Can I use IBANs with LedgerSMB?
Yes. IBANs are very long bank account numbers. LedgerSMB has no problems storing, retrieving and using these without any issue.
- Read more about Can I use IBANs with LedgerSMB?
- Log in or register to post comments
1.3
Is LedgerSMB SEPA proof?
Yes. SEPA (Single Euro Payments Area) requires support for very long bank account numbers (IBANs or International Bank Account Numbers). LedgerSMB can store and use these numbers without problems.
- Read more about Is LedgerSMB SEPA proof?
- Log in or register to post comments
How do I restore my data?
Assuming you have followed the How Do I Backup My Data instructions, you can restore your database as follows...
Note LedgerSMB versions prior to version 1.9.16 did not support PostgreSQL 14 or higher due to a backward incompatible change in PostgreSQL 14.
- Read more about How do I restore my data?
- Log in or register to post comments
How do I backup my data?
Log in to the the 'setup.pl' administrative interface, using your ledgersmb database admin user (usually "lsmb_dbadmin" or "postgres"). The default address for setup.pl is http://localhost/ledgersmb/setup.pl.
There are 2 buttons:
- Backup database (parts, customers, accounting records, etc)
- Backup roles (your login accounts and rights)
One creates a backup of the content of your database. The other creates a backup of the roles.
- Read more about How do I backup my data?
- 1 comment
- Log in or register to post comments
COGS assembly fix
All versions from 1.3.0 to 1.11.16 are affected by a bug in Cost of Goods Sold (COGS) accounting for assemblies: Instead of accounting expenses and reducing inventory, negative expenses are posted, putting goods into inventory.
I never used assemblies; am I affected too?
No. Only if you used assemblies in combination with LedgerSMB 1.3.0 through 1.11.15, you're affected.
- Read more about COGS assembly fix
- Log in or register to post comments
cve-2024-23831 (Cross Site Request Forgery)
Privilege escalation through CSRF attack on 'setup.pl'
Summary
When a LedgerSMB database administrator has an active session in /setup.pl,
an attacker can trick the admin into clicking on a link which automatically
submits a request to setup.pl without the admin's consent. This request can
be used to create a new user account with full application (/login.pl)
privileges, leading to privilege escalation.
Known vulnerable
All of:
Security advisory for CVE-2021-3731 (Clickjacking)
Insufficient protection against 'clickjacking'
Summary
LedgerSMB does not sufficiently guard against being wrapped by
other sites, making it vulnerable to 'clickjacking. This allows
an attacker to trick a targetted user to execute unintended actions.
Known vulnerable
All of:
Security advisory for CVE-2021-3694 (Cross site scripting)
Reflected cross-site scripting of authenticated users in LedgerSMB
Summary
LedgerSMB does not sufficiently HTML-encode error messages sent to the browser. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure.
Known vulnerable
All of:
Which versions of Perl does LedgerSMB support?
The table below lists the compatibility of LedgerSMB versions with Perl versions. Products for which support has ceased due to End-of-Life date being reached are not listed and should not be used.
- Read more about Which versions of Perl does LedgerSMB support?
- Log in or register to post comments
1.3.48 Released
The LedgerSMB development team is happy to announce yet another new
version of its open source ERP and accounting application. This release
contains the following fixes and improvements:
- Adding current directory explicitly to include path for Debian (Chris T and Erik H)
Please note that this release quickly follows a security update of the base
Debian Perl package, as the security release broke LedgerSMB's operation,
resulting in HTTP 500 (Internal server error) being thrown on every request.