Security advisory: SQL Injection in LedgerSMB 1.2.24 and lower
Hi all;
News
LedgerSMB 1.2.24 released
Hi all;
The LedgerSMB core team has released 1.2.24, which corrects three issues:
LedgerSMB 1.2.23 Release Candidate 1 available
1.2.23 Release Candidate 1 is available on the Sourceforge file release site.
The complete changelog is:
Changelog for 1.2.23
* Fix for sales tax incorrect on sales/purchase order screen
* fix for unreadable characters in HTML templates in some charsets.
* Correcting backup name on backup by email
LedgerSMB 1.2.22 available for Download
June 24, 2010
LedgerSMB 1.2.22 is available for download. This release corrects a few warnings and errors when Perl 5.12 is used, as well as some issues involving migrations between tax systems.
The complete changelog is as follows:
1.2.21 Available for Download
LedgerSMB 1.2.21 has been released. The complete changelog is as follows:
Changelog for 1.2.21
* Corrected a number of templates with HTML issues (Luke)
* AR/AP Aging Report fixed, ignores payment after report date (Chris T)
* Minor documentation updates (Chris T)
* Fixed bug saving SIC (Adam T)
Announcing 1.2.20
LedgerSMB 1.2.20 has been released. You can download it at
https://sourceforge.net/projects/ledger-smb/
This release includes a number of moderate fixes. None of the fixes
are security-critical or critical regarding accounting data.
Changelog is as follows:
Security advisory: Multiple Vulnerabilities
Hi all;
It has been brought to our attention that a number of security vulnerabilities have been noted in SQL-Ledger. Several of these affect earlier versions of LedgerSMB, and three hotfixes have been released for problems that continue to affect the LedgerSMB codebase.
As always, we highly recommend testing all hotfixes before applying them to a production environment.
The CVE's mentioned here are the ones attached to SQL-Ledger. Subtle differences as to how these affect LedgerSMB are noted below.
- Read more about Security advisory: Multiple Vulnerabilities
- Log in or register to post comments
1.3.0 Beta 1 released
After a lot of hard work, LedgerSMB 1.3.0 is ready for beta testing. Please be aware that this is a beta-testing release and there may be unexpected bugs in places. Some things may not work as advertised. It can be downloaded from the sourceforge page (http://www.sourceforge.net/projects/ledger-smb/).
1.2.16 Released
The LedgerSMB Core Team is proud to announce the release of version 1.2.16, which corrects one issue with price matrix error handling introduced in 1.2.15 and also issues with running LedgerSMB on Perl 5.10.0. It is recommended that all users upgrade, but those using versions before 1.2.15 along with price matrix logic should put the application through some light testing before putting it into production.
The complete changelog is:
Changelog for 1.2.16
1.2.15 Released
The LedgerSMB Team is proud to release version 1.2.15. This version
corrects a number of important bugs including two critical security
issues. We will be releasing a separate security advisory within a
week.
Additionally, several broken areas of the pricematrix logic were
corrected. Businesses using this portion of the software should spot
check results before putting this release into production.
The complete changelog is: