The LedgerSMB development team is happy to announce yet another new
version of its open source ERP and accounting application.
This release contains the fix for security vulnerability CVE-2024-23831
which allows an attacker to create a user by tricking a setup.pl admin
into clicking on a specifically crafted link. See more about this CVE
on https://ledgersmb.org/cve-2024-23831-setup-csrf.
Changelog for 1.10.31
* Fix GL transaction entry regressed from 1.10.29 (#7984)
Changelog for 1.10.30
* Add missing batch and entity sequences to the Defaults screen (#7965)
* Stop warning during startup without configuration file (#7928)
* CVE-2024-23831: CSRF attack on 'setup.pl'
For installation instructions and system requirements, see
https://github.com/ledgersmb/LedgerSMB/blob/1.10.31/README.md
The release can be downloaded from our download site at
https://download.ledgersmb.org/f/Releases/1.10.31
The release can be downloaded from GitHub at
https://github.com/ledgersmb/LedgerSMB/releases/tag/1.10.31
Docker images have been published for ARMv7 (32-bit),
ARM64 (also known as ARMv8, e.g. RPi 3+) and AMD64.
These can be pulled from the GitHub Container Registry
$ docker pull ghcr.io/ledgersmb/ledgersmb:1.10.31
Or pulled from Docker Hub using the command
$ docker pull ledgersmb/ledgersmb:1.10.31
These are the sha256 checksums of the uploaded files:
15920bbe05a6e37ee9f4d7fe408adb587a20ae0e8c052f20df1e2909b4c7bc51 ledgersmb-1.10.31.tar.gz
e03aeecd9087bbc25673bd13ec78962509f3b265886bb0a44949bde311cb06bc ledgersmb-1.10.31.tar.gz.asc