Matthias MairNew blog entry: Open Source Tools for Open Source Hardware
https://mjmair.com/blog/2026/open-source-tools-for-open-source-hardware
Ready about my new-ish project (about 2 months old now). Direct link to the project https://beta.mid-size.org/
InvenTreeAttention all sysadmins / selfhosters of #inventree instances:
We will publish a critical security vulnerability and patched version on 2026-04-08 21:00 UTC
Read https://inventree.org/blog/2026/03/25/security-release for more details - there are several recommended steps to keep your instance safe in the meantime.
Please prepare to update as soon as we release. #inventreedb #opensource
Action required - Upcoming Security Release
The InvenTree core development team has received a report of a critical security vulnerability affecting a large range of releases since 2024. We will release a disclosure and a fixed release for the 1.2.x release series on 2026-04-08 21:00 UTC. The vulnerability allows for lateral movement and privilege escalation within an InvenTree instance. It has a low attack complexity.
@jpm #inventree provides native packages for Debian and has bare metal instructions. What issues are you phasing?
InvenTree 1.2.6 contains fixes for new security advisories
Updating to 1.2.6 is strongly advised. See GHSA-rhc5-7c3r-c769 and GHSA-m8j2-vfmq-p6qg for details.
Every admin should be aware of the assumed trust in our threat model. If you followed it you are not vulnerable see https://docs.inventree.org/en/latest/concepts/threat_model/
many thanks to patelhettt (x2) and alonaki for their research and responsible disclosure
Attention: Release 1.2.0 has no support for PostgreSQL 13 - our docs contain information regarding PostgreSQL updates - https://docs.inventree.org/en/latest/start/migrate/#migrating-between-incompatible-database-versions.
At least PostgreSQL 14 is required, we recommend PostgreSQL 18.
RE: https://chaos.social/@InvenTree/116059586117578078
I am looking forward to seeing more deployments out there!
If you know #kubernetes #k8 #helm or have deeper knowledge around these technologies I invite you to check things out and let us know what could be done better.
I am reasonably familiar with docker and the security implications / bag of grenades it can be. Kubernetes is something >other people™< do at my place of work, and I would rather improve the ecosystem than learn another deployment stack. To be honest.
Gearing up for 1.2.0 release - You can help!
https://github.com/inventree/InvenTree/discussions/11199
We are closing the scope for 1.2.0 and starting to put the finishing touches on. Expect a release in the next few months.
Please test the "latest" / "master" images and packages and help with translations to make this the best release yet.
1.1.10 release with fix to long standing registration control problem
The newest release https://github.com/inventree/InvenTree/releases/tag/1.1.10 fixes a long-running issue where SSO registration could not be enabled without also enabling built-in authentication registration.
With debugging support by the community, this cosmetic issue could finally be fixed.
Upgrades are encouraged as there is also a patch for a vulnerable dependency.
If I were to give a 20-25 min talk about InvenTree, what would be more interesting of a topic to focus on? Also open on other (InvenTree related) topic suggestions.
#inventree #inventreedb
#inventree #inventreedb
InvenTree for small (in-house) production
plugin system / data integration flows
plugin and tooling ecosystem
Poll ended at .
@agowa338 @ct_Magazin partkeepr ist archived aber #inventree (@InvenTree) und #partdb exsistieren als Elektronik-fokussierte Nachfolger
Home Box ist für Heim-Inventar aber sicher simpler. Elektronik-Bauteile damit zu verwalten stelle ich mir allerdings komplex vor.