1.11

1.11.12 Released

Submitted by LedgerSMB_Team on

The LedgerSMB development team is happy to announce yet another new
version of its open source ERP and accounting application.
This release contains the following fixes and improvements:

Changelog for 1.11.12

* Fix download of attachments to reconciliations (#8088)
* Fix e-mailing of AR aging statements (#8111)

For installation instructions and system requirements, see
https://github.com/ledgersmb/LedgerSMB/blob/1.11.12/README.md

1.11.11 Released

Submitted by LedgerSMB_Team on

The LedgerSMB development team is happy to announce yet another new
version of its open source ERP and accounting application.
This release contains the following fixes and improvements:

Changelog for 1.11.11

1.11.10 Released

Submitted by LedgerSMB_Team on

The LedgerSMB development team is happy to announce yet another new
version of its open source ERP and accounting application.
This release contains the following fixes and improvements:

Changelog for 1.11.10

* Fix upgrades from older Pg versions with the 'cash_impact' view (#7987)
* Fix missing locale parameter creating GL Search report (#7997)
* Fix setup.pl CSRF regressions (#8007, #8000)
* Fix date filters on Cash > Receipt/Payment (#8015)

1.11.9 Released

Submitted by LedgerSMB_Team on

The LedgerSMB development team is happy to announce yet another new
version of its open source ERP and accounting application.
This release contains the fix for CVE-2024-23831, a CSRF attack on
setup.pl.

Changelog for 1.11.9

* Add missing batch and entity sequences to the Defaults screen (#7965)
* Stop warning during startup without configuration file (#7928)
* CVE-2024-23831: CSRF attack on 'setup.pl'

cve-2024-23831 (Cross Site Request Forgery)

Submitted by ehu on

Privilege escalation through CSRF attack on 'setup.pl'

Summary

When a LedgerSMB database administrator has an active session in /setup.pl,
an attacker can trick the admin into clicking on a link which automatically
submits a request to setup.pl without the admin's consent.  This request can
be used to create a new user account with full application (/login.pl)
privileges, leading to privilege escalation.


Known vulnerable

All of:

1.11.8 Released

Submitted by LedgerSMB_Team on

The LedgerSMB development team is happy to announce yet another new
version of its open source ERP and accounting application.
This release contains the following fixes and improvements:

Changelog for 1.11.8

1.11.7 Released

Submitted by LedgerSMB_Team on

The LedgerSMB development team is happy to announce yet another new
version of its open source ERP and accounting application.
This release contains the following fixes and improvements:

Changelog for 1.11.7

* Fix creating an invoice from an order (#7855)
* Retain partsgroup selection on Update in parts screen (#7848)
* Fix missing columns on trial balance 'Ending' report type (#7870)

1.11.6 Released

Submitted by LedgerSMB_Team on

The LedgerSMB development team is happy to announce yet another new
version of its open source ERP and accounting application.
This release contains the following fixes and improvements:

Changelog for 1.11.6

* Fix 'Current earnings' not showing in the balance sheet report (#7785)
* Fix saving headings of headings (#7802)
* Fix saving unused accounts configured for reconciliation (#7805)
* Fix 'delete' link shown in CoA screen on accounts used with parts (#7812)
* Fix deletion of parts (#7811)

1.11.5 Released

Submitted by LedgerSMB_Team on

The LedgerSMB development team is happy to announce yet another new
version of its open source ERP and accounting application.
This release contains the following fixes and improvements:

Changelog for 1.11.5

1.11.4 Released

Submitted by LedgerSMB_Team on

The LedgerSMB development team is happy to announce yet another new
version of its open source ERP and accounting application.
This release contains the following fixes and improvements:

Changelog for 1.11.4

* Show database and user name in setup.pl consistency result screen (#7714)
* Fix AR/AP transaction Reverse button (#7719, #7717)
* Fix invoices created from API to be in SAVED state (#7733)
* Fix 'New Window' menu item throwing an error (#7735)
* Fix Parts > Group > Add throwing 'Group missing!' (#7737)