News

1.9.5 Released

Submitted by LedgerSMB_Team on

The LedgerSMB development team is happy to announce yet another new
version of its open source ERP and accounting application.
This release contains the following fixes and improvements:

Changelog for 1.9.5

1.8.24 Released

Submitted by LedgerSMB_Team on

The LedgerSMB development team is happy to announce yet another new
version of its open source ERP and accounting application.
This release contains the following fixes and improvements:

1.7.37 Released

Submitted by LedgerSMB_Team on

The LedgerSMB development team is happy to announce yet another new
version of its open source ERP and accounting application.
This release contains the following fixes and improvements:

1.9.4 Released

Submitted by LedgerSMB_Team on

The LedgerSMB development team is happy to announce yet another new
version of its open source ERP and accounting application.
This release contains the following fixes and improvements:

Changelog for 1.9.4

* Fix balance sheet printing template listing account descriptions (#6203)
* Fix reconciliations to include Source value from transactions (#6122)
* Fix error thrown from CSV export function (#6140)
* Fix reporting of login problems due to e.g. version mismatch (#5976)
* Fix 'import' of username on HR > Employee menu | User tab (#5287)

1.9.3 Released

Submitted by LedgerSMB_Team on

The LedgerSMB development team is happy to announce yet another new
version of its open source ERP and accounting application.
This release contains the following fixes and improvements:

Changelog for 1.9.3

1.8.23 Released

Submitted by LedgerSMB_Team on

The LedgerSMB development team is happy to announce yet another new
version of its open source ERP and accounting application.
This release contains the following fixes and improvements:

Changelog for 1.8.23

* Use a temp table to prevent bulk payments trampling on each other
* Fix sorting on fixed asset searches (#6151)

For installation instructions and system requirements, see
https://github.com/ledgersmb/LedgerSMB/blob/1.8.23/README.md

1.9.2 Released

Submitted by LedgerSMB_Team on

The LedgerSMB development team is happy to announce yet another new
version of its open source ERP and accounting application.
This release contains the following fixes and improvements:

Changelog for 1.9.2

* Fix sending mail with multiple Bcc addresses (#6087)
* Fix manual taxes on credit invoices (#5721)
* Add missing account configuration on Sales account (#6100)
* Fix Update clobbering invoice header data (e.g. fx rate) (#6114)

1.8.22 Released

Submitted by LedgerSMB_Team on

The LedgerSMB development team is happy to announce yet another new
version of its open source ERP and accounting application.
This release contains the following fixes and improvements:

Changelog for 1.8.22

* Fix sending mail with multiple Bcc addresses (#6087)
* Fix manual taxes on credit invoices (#5721)
* Fix 'Secure' flag on session cookie; CVE-2021-3882
* Improve configuring acceptable reverse proxy addresses

1.7.36 Released

Submitted by LedgerSMB_Team on

The LedgerSMB development team is happy to announce yet another new
version of its open source ERP and accounting application.
This release contains the following fixes and improvements:

Changelog for 1.7.36

* Fix manual taxes on credit invoices (#5721)
* Improve configuring acceptable reverse proxy addresses

For installation instructions and system requirements, see
https://github.com/ledgersmb/LedgerSMB/blob/1.7.36/README.md

Security advisory for CVE-2021-3882 (non-Secure session cookie)

Submitted by ehu on

  Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

Summary

  LedgerSMB does not set the 'Secure' attribute on the session authorization
  cookie when the client uses HTTPS and the LedgerSMB server is behind a
  reverse proxy.  By tricking a user to use an unencrypted connection (HTTP),
  an attacker may be able to obtain the authentication data by capturing
  network traffic.


Known vulnerable

  All of:

  - 1.8.0 upto 1.8.21 (including)