Assuming you have followed the How Do I Backup My Data instructions, you can restore your database as follows...
Note LedgerSMB versions prior to version 1.9.16 did not support PostgreSQL 14 or higher due to a backward incompatible change in PostgreSQL 14.
Log in to the the 'setup.pl' administrative interface, using your ledgersmb database admin user (usually "lsmb_dbadmin" or "postgres"). The default address for setup.pl is http://localhost/ledgersmb/setup.pl.
There are 2 buttons:
One creates a backup of the content of your database. The other creates a backup of the roles.
There are two steps to upgrading a LedgerSMB 1.4.x - 1.11.x to 1.12:
The last step must be executed for each company database that's set up.
All versions from 1.3.0 to 1.11.16 are affected by a bug in Cost of Goods Sold (COGS) accounting for assemblies: Instead of accounting expenses and reducing inventory, negative expenses are posted, putting goods into inventory.
No. Only if you used assemblies in combination with LedgerSMB 1.3.0 through 1.11.15, you're affected.
When a LedgerSMB database administrator has an active session in /setup.pl,
an attacker can trick the admin into clicking on a link which automatically
submits a request to setup.pl without the admin's consent. This request can
be used to create a new user account with full application (/login.pl)
privileges, leading to privilege escalation.
All of:
There are two steps to upgrading a LedgerSMB 1.4.x - 1.10.x to 1.11:
The last step must be executed for each company database that's set up.
LedgerSMB does not sufficiently guard against being wrapped by
other sites, making it vulnerable to 'clickjacking. This allows
an attacker to trick a targetted user to execute unintended actions.
All of:
LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure.
All of:
- 1.5.0 upto 1.5.30 (including)
- 1.6.0 upto 1.6.33 (including)
- 1.7.0 upto 1.7.32 (including)
- 1.8.0 upto 1.8.17 (including)
LedgerSMB does not sufficiently HTML-encode error messages sent to the browser. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure.
All of:
The LedgerSMB development team is happy to announce yet another new
version of its open source ERP and accounting application.
This release contains the following fixes and improvements:
Changelog for 1.6.33
Erik H is Erik Huelsmann
For installation instructions and system requirements, see
https://github.com/ledgersmb/LedgerSMB/blob/1.6.33/README.md