1.9

COGS assembly fix

Submitted by ehu on

All versions from 1.3.0 to 1.11.16 are affected by a bug in Cost of Goods Sold (COGS) accounting for assemblies: Instead of accounting expenses and reducing inventory, negative expenses are posted, putting goods into inventory.

I never used assemblies; am I affected too?

No. Only if you used assemblies in combination with LedgerSMB 1.3.0 through 1.11.15, you're affected.

cve-2024-23831 (Cross Site Request Forgery)

Submitted by ehu on

Privilege escalation through CSRF attack on 'setup.pl'

Summary

When a LedgerSMB database administrator has an active session in /setup.pl,
an attacker can trick the admin into clicking on a link which automatically
submits a request to setup.pl without the admin's consent.  This request can
be used to create a new user account with full application (/login.pl)
privileges, leading to privilege escalation.


Known vulnerable

All of:

1.9.30 Released

Submitted by LedgerSMB_Team on

The LedgerSMB development team is happy to announce yet another new
version of its open source ERP and accounting application.
This release contains the following fixes and improvements:

Changelog for 1.9.30

* Fix check for missing GIFI on SQL-Ledger migration (#7501)
* Fix CSV import failure on non-ascii, but valid UTF-8, character (#7512)
* Fix transaction date on year-end reversal (#7540)
* Save 'Ship To' selection on invoices (#7546)
* Fix 'Microfiche' appearing empty on Goods search (#7559)

1.9.29 Released

Submitted by LedgerSMB_Team on

The LedgerSMB development team is happy to announce yet another new
version of its open source ERP and accounting application.
This release contains the following fixes and improvements:

Changelog for 1.9.29

* Fix regression since 1.9.27 upgrading old companies while renaming setting
* Fix selection of default AR/AP accounts while importing databases (#7419)

1.9.28 Released

Submitted by LedgerSMB_Team on

The LedgerSMB development team is happy to announce yet another new
version of its open source ERP and accounting application.
This release contains the following fixes and improvements:

Changelog for 1.9.28

* Fix deletion of parts groups (#7363)
* Align invoice/order entry between databases with and without parts (#7374)

For installation instructions and system requirements, see
https://github.com/ledgersmb/LedgerSMB/blob/1.9.28/README.md

1.9.27 Released

Submitted by LedgerSMB_Team on

The LedgerSMB development team is happy to announce yet another new
version of its open source ERP and accounting application.
This release contains the following fixes and improvements:

Changelog for 1.9.27

* Hide CSS files from the theme drop-down which render the app unusable (#7326)
* Improve HTML compliance by moving INPUT tags around inside TABLE tags (#7323)
* Fix addition of second and further make/model rows in parts (#7346)
* Fix typo in setting name (#7337)

1.9.26 Released

Submitted by LedgerSMB_Team on

The LedgerSMB development team is happy to announce yet another new
version of its open source ERP and accounting application.
This release contains the following fixes and improvements:

Changelog for 1.9.26

* Fix failure to save GL template transactions due to number formatting (#7302)
* Fix JOIN in 'all_managers' stored procedure (#7201)

For installation instructions and system requirements, see
https://github.com/ledgersmb/LedgerSMB/blob/1.9.26/README.md