snipe-it

v8.6.0 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 8d Configuration Management

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 1 known CVE

Topics

asset-management asset-manager assets-management itam license-management

Affected surfaces

auth rbac

ReleasePort's take

Light signal

editorial:auto 8d

Version v8.6.0 adds multi‑company user support when FMCS is enabled and introduces bulk asset/license check‑in via the GUI.

Why it matters: Enables organizations with multiple companies to manage users across entities; reduces manual steps for large asset/license batches.

Summary

AI summary

Updates Join the Community!, https://discord.gg/yZFtShAcKk, and https://github.com/grokability/snipe-it/discussions across a mixed release.

Changes in this release

Type	Severity	Summary	CVE
Security	High	Security improvements encouraging upgrade. Security improvements encouraging upgrade. Source: granite4.1:30b@2026-05-27-audit Confidence: low	—
Breaking	High	Requires PHP 8.2.0 or greater, recommends PHP 8.4+. Requires PHP 8.2.0 or greater, recommends PHP 8.4+. Source: granite4.1:30b@2026-05-27-audit Confidence: low	—
Feature
Feature	Medium	Users can belong to multiple companies when FMCS is enabled. Users can belong to multiple companies when FMCS is enabled. Source: llm_adapter@2026-05-27 Confidence: high	—
Feature	Medium	Bulk check‑in assets via the GUI. Bulk check‑in assets via the GUI. Source: llm_adapter@2026-05-27 Confidence: high	—
Feature	Medium	Bulk check‑in license seats via the GUI. Bulk check‑in license seats via the GUI. Source: llm_adapter@2026-05-27 Confidence: high	—
Feature	Medium	API pagination now supports page numbers with `per_page`, `total_pages`, and `current_page` fields. API pagination now supports page numbers with `per_page`, `total_pages`, and `current_page` fields. Source: llm_adapter@2026-05-27 Confidence: high	—
Feature	Medium	Official Snipe-IT mobile app (beta) will be released this week, open source. Official Snipe-IT mobile app (beta) will be released this week, open source. Source: granite4.1:30b@2026-05-27-audit Confidence: low	—
Feature	Medium	Added more data to user export (issue #18659). Added more data to user export (issue #18659). Source: granite4.1:30b@2026-05-27-audit Confidence: low	—
Feature	Medium	Added custom maintenance types, responsible party, and assigned to fields in maintenances. Added custom maintenance types, responsible party, and assigned to fields in maintenances. Source: granite4.1:30b@2026-05-27-audit Confidence: low	—
Feature	Medium	Addressed multiple provider‑specific SCIM issues; note that multi‑company user support is not yet SCIM‑compatible. Addressed multiple provider‑specific SCIM issues; note that multi‑company user support is not yet SCIM‑compatible. Source: granite4.1:30b@2026-05-27-audit Confidence: low	—
Dependency	Low	Removed direct Symfony dom‑crawler and css‑selector dev dependencies. Removed direct Symfony dom‑crawler and css‑selector dev dependencies. Source: llm_adapter@2026-05-27 Confidence: high	—
Dependency	Low	Bumped github/codeql-action from 3 to 4. Bumped github/codeql-action from 3 to 4. Source: granite4.1:30b@2026-05-27-audit Confidence: low	—
Performance	Medium	Optimized incorrect checkout acceptances command. Optimized incorrect checkout acceptances command. Source: granite4.1:30b@2026-05-27-audit Confidence: low	—
Bugfix
Bugfix	Medium	Fixed duplicate headers in users CSV export. Fixed duplicate headers in users CSV export. Source: llm_adapter@2026-05-27 Confidence: high	—
Bugfix	Medium	Fixed asset maintenances page rendering when an asset is missing. Fixed asset maintenances page rendering when an asset is missing. Source: llm_adapter@2026-05-27 Confidence: high	—
Bugfix	Medium	Fixed anchor tag on report index page. Fixed anchor tag on report index page. Source: llm_adapter@2026-05-27 Confidence: high	—
Bugfix	Medium	Fixed importer `created_at` timestamp issues on large imports. Fixed importer `created_at` timestamp issues on large imports. Source: llm_adapter@2026-05-27 Confidence: low	—
Bugfix	Medium	Tightened permission changes and UI fixes related to issue #18831. Tightened permission changes and UI fixes related to issue #18831. Source: llm_adapter@2026-05-27 Confidence: low	—
Bugfix	Low	Fixed SCIMConfig typo "string_starts_with". Fixed SCIMConfig typo "string_starts_with". Source: granite4.1:30b@2026-05-27-audit Confidence: low	—
Bugfix	Low	Switched purchase cost field back to text (issue #19029). Switched purchase cost field back to text (issue #19029). Source: granite4.1:30b@2026-05-27-audit Confidence: low	—
Bugfix	Low	Removed trailing slashes in license URLs (issue #18624). Removed trailing slashes in license URLs (issue #18624). Source: granite4.1:30b@2026-05-27-audit Confidence: low	—
Bugfix	Low	Disabled debugbar on acceptance report page. Disabled debugbar on acceptance report page. Source: granite4.1:30b@2026-05-27-audit Confidence: low	—
Refactor	Low	Moved and renamed CheckInOutRequest to CheckInOutTrait. Moved and renamed CheckInOutRequest to CheckInOutTrait. Source: granite4.1:30b@2026-05-27-audit Confidence: low	—

Full changelog

[!CAUTION]
This version of Snipe-IT REQUIRES PHP 8.2.0 or greater, 8.4+ recommended. PHP 8.2 is still in security release support until 31 Dec 2026, but let's not play that game

Wow wow wow. Wow.

We know it was just two weeks ago from our last mid-release, but this one was just too juicy to sit on. The changelog looks small, but it addresses some of our most sought-after features. Here's the highlight reel:

Users can now have more than one company

Yep. If you have FMCS (Full Multiple Company Support) enabled and need to control access via companies, this was previously potentially a problem. You might have a user who you don't want to promote to superuser (the only permission that bypasses FMCS constraints, but also has a LOT of access to stuff you might not want them to have), but they needed to manage items across several companies, and we couldn't support that in the past. Now we do.

Bulk license seat checkin via GUI

https://github.com/user-attachments/assets/adcf6145-29cb-431b-bf4d-9fc3018415a4

Bulk checkin assets via GUI

https://github.com/user-attachments/assets/957fd1b6-cf41-4691-909e-e286f0703f89

SCIM

We've ironed out a bunch of provider-specific SCIM issues that came from us adding groups, locations, manager, and company, but we are still hearing small murmurs about Okta SCIM integration, so if you're having trouble, do let us know.

Also, the new multiple-companies-for-users isn't supported by SCIM (yet?), so we suggest waiting on mapping groups if you have a situation where users might belong to multiple companies. (That mapping gets squirrely with different providers - we're working through issues as quickly as we can.)

Reddit? Somehow?

So there was an unofficial (but blessed by us) subreddit for Snipe-IT. The creator of the sub asked for a mod to take it over, and we applied and - oh no - we were approved, because we needed one more place to keep track of bugs and requests. Anyway, if Reddit is your jam, you can find us here: https://www.reddit.com/r/Snipe_IT/ - Don't be super-shocked if we direct you back to GH if your ask is a bug or a feature request though.

Documentation

This is our second release in a month, and a lot has changed. We're working as quickly as we can to update the docs with new endpoints, new screenshots, all the new features, etc. We appreciate your patience. We're pretty proud of the work that's gone into our docs, but that also means every release means a bunch of places that need updates. We're working on it as fast as we can, but if there's something that isn't documented or you have a question about in the meantime, our GH Discussions or Discord are a great place to start,

Security

There are (as always) security improvements, so folks are encouraged to upgrade, even if none of the stuff we're excited about is stuff you're excited about.

Mobile Update

We're slated to release the official Snipe-IT mobile app this week! And of course it will be open source. It will be a beta release, so be kind - a lot of work has gone into this over the past year, and we're pretty proud of what we've got (but we also know that this is the beginning, not the end, of the task.)

API pagination

If you use our API, we've simplified the pagination parts. Before, if you were building an integration, you'd have to do a bunch of math (booo) to figure out what the limit and offset were. We've made this a lot simpler for you, so you can now pass page=1, page=2, and we'll sort it out for you. You can still use the old offset/limit parameters, so nothing needs to change on your end if you've already got something that works, but new integrations should be a bit easier now.

What's Changed

Fixed anchor tag on report index page by @marcusmoore in https://github.com/grokability/snipe-it/pull/19012
Fixed importer created_at timestamp getting weird on large imports by @snipe in https://github.com/grokability/snipe-it/pull/19017
Disabled debugbar on acceptance report by @marcusmoore in https://github.com/grokability/snipe-it/pull/19022
Fixed duplicate headers in users csv export by @marcusmoore in https://github.com/grokability/snipe-it/pull/19023
Tighten permission changes and UI, fixed #18831 by @snipe in https://github.com/grokability/snipe-it/pull/19024
Fixed asset maintenances page not rendering with missing asset by @marcusmoore in https://github.com/grokability/snipe-it/pull/19021
Added page number support in API, added per_page, total_pages, and current_page to API response by @snipe in https://github.com/grokability/snipe-it/pull/19019
Fixed SCIMConfig typo "string_starts_with" by @snipe in https://github.com/grokability/snipe-it/pull/19026
Fixed #18659 - added more data to user export by @snipe in https://github.com/grokability/snipe-it/pull/19027
Move and rename CheckInOutRequest to CheckInOutTrait by @snipe in https://github.com/grokability/snipe-it/pull/19028
Fixed #19029 - switch back to text for purchase cost by @snipe in https://github.com/grokability/snipe-it/pull/19030
Optimize incorrect checkout acceptances command by @snipe in https://github.com/grokability/snipe-it/pull/19032
Bump github/codeql-action from 3 to 4 by @dependabot[bot] in https://github.com/grokability/snipe-it/pull/19041
Fixed #18624: Remove trailing slashes in license urls by @marcusmoore in https://github.com/grokability/snipe-it/pull/19043
🖼️ Add custom maintenance types, responsible party and assigned to to maintenances by @snipe in https://github.com/grokability/snipe-it/pull/19039
Remove direct symfony dom-crawler and css-selector dev dependencies by @joelpittet in https://github.com/grokability/snipe-it/pull/19053
Bulk checkin assets from UI by @snipe in https://github.com/grokability/snipe-it/pull/19056
🎥 Bulk checkin license seats by @snipe in https://github.com/grokability/snipe-it/pull/19058

Join the Community!

Join our Discord! It’s full of great people. We even wrote about it here!
Follow us on Bluesky at @snipeitapp.com
Follow us on Mastodon at hachyderm.io/@grokability
Follow our blog at Grokstar.Dev
Subscribe here on Github for notifications about new releases. (We recommend selecting "Releases" only for most users - this repo can get noisy.)

Full Changelog: https://github.com/grokability/snipe-it/compare/v8.5.0...v8.6.0

Breaking Changes

Requires PHP 8.2.0 minimum (PHP 8.4+ recommended); older versions will not work.

Security Fixes

General security improvements (no specific CVE identified).

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track snipe-it

Get notified when new releases ship.

About snipe-it

A free open source IT asset/license management system

All releases →

Related context

Related tools

Earlier breaking changes

v8.5.0 Requires PHP 8.2.0 or greater; PHP 8.1 and earlier no longer supported