The LedgerSMB development team is happy to announce yet another new
version of its open source ERP and accounting application. This
release contains three fixes for security vulnerabilities. Users are
urged to upgrade as soon as possible. Special thanks go to "ranjit-git",
and sudheendra17, users of the https://huntr.dev/ platform, for disclosing
these issues responsibly to the development team. And to the platform
itself for sponsoring the work of these researchers.
This release contains the following fixes and improvements:
Changelog for 1.7.33
* Check whether HTML comes from a valid source; CVE-2021-3693
* Apply HTML escaping on error messages; CVE-2021-3694 (#5766)
* Prevent the application being wrapped in a frame; CVE-2021-3731
* Align filters between UI and the database on draft transaction search (#5693)
* Correctly present manual tax and invoice total on reversing invoice (#5721)
* Repeatedly saving a draft invoice pops up an SQL error (#5679)
For installation instructions and system requirements, see
https://github.com/ledgersmb/LedgerSMB/blob/1.7.33/README.md
The release can be downloaded from our download site at
https://download.ledgersmb.org/f/Releases/1.7.33
The release can be downloaded from GitHub at
https://github.com/ledgersmb/LedgerSMB/releases/tag/1.7.33
Or pulled from Docker Hub using the command
$ docker pull ledgersmb/ledgersmb:1.7.33
These are the sha256 checksums of the uploaded files:
15dcc79a42fd17f12d01e1cc4b36ddd25e8dbe776ffe1b9867a1ad9e42bfabc0 ledgersmb-1.7.33.tar.gz
73eadc3bf2c2b3d2abeabe52ccc3db03dd5e46599d4a84a3a72ef10105d6ab36 ledgersmb-1.7.33.tar.gz.asc