GLPI 0.71 is a very old version, unmaintained upstream.
This version have some security issues which are fixed in recent
version. But GLPI code have heavily change, and now requires PHP5, so
backporting fixes is a huge work.
Last security issue concern embedded phpCas library
RPM available in fedora and EPEL-5 use the system php-pear-CAS package
which have all security fixes.
If you don't use CAS authentification, and if you only use GLPI on a
private and secure network, you probably could continue to use it.
Else you should probably plan an upgrade to a recent version.
EPEL-5 provides the GLPI 0.72.4 version
(which will be maintained as long as possible)
EPEL-6 will provide the new GLPI 0.78.1 (when available) which requires
PHP 5.2 (required by php-ezc-* components used)
As discussed the last few weeks during the EPEL weekly meeting, the
rubygem-rack package will be updating in EPEL5. There are no current
packages that depend on its current version (0.4), but there are
several that require rack > 1.0.
rubygem-rack will be moving to version 1.1 in EPEL 5. This update
will be available in epel-testing no later than tomorrow. This is not
a 100% compatible ABI, it's very close but there are a few minor
changes. Upon analysis of potential usage of rack, we felt this
update was acceptable.
If there are no serious objections to moving the version of rack, it
will placed in stable after the two-week period spent in epel-testing.
rubygem-rack version 1.1 should allow for usage with Sinatra, Padrino,
Merb, many versions of Rails, and more.
Please let me know if you find any issues and offer karma to the
update based upon your experiences with it.