News

LedgerSMB 1.4 RC3

While running extended tests, Chris Travers found some failures in the new-in-1.4 COGS test cases.  These have been fixed and a new RC for LedgerSMB 1.4 is now available at SourceForge.
 
These new tests allow us to make guarantees that the logic works as designed; guarantees we can't easily make for previous versions.  The new logic also has fewer problem cases for manufacturing, and allows the development of heavier manufacturing capabilities going forward.

LedgerSMB 1.4 RC2

This release includes some fixes also included in 1.3.

Next to that, this release includes brand new (rewritten) manufacturing/COGS calculations as these were fundamentally broken in RC1.

Anyone interested in testing it, please download it from Sourceforge or Github.

 

1.3.41 released

LedgerSMB 1.3.41 has been released.

It includes a single fix to the single payment workflow which caused an error in some cases while paying invoices.

1.3.40 released

This release has a couple of sales tax fixes, a database schema fix and a couple of others. Highly recommend upgrading at earliest opportunity.


Changelog for 1.3.40

LedgerSMB 1.4 RC1

The LedgerSMB core team is proud to announce that LedgerSMB 1.4 has reached release candidate stage.  This includes a large number of enhancements compared to 1.3.
 
This provides a stable look at where we are going, and an opportunity for more feedback.
 
Particular highlights include the web services infrastructure, the integration of Dojo, and the new reporting structures.  We also have many more killer features.  Please see the full changelog for more information.

1.3.39 released

March 31st, 2014 -- Announcement of the 1.3.39 release.
 
We've released LedgerSMB 1.3.39.  This provides a number of fixes.  Users of 1.3.38 are urged to upgrade as soon as possible, due to a bug inadvertently introduced in that release, which causes difficulty posting AR and AP transactions.
 
Changelog for 1.3.39

1.3.38 released

February 25th, 2014, Announcement of the release of 1.3.38.
 
Several of the bugs fixed in this release probably go all the way back to 1.2 and beyond. 
 
Changelog for 1.3.38

Heartbleed and LedgerSMB

What follows is a slightly edited version of a post to the email lists.  While LedgerSMB does not directly utilize OpenSSL, it is usually deployed on web servers that do.  No upgrades of LedgerSMB are required, but you may need to update the security libraries of your web server.  Please read further for the sorts of implications this has regarding LedgerSMB and what we would recommend about mitigating and recovering from risks.

Virtualbox Appliance of 1.3.37 released

 

Frans van der Star, working with UTAR, a university in Malaysia, has put together a virtual appliance running LedgerSMB 1.3.37.  This can be downloaded at https://sourceforge.net/projects/ledger-smb/files/ledgersmb/virtualbox/  Be warned.  It is a very large download (approx. 3 GB).

The password for the virtualbox instance is 123456.  Enjoy!

Security advisory (fixed in 1.3.37)

Security Advisory: LedgerSMB < 1.3.36, Improper Logout on Some Browsers

Severity:  Low (cvssv2 base score: 3.6, total 0.5)
Remotely Exploitable: No
Complexity of Attack:  High
Impact:  Relatively low.
Prerequisite for Attack:  Physical Access to Previously Logged In Browser, so high complexity in most cases.
Attack Vector:  Physical, against client.
Impact:  The attacker may gain access unexpectedly to LedgerSMB using the client's previous credentials.

Background

Pages

Subscribe to News