News

1.11.11 Released

Submitted by LedgerSMB_Team on

The LedgerSMB development team is happy to announce yet another new
version of its open source ERP and accounting application.
This release contains the following fixes and improvements:

Changelog for 1.11.11

1.10.33 Released

Submitted by LedgerSMB_Team on

The LedgerSMB development team is happy to announce yet another new
version of its open source ERP and accounting application.
This release contains the following fixes and improvements:

Changelog for 1.10.33

* Enable scroll bars on setup(upgrade) data fix screens (#8071)
* Fix 'not set up for hierarchy reporting' on Entity Account screen (#8056)
* Fix order of period comparisons in PNL and B/S (#7800)
* Fix recurring transactions after setup.pl CSRF mitigation (#8042)
* Revert Hebrew 'nplurals' back to 4

1.11.10 Released

Submitted by LedgerSMB_Team on

The LedgerSMB development team is happy to announce yet another new
version of its open source ERP and accounting application.
This release contains the following fixes and improvements:

Changelog for 1.11.10

* Fix upgrades from older Pg versions with the 'cash_impact' view (#7987)
* Fix missing locale parameter creating GL Search report (#7997)
* Fix setup.pl CSRF regressions (#8007, #8000)
* Fix date filters on Cash > Receipt/Payment (#8015)

1.10.32 Released

Submitted by LedgerSMB_Team on

The LedgerSMB development team is happy to announce yet another new
version of its open source ERP and accounting application.
This release contains the following fixes and improvements:

Changelog for 1.10.32

* Fix upgrades from older Pg versions with the 'cash_impact' view (#7987)
* Fix missing locale parameter creating GL Search report (#7997)
* Fix setup.pl CSRF regressions (#8007, #8000)
* Fix date filters on Cash > Receipt/Payment (#8015)

1.11.9 Released

Submitted by LedgerSMB_Team on

The LedgerSMB development team is happy to announce yet another new
version of its open source ERP and accounting application.
This release contains the fix for CVE-2024-23831, a CSRF attack on
setup.pl.

Changelog for 1.11.9

* Add missing batch and entity sequences to the Defaults screen (#7965)
* Stop warning during startup without configuration file (#7928)
* CVE-2024-23831: CSRF attack on 'setup.pl'

1.10.31 Released

Submitted by LedgerSMB_Team on

The LedgerSMB development team is happy to announce yet another new
version of its open source ERP and accounting application.
This release contains the fix for security vulnerability CVE-2024-23831
which allows an attacker to create a user by tricking a setup.pl admin
into clicking on a specifically crafted link. See more about this CVE
on https://ledgersmb.org/cve-2024-23831-setup-csrf.

Changelog for 1.10.31

* Fix GL transaction entry regressed from 1.10.29 (#7984)

cve-2024-23831 (Cross Site Request Forgery)

Submitted by ehu on

Privilege escalation through CSRF attack on 'setup.pl'

Summary

When a LedgerSMB database administrator has an active session in /setup.pl,
an attacker can trick the admin into clicking on a link which automatically
submits a request to setup.pl without the admin's consent.  This request can
be used to create a new user account with full application (/login.pl)
privileges, leading to privilege escalation.


Known vulnerable

All of:

1.11.8 Released

Submitted by LedgerSMB_Team on

The LedgerSMB development team is happy to announce yet another new
version of its open source ERP and accounting application.
This release contains the following fixes and improvements:

Changelog for 1.11.8

1.10.29 Released

Submitted by LedgerSMB_Team on

The LedgerSMB development team is happy to announce yet another new
version of its open source ERP and accounting application.
This release contains the following fixes and improvements:

Changelog for 1.10.29

* Fix formatting of amounts in AR/AP search results (#7896)
* Explicitly set foreground color on dark backgrounds in blue theme (#7875)

For installation instructions and system requirements, see
https://github.com/ledgersmb/LedgerSMB/blob/1.10.29/README.md

1.11.7 Released

Submitted by LedgerSMB_Team on

The LedgerSMB development team is happy to announce yet another new
version of its open source ERP and accounting application.
This release contains the following fixes and improvements:

Changelog for 1.11.7

* Fix creating an invoice from an order (#7855)
* Retain partsgroup selection on Update in parts screen (#7848)
* Fix missing columns on trial balance 'Ending' report type (#7870)