Security advisory: SQL Injection in LedgerSMB 1.2.24 and lower
Hi all;
LedgerSMB 1.2.24 released
Hi all;
The LedgerSMB core team has released 1.2.24, which corrects three issues:
LedgerSMB 1.2.23 Release Candidate 1 available
1.2.23 Release Candidate 1 is available on the Sourceforge file release site.
The complete changelog is:
Changelog for 1.2.23
* Fix for sales tax incorrect on sales/purchase order screen
* fix for unreadable characters in HTML templates in some charsets.
* Correcting backup name on backup by email
LedgerSMB 1.2.22 available for Download
June 24, 2010
LedgerSMB 1.2.22 is available for download. This release corrects a few warnings and errors when Perl 5.12 is used, as well as some issues involving migrations between tax systems.
The complete changelog is as follows:
1.2.21 Available for Download
LedgerSMB 1.2.21 has been released. The complete changelog is as follows:
Changelog for 1.2.21
* Corrected a number of templates with HTML issues (Luke)
* AR/AP Aging Report fixed, ignores payment after report date (Chris T)
* Minor documentation updates (Chris T)
* Fixed bug saving SIC (Adam T)
Announcing 1.2.20
LedgerSMB 1.2.20 has been released. You can download it at
https://sourceforge.net/projects/ledger-smb/
This release includes a number of moderate fixes. None of the fixes
are security-critical or critical regarding accounting data.
Changelog is as follows:
Architecture Approach (2010)
1: Base Architecture Goals
The new architecture is designed to solve the following problems with the current codebase:
A) Maintenance difficulty. The current codebase is quite unstructured and difficult to maintain. 1.2.x has already been a bit of a mess due to the issues of fixing something one place and having it break something else.
- Read more about Architecture Approach (2010)
- Log in or register to post comments
Sneak peak at 1.3 features
Since we never put forth a story describing what features and major changes have made it into 1.3 when feature freeze was declared I figured it would be a good idea to describe these here.
- Read more about Sneak peak at 1.3 features
- Log in or register to post comments
Security advisory: Multiple Vulnerabilities
Hi all;
It has been brought to our attention that a number of security vulnerabilities have been noted in SQL-Ledger. Several of these affect earlier versions of LedgerSMB, and three hotfixes have been released for problems that continue to affect the LedgerSMB codebase.
As always, we highly recommend testing all hotfixes before applying them to a production environment.
The CVE's mentioned here are the ones attached to SQL-Ledger. Subtle differences as to how these affect LedgerSMB are noted below.
- Read more about Security advisory: Multiple Vulnerabilities
- Log in or register to post comments
1.3.0 Beta 1 released
After a lot of hard work, LedgerSMB 1.3.0 is ready for beta testing. Please be aware that this is a beta-testing release and there may be unexpected bugs in places. Some things may not work as advertised. It can be downloaded from the sourceforge page (http://www.sourceforge.net/projects/ledger-smb/).