1.11.9 Released
The LedgerSMB development team is happy to announce yet another new
version of its open source ERP and accounting application.
This release contains the fix for CVE-2024-23831, a CSRF attack on
setup.pl.
Changelog for 1.11.9
News
1.10.31 Released
The LedgerSMB development team is happy to announce yet another new
version of its open source ERP and accounting application.
This release contains the fix for security vulnerability CVE-2024-23831
which allows an attacker to create a user by tricking a setup.pl admin
into clicking on a specifically crafted link. See more about this CVE
on https://ledgersmb.org/cve-2024-23831-setup-csrf.
Changelog for 1.10.31
cve-2024-23831 (Cross Site Request Forgery)
Privilege escalation through CSRF attack on 'setup.pl'
Summary
When a LedgerSMB database administrator has an active session in /setup.pl,
an attacker can trick the admin into clicking on a link which automatically
submits a request to setup.pl without the admin's consent. This request can
be used to create a new user account with full application (/login.pl)
privileges, leading to privilege escalation.
Known vulnerable
All of:
1.11.8 Released
The LedgerSMB development team is happy to announce yet another new
version of its open source ERP and accounting application.
This release contains the following fixes and improvements:
Changelog for 1.11.8
1.10.29 Released
The LedgerSMB development team is happy to announce yet another new
version of its open source ERP and accounting application.
This release contains the following fixes and improvements:
Changelog for 1.10.29
- Fix formatting of amounts in AR/AP search results (#7896)
- Explicitly set foreground color on dark backgrounds in blue theme (#7875)
For installation instructions and system requirements, see
https://github.com/ledgersmb/LedgerSMB/blob/1.10.29/README.md
1.11.7 Released
The LedgerSMB development team is happy to announce yet another new
version of its open source ERP and accounting application.
This release contains the following fixes and improvements:
Changelog for 1.11.7
1.10.28 Released
The LedgerSMB development team is happy to announce yet another new
version of its open source ERP and accounting application.
This release contains the following fixes and improvements:
Changelog for 1.10.28
- Retain partsgroup selection on Update in parts screen (#7848)
- Fix missing columns on trial balance 'Ending' report type (#7870)
For installation instructions and system requirements, see
https://github.com/ledgersmb/LedgerSMB/blob/1.10.28/README.md
1.11.6 Released
The LedgerSMB development team is happy to announce yet another new
version of its open source ERP and accounting application.
This release contains the following fixes and improvements:
Changelog for 1.11.6
1.10.27 Released
The LedgerSMB development team is happy to announce yet another new
version of its open source ERP and accounting application.
This release contains the following fixes and improvements:
Changelog for 1.10.27
- Fix 'delete' link shown in CoA screen on accounts used with parts (#7812)
- Fix deletion of parts (#7811)
For installation instructions and system requirements, see
https://github.com/ledgersmb/LedgerSMB/blob/1.10.27/README.md
1.11.5 Released
The LedgerSMB development team is happy to announce yet another new
version of its open source ERP and accounting application.
This release contains the following fixes and improvements:
Changelog for 1.11.5