Die Open Source ITIL ITSM und CMDB Webanwendung iTop, erhielt das Update 3.2, sowie das Hotfix 3.2.0-2. Das Update behebt nicht nur Fehler, schließt Sicherheitslücken, sondern bringt auch einige Neuerungen und Verbesserungen.
iTOP 3.2 Highlights
- User – Newsroom wurde erweitert und ermöglicht News an gezielte User zu senden
- Back-office User können Notification selbst abbestellen
- der CKEditor wurde aktualisiert und sieht nun anders aus und bietet mehr nützliche Optionen
- neue Themes in hohem Kontrast und anpassend an Protanopia und Euteranopia
- Welcome Message mit gezielten User Informationen und Funktionen
- neue Suche für Enduser im User Portal zur Suche von Tickets und mehr
- neuer Zugang zum Datamodel, Verbesserungen der Notifications, neue Möglichkeiten im Newsroom, asynchrone Aktionen und mehr für Administratoren
- für Entwickler gibt es neue Events und auch entfernte, sowie neue APIs
Details zu den Highlights on iTOP 3.2 unter: https://www.itophub.io/wiki/page?id=3_2_0:release:whats_new
iTOP 3.2 Release Notes
For users
- N°6218 – 1:n & n:n – Read mode: Refresh of tab count on Add/Remove in pop-up
- N°6303 – Add a search brick on all Tickets of a User Portal
- N°6555 – Add class description in tooltip of Dashlet badge
- N°7157 – Allow users to unsubscribe from notification channels
- N°7379 – Add search criterion to Workorder and ’status‘ to Contact search
- N°7391 – Add color blind themes to iTop backoffice
- N°7392 – Add high contrast theme to iTop backoffice
- N°7484 – “solution” field of classes Incident and UserRequest is now an HTML field
- N°7644 – Add Brand logo and Model picture
- N°3767 – Impact analysis: Display filtering box on CIs list and groups
- N°4494 – Fix auto-locking on log save and transition, by waiting
- N°4511 – CKEditor : Fix links made on all the leading text in Firefox
- N°4631 – Fix a display issue when description field is fullscreen while using vertical tabs
- N°4894 – Improve AttributeDecimal validation during CSV import
- N°5136 – Relations: Fix “Select All objects” adding obsolete objects even if “show obsolete data” param. not activated
- N°5786 – Fix text color in public log and in AttributeHTML
- N°6152 – Fix criteria & object list loaded twice
- N°6438 – Fix expensive reloading of each displayed ticket when displaying a ticket list (no more highlight)
- N°6847 – Position of label in configuration of pdf export
- N°6861 – Display warning when creating/editing a mandatory blob in modal
- N°6903 – Fix crash when emptying file attribute (eg. picture of a contact)
- N°6993 – Fix bulk transition on object containing a null blob
- N°7023 – Fix check to write error when adding an item on a n:n relation (eg. contact) on a new object (eg. user request) on the end-users portal
- N°7047 – Fix unwanted Attachment on Unitary requests forms in Global Request management
- N°7122 – Portal: Hide log off button when user can’t actually log off (eg. SSO using SAML or other providers)
- N°7163 – Avoid having an empty list when “items per page” set to 0
- N°7232 – Run query : Clearer message when querying unknown class
- N°7255 – Fix misc. stylesheets not working in portal since N°7047
- N°7288 – Fix page crash due to unescaped characters in relations row actions
- N°7292 – Improve Clear function in ExtKeyWidget
- N°7302 – SetupUtils::HumanReadableSize : fix units returned
- N°7313 – Fix bad display of single quotes in charts
- N°7491 – Fix email-reply trigger not executed in some cases
- N°938 – Improve print of portal object page and portal dashboard page
- N°7397 – Update welcome popup content for iTop 3.2
For administrator
- N°3465 – Fix attachment file name hardcoded to “uploaded-file” when imported from CSV import
- N°5472 – Notification action : add a last executions tab
- N°5775 – Allow configuration of OAuth client on MS Azure with single tenant
- N°6619 – Attachment: changed contact_id from an ExternalField into an ExternalKey
- N°7194 – Add link to datamodel class schema on object details
- N°7425 – Add Warning when a user has no contact or no allow org
- N°7447 – Ease User Dashboard clean-up for iTop administrator
- N°2039 – Feed Newsroom from an Action
- N°7298 – Allow each Action to be asynchronous or not
- N°7533 – Warning at setup if installed on Galera clusters
- N°1112 – DataSynchro: Replica failing to synchronize says ‚Organization‘ instead of ‚undefined‘ ???
- N°2572 – Improve error message “Nowhere to go??” with root cause
- N°2732 – DataSynchro: cap memory peak value to 2Gb before storing it in priv_sync_log field
- N°3062 – Update SetupCssIntegrityChecklistTest to fail build if setup.css wasn’t recompiled
- N°3677 – Fix AttributeImage.default_image URLs not up to date after app_root_url change
- N°3715 – Export above 1000 entries ignore obsolete data from user preference
- N°4342 – Improve generic bulk deletion function with memory limit handling
- N°5194 – Enable webhook actions to be asynchronous in order to save response callback value
- N°5218 – Fix toolkit error on enum since 3.0.0
- N°6086 – CSV import: Treat first line as a header
- N°6361 – Change query examples order to highlight the one working on an empty iTop
- N°6618 – Fix crash due to router’s cache containing an integer instead of an array
- N°6659 – Ticket: attribut “team_name” now contains the name, “team_email” attribut added.
- N°6808 – Rank management (order) in iTop actions
- N°6826 – Fix error on file attribute of DocumentFile class in Designer (No SQL value)
- N°6852 – Missing configuration ‚forgot_password_from‘
- N°6874 – Fix encoding issue in out-going emails
- N°6887 – Fix excessive OQL requests to display user’s grant matrix
- N°6889 – MariaDB >= 10.6.1 since iTop 2.7.9 Backup mysqldump call : restore ability to connect on localhost using the socket protocol
- N°7017 – Fix with a lock the fatal error occuring when rebuilding expression-cache
- N°7021 – Fix error log and useless compilation time due to SCSS file unnecessary compilation
- N°7039 – Fix regression: placeholder :current_contact→id not working in OQL in iTop 3.1
- N°7052 – Fix PHP notices in synchro_import.php (3.0.1 regression) (thanks to Gilbert Breton !)
- N°7082 – Allow to force asynchronous send of emails
- N°7085 – Fix infinite loop in login page until fatal error occurs
- N°7130 – Allows to ignore existing column field in setup’s data migration method
- N°7212 – PHP 8.1: Migrate remaining usages of strlen() with null value
- N°7213 – PHP 8.1: Migrate remaining usages of md5() with null value
- N°7217 – Fix link creation between “Audit Domain” and “Audit category” with an “Audit Manager” profile
- N°7231 – PHP 8.1: Migrate deprecated usages of rawurlencode() with null value
- N°7244 – Fix ContextTag init in setup
- N°7245 – Better log error occuring in RunTimeEnvironment::CallInstallerHandlers
- N°7312 – Fix JS crash on Windows server when creating a custom version of ‚UserRequest Overview‘ Dashboard
- N°7336 – Fix warning from \DeprecatedCallsLog::NotifyDeprecatedPhpMethod with PHP 8.3
- N°7343 – Better error message when compiling a PHP invalid dict file during setup
- N°7416 – Setup: Add warning for optionnal PHP extension “APCu”
- N°7474 – Fix setup crash when the last profile of a user is removed from the datamodel
- N°7477 – Fix DataSynchro made without administrator profile to create SynchroLog
- N°7480 – Fix test-red and light-grey css related setup warning
- N°797 – DataSynchro deletion includes replica cleaning
For iTop designers
- N°2443 – Fix AttributBoolean doesn’t accept yes/no value
- N°2909 – Fix search on Enum, Date, TagSet,… with index
- N°3236 – Fix trackinfo in CMDBChange when using core/update with REST
- N°3363 – Add three favicons in branding
- N°4314 – Uniqueness rules can report duplicates that user cannot see due to Silo
- N°6228 – Prevent removing last user Profil: AttributLinkSet property “with_php_constraint” allows to propagate CheckToWrite() to target object.
- N°6695 – Allow multilines dict entries in portal tooltips
- N°6964 – Add API to allow modules to register files to include in the backup
- N°7067 – Add setting to change the default “password change” URL
- N°7136 – Portal: Add JS API to enable attachments IDs retrieval in an object form
- N°7242 – Allow to mention new user IDs in Slack messages
- N°7243 – Add non blocking feedback/notifications (toasts) API
- N°7294 – Events when adding or removing an attachment are sent on the object instead of on the attachment
- N°7310 – New event to conditionally remove transitions on an object
- N°7345 – Allow to use a DateTime php object on Set() call on an AttributeDateTime
- N°7410 – Introduce API for Welcome Popup in the backoffice
- N°5145 – Fix attachments missing in new ticket when clone from an old ticket with object copier
- N°5170 – Fix case where in a transition DoCheckToWrite returned error
- N°5547 – Fix object deletion failing when friendlyname was too long
- N°6543 – Fix display of AttributeText with width parameter
- N°6643 – Fix \CMDBSource::LogDeadLock generating a TypeError
- N°6647 – Fix JSON validation only accepting arrays as result + replace params done after validation
- N°6660 – Fix define_if_not_exists flag not working on class nodes
- N°6733 – Fix prompting of mandatory AttributeDateTime in transition forms
- N°6766 – Fix dependent fields not updated due to WizardHelper.UpdateFields() being triggered too early
- N°6767 – Fix error in ajax request when there’s dict to load and no onready scripts
- N°6960 – Fix “Unknown class XXX” when clicking on a class external key or n:n linkset
- N°7008 – Fix missing background tasks in CRON when autoloaded and not in “developer_mode”
- N°7042 – Fix check to write error when setting a ext. key programatically on the end-users portal
- N°7046 – Fix “CAS_ServiceBaseUrl_Static” not found
- N°7055 – Apply better default value for portal copy object link
- N°7068 – Add emulation for apc_exists function
- N°7079 – Fix event not fired when creating/updating a user with profiles
- N°7133 – Fix linkset displayed as property, failing when OQL filter contains single quote or new line
- N°7134 – Fix retrieving list of changes when editing URP_UserProfile
- N°7268 – Fix method SetComputedDate failling on Date only attribute
- N°7279 – Fix compilation issue with AttributeClass field defined in XML
- N°7344 – rest.php : better error message when cannot execute OQL query (key param for core/get verb)
- N°7399 – Remove deprecated Ticket methods from iTop Datamodel
- N°7417 – Improve logged message when a Root Menu is not a MenuGroup
- N°7693 – Update polish translations thanks to @DudekArtur
- N°7687 – Update german translations thanks to @Attila0428
- N°7686 – Update dutch translations thanks to @Hipska
- N°7652 – Update italian translations thanks to @DarkNight97boss
Technical changes
- N°4897 – Add method to improve deprecated PHP API logs (eg. for \iPageUIExtension)
- N°5298 – Upgrade CKEditor to version 5
- N°5580 – Audit JS libs and see if they are available on NPM
- N°5621 – Add not managed JS dependencies to NPM to get updates on vulnerabilities
- N°5808 – Update symfony version to next Symfony LTS 6.4
- N°5809 – Update PHP libraries versions
- N°5810 – Update JS librairies (iTop 3.2)
- N°6050 – Add compatibility with MariaDB 10.11
- N°6097 – Enable PHP unit tests on a custom DataModel
- N°6103 – Remove jQuery Hotkeys plugin
- N°6558 – Add test to check iTopDesignFormat::$aVersions consistency
- N°6599 – Update moment.js (known vulnerabilities with high CVSS scores)
- N°6632 – ItopDataTestCase : replace annotations by setting options in PHP
- N°6658 – Boost PHPUnit tests execution
- N°6752 – PHP unit tests: Migrate usages of unitestautoload.php to composer autoloader in the core
- N°6754 – PHP unit tests: Add local PHPUnit XML files to .gitignore
- N°6805 – Add reference to classes implementing \iWorkingTimeComputer in the datamodel (meta tag)
- N°6886 – Add OAuth tests folder to removable directories list
- N°6937 – Symfony 6.4 – Handle Symfony configuration files
- N°6967 – Deprecated \cmdbAbstractObject::DBDeleteTracked_Internal
- N°7044 – Move language attribute from ActionEmail to ActionNotification
- N°7054 – Rework the UpdateImpactedItems calls on Tickets
- N°7062 – Add unit test to ensure that setup SCSS is compiled correctly
- N°7170 – PHP 8.3: Fix usages of get_class() without argument
- N°7179 – Remove unused code in Action
- N°7246 – New dict tests on duplicate definitions in same file + translated keys with tildes
- N°7251 – Deprecate unused JS libs (iTop 3.2)
- N°7264 – Update unmaintained JS libs to their latest versions (iTop 3.2)
- N°7297 – Doing npm install removes web.config file and changes package name
- N°7314 – Add Symfony Response alternative to Webpage::output()
- N°7315 – Add new predictible API to add JS / CSS files to a \WebPage
- N°7328 – Deprecate js/jquery.autocomplete.js
- N°7331 – Add cleanup script for NPM dependencies
- N°7355 – Update JS libraries managed via NPM (iTop 3.2)
- N°7407 – Ease iTop installation via unattended CLI by using installation.xml choices
- N°7494 – Select languages that “highlightjs” supports
- N°7697 – Add method to rename DB table during setup
- N°7619 – Restore cascading in object deletion for legacy extensions
- N°7588 – Fix .env.local not working for the portal since Symfony 5.4 migration
- N°7146 – Fix style not applied in list in the end-users portal in iTop 3.0+
- N°7142 – Compiler issue – enum value modification : …DOMNode::removeChild() …
- N°7131 – Changing the Org of a Person having User with Allowed Orgs, breaks with Synchro LDAP
- N°7127 – Upgrade handlebars.js to v4.7.8
- N°7024 – Fix opening an object with abstract class indirect linked set in Portal
- N°6992 – Fix “add lnk” popup title: replaced class name by its label
- N°4342 – Improve generic bulk deletion function with memory limit handling
- N°7410 – Introduce a new welcome popup API
Security
- N°7423 – Align UserTokens to PersonalToken with allowed contexts
- N°7075 – Add check for Content Security Policies (CSP) in the setup
- N°7364 – Full path disclosure when graphviz is not installed
- N°4368 – iTop pages include security X-Content-Type-Options HTTP header
- N°6455 – Update JQuery UI from 1.12.1 to 1.13.2 (fixes vulnerabilities)
- N°6600 – Portal attachment download : whole SQL query displayed on non existing attachment id error
- N°6777 – Fix XSS vulnerability in dashboard title
- N°6948 – CVE-2023-46734: Potential XSS vulnerabilities in TWIG CodeExtension filters
- N°6458 – CVE-2023-45808 Can create objects in non allowed org by forging http query in both Console and Portal
- N°6560 – CVE-2023-43790 XSS in friendlyname in object details
- N°6606 – CVE-2023-44396 XSS vulnerabilities in dashlet ajax operations
- N°6800 – CVE-2023-47626 Fix stored XSS in authent token
- N°6951 – CVE-2023-48709 Fix CSV injection in Excel from an iTop CSV export file
- N°6989 – CVE-2023-48710 Limit pages/exec.php script to PHP files
- N°7124 – Fix Cross-Site Request Forgery (CSRF) in several iTop pages
- N°7374 – CVE-2024-31448 – Fix XSS vulnerability in link CSV import
- N°7448 – Forbid user enumeration through Rest API
- N°7455 – Fix SSRF through arbitrary PHP class instantiation
- N°7542 – Security hardening: only route if no operation is present.
- N°7603 – Fix XSS injection in run queries page
- N°7124 – Applied OWASP recommendations on Ajax calls against CSRF
Localization
- N°6641 – Update czech translations (thanks to @Stetinac !)
- N°6869 – Update chinese translations for ProfilesMenu thanks to @chileeb
- N°6954 – Update english translations thanks to @jkoch22
- N°7077 – iTop hungarian translations
- N°7143 – Fix inconsistencies in datamodels/2.x dictionaries
- N°7247 – Update italian translations thanks to @DarkNight97boss
- N°7428 – Fix spelling typo in FR dictionary on lnkxxxToFunctionalCI classes
iTop 3.2.0-2 Hotfix Release Notes
- N°7801 – Fix erratic behavior on organization filter
- N°7803 – Fix MTP from iTop Hub and Designer failing with warnings
Interessiert in verschiedenste IT Themen, schreibe ich in diesem Blog über Software, Hardware, Smart Home, Games und vieles mehr. Ich berichte z.B. über die Installation und Konfiguration von Software als auch von Problemen mit dieser. News sind ebenso spannend, sodass ich auch über Updates, Releases und Neuigkeiten aus der IT berichte. Letztendlich nutze ich Taste-of-IT als eigene Dokumentation und Anlaufstelle bei wiederkehrenden Themen. Ich hoffe ich kann dich ebenso informieren und bei Problemen eine schnelle Lösung anbieten. Wer meinen Aufwand unterstützen möchte, kann gerne eine Tasse oder Pod Kaffe per PayPal spenden – vielen Dank.