1.9.2 Released

Submitted by LedgerSMB_Team on Tue, 10/12/2021 - 13:53

The LedgerSMB development team is happy to announce yet another new
version of its open source ERP and accounting application.
This release contains the following fixes and improvements:

Changelog for 1.9.2

* Fix sending mail with multiple Bcc addresses (#6087)
* Fix manual taxes on credit invoices (#5721)
* Add missing account configuration on Sales account (#6100)
* Fix Update clobbering invoice header data (e.g. fx rate) (#6114)

1.8.22 Released

Submitted by LedgerSMB_Team on Tue, 10/12/2021 - 13:36

The LedgerSMB development team is happy to announce yet another new
version of its open source ERP and accounting application.
This release contains the following fixes and improvements:

Changelog for 1.8.22

* Fix sending mail with multiple Bcc addresses (#6087)
* Fix manual taxes on credit invoices (#5721)
* Fix 'Secure' flag on session cookie; CVE-2021-3882
* Improve configuring acceptable reverse proxy addresses

1.7.36 Released

Submitted by LedgerSMB_Team on Tue, 10/12/2021 - 12:54

The LedgerSMB development team is happy to announce yet another new
version of its open source ERP and accounting application.
This release contains the following fixes and improvements:

Changelog for 1.7.36

* Fix manual taxes on credit invoices (#5721)
* Improve configuring acceptable reverse proxy addresses

For installation instructions and system requirements, see
https://github.com/ledgersmb/LedgerSMB/blob/1.7.36/README.md

Security advisory for CVE-2021-3882 (non-Secure session cookie)

Submitted by ehu on Tue, 10/12/2021 - 11:41

  Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

Summary

  LedgerSMB does not set the 'Secure' attribute on the session authorization
  cookie when the client uses HTTPS and the LedgerSMB server is behind a
  reverse proxy.  By tricking a user to use an unencrypted connection (HTTP),
  an attacker may be able to obtain the authentication data by capturing
  network traffic.


Known vulnerable

  All of:

  - 1.8.0 upto 1.8.21 (including)


Known fixed

  - 1.8.22

1.9.1 Released

Submitted by LedgerSMB_Team on Fri, 10/01/2021 - 04:39

The LedgerSMB development team is happy to announce yet another new
version of its open source ERP and accounting application. Through
a week of outstanding teamwork, we're able to bring 15 fixes and
small changes (not all fixes for regressions) in this release.
This release contains the following fixes and improvements:

Changelog for 1.9.1

1.9.0 Released

Submitted by LedgerSMB_Team on Fri, 09/24/2021 - 23:55

The LedgerSMB development team is happy to announce the first
release of a new release branch: 1.9.0. This series features
a wide variety of new features, improvements, bug fixes and
cleanup. To name a few:

1.8.21 Released

Submitted by LedgerSMB_Team on Sat, 09/18/2021 - 14:12

The LedgerSMB development team is happy to announce yet another new
version of its open source ERP and accounting application.
This release contains the following fixes and improvements:

Changelog for 1.8.21

* Prevent draft approval by user without permission (#5984)
* Fix UI consistency (missing CSS class) in purchase invoice (#5988)
* Fix performance problem deleting huge draft transactions (#5993)