Security alert: Mandatory GLPI 11 MFA plugin update
Let’s be honest: even with GLPI’s native 2FA, sometimes emailing a code is just the most convenient path for users. That’s why we released our MFA plugin for GLPI 11.
But as soon as it hit the wild, the community did exactly what they do best, they found the cracks. Thanks to your critical feedback and reports, we’ve identified and fixed a serious security vulnerability that allowed URL bypassing during the MFA process.
Because of this, updating is now mandatory.
Security only works if the door is actually locked; let’s make sure the door is actually bolted.
We also took the opportunity to kill two other headaches you reported:
- Token deadlock: No more getting blocked if you don’t use the code the second it hits your inbox.
- Multi-tab chaos: You can finally work across multiple tabs, even for those of us who live in twenty tabs at once.
A huge thank you to the GLPI community. Your eyes on the code are what keep this ecosystem sovereign and robust. You found the holes, and we plugged them.
Update your instances immediately to stay protected.
Leave a Reply