Security

Which versions do you support?

Submitted by ehu on Sun, 12/30/2012 - 03:17

Active support

Versions 1.5 and higher are under active development and are supported by the community.

End of life

If you're looking for help on how to use EOL-ed versions, please try mailing the users mailing list.
If you're looking for someone to create bugfixes, please check with one of the parties providing commercial support or for less urgent fixes LedgerSMB Issues

Version 1.4 has been declared end-fo-life on 2017-09-16. The last release in the series is 1.4.42. No further releases will be made by the community.

Version 1.3 has been declared end-of-life on 2015-12-23. The last release in the series is 1.3.47. No further releases will be made by the community.

LedgerSMB versions 1.0, 1.1 and 1.2 won't be maintained any further due to the fact that there are some known security issues which can't be fixed.

Security: Denial of Service Vulnerability in 1.3.20 and below

Submitted by Chris Travers on Mon, 07/30/2012 - 00:08

A security oversight has been discovered in LedgerSMB 1.3 which could
allow a malicious user to cause a denial of service against LedgerSMB
or otherwise affect the way in which certain forms of data would get
entered. In most cases we do not believe this to be particularly
severe in the absence of poor internal process controls. Users in
some jurisdictions however may need to take this more seriously (see
full details below).

Basic details: