LedgerSMB 1.2.19 has been released today which includes a number of
important fixes including the security hotfixes available. It also
includes a fix for a (rather rare) sales tax rounding bug where the
tax is sometimes rounded improperly when discounts are applied at the
same time. The complete changelog is:

Changelog for 1.2.19
* Fixed short sales with never-closed books (Chris T)
* Fixed erroneous tax rounding in POS screen (Chris T)
* Fixed XSRF vulnerability that allows changing user's password (Chris T)
* Corrected SQL Injection vulnerability in customer/vendor handling (Chris T)
* Cookie now sets SECURE flag when on HTTPS (Chris T)
* Corrected an issue with URL escaping (M Lubratt)
* Corrected an issue with email id's (Michael Richardson)

Additionally LedgerSMB 1.3.0 beta 2 has been released. A number of
bugs from the previous beta have been fixed including the inability to
set sales taxes per customer or vendor. Those who are beta testing
should install it. Note you will need to reload
sql/modules/Company.sql and sql/modules/Session.sql.

Best Wishes,
Chris Travers