1.4.39 Released

Submitted by ehu on
Security release
Release candidate

The LedgerSMB development team is happy to announce yet another new
version of its open source ERP and accounting application. This release
contains a fix for the change in Perl 5.24 which no longer includes '.'
in @INC. Some distributions have backported this change to earlier Perl
versions (as it is security fix CVE-2016-1238). LedgerSMB now both works
correctly without '.' on @INC and actively removes '.' from @INC on any
Perl version, effectively backporting this security fix.

Changelog for 1.4.39

  • Fixed searching for approved batches (Chris T, #2592)
  • Don't cache per-company (from database) templates (Erik H, #2573)
  • Don't block database administrator access to Contacts (Erik H)
  • Compensate for the removal of '.' from @INC on newer Perl versions (Erik H)
  • Fix payments sometimes double-counted in Cash>Reports>Receipts (Erik H, #2618)
  • Remove reference to removed JS files, silencing logs (Chris T)
  • Fix bug reading templates directory (only seen on CentOS) (Chris T)
  • Fix attachments showing up twice after 1.3->1.4 migration (Erik H, #2659)

Chris T is Chris Travers
Erik H is Erik Huelsmann

The release can be downloaded from sourceforge at

These are the sha256 checksums of the uploaded files:
230d113bd94284b75ff025dfdb409a6a2eadcec7849d20ab3eda002b1e78cfe1 ledgersmb-1.4.39.tar.gz
51af2d6d9d7eaa44e284d9dede22f6dca09257006492d645fcbd8e649558ed1d ledgersmb-1.4.39.tar.gz.asc