Just a few days ago, a patch for CVE-2024-52301 was to Laravel’s core, Laravel being the PHP framework we use here at Grokability for Snipe-IT. The patch for this security flaw was released in v7.1.14 earlier today. While hosted customers were NOT affected (we do not have register_argc_argv enabled on any of our servers), self-hosted community users and support-only customers are...
The long-awaited Snipe-IT v7 launch looms nearer, so we wanted to loop you in on where we’re at. We had planned on launching v7 in early November, to coincide with Snipe-IT’s ten-year anniversary (!!) but between holidays schedules and the framework upgrade (with dependencies), it’s been taking a little longer than we had hoped. Dependency management means testing each library...
The internet is alight this week with news of a widespread vulnerability in the Linux “policy kit” framework, specifically a root compromise via the pkexec program, designated CVE-2021-4034. Most of our systems do not fall under this advisory, and the ones that do have been fully patched. Of note, our Snipe-IT hosting systems were completely unaffected by this advisory.As always, we...
Having received multiple inquiries from customers about how (or whether) we are impacted by the recently announced log4j “log4shell” vulnerability, we felt it prudent to update all of our customers (and open source users) en-masse. The short answer, and good news for all of us, is that we are not impacted at all, as we don’t use log4j, or any Java, in any of our systems. This includes both...
Grokability CTO Brady Wetherington gave his first conference talk (ever!) at LonghornPHP 2021 in Austin, TX in October about how the systems-sausage is made here at Grokability, and how to bootstrap a million-dollar open source SaaS business for just one dollar a customer per month. This talk gets into some of the the weeds of how our hosted platform works, some mistakes we made, some challenges...