inventree/inventree-website
2
0
Fork 0
mirror of https://github.com/inventree/inventree-website.git synced 2026-04-04 18:30:55 +00:00
Code Activity

deploy: bc41cb8a42

Browse Source
This commit is contained in:
matmair
2026-03-26 07:11:16 +00:00
parent 5da57d81eb
commit 4af8df52bc
40 changed files with 565 additions and 133 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
blog/feed.atom
View File

@@ -1,4 +1,24 @@
<?xml version="1.0" encoding="utf-8"?><feed xmlns="http://www.w3.org/2005/Atom" ><generator uri="https://jekyllrb.com/" version="4.4.1">Jekyll</generator><link href="/blog/feed.atom" rel="self" type="application/atom+xml" /><link href="/" rel="alternate" type="text/html" /><updated>2026-03-26T07:04:35+00:00</updated><id>/blog/feed.atom</id><title type="html">InvenTree</title><subtitle>InvenTree is an open-source inventory management system which provides intuitive parts management and stock control. It is at the center of an ecosystem of addins for EDA tools, API wrapper, deeply integrated plugins and 3rd party tools.</subtitle><entry><title type="html">1.2.0 Release</title><link href="/blog/2026/02/12/1.2.0" rel="alternate" type="text/html" title="1.2.0 Release" /><published>2026-02-12T00:00:00+00:00</published><updated>2026-02-12T00:00:00+00:00</updated><id>/blog/2026/02/12/1.2.0</id><content type="html" xml:base="/blog/2026/02/12/1.2.0"><![CDATA[<p>The InvenTree team is excited to announce the release of version 1.2.0. Attention: This release has no support for PostgreSQL 13 - our docs contain information regading <a href="https://docs.inventree.org/en/latest/start/migrate/#migrating-between-incompatible-database-versions">PostgreSQL updates</a>. At least PostgreSQL 14 is required, we recommend PostgreSQL 18.</p>
<?xml version="1.0" encoding="utf-8"?><feed xmlns="http://www.w3.org/2005/Atom" ><generator uri="https://jekyllrb.com/" version="4.4.1">Jekyll</generator><link href="/blog/feed.atom" rel="self" type="application/atom+xml" /><link href="/" rel="alternate" type="text/html" /><updated>2026-03-26T07:11:04+00:00</updated><id>/blog/feed.atom</id><title type="html">InvenTree</title><subtitle>InvenTree is an open-source inventory management system which provides intuitive parts management and stock control. It is at the center of an ecosystem of addins for EDA tools, API wrapper, deeply integrated plugins and 3rd party tools.</subtitle><entry><title type="html">Action required - Upcoming Security Release</title><link href="/blog/2026/03/25/security-release" rel="alternate" type="text/html" title="Action required - Upcoming Security Release" /><published>2026-03-25T00:00:00+00:00</published><updated>2026-03-25T00:00:00+00:00</updated><id>/blog/2026/03/25/security-release</id><content type="html" xml:base="/blog/2026/03/25/security-release"><![CDATA[<p>The InvenTree core development team has received a report of a <em>critical security vulnerability</em> affecting a large range of releases since 2024. We will release a disclosure and a fixed release for the 1.2.x release series on 2026-04-08 21:00 UTC.<br />
The vulnerability allows for lateral movement and privilege escalation within an InvenTree instance. It has a low attack complexity.</p>
<h2 id="steps-to-take-now">Steps to take now</h2>
<p>We are not aware of active exploitation of this vulnerability, but we recommend that users take the following steps to mitigate risks:</p>
<ul>
<li>Do <em>not</em> expose your InvenTree instance to the public internet without hardening steps as laid out in the <a href="https://docs.inventree.org/en/stable/concepts/threat_model/">threat model</a></li>
<li>Ensure <em>registration is disabled</em> till the release</li>
<li>Ensure you <em>trust all users registered</em> on your instance, especially those with staff or higher permissions</li>
</ul>
<p>The vulnerability has a low complexity and can be expected to be exploited once released. It is important to prepare to update or take your system off the public internet.</p>
<h2 id="security-policy">Security Policy</h2>
<p>As always with security related themes we remind all users, security researchers, and intrested parties of our <a href="https://inventree.readthedocs.io/en/stable/security/">security policy</a>.</p>
<p>If you have discovered a security vulnerability, please report it to us via the channels described in the policy. We take all reports seriously and will work to address any vulnerabilities in a timely manner.</p>
<p>We would like to thank the security researcher who reported this and several other vulnerabilities in a responsible manner, and we encourage others to do the same in the future. The reporter will be credited in the disclosure and CVE entry.</p>]]></content><author><name>matmair</name></author><summary type="html"><![CDATA[The InvenTree core development team has received a report of a critical security vulnerability affecting a large range of releases since 2024. We will release a disclosure and a fixed release for the 1.2.x release series on 2026-04-08 21:00 UTC. The vulnerability allows for lateral movement and privilege escalation within an InvenTree instance. It has a low attack complexity.]]></summary></entry><entry><title type="html">1.2.0 Release</title><link href="/blog/2026/02/12/1.2.0" rel="alternate" type="text/html" title="1.2.0 Release" /><published>2026-02-12T00:00:00+00:00</published><updated>2026-02-12T00:00:00+00:00</updated><id>/blog/2026/02/12/1.2.0</id><content type="html" xml:base="/blog/2026/02/12/1.2.0"><![CDATA[<p>The InvenTree team is excited to announce the release of version 1.2.0. Attention: This release has no support for PostgreSQL 13 - our docs contain information regading <a href="https://docs.inventree.org/en/latest/start/migrate/#migrating-between-incompatible-database-versions">PostgreSQL updates</a>. At least PostgreSQL 14 is required, we recommend PostgreSQL 18.</p>
<p>This release includes numerous new features, improvements, and bug fixes.</p>
@@ -849,8 +869,4 @@ Refer to the <a href="https://github.com/inventree/InvenTree/pull/8401">pull req
<ul>
<li><a href="/fund#github-sponsors">GitHub</a></li>
</ul>]]></content><author><name>SchrodingersGat</name></author><summary type="html"><![CDATA[The InvenTree team is proud to announce the release of InvenTree version 0.17.0! This is the most significant release of InvenTree to date, with a huge number of new features, bug fixes, and improvements. We have closed out over 400 pull requests against this release milestone, and received contributions from multiple developers including seven new contributors.]]></summary></entry><entry><title type="html">0.16.9 Release</title><link href="/blog/2024/11/30/0.16.9" rel="alternate" type="text/html" title="0.16.9 Release" /><published>2024-11-30T00:00:00+00:00</published><updated>2024-11-30T00:00:00+00:00</updated><id>/blog/2024/11/30/0.16.9</id><content type="html" xml:base="/blog/2024/11/30/0.16.9"><![CDATA[<p>We have just released version 0.16.9 which includes a number of patches and bug fixes.</p>
<h3 id="release-notes">Release Notes</h3>
<p>View the <a href="https://github.com/inventree/InvenTree/releases/tag/0.16.9">release notes</a> for more information.</p>]]></content><author><name>SchrodingersGat</name></author><summary type="html"><![CDATA[We have just released version 0.16.9 which includes a number of patches and bug fixes.]]></summary></entry></feed>
</ul>]]></content><author><name>SchrodingersGat</name></author><summary type="html"><![CDATA[The InvenTree team is proud to announce the release of InvenTree version 0.17.0! This is the most significant release of InvenTree to date, with a huge number of new features, bug fixes, and improvements. We have closed out over 400 pull requests against this release milestone, and received contributions from multiple developers including seven new contributors.]]></summary></entry></feed>