I have developed something new for the #inventree ecosystem: a project management plugin that enables you to:
- define required parameters based on type/stage
- do light task tracking (with ideas how this could be coupled to GitHub issues/jira/openproject)
- parse and emit project data formats
This is still in alpha and requires a dev/latest instance for testing. Feel free to reach out if you are intrested, install via custom index.
#inventreedb #openhardware #projectmanagement
New blog entry: Open Source Tools for Open Source Hardware
https://mjmair.com/blog/2026/open-source-tools-for-open-source-hardware
Ready about my new-ish project (about 2 months old now). Direct link to the project https://beta.mid-size.org/
Attention all sysadmins / selfhosters of #inventree instances:
We will publish a critical security vulnerability and patched version on 2026-04-08 21:00 UTC
Read https://inventree.org/blog/2026/03/25/security-release for more details - there are several recommended steps to keep your instance safe in the meantime.
Please prepare to update as soon as we release. #inventreedb #opensource
The InvenTree core development team has received a report of a critical security vulnerability affecting a large range of releases since 2024. We will release a disclosure and a fixed release for the 1.2.x release series on 2026-04-08 21:00 UTC. The vulnerability allows for lateral movement and privilege escalation within an InvenTree instance. It has a low attack complexity.
InvenTree 1.2.6 contains fixes for new security advisories
Updating to 1.2.6 is strongly advised. See GHSA-rhc5-7c3r-c769 and GHSA-m8j2-vfmq-p6qg for details.
Every admin should be aware of the assumed trust in our threat model. If you followed it you are not vulnerable see https://docs.inventree.org/en/latest/concepts/threat_model/
many thanks to patelhettt (x2) and alonaki for their research and responsible disclosure
Attention: Release 1.2.0 has no support for PostgreSQL 13 - our docs contain information regarding PostgreSQL updates - https://docs.inventree.org/en/latest/start/migrate/#migrating-between-incompatible-database-versions.
At least PostgreSQL 14 is required, we recommend PostgreSQL 18.
RE: https://chaos.social/@InvenTree/116059586117578078
I am looking forward to seeing more deployments out there!
If you know #kubernetes #k8 #helm or have deeper knowledge around these technologies I invite you to check things out and let us know what could be done better.
I am reasonably familiar with docker and the security implications / bag of grenades it can be. Kubernetes is something >other people™< do at my place of work, and I would rather improve the ecosystem than learn another deployment stack. To be honest.
Gearing up for 1.2.0 release - You can help!
https://github.com/inventree/InvenTree/discussions/11199
We are closing the scope for 1.2.0 and starting to put the finishing touches on. Expect a release in the next few months.
Please test the "latest" / "master" images and packages and help with translations to make this the best release yet.
1.1.10 release with fix to long standing registration control problem
The newest release https://github.com/inventree/InvenTree/releases/tag/1.1.10 fixes a long-running issue where SSO registration could not be enabled without also enabling built-in authentication registration.
With debugging support by the community, this cosmetic issue could finally be fixed.
Upgrades are encouraged as there is also a patch for a vulnerable dependency.
Matthias Mair
Jmp49
InvenTree