Snipe-IT v5.1.0 Released

Hello friends! Lots and lots of small fixes for you in this release. We’re jazzed to announce that we’ve made some big improvements on the dark mode skins, improved the UX and UI of the login and forgotten password screens, added the long-awaited feature to change an asset’s status on checkout (deployable status labels only), and fixed the double-encoding on our dropdown lists when there were special characters involved – plus a ton more, detailed below.

You’ll notice it’s a minor release instead of a point release, and that’s because there was a PHP version requirement change. Snipe-IT now requires PHP 7.2.5 or better. We are not yet compatible with PHP 8 due to some dependency issues which will require us to set the minimum PHP version requirement to 7.3+ in an upcoming release, so probably best to shoot for PHP 7.3-7.4 if you have the option to choose.

Fixed

• Upgraded to Laravel 6.20.16 to address Laravel security issue (1e062d4) – see CVE-2020-24941 and CVE-2020-24940
• Fixed a javascript error in IE (!!) (#8973)
• Suppress OAuth token errors that can flood the logs (bbcd215)
• Fixed non-superadmin gate permissions for kits (#9029)
• Fixed incorrect brute-force-prevention threshold that would lock users out after 1-2 failed tries instead of configured number (#9048)
• Fixed apk add usage in Dockerfile.alpine (#9032)
• Fixed 12/24 hours ambiguity fix. This fix prevents loss of time accuracy in last_audit_date for assets (#8887)
• Fixed bug where uploading a file to a user would return a JSON response instead of a redirect (#9055)
• Fixed issue where users with edit permission cannot invoke LDAP sync (#9058)
• Fixed issue where the user importer would successfully import but throw an error that “Company id is not valid”. (#9078)
• Fixed double-escaping on dropdown selectlist methods (#9079)
• Fixed asset Tag not correctly incremented #8876

Added / Improved

• Improved login and forgotten password UI and UX
• Added #9082 – allow deployable status type on checkout
• Added new generic datepicker partial blade which may be useful for additional date fields down the line (c00a1fa)
• Added expected_checkout as editable field in asset edit form (d36d6b8)
• Improvements to checkbox custom field display
• Improvements in contrast and consistency for dark mode skins
• Added Audit date range filter to custom report (#8989)
• Added today as default Date for checkout form. (This was the default behavior anyway, but the fix exposes that on the front-end) (#8938)
• Added #8931: add healthcheck controller without session (#8978)
• Migration: added migration for ldap_server URL’s to ensure they at least start with ldap:// or ldaps:// (#8936)
• Migration: optimized target type + ID index for more realistic use cases (#8923)
• Added .htaccess check for Apache1 vs Apache2(#9001)
• Added termination_date, depreciation in license listings (#9052)
• Added support for radio buttons in Custom Fields. (#9053)
• Added depreciation detail view (#9059)
• Added log warning when a user is initiating a purge (ef66831), (b6c432a)
• Added support for Google Cloud IAP (#8768)
• Updated our contributors list! (Sorry for the delay on that.)

For a full list of changes, see the complete changelog.

Upgrading

⚠️ BREAKING CHANGE: This release requires PHP 7.2.5 or greater. ⚠️

Previous versions required PHP 7.2.0 or later, but a security upgrade to the Laravel framework forces the minimum requirement to PHP 7.2.5 in this release.

For general upgrading instructions, click here. Users who installed Snipe-IT via Git (recommended) can just run php upgrade.php.

After completing the upgrade process, be sure to clear your browser cookies.

Upgrading from v3

Please see the upgrade instructions here.