If you’re watching the Snipe-IT repo closely (which it’s totally fine if you aren’t – go be a normal person! Do normal people stuff!), you will have noticed some changes recently. Lots of older issues being closed, lots of them being resurfaced, lots of new categorizing of things, etc. We’ve decided to try something new for us. It’s going to get weird, a little...
v7.1.4 Released – Fixes CVE-2024-52301
Just a few days ago, a patch for CVE-2024-52301 was to Laravel’s core, Laravel being the PHP framework we use here at Grokability for Snipe-IT. The patch for this security flaw was released in v7.1.14 earlier today. While hosted customers were NOT affected (we do not have register_argc_argv enabled on any of our servers), self-hosted community users and support-only customers are...
Snipe-IT v7 Roadmap
The long-awaited Snipe-IT v7 launch looms nearer, so we wanted to loop you in on where we’re at. We had planned on launching v7 in early November, to coincide with Snipe-IT’s ten-year anniversary (!!) but between holidays schedules and the framework upgrade (with dependencies), it’s been taking a little longer than we had hoped. Dependency management means testing each library...
Quick Update on polkit/pwnkit
The internet is alight this week with news of a widespread vulnerability in the Linux “policy kit” framework, specifically a root compromise via the pkexec program, designated CVE-2021-4034. Most of our systems do not fall under this advisory, and the ones that do have been fully patched. Of note, our Snipe-IT hosting systems were completely unaffected by this advisory.As always, we...
Quick update on Log4j
Having received multiple inquiries from customers about how (or whether) we are impacted by the recently announced log4j “log4shell” vulnerability, we felt it prudent to update all of our customers (and open source users) en-masse. The short answer, and good news for all of us, is that we are not impacted at all, as we don’t use log4j, or any Java, in any of our systems. This includes both...