1.5

How do I restore my data?

Submitted by ehu on Mon, 05/13/2013 - 13:04

Assuming you have followed the How Do I Backup My Data instructions, you can restore your database as follows...

1) Restore the roles

$ psql -h [database host] -U [database admin user] < [roles backup file]

For example:

$ psql -h localhost -U lsmb_dbadmin < lsmb-roles.sqlc

2) Create a new database to restore into

$ psql -h [database host] -U [database admin user] -c 'CREATE DATABASE [new company name]'

For example:

How do I backup my data?

Submitted by Anonymous (not verified) on Tue, 11/29/2011 - 19:44

Log in to the the 'setup.pl' administrative interface, using your ledgersmb database admin user (usually "lsmb_dbadmin" or "postgres"). The default address for setup.pl is http://localhost/ledgersmb/setup.pl.

There are 2 buttons:

  • Backup database (parts, customers, accounting records, etc)
  • Backup roles (your login accounts and rights)

One creates a backup of the content of your database. The other creates a backup of the roles.

Security advisory for CVE-2021-3693 (Cross site scripting)

Submitted by ehu on Fri, 08/20/2021 - 03:14

DOM cross-site scripting of authenticated users in LedgerSMB

Summary

LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM.  By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure.


Known vulnerable

  All of:

  - 1.5.0 upto 1.5.30 (including)
  - 1.6.0 upto 1.6.33 (including)
  - 1.7.0 upto 1.7.32 (including)
  - 1.8.0 upto 1.8.17 (including)


Known fixed

  - 1.7.33
  - 1.8.18

Security advisory for CVE-2021-3694 (Cross site scripting)

Submitted by ehu on Fri, 08/20/2021 - 03:13

Reflected cross-site scripting of authenticated users in LedgerSMB

Summary

LedgerSMB does not sufficiently HTML-encode error messages sent to the browser.  By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure.

Known vulnerable

  All of:

Does LedgerSMB support "sub-accounts"?

Submitted by ehu on Thu, 07/30/2020 - 09:50

Yes. LedgerSMB has a mechanism called "Account headings". The headings are the opposite of what Intuit explains about Quickbooks for their subaccount support: Quickbooks splits an account into multiple and aggregates those new accounts into the old one for reporting. To achieve the same in LedgerSMB, you create multiple accounts and one or more headings. LedgerSMB then aggregates the totals of the accounts per heading. The system used by LedgerSMB closely resembles what MYOB describes about their accounts and headers.

Upgrade to LedgerSMB 1.8

Submitted by ehu on Mon, 07/27/2020 - 23:11

Overview

Company database upgrades are supported all the way back from 1.4 directly to 1.8, using the 1.8 software. Company database upgrades from 1.3 and 1.2 are also supported, but due to the different nature of the upgrade process are called "migrations". The important difference being that when doing a migration, a copy of the data is being created in the 1.8 structure, while upgrades adjust the existing structure for 1.8.

1.5.30 Released

Submitted by LedgerSMB_Team on Fri, 11/29/2019 - 02:26

The LedgerSMB development team is happy to announce yet another new
version of its open source ERP and accounting application.
This release contains the following fixes and improvements:

Changelog for 1.5.30

* Include first transsaction on account in reconciliation report (Erik H)
* Fix COGS error when posting AP invoice reversal (Erik H)
* Fix error in reconciliation in case no prior balance exists (Erik H)
* Fix write access error thrown on fixed assets disposal (Erik H)
* Correctly calculate tax basis amount even for 0% taxes (Erik H)

Subscribe to 1.5