• Files Changed
• Browse Source

- UPdate to 1.6.0
  Enhancements, changes:
  ----------------------------
  + php8.3 compatibility;
  + MySQL 5.5.3+ is now required (support for utf8mb4);
  + Reverse-proxy users should review the new config.php $trust_x_forwarded_headers setting;
  Security Fixes:
  ----------------------------
  + SQL injection in custom field enum/set types;
  + Directory traversal possible in RIPE query;
  + XSS (reflected) in 'bw-calulator-result.php';
  + XSS (reflected) by invalid email address response;
  + XSS (reflected) by /app/tools/subnet-masks/popup.php (#3738);
  + XSS (stored) in user widget settings;
  + XSS and LDAP injection in ad-search-result.php;
  + XSS and LDAP injection in ad-search-group-result.php;
  + Restrict find_full_subnets.php to CLI;
  + Ensure confidentiality of database password;

• Files Changed
• Browse Source

rollback to 1.5.2

• Files Changed
• Browse Source

- Update to 1.5.2+master because of php8.

• Files Changed
• Browse Source

- Update to 1.5.2
  Bugfixes:
  ----------------------------
  Fixed MySQL server has gone away error (#3759);
  Security Fixes:
  ----------------------------
  + SQL injection in custom field enum/set types;
  + Directory traversal possible in RIPE query;
  + XSS (reflected) by /app/tools/subnet-masks/popup.php (#3738);
  + XSS (stored) in user widget settings;
  + XSS and LDAP injection in ad-search-group-result.php;

• Files Changed
• Browse Source

- Also remove subpackage apache when uninstalling the main package.

• Files Changed
• Browse Source

- Update to 1.5.1
  Security Fixes:
  ----------------------------
  + XSS (reflected) in 'bw-calulator-result.php';
  + XSS (reflected) by invalid email address response;
  + XSS and LDAP injection in ad-search-result.php;
  + Restrict find_full_subnets.php to CLI;
  + Ensure confidentiality of database password;

• Files Changed
• Browse Source

- Update to 1.5.0
  
  New features:
  ------------
  + Mark subnet as isPool to allocate network and broadcast addresses;
  + Optionally hide section subnet menus;
  + L2 Domains user permissions;
  + Add scanPingType==none option to disable scanning;
  + Custom fields on IP request forms (#2956);
  + Added subnet free space map for each possible subnet mask;
  + Added Vaults (Certificate andf password storing);
  + Added Tools->Duplicate subnets & IP page;
  + Added config.php offline_mode to disable server-side Internet lookups (#3462);
  + Added MAC vendor lookup widget;
  Enhancements, changes:
  ----------------------------
  + php7.4 compatibility;
  + SameSite attribute enabled for site cookies;
  + SAML2
    + php-saml updated to 3.4.1 (#3055);
    + Removal of php-mcrypt dependancy;
    + Drop support for idpcertfingerprint;
    + MAP_SAML_USER and SAML_USERNAME config.php configuration moved to db;
    + php-saml protocol debugging;
    + Support for signed assertions;
    + SAML usernames can be extracted from assertion attributes (#2948);
    + JIT auto-provisioning of accounts (#3389);
  + Selectable mask for number of subnets/hosts in subnet masks;
  + Switch from Google Maps to OpenStreeMap and Nominatim;
  Bugfixes:

• Files Changed
• Browse Source

- Update to 1.4.7
  Bugfixes:
    ----------------------------
    + Fix for SAML/2FA/login redirections (#3492, #3435, #3517)
    Security Fixes:
    ----------------------------
    + XXS (reflected) in ripe-arin-query;
    + XSS (reflected) in import previews;

• Files Changed
• Browse Source

- Update to 1.4.6
  Bugfixes:
  ----------------------------
  + Require unique subnets not working as intended (#3529);
  Security Fixes:
  ----------------------------
  + Incorrect privilege assignments (#3506);

• Files Changed
• Browse Source

- Update to 1.4.5
  Bugfixes:
  ----------------------------
  + Fix for SAML/2FA login redirection after timeout (#3492);
  + php_sessions table doesn't exist error when upgrading (#3417);
  + RFC 6265 compliant cookies (#3452);
  Security Fixes:
  ----------------------------
  + SQL injection in edit-bgp-mapping-search.php;
  + Stored XSS in the Site title parameter;
  + XSS while uploading CVS files;
  + XSS (reflected) in 'find subnets';
  Bugfixes:
  ----------------------------
  + Allow UTF-8 in instruction widgets (#3360);
  + Exclude IPv6 from Ping and Discovery scans (#3354);
  Security Fixes:
  ----------------------------
  + XSS (reflected) in IP calculator (#3351);
  + XSS in pass-change/result.php (#3373);

• Files Changed
• Browse Source

- Update to 1.4.4

• Files Changed
• Browse Source

- Run spec-cleaner.

• Files Changed
• Browse Source

- Update to 1.4.3
  
  Bugfixes:
  ----------------------------
  + FPing discovery marks all addresses as alive (#2888);
  + SNMP, number of discovered hosts exceed maximum warning (#3279);
  
  Security Fixes:
  ----------------------------
  + PHP session ID fixation (#3342);

• Files Changed
• Browse Source

- Fix tumbleweed build error: broken symbolic link to cs_CZ.UTF8 
  (Too many levels of symbolic links).

• Files Changed
• Browse Source

• Files Changed
• Browse Source

- Update to 4.1.2

• Files Changed
• Browse Source

- Put apache configuration files in separate subpackage.
- Put language files in separate subpackage.
- Put apache macros in apache phpipam.conf file.

• Files Changed
• Browse Source

• Files Changed
• Browse Source

- Download new source, because the first source has some old files.
  Example functions/upgrade_queries.php

• Files Changed
• Browse Source