1.7

How do I backup my data?

Submitted by Anonymous (not verified) on

Log in to the the 'setup.pl' administrative interface, using your ledgersmb database admin user (usually "lsmb_dbadmin" or "postgres"). The default address for setup.pl is http://localhost/ledgersmb/setup.pl.

There are 2 buttons:

  • Backup database (parts, customers, accounting records, etc)
  • Backup roles (your login accounts and rights)

One creates a backup of the content of your database. The other creates a backup of the roles.

cve-2024-23831 (Cross Site Request Forgery)

Submitted by ehu on

Privilege escalation through CSRF attack on 'setup.pl'

Summary

When a LedgerSMB database administrator has an active session in /setup.pl,
an attacker can trick the admin into clicking on a link which automatically
submits a request to setup.pl without the admin's consent.  This request can
be used to create a new user account with full application (/login.pl)
privileges, leading to privilege escalation.


Known vulnerable

All of:

1.7.40 Released

Submitted by LedgerSMB_Team on

The LedgerSMB development team is excited to announce yet another
new version of its open source ERP and accounting application.
This release contains the following fixes and improvements:

Changelog for 1.7.40

* Fix invoices randomly being incorrectly voided (#2321)
* Reduce memory consumption rendering XLSX output (#6483)

Please note that this release fixes bug #2321 which the project
team was never able to reproduce, but has been reported by
different users many times over the past years.

1.7.39 Released

Submitted by LedgerSMB_Team on

The LedgerSMB development team is happy to announce yet another new
version of its open source ERP and accounting application.
This release contains the following fixes and improvements:

Changelog for 1.7.39

* Fix tax form details reports throwing an error (#6458)
* Support PostgreSQL 14 (#6500)
* Allow deletion of transactions with shipto address (#6509)

1.7.38 Released

Submitted by LedgerSMB_Team on

The LedgerSMB development team is happy to announce yet another new
version of its open source ERP and accounting application.
This release contains the following fixes and improvements:

Changelog for 1.7.38

* Fix batch details printing throwing a PSGI error (#6325)
* Fix saving of AR/AP vouchers throwing errors (#6327)
* Fix account initialization in tax calculation module (#6335)

1.7.37 Released

Submitted by LedgerSMB_Team on

The LedgerSMB development team is happy to announce yet another new
version of its open source ERP and accounting application.
This release contains the following fixes and improvements:

1.7.36 Released

Submitted by LedgerSMB_Team on

The LedgerSMB development team is happy to announce yet another new
version of its open source ERP and accounting application.
This release contains the following fixes and improvements:

Changelog for 1.7.36

* Fix manual taxes on credit invoices (#5721)
* Improve configuring acceptable reverse proxy addresses

For installation instructions and system requirements, see
https://github.com/ledgersmb/LedgerSMB/blob/1.7.36/README.md