How to update GLPI to latest version (2020)

GLPI post image

Note

As for every update process, you have to backup some data before processing any upgrade:

  • backup your database;
  • backup your files directory;
  • backup your configuration.

I will provide you with the information to update GLPI to the latest version. In this exemple, I will be upgrading from GLPI version 9.5.1 to 9.5.2. I will be using the Linux distibution Redhat 7.8, but this method should work with all distros.

Redhat 7.8 distro

Here’s how to upgrade to GLPI 9.5.2.

First things first, you need to login into your GLPI Linux virtutal machine using SSH and make sure you have sudo privileges.

Go in your GLPI installation folder, but up one level, in this instance :

$ cd /var/www/

Create a backup of your files, in case things do not go as planned :

$ cp -r glpi/ glpi9.5.1/

Go in your GLPI installation folder, in this instance :

$ cd /var/www/glpi/

Download the latest GLPI version, you can get the link from the official GLPI website at https://glpi-project.org/downloads/:

$ wget https://github.com/glpi-project/glpi/releases/download/9.5.2/glpi-9.5.2.tgz

“Unzip” the archive in the current folder :

$ tar zxvf glpi-9.5.2.tgz

The new GLPI version in now located in /var/www/glpi/glpi/, we need to move the files and subfolders one level up :

$ yes | cp -rg glpi/* .
$ yes | rm -r glpi

Modify the owner of the files and give the correct permissions :

If you run Redhat/centos : 
$ chown -R apache:apache /var/www/glpi/

If you run Ununtu : 
$ chown -R www-data:www-data /var/www/glpi/

Using your web browser, you now need to access your GLPI website, once you get to your website, you should be automatically redirected to the update webpage, make sure all the requierements are met and proceed to the upgrade.

Once your done, if you were successful, you should land to a webpage like this one :

click on “use GLPI” at the bottom of the page.

You now need to delete install.php :

cd /var/www/glpi/install/
rm install.php

Congratulations, you successfully updated GLPI to the latest version.

Non exhaustive list of changes in GLPI 9.5.2 (changelog) :

  • [security] SQL injection with a query parameter of user form (CVE-2020-15176)
  • [security] Removal of .htaccess file in the files folder via a plugin endpoint (CVE-2020-15175)
  • [security] Leakage issue with knowledge base (CVE-2020-15217)
  • [security] Stored XSS in install script (CVE-2020-15177)
  • [security] Minor SQL Injection in Search API (CVE-2020-15226)
  • several mailgate issues
  • several dashboards issues
  • dashboards improvements: personnal filters, new summary and articles widgets, …

If things didn’t went as planned, here’s some commands that could help you do things manually.

Verify that you meet the requirements :

from /var/www/glpi/ type this command : 
php bin/console glpi:system:check_requirements
If something is not okay, you shoud fix it.

To switch from SELinux between enforcing or permissive mode :

$ setenforce 1
 (enforcing)
$ setenforce 0 (permissive)

To verify SELinux mode :

$ sestatus

Upgrade the database :

In your GLPI installation folder, go in the /var/www/glpi/ type : 
php bin/console db:update
or
./console db:update
If you have a timestamp or timezone problem, here’s how to fix it.

Log in to Mysql

mysql -u root -p

type this command (replace ‘glpi’ by your glpi database user) :

GRANT SELECT ON mysql.time_zone_name TO 'glpi'@'localhost'; 

Then from /www/var/glpi/ type this command :

php bin/console glpi:migration:timestamps