Dear all, I am happy to announce new version of phpipam IP address management – version 1.1. This release fixed some bugs, provided some new features, but most importantly it was focused on:
- Security fixes (SQL injection, XSS scripting, crypting DB passwords, brute-force attack prevention, …)
- Performace improvements (Caching, reusing SQL connection),..
- mod_rewrite no longer required, selectable URL structure under settings
Some screens:
If you find phpIPAM useful for your company donations would be highly appreciated 🙂
You can demo it here: http://demo.phpipam.net/
You can download it on sourceforge site: phpipam-1.1.
Special thanks to all the people submitting bug reports, translators and feature testers!
Full changelog for this release is:
Enhancements: ---------------------------- + Caching of SQL results to avoid multiple queries; + Reduced number of DB queries; + Added selected mail notifications to admins to be notified on IP/subnet change; + Added new subnetId index to ipaddresses table that significantly improves network loading; + Now using only 1 network connection towards MySQL server; + Updated pagination; + mod_rewrite no longer required, selectable URL structure under settings; + Added option not to display free ranges; + Added option to set maximum VLAN number; + Selectable custom fields to be visible/hidden in tables view and updated device/VLAN view; + Added additional confirmation before section, subnet, folder and IP address deletion; + New script added for cron checks that discovers new hosts for selected networks; + Added inactivity timeout to settings; + Changed install procedure and updated install scripts; + Added PEAR check for installation; + Added free range disaply for VLANs; + Addes SSL/TLS option for SMTP mail; + API: + Bugfixes; + Added API admin permissions; + read/delete actions for IP addresses; + read/delete actions for Vlans; + read/delete actions for VRFs; Security Fixes: ---------------------------- + Fixed known command injection vulnerabilities in the scan functions; + Fixed known SQL injection vulnerabilities; + Fixed known XSS vulnerabilities; + Fixed known action XSS events; + Moved to crypt method for storing password in database with salting; + Added option to force user to change pass after first login; + Admin password must be changed after installation; + Added captcha code request after 5x unsuccesfull login to prevent brute-force attacks; Translations: ---------------------------- + Added es_ES translation; Bugfixes: ---------------------------- + Fixed top 10 widgets not escaping strings; + Fixed section parent can be set to self that caused section to disapear; + Fixed username instead of password being sent to smtp server; + Fixed IE search bug with workaround; + Fixed subnet and bcast not showing on strict mode disabled; + Fixed top subnets missing on dashboard for non-admin users; + Fixed bug when installation was silently failing bacause pf missing _() function (missing gettext extension) + Fixed device custom field not populated on adding device; + Fixed XLS export silently failed when description longer than 31 characters; + Fixed overlapping check not working; + Fixed subnet free space calcultation; + Fixed visual subnet display not showing on /31 and /32 networks; + Fixed custom fields display on folder edit; + Fixed unable to edit IP addresses when fields are sorted; + Fixde ordering of custom fields defaults to varchar 256; + Fixed IPv6 subnet / broadcast calculation bug and next subnet suggestion;