LedgerSMB 1.3.0-1.3.27 security advisories

The following is a security advisory for LedgerSMB 1.3.x. It includes information on vulnerable versions, and how to mitigate problems. While the security issues discovered here are minor in most cases, they can have significant impacts for some users in some environments.

LedgerSMB 1.3.27 released, migration enhancements

LedgerSMB 1.3.27 has been released. This version includes a number of enhancements to the migration process, creating new user accounts for 1.2 users (passwords must still be set by an administrator), and a number of minor bug fixes that will improve the user experience. While this is not a drastic improvement on previous versions it is an incremental one.

Get the new version from http://ledgersmb.org/download

Mailing Lists - RSS and NNTP Feeds

The best way to get (free) help is to join one of the LedgerSMB mailing lists:

LedgerSMB 1.3.26 released

LedgerSMB 1.3.26 has been released with minor usability enhancements for the database update routines and a number of minor bugfixes. While this release does not have a massive number of fixes of general applicability it does contain a number of fixes that people in specific environments may find helpful.

The major fixes involve the handling of the fs_cssdir configuration setting which was causing problems when trying to edit the stylesheet, and fixes for including parts images in pdf invoices. See the changelog below for a complete list of fixes and enhancements.

LedgerSMB 1.4 in beta testing period

I am very pleased to announce that LedgerSMB 1.4 has entered the beta testing period. While we expect to be continuing to move reports over to the new framework in this period, the codebase and database should be fairly stable at this point. If all goes well, within a few months, 1.4.0 will be released as a production-ready platform.

LedgerSMB 1.3.25 released

The LedgerSMB team is pleased to announce the release of LedgerSMB 1.3.25. With this release we mostly have focused on cosmetic changes for the software, thus reducing the sorts of user interface issues that are likely to cause minor headaches for users of the software.

There are, however, three significant issues that have been corrected in this release which make an upgrade recommended for everyone:

1: In previous versions, term of payment on sales orders and purchase orders were not properly respected.

LedgerSMB 1.3.24 released, FCGI and PSGI support

The LedgerSMB development team is proud to release 1.3.24. This release contains a fairly large number of polishing bug-fixes, but also important Plack-related fixes for folks wanting to use LedgerSMB in FCGI and PSGI environments. These fixes ensure that LedgerSMB can be run caching some of the dependencies and thus will be far more responsive than when run as a simple CGI application.

Run SQL scripts


psql [database name]then
 \i /usr/share/ledgersmb/sql/upgrade/1.3-1.2.sqlor
psql [dbname] < /usr/share/ledgersmb/sql/upgrade/1.3-1.2.sql

Select the database version

SELECT * FROM defaults WHERE setting_key = 'version';

Select the default settings

The Defaults settings ( System/Defaults)
select * from defaults order by setting_key;

Pages

Subscribe to LedgerSMB RSS