Security

Which versions do you support?

Submitted by ehu on

Active support

Versions 1.10 and higher are under active development and are supported by the community. Planned end-of-life dates for current releases are:

  • 1.11: Planned End-of-life date: 2025-10-03 (released 2023-10-03)

End of life

If you're looking for help on how to use EOL-ed versions, please try mailing the users mailing list.
If you're looking for someone to create bugfixes, please check with one of the parties providing commercial support or for less urgent fixes LedgerSMB Issues

Version 1.10 has been declared end-of-life on 2024-10-08. The last release in the series is 1.10.38. No futher releases will be made by the community.

Version 1.9 has been declared end-of-life on 2023-09-24. The last release in the series is 1.9.30. No futher releases will be made by the community.

Version 1.8 has been declared end-of-life on 2022-09-04. The last release in the series is 1.8.31. No futher releases will be made by the community.

Version 1.7 has been declared end-of-life on 2022-10-04. The last release in the series is 1.7.41. No further releases will be made by the community.

Version 1.6 has been declared end-of-life on 2021-06-10. The last release in the series is 1.6.33. No further releases will be made by the community.

Version 1.5 has been declared end-of-life on 2019-12-23. The last release in the series is 1.5.30. No further releases will be made by the community.

Version 1.4 has been declared end-fo-life on 2017-09-16. The last release in the series is 1.4.42. No further releases will be made by the community.

Version 1.3 has been declared end-of-life on 2015-12-23. The last release in the series is 1.3.47. No further releases will be made by the community.

LedgerSMB versions 1.0, 1.1 and 1.2 won't be maintained any further due to the fact that there are some known security issues which can't be fixed.

Security: Denial of Service Vulnerability in 1.3.20 and below

Submitted by Chris Travers on

A security oversight has been discovered in LedgerSMB 1.3 which could allow a malicious user to cause a denial of service against LedgerSMB or otherwise affect the way in which certain forms of data would get entered.  In most cases we do not believe this to be particularly severe in the presence of internal process controls.  Users in some jurisdictions however may need to take this more seriously (see full details below).

Basic vulnerability characteristics