
committed
(revision 30)
- Update to 1.4.6 Bugfixes: ---------------------------- + Require unique subnets not working as intended (#3529); Security Fixes: ---------------------------- + Incorrect privilege assignments (#3506);
Eric Schirra (ecsos)
committed
(revision 29)
- Update to 1.4.5 Bugfixes: ---------------------------- + Fix for SAML/2FA login redirection after timeout (#3492); + php_sessions table doesn't exist error when upgrading (#3417); + RFC 6265 compliant cookies (#3452); Security Fixes: ---------------------------- + SQL injection in edit-bgp-mapping-search.php; + Stored XSS in the Site title parameter; + XSS while uploading CVS files; + XSS (reflected) in 'find subnets'; Bugfixes: ---------------------------- + Allow UTF-8 in instruction widgets (#3360); + Exclude IPv6 from Ping and Discovery scans (#3354); Security Fixes: ---------------------------- + XSS (reflected) in IP calculator (#3351); + XSS in pass-change/result.php (#3373);
Eric Schirra (ecsos)
committed
(revision 28)
- Update to 1.4.4
Eric Schirra (ecsos)
committed
(revision 27)
- Run spec-cleaner.
Eric Schirra (ecsos)
committed
(revision 26)
- Update to 1.4.3 Bugfixes: ---------------------------- + FPing discovery marks all addresses as alive (#2888); + SNMP, number of discovered hosts exceed maximum warning (#3279); Security Fixes: ---------------------------- + PHP session ID fixation (#3342);
Eric Schirra (ecsos)
committed
(revision 25)
- Fix tumbleweed build error: broken symbolic link to cs_CZ.UTF8 (Too many levels of symbolic links).
Eric Schirra (ecsos)
committed
(revision 24)
Eric Schirra (ecsos)
committed
(revision 23)
- Update to 4.1.2
Eric Schirra (ecsos)
committed
(revision 22)
- Put apache configuration files in separate subpackage. - Put language files in separate subpackage. - Put apache macros in apache phpipam.conf file.
Eric Schirra (ecsos)
committed
(revision 21)
Eric Schirra (ecsos)
committed
(revision 20)
- Download new source, because the first source has some old files. Example functions/upgrade_queries.php
Displaying revisions 1 - 20 of 39