1.10

cve-2024-23831 (Cross Site Request Forgery)

Submitted by ehu on

Privilege escalation through CSRF attack on 'setup.pl'

Summary

When a LedgerSMB database administrator has an active session in /setup.pl,
an attacker can trick the admin into clicking on a link which automatically
submits a request to setup.pl without the admin's consent.  This request can
be used to create a new user account with full application (/login.pl)
privileges, leading to privilege escalation.


Known vulnerable

All of:

1.10.29 Released

Submitted by LedgerSMB_Team on

The LedgerSMB development team is happy to announce yet another new
version of its open source ERP and accounting application.
This release contains the following fixes and improvements:

Changelog for 1.10.29

* Fix formatting of amounts in AR/AP search results (#7896)
* Explicitly set foreground color on dark backgrounds in blue theme (#7875)

For installation instructions and system requirements, see
https://github.com/ledgersmb/LedgerSMB/blob/1.10.29/README.md

1.10.28 Released

Submitted by LedgerSMB_Team on

The LedgerSMB development team is happy to announce yet another new
version of its open source ERP and accounting application.
This release contains the following fixes and improvements:

Changelog for 1.10.28

* Retain partsgroup selection on Update in parts screen (#7848)
* Fix missing columns on trial balance 'Ending' report type (#7870)

For installation instructions and system requirements, see
https://github.com/ledgersmb/LedgerSMB/blob/1.10.28/README.md

1.10.27 Released

Submitted by LedgerSMB_Team on

The LedgerSMB development team is happy to announce yet another new
version of its open source ERP and accounting application.
This release contains the following fixes and improvements:

Changelog for 1.10.27

* Fix 'delete' link shown in CoA screen on accounts used with parts (#7812)
* Fix deletion of parts (#7811)

For installation instructions and system requirements, see
https://github.com/ledgersmb/LedgerSMB/blob/1.10.27/README.md

1.10.26 Released

Submitted by LedgerSMB_Team on

The LedgerSMB development team is happy to announce yet another new
version of its open source ERP and accounting application.
This release contains the following fixes and improvements:

Changelog for 1.10.26

* Load paper size from database settings, if set (#7738)
* Fix CoA and Trial Balance PDF reports missing data in some columns (#7739)
* Fix check printing when paying a subset of the available invoices (#7761)

1.10.25 Released

Submitted by LedgerSMB_Team on

The LedgerSMB development team is happy to announce yet another new
version of its open source ERP and accounting application, with
special thanks to GitHub.com user Peter John Acklam (@pjacklam) for
his prompt responses and fixes on the various Math::BigFloat issues
that popped up recently.
This release contains the following fixes and improvements:

Changelog for 1.10.25

* Minimum PGObject::Type::BigFloat version to resolve Math::BigFloat issue (#7704)

1.10.24 Released

Submitted by LedgerSMB_Team on

The LedgerSMB development team is happy to announce yet another new
version of its open source ERP and accounting application.
This release contains the following fixes and improvements:

Changelog for 1.10.24

* Specify Locale::CLDR minimum version to fix numbers shown as 'HASH()' (#7671)

For installation instructions and system requirements, see
https://github.com/ledgersmb/LedgerSMB/blob/1.10.24/README.md

1.10.23 Released

Submitted by LedgerSMB_Team on

The LedgerSMB development team is happy to announce yet another new
version of its open source ERP and accounting application.
This release contains the following fixes and improvements:

Changelog for 1.10.23

* Further Math::BigFloat fixes (combined with Locale::CLDR) (#7647)
* Order/Quote can't be deleted due to unconfirmed prior deletion (#7655)

For installation instructions and system requirements, see
https://github.com/ledgersmb/LedgerSMB/blob/1.10.23/README.md

1.10.22 Released

Submitted by LedgerSMB_Team on

The LedgerSMB development team is happy to announce yet another new
version of its open source ERP and accounting application.
This release contains the following fixes and improvements:

Changelog for 1.10.22

* Fix Math::BigFloat 1.999831 compatibility, included in Perl 5.36+ (#7635)

For installation instructions and system requirements, see
https://github.com/ledgersmb/LedgerSMB/blob/1.10.22/README.md