Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
63 changes: 63 additions & 0 deletions content/en/blog/glpi-11-0-8.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,63 @@
---
title: "GLPI 11.0.8 and 10.0.26: Updated Docker Images and Helm Chart"
description: "We published Docker images and Helm Chart for GLPI 11.0.8 and 10.0.26. Version 11.0.8 fixes 16 vulnerabilities, including 2 critical."
summary: "EF-TECH releases Docker images and Helm Chart for GLPI 11.0.8 and 10.0.26. Version 11.0.8 is a security release with 16 fixed vulnerabilities."
date: 2026-06-24
draft: false
tags: ["glpi", "docker", "kubernetes", "helm", "security"]
categories: ["infrastructure"]
---

GLPI 11.0.8 was released today as a **security release** — upgrading is recommended for all environments. This version fixes **16 vulnerabilities**, including **2 critical** and **8 high severity**.

## Security highlights

### Critical Vulnerabilities
- **CVE-2026-48482** — RCE via Form import
- **CVE-2026-52848** — MFA bypass

### High Vulnerabilities
- **CVE-2026-47678** — SQL injection in dropdowns
- **CVE-2026-47679** — Arbitrary file deletion
- **CVE-2026-49470** — Account takeover via 2FA brute force
- **CVE-2026-53625** — Privilege escalation via authtype API
- **CVE-2026-53610** — Reflected XSS in dashboards
- **CVE-2026-53626** — Arbitrary document read
- **CVE-2026-53629** — SQL injection in history tab
- **CVE-2026-55214** — Stored XSS in suppliers

### Medium Vulnerabilities
Unauthorized debug mode activation, LDAP filter injection, unallowed authentication method update, unexpected API update access, unallowed knowledge base comment modification, and unallowed notification sending.

## Docker Images and Helm Chart

We published Docker images and Helm Chart for both GLPI versions:

| Component | Version |
|---|---|
| GLPI (app) | 11.0.8 |
| GLPI (app) | 10.0.26 |
| Helm Chart | glpi-11.0.8 |

### Links
- [GLPI 11.0.8 Release](https://github.com/glpi-project/glpi/releases/tag/11.0.8)
- [Docker Images and Helm Chart](https://github.com/eftechcombr/glpi/releases)
- [EF-TECH GLPI Repository](https://github.com/eftechcombr/glpi)

### Upgrade via Helm

```bash
helm repo add eftech https://eftechcombr.github.io/glpi/charts
helm repo update
helm upgrade --install glpi eftech/glpi --namespace glpi --version 11.0.8
```

### Upgrade via Docker

```bash
docker pull ghcr.io/eftechcombr/glpi:11.0.8
```

This upgrade is especially critical if you use Form import functionality (RCE) or multi-factor authentication (bypass). We recommend upgrading as soon as possible.

At **EF-TECH**, we offer specialized support for GLPI deployment and maintenance in containers. [Contact us](/en/contato/) to learn more.
63 changes: 63 additions & 0 deletions content/pt-br/blog/glpi-11-0-8.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,63 @@
---
title: "GLPI 11.0.8 e 10.0.26: imagens Docker e Helm Chart atualizados"
description: "Publicamos as imagens Docker e Helm Chart do GLPI 11.0.8 e 10.0.26. A versão 11.0.8 corrige 16 vulnerabilidades, incluindo 2 críticas."
summary: "A EF-TECH disponibiliza as imagens Docker e Helm Chart para GLPI 11.0.8 e 10.0.26. A versão 11.0.8 é um security release com correção de 16 vulnerabilidades."
date: 2026-06-24
draft: false
tags: ["glpi", "docker", "kubernetes", "helm", "seguranca"]
categories: ["infraestrutura"]
---

O GLPI 11.0.8 foi lançado hoje como um **security release** — a atualização é recomendada para todos os ambientes. Esta versão corrige **16 vulnerabilidades**, sendo **2 críticas** e **8 de alta severidade**.

## Destaques de segurança

### Vulnerabilidades Críticas
- **CVE-2026-48482** — RCE via importação de formulários
- **CVE-2026-52848** — Bypass de MFA (autenticação multifator)

### Vulnerabilidades Altas
- **CVE-2026-47678** — SQL injection em dropdowns
- **CVE-2026-47679** — Deleção arbitrária de arquivos
- **CVE-2026-49470** — Account takeover via brute force em 2FA
- **CVE-2026-53625** — Escalação de privilégio via API de authtype
- **CVE-2026-53610** — Reflected XSS em dashboards
- **CVE-2026-53626** — Leitura arbitrária de documentos
- **CVE-2026-53629** — SQL injection no histórico
- **CVE-2026-55214** — Stored XSS em fornecedores

### Vulnerabilidades Médias
- Debug mode não autorizado, injeção em filtro LDAP, atualização não autorizada de método de autenticação, acesso inesperado a operações de update via API, modificação não autorizada de comentários em knowledge base e envio não autorizado de notificações.

## Imagens Docker e Helm Chart

Disponibilizamos as imagens Docker e Helm Chart para as duas versões do GLPI:

| Componente | Versão |
|---|---|
| GLPI (app) | 11.0.8 |
| GLPI (app) | 10.0.26 |
| Helm Chart | glpi-11.0.8 |

### Links
- [Release GLPI 11.0.8](https://github.com/glpi-project/glpi/releases/tag/11.0.8)
- [Imagens Docker e Helm Chart](https://github.com/eftechcombr/glpi/releases)
- [Repositório oficial EF-TECH GLPI](https://github.com/eftechcombr/glpi)

### Atualização via Helm

```bash
helm repo add eftech https://eftechcombr.github.io/glpi/charts
helm repo update
helm upgrade --install glpi eftech/glpi --namespace glpi --version 11.0.8
```

### Atualização via Docker

```bash
docker pull ghcr.io/eftechcombr/glpi:11.0.8
```

A atualização é especialmente crítica para quem utiliza a funcionalidade de importação de formulários (RCE) ou autenticação multifator (bypass). Recomendamos o upgrade o quanto antes.

Na **EF-TECH**, oferecemos suporte especializado para implantação e manutenção de GLPI em contêineres. [Entre em contato](/pt-br/contato/) para saber mais.
Loading