Hi again folks - just a small update to one of the notifications and a patch for user history that wasn't behaving the way it was supposed to.

What's Changed

• Fixed #17394 - Changes the acceptance letter salutation to target by @Godmartinz in #17436
• Fixed an issue where user history was showing more information than was relevant

Full Changelog: v8.2.0...v8.2.1

Happy Wednesday, everyone! This is a security release due to CVE-2025-54068 in Livewire announced last week. We were patched on the master branch hours after the CVE announcement came out, but this is the official tagged release for the patch.

Beyond that, we have some fixes for custom fields, lots of new tests to better support the team as we continue to work towards improving notifications to make them more flexible and nuanced.

Potentially Breaking Changes

User Permissions Change

It was already true that only superusers could assign new permission groups and promote other users to superadmin, but we've tighten a few more of these controls to disallow editing email address, username, password, and ability to login by users with lower privileges then the user they're trying to edit - meaning admins cannot edit superadmin usernames, email, etc - and regular users who have user editing permission cannot modify those settings for either admins or superadmins, though they can still edit those properties for other regular users. See #17423 for more info there.

User Welcome Emails

We've removed the ability to include credentials for newly created users via import or through the GUI, instead replacing it with the ability to send them a password reset "invitation". Sending passwords via email has been considered a bad idea for a while, so this method seems better. Note that if the newly created user doesn't have an email address in the import, we obviously cannot send them a password reset email, so those emails won't go out.

What's Changed

• Fixed #17310 - 500 on redirect when checking in a license seat by @Godmartinz in #17362
• Fixed #7957 - custom field textarea input not retaining when switching Asset Models with shared custom fields by @Godmartinz in #17361
• Fixed [FD-49538] - use a <video> tag for video files for non-Safari usage by @uberbrady in #17374
• Better indicate via submit button colors and messaging that something is about to be accepted or declined by @snipe in #17376
• Code formatting fixes: app/Models by @snipe in #17378
• Fixed #17383 - re-add /hardware/ as an object type in the file upload API by @snipe in #17385
• Fixed redirect option being NULL by @Godmartinz in #17390
• Fixed display of acceptance button if signature is not required by @snipe in #17407
• Remove password from welcome email, prompt for reset instead by @snipe in #17410
• [FD-47386, FD-49095] New Artisan command to clean checkout acceptances by @uberbrady in #17415
• Bumped livewire to v3.6.4 by @marcusmoore in #17424
• Bump codacy/codacy-analysis-cli-action from 4.4.5 to 4.4.7 by @dependabot[bot] in #17434
• Fixed #13844 - Adds Webhook and Mail Notifications for Components by @Godmartinz in #17391
• Use standard model transformer for asset model API response by @snipe in #17389
• Fixed #17194 - Return to bulk edit with errors and inputs by @Godmartinz in #17292
• Attempt to fix flaky file upload tests by @snipe in #17438
• Attempt to fix flaky file upload tests pt2 by @marcusmoore in #17439
• Fixed #17071 - Adding various tests of the contents of ActionLogs for lots of events by @uberbrady in #17300
• Fixed FD-49886 - Optimize user queries by @snipe in #17442
• Tighter permissions on non-admins and demo modes by @snipe in #17423
• Adds disabled cursor on uneditable fields in user create/edit by @snipe in #17443
• Fixed #17445 - move jobtitle under assigned_to in AssetTransformer by @marcusmoore in #17446
• Added #17133 - Copy ability to all Custom fields by @Godmartinz in #17447
• Fixed #17447 - decrypt before copying to clipboard by @snipe in #17450
• Fixed #17316 - handle checkboxes correctly in checkin/checkout by @snipe in #17453

Full Changelog: v8.1.18...v8.2.0

Happy Tuesday! This is a small patch release that contains a few bug fixes, and a few small long-awaited features, namely video/audio uploads, smaller EULA PDF files, and the ability for users to request an emailed version of their signed EULA after accepting the asset - in addition to some query optimizations that should speed things up for folks with a lot of companies when viewing their company listings.

What's Changed

• Add escaping to user_agent and remote_ip variables for API results by @uberbrady in #17330
• Fixed #17326 - sorting on dashboard by @snipe in #17333
• Use safer deserialization defaults by @uberbrady in #17336
• Fixed #17112 - set location ID to null instead of 0 by @snipe in #17337
• Fixed #1909 - small depreciation tweaks (re-added 0 months as a viable value) by @snipe in #17338
• [FD-49538] - added video/audio uploads by @snipe in #17346
• Fixed #17193 - perform Orderby before collection in Bulk Assets Controller by @Godmartinz in #17341
• Fixed #17349 - enable enable_font_subsetting in PDFs by @snipe in #17351
• Fixed #17302 - tighter control on company by @snipe in #17350
• Fixed #12094 - added focus to select2 in bulk checkout by @Godmartinz in #17291
• Fixed #15861 - added a redirect option for asset model and previous page by @Godmartinz in #17327
• Fixed #17273 - switch to HTML table from markdown by @snipe in #17352
• Fixed #14295 - allow user to receive an email PDF upon signing by @snipe in #17353
• [FD-49569] - show only assigned in license tab by @snipe in #17356

Full Changelog: v8.1.17...v8.1.18

Happy Monday, nerds! This release closes Sprint Weeks 25-26. We've a few folks out on vacation last week and this week, so our velocity might be slightly impacted, but we'll be going through the next sprint today to make sure it's reasonable.

We've been trying to stick to the defined Sprints, and also to start releasing consistently every other Monday. Obviously, that's going to be a best effort, and delays could be caused by high-impact bugs or regressions, so don't be too weirded out if you also see an out-of-band release.

In the upcoming months, we're going to be tackling some larger issues that will enable us to move faster: a big refactor to how the logging system works, reworking some of the permissions and notifications, upgrading the UI to use a more modern version of Bootstrap so that we have an easier time integrating some of the features folks have been asking for, etc. This might mean you see a slow-down in feature requests being addressed, but it will set us up for success down the line. These are the unglamorous bits that need to be done behind the scenes to be able to move forward faster.

A few highlights of this release:

• A Manager user view setting was introduced that allows managers to see the items checked out to their direct reports. This is optionally enabled under Admin Settings > General. We may rework this a little more to make that granular on individual users instead of a global setting, but we're waiting to hear feedback from our users to see if that's needed.

• We've standardized the common table features (such as print, advanced search, fullscreen, etc) so that all of the table views should now have mostly the same features to improve consistency.

• We fixed an issue where the SAML XML file would not correctly upload (the workaround was to copy+paste it into the textarea field, but you shouldn't have to do that anymore.)

• We fixed the permissions on EULAs so that users can now correctly download their own EULAs in their profile area.

• We added the ability to send an acceptance/declined email notification to the admin who checked the item out.

What's Changed

• Added Manager View to enable managers to see the items checked out to their direct reports by @lukaskraic in #17096
• Fixed #12653 - Added jobtitle to asset listing by @snipe in #17180
• Fixed #17215: Check for acceptance logo vs regular logo in print views by @snipe in #17216
• Fixed #16241 - Menu items not getting class="active" on click. by @akemidx in #17198
• Fixed #17192 - Wonky layout on bulk edit screens by @snipe in #17195
• Fixed #17212 - Hide certain columns from print view by @snipe in #17218
• Fixes #17213 - Search by admin (created_by) in activity report by @snipe in #17219
• Added advanced search to activity log by @snipe in #17220
• Fixes #17227 and #17228 - UI issues in manager view by @snipe in #17225
• Fixed #17232 - Removed duplicate expected_checkin field on asset edit/create by @snipe in #17233
• Fixed #17256 - Fixed permissions for non-super-admins to view their own EULAs by @snipe in #17269
• Fixed #17249 - Sort by location in asset maintenances by @snipe in #17270
• Company info - User print assets by @Robert-Azelis in #17258
• Fixed #17239 - Add withTrashed User Search On License Checkin by @spencerrlongg in #17241
• Fixed #17264: Added notes to bulk asset edit by @snipe in #17277
• Fixed #7246 - Added manager username/employee_num to importer by @snipe in #17280
• Fixed #17089 - SAML metadata now updating with new XML uploads by @Godmartinz in #17209
• Fixed #14077 - Disables checkout button after submitting by @Godmartinz in #17283
• Fixed #14869 - Changes the depreciation method selected for Assets index table by @Godmartinz in #17284
• Fixed #17065 - Allow sending acceptance alert to initiator. by @marcusmoore in #17116
• Fixed [FD-45786] - Limit changing of asset seat count to no more than 10k at a time by @uberbrady in #17287
• Fixed #15239 and #17259 - better handle external avatars by @snipe in #17297
• Fixed #17190 and [FD-49375]: Do FMCS testing 'async' to keep from blowing out the whole settings page by @uberbrady in #17296
• Fixed #17221 - Moved common table elements to partial by @snipe in #17222
• Added Generic tape by @realchrisolin in #16857
• Fixed #9413 and rework upload API for bulk and better responses (refactor of #16964) by @snipe in #17311

New Contributors

• @lukaskraic made their first contribution in #17096

Full Changelog: v8.1.16...v8.1.17

Happy Monday, everyone! This release fixes some bugs around maintenances and bulk editing custom fields, adds the ability create multiple maintenances at one time, and took some steps to speed some things up in some interfaces.

As we mentioned here on Github and on our blog, we're experimenting with a new way of handling issues, requests, etc here. We're trying to break as much as we can down into two-week sprints - you can see the past sprint we just closed here.

We'll also continue experimenting with the Roadmap view on Github in an ongoing effort to convey what we're currently working on, what longer-term features we're trying to find solutions for, and so on. (The roadmap view is a little cumbersome to manage on our end, but we'll keep trying.)

We didn't quite make all of the items in first sprint so they've been moved to the next one, but we'll get a better sense for that over time.

What's Changed

• Fixed #17076: Disable optional status ID form field if value is blank/Do Not Change by @snipe in #17078
• Fixed #17085: assigned_type not being nulled on asset delete+checkin by @snipe in #17087
• Bumped container image versions by @kovacs-andras in #16998
• Fixed #16240: Made additional strings translatable by @snipe in #17099
• Fixed #16157: Added advanced search to users by @snipe in #17101
• Fixed #16205: Add an index to deleted_at for those with many deleted action_logs by @uberbrady in #17100
• Fixed #17102: Added keywords to admin settings search for notifications by @snipe in #17103
• Fixed #16218: Added centos to the switch case by @snipe in #17107
• Adds a clear button to custom radio buttons in bulk edit by @Godmartinz in #17108
• Fixed #17067: Allow only sending cc email when acceptance required by @marcusmoore in #17115
• Fixed #16934 and #17068: update asset by ID in importer by @snipe in #17114
• Require assigned_x to be integer on asset model by @marcusmoore in #16948
• Adds a check for assigned target not being null when creating an asset by @Godmartinz in #16675
• Fixed #11807: Standardize date-picker by @snipe in #17120
• Added highlighting on table search by @snipe in #17122
• Added print button to tables by @snipe in #17124
• Fixed #17117: Use translation for “site default” by @snipe in #17125
• Fixes #17023: Added ability to bulk add maintenances by @snipe in #17126
• Fixed #17084: Adds Eula table to User account area with download option by @Godmartinz in #17110
• Fixed action_date in action_logs by @snipe in #16469
• Fixed #17127: Added note to EULA info by @snipe in #17129
• Handle potentially missing category upon checkin by @marcusmoore in #17152
• Fixed #17138: category type was case-sensitive by @snipe in #17157
• Changed default visibility on history view columns by @snipe in #17158
• Update location print assigned assets by @Robert-Azelis in #17155
• Update user print assigned assets by @Robert-Azelis in #17154
• Fixed bad method calls in user index api call by @marcusmoore in #17141
• Fixed Expected checkin notification erroring on unknown users by @marcusmoore in #17142
• Fixes #17051: Nulling Custom Fields In Bulk Asset Updates by @spencerrlongg in #17094
• Fixed: #17136 loads item relation properly in account EULA tab by @Godmartinz in #17166
• Fixed #17028: Allows bulk editing assets with a status type of pending by @Godmartinz in #17151
• Added hasUndeplyableStatus check to bulk checkout by @Godmartinz in #17092
• Fixed: Adding Total to Consumable View Page by @akemidx in #17109
• Fixed #17163: insufficient permissions on editing an asset maintenance by @snipe in #17174
• Fixed #17172: Better handle checkin date overrides by @snipe in #17175
• Added logic around bulk asset menu options by @snipe in #17176
• Docker: harden updating of php.ini in entrypoint by @chrisnovakovic in #17147
• Fixed #17177: use maintenance title for delete confirmation by @snipe in #17178
• Added #14997: Display department manager in user view and list by @timoschwarzer in #14998
• Fixed #14542: Added fullscreen option for location view tabs by @snipe in #17181

New Contributors

• @kovacs-andras made their first contribution in #16998
• @chrisnovakovic made their first contribution in #17147
• @timoschwarzer made their first contribution in #14998

Full Changelog: v8.1.15...v8.1.16

Join the Community!

• Join our Discord! It’s full of great people. We even wrote about it here!
• Follow us on Bluesky at @snipeitapp.com
• Follow us on Mastodon at hachyderm.io/@grokability
• Follow our blog at Grokstar.Dev
• Subscribe here on Github for notifications about new releases. (We recommend selecting "Releases" only for most users - this repo can get noisy.)

Happy Monday everyone! This release offers some UX fixes, some API enhancements for consistency, and three new classes of things you can use the importer for: manufacturers, suppliers, and categories. See what's on deck for the next release here: https://github.com/grokability/snipe-it/milestone/26.

Important API header change:

In order to to make it easier for you folks to build all the great stuff you do with the Snipe-IT REST API, we've added a few additional headers on API requests. Now every API request will return the following headers regardless of whether you've hit your API limit and are now returning a 429 response:

Previous versions of the API would only return some of these headers if you were getting a 429 - too many requests response.

For example:

What's Changed

• Fixed #16958 - exclude archived assets from expiring assets report by @snipe in #16982
• Moved faker out of dev reqs for seeding by @snipe in #16985
• Fixed: PHP_UPLOAD_LIMIT not set for PHP 8.3 by @Tinyblargon in #16993
• Better messaging when an asset fails validation on quick scan by @snipe in #16999
• Ensure boolean returned from method with boolean return type by @marcusmoore in #17007
• Fixed #16961 - Manually add API headers by @snipe in #16986
• Removed Blade::render from breadcrumbs by @snipe in #17014
• API Locations - added company_id for API request by @Robert-Azelis in #17012
• Updated translations by @snipe in #17017
• Fixed column persistence on User's Self View of Assigned Assets by @akemidx in #17020
• Avoid dividing by zero in DefaultLabel by @marcusmoore in #17022
• Fixed translation strings in Username/Email formats by @akemidx in #17027
• Reference correct translation string by @marcusmoore in #17026
• Added created_at date picker on Custom Reports by @akemidx in #17024
• Fixed clear button not actually clearing dates on date picker by @akemidx in #17025
• Replace two_factor_options macro by @marcusmoore in #17010
• Replace skin and user_skin macros with blade component by @marcusmoore in #17009
• Fixed #17034 - larger header color box on small views by @snipe in #17035
• Added #17036 - suppliers importer by @snipe in #17037
• Avoid displaying empty table in SendAcceptanceReminder command by @marcusmoore in #17040
• Small refinements for suppliers and locations API and list view by @snipe in #17041
• Docker: Ensure permissions on Laravel log file by @jerm in #17045
• Handle missing location when rendering labels by @marcusmoore in #17044
• Added manufacturer importer by @snipe in #17061
• Replace customfield_elements form macro take two by @marcusmoore in #17042
• Added category importer by @snipe in #17062
• Fixed #15320 - added status label to bulk checkout by @snipe in #17019
• API Models - added requestable filter for API request by @Robert-Azelis in #17013
• More robust php.ini update. by @amedranogil in #17038
• Fix to rate-limiter on higher rate-limits by @uberbrady in #17074

New Contributors

• @Tinyblargon made their first contribution in #16993
• @amedranogil made their first contribution in #17038

Join the Community!

• Join our Discord! It’s full of great people. We even wrote about it here!
• Follow us on Bluesky at @snipeitapp.com
• Follow us on Mastodon at hachyderm.io/@grokability
• Follow our blog at Grokstar.Dev
• Subscribe here on Github for notifications about new releases. (We recommend selecting "Releases" only for most users - this repo can get noisy.)

Full Changelog: v8.1.4...v8.1.15

Happy Friday! This release handles some wonkiness around notifications (slack and emails).

What's Changed

• Removed 2fa_authed from session upon logout by @marcusmoore in #16884
• Added #16887 - last updated date range for custom report by @snipe in #16889
• Allow updating asset model image via api by @marcusmoore in #16877
• Fix webserver/user file permissions issue by @jerm in #16894
• Fixed #16863 - better handle custom fields validation when unique but not required by @snipe in #16895
• Removed seat "name" from licenses seats API/UI response by @snipe in #16896
• Replaced Form::radio helpers by @marcusmoore in #16898
• Fixed #16901 - use default currency for asset maintenance cost by @snipe in #16905
• Reworked MS Teams deprecation warnings and notifications visibility by @Godmartinz in #16611
• Fixed #16456 - added CSS ids to sidenav options and BYOD by @snipe in #16907
• Fixed #16535 - more info to side rail in accessories by @snipe in #16908
• Fixed #16554 - Added models to deletable check by @snipe in #16909
• Handle settings not being available in full name accessor by @marcusmoore in #16900
• Remove logo outline from L7162_B by @marcusmoore in #16920
• Handle displaying deleted creator of an accessory by @marcusmoore in #16918
• Replace locales macro by @marcusmoore in #16921
• Handle potential hard exception in Asset@getImageUrl method by @marcusmoore in #16916
• Fixed typo in snipeit.sh by @JassonCordones in #16930
• A quick check to make sure that webhooks still fire when email is off by @uberbrady in #16942
• Clearer text on status label types by @snipe in #16943
• Gracefully handle error when editing of soft deleted users by @marcusmoore in #16946
• Make checkin emails not send when not configured to be by @uberbrady in #16953
• Removes double scrollbar from groups by @Godmartinz in #16963
• Added dynamic properties to audit notifications by @Godmartinz in #16962
• Improve notifications by @marcusmoore in #16932
• New tests for checkin/checkout counters by @uberbrady in #16980
• Fixed potential slack webhook setting inconsistencies by @marcusmoore in #16968
• Improved creator on accessory show page by @marcusmoore in #16979

New Contributors

• @JassonCordones made their first contribution in #16930

Full Changelog: v8.1.3...v8.1.4

Happy Wednesday! This release fixes a few small bugs, updates a library dependency that had a CVE, and hopefully handles some of our docker users.

We're sorry this has been a hassle for the docker folks.

Dockerhub makes it surprisingly un-intuitive to keep your Dockerhub namespace when you switch a GH repo namespace. Why would we want to keep our old Dockerhub namespace, you ask? Good question! Turns out you can't move namespaces and keep your stars and pull counts, which we kinda want, since we're the original creators.

We had to undo some of the much faster build optimizations we had previously made for Docker people - they take almost an hour now - ouch. But we'll be revisiting that and speeding it back up in the next week.

To clarify, Docker folks should be pulling from snipe/snipe-it, not grokability/snipe-it. It's counter-intuitive, I know. Dockerhub won't let us move without losing literally a decade of pull and star stats. :(

What's Changed

• Livewire component for smoother check for location companies by @snipe in #16860
• Set upload-limit by @chfsx in #16806
• Adds Label fields offset as an option by @Godmartinz in #16790
• Add barcode support for Avery 3490 by @realchrisolin in #16847
• Fixed #15629 - prevent setting assigned_to without setting assigned_type by @uberbrady in #15907
• Fix dockerhub repo we're pushing to, and arm build names by @jerm in #16851
• Added missing contributors by @marcusmoore in #16864
• Fixed #16815: Avoids potential error when settings table is empty by @ntaylor-86 in #16865
• More dockerhub repo references by @jerm in #16868
• One more docker repo name fix by @jerm in #16871
• Redirect options on audit by @snipe in #16873
• Fixed breadcrumbs for cloning by @snipe in #16874
• Fixes CVE-2025-46734: league/commonmark contains a XSS vulnerability in Attributes extension by @joelpittet in #16875
• Move back to multiarch builds with emulation (for now) by @jerm in #16876

New Contributors

• @chfsx made their first contribution in #16806
• @realchrisolin made their first contribution in #16847

Full Changelog: v8.1.2...v8.1.3

Happy Monday! This tagged release should hopefully fix the docker builds that were not auto-pushing since the repo move. (We're still trying to find a way to get back to the old location where our 10M docker pulls and stars more accurately reflect reality, but Docker Hub doesn't make that particularly easy.)

We know the docker builds are running very slow right now, and we're working on speeding those up.

What's Changed

• Fixed updating CONTRIBUTORS.md via cli by @marcusmoore in #16829
• Fixed #16834 - better handle bad data in permissions by @snipe in #16836
• Small improvements to scoped views by @snipe in #16837
• Reworked fix for for 24mm_D label indent errror by @Godmartinz in #16826
• Fixed purchase cost column always shown by @akemidx in #16531
• Copy changes from 'master' to develop for docker builds by @uberbrady in #16840
• Removed duplicate input-group color corrections from theme skins by @Godmartinz in #16841

Full Changelog: v8.1.1...v8.1.2

Hi again - did you miss us? :)

This is just a point release to smooth out a funky UI artifact on some screens and a few color fixes for dark-mode skins.

What's Changed

• Fixed fieldset display if custom fields are not available by @snipe in #16827
• Fixed Dark Mode color choices for fieldset links by @Godmartinz in #16797
• Handle category being null in CheckoutableListener by @marcusmoore in #16799
• Add audit button to BS table partial, redirect if asset won't validate by @snipe in #16828

Full Changelog: v8.1.0...v8.1.1