As you likely know, we have two public demos of Snipe-IT, the version that’s on the master branch, and the version that’s on develop. We’ve had these public demos for years, so we’ve learned a thing or two about how people behave on public demos. 99% of the time, folks use the demos for their intended purpose, but that 1% can make things really annoying. We’ve seen...
The internet is alight this week with news of a widespread vulnerability in the Linux “policy kit” framework, specifically a root compromise via the pkexec program, designated CVE-2021-4034. Most of our systems do not fall under this advisory, and the ones that do have been fully patched. Of note, our Snipe-IT hosting systems were completely unaffected by this advisory.As always, we...
Having received multiple inquiries from customers about how (or whether) we are impacted by the recently announced log4j “log4shell” vulnerability, we felt it prudent to update all of our customers (and open source users) en-masse. The short answer, and good news for all of us, is that we are not impacted at all, as we don’t use log4j, or any Java, in any of our systems. This includes both...