Dear all, I am happy to announce new version of phpipam IP address management – version 1.1. This release fixed some bugs, provided some new features, but most importantly it was focused on:

  • Security fixes (SQL injection, XSS scripting, crypting DB passwords, brute-force attack prevention, …)
  • Performace improvements (Caching, reusing SQL connection),..
  • mod_rewrite no longer required, selectable URL structure under settings

Some screens:

If you find phpIPAM useful for your company donations would be highly appreciated 🙂

You can demo it here: http://demo.phpipam.net/
You can download it on sourceforge site: phpipam-1.1.

Special thanks to all the people submitting bug reports, translators and feature testers!


Full changelog for this release is:

Enhancements:
----------------------------
+ Caching of SQL results to avoid multiple queries;
+ Reduced number of DB queries;
+ Added selected mail notifications to admins to be notified on IP/subnet change;
+ Added new subnetId index to ipaddresses table that significantly improves network loading;
+ Now using only 1 network connection towards MySQL server;
+ Updated pagination;
+ mod_rewrite no longer required, selectable URL structure under settings;
+ Added option not to display free ranges;
+ Added option to set maximum VLAN number;
+ Selectable custom fields to be visible/hidden in tables view and updated device/VLAN view;
+ Added additional confirmation before section, subnet, folder and IP address deletion;
+ New script added for cron checks that discovers new hosts for selected networks;
+ Added inactivity timeout to settings;
+ Changed install procedure and updated install scripts;
+ Added PEAR check for installation;
+ Added free range disaply for VLANs;
+ Addes SSL/TLS option for SMTP mail;
+ API:
+ Bugfixes;
+ Added API admin permissions;
+ read/delete actions for IP addresses;
+ read/delete actions for Vlans;
+ read/delete actions for VRFs;

Security Fixes:
----------------------------
+ Fixed known command injection vulnerabilities in the scan functions;
+ Fixed known SQL injection vulnerabilities;
+ Fixed known XSS vulnerabilities;
+ Fixed known action XSS events;
+ Moved to crypt method for storing password in database with salting;
+ Added option to force user to change pass after first login;
+ Admin password must be changed after installation;
+ Added captcha code request after 5x unsuccesfull login to prevent brute-force attacks;

Translations:
----------------------------
+ Added es_ES translation;

Bugfixes:
----------------------------
+ Fixed top 10 widgets not escaping strings;
+ Fixed section parent can be set to self that caused section to disapear;
+ Fixed username instead of password being sent to smtp server;
+ Fixed IE search bug with workaround;
+ Fixed subnet and bcast not showing on strict mode disabled;
+ Fixed top subnets missing on dashboard for non-admin users;
+ Fixed bug when installation was silently failing bacause pf missing _() function (missing gettext extension)
+ Fixed device custom field not populated on adding device;
+ Fixed XLS export silently failed when description longer than 31 characters;
+ Fixed overlapping check not working;
+ Fixed subnet free space calcultation;
+ Fixed visual subnet display not showing on /31 and /32 networks;
+ Fixed custom fields display on folder edit;
+ Fixed unable to edit IP addresses when fields are sorted;
+ Fixde ordering of custom fields defaults to varchar 256;
+ Fixed IPv6 subnet / broadcast calculation bug and next subnet suggestion;