1.8.24 Released
The LedgerSMB development team is happy to announce yet another new
version of its open source ERP and accounting application.
This release contains the following fixes and improvements:
The LedgerSMB development team is happy to announce yet another new
version of its open source ERP and accounting application.
This release contains the following fixes and improvements:
The LedgerSMB development team is happy to announce yet another new
version of its open source ERP and accounting application.
This release contains the following fixes and improvements:
Changelog for 1.8.23
* Use a temp table to prevent bulk payments trampling on each other
* Fix sorting on fixed asset searches (#6151)
For installation instructions and system requirements, see
https://github.com/ledgersmb/LedgerSMB/blob/1.8.23/README.md
The LedgerSMB development team is happy to announce yet another new
version of its open source ERP and accounting application.
This release contains the following fixes and improvements:
Changelog for 1.8.22
* Fix sending mail with multiple Bcc addresses (#6087)
* Fix manual taxes on credit invoices (#5721)
* Fix 'Secure' flag on session cookie; CVE-2021-3882
* Improve configuring acceptable reverse proxy addresses
LedgerSMB does not set the 'Secure' attribute on the session authorization
cookie when the client uses HTTPS and the LedgerSMB server is behind a
reverse proxy. By tricking a user to use an unencrypted connection (HTTP),
an attacker may be able to obtain the authentication data by capturing
network traffic.
All of:
- 1.8.0 upto 1.8.21 (including)
The LedgerSMB development team is happy to announce yet another new
version of its open source ERP and accounting application.
This release contains the following fixes and improvements:
Changelog for 1.8.21
* Prevent draft approval by user without permission (#5984)
* Fix UI consistency (missing CSS class) in purchase invoice (#5988)
* Fix performance problem deleting huge draft transactions (#5993)
The LedgerSMB development team is happy to announce yet another new
version of its open source ERP and accounting application.
This release contains the following fixes and improvements:
Changelog for 1.8.20
* Fix for chart of accounts headings import from CSV (#5987)
* Correctly set the payment account in invoices and transactions (#5801)
* Fix regression in CVE-2021-3693 failing to show errors as popups (#5921)
* Fix regression in CVE-2021-3693 with broken downloads of backups (#5931)
Unfortunately, the fixes for the security vulnerabilities
released on Monday August 23 regressed some functionalities.
This release fixes those regressions:
Changelog for 1.8.19
* Follow-up for the fix to CVE-2021-3693; fix bulk-posting payments
* Follow-up for the fix to CVE-2021-3693; fix incorrectly backported change
For installation instructions and system requirements, see
https://github.com/ledgersmb/LedgerSMB/blob/1.8.19/README.md
The LedgerSMB development team is happy to announce yet another new
version of its open source ERP and accounting application. This
release contains three fixes for security vulnerabilities. Users are
urged to upgrade as soon as possible. Special thanks go to "ranjit-git",
and sudheendra17, users of the https://huntr.dev/ platform, for disclosing
these issues responsibly to the development team. And to the platform
itself for sponsoring the work of these researchers.
This release contains the following fixes and improvements:
There are two steps to upgrading a LedgerSMB 1.8.x installation to 1.8.y (x smaller than y):
The second step has to be executed for each company database that's set up.
The steps to upgrade the software differ between Docker or tarball (from source) installations.
In case the installation was created using the docker-compose infrastructure provided by the project, the upgrade should be as simple as running
LedgerSMB does not sufficiently guard against being wrapped by
other sites, making it vulnerable to 'clickjacking. This allows
an attacker to trick a targetted user to execute unintended actions.
All of: