July 2024 - devel - lists.freelock.com

Adding to OpenBSD. Is this a good time now?
by chris＠bennettconstruction.us 19 Nov '24

19 Nov '24

A lot of Perl modules need to be imported into OpenBSD in order for it to be installable. I plan on asking for help to do this from OpenBSD users. It seems like LedgerSMB would now be a good import with all of the development of testing, etc. Are there any big changes on the immediate horizon for 1.5? I'm not running LedgerSMB because of the work that needs to be done first. As a side note, I am working on getting the forums back up, but $$ are a bit of a problem right now. Trying to find a baremetal server outside of the USA that I can afford hasn't been successful so far. I found one, but they charge $30 for remote access for 24 hours. I can't afford $90 a month, which is most of what I am finding. Thanks, Chris Bennett

3 2

Bug#1062845: ledgersmb: CVE-2024-23831
by Salvatore Bonaccorso 25 Jul '24

25 Jul '24

Source: ledgersmb Version: 1.6.33+ds-2.1 Severity: important Tags: security upstream X-Debbugs-Cc: carnil(a)debian.org, Debian Security Team <team(a)security.debian.org> Control: found -1 1.6.9+ds-2+deb11u3 Hi, The following vulnerability was published for ledgersmb. CVE-2024-23831[0]: | LedgerSMB is a free web-based double-entry accounting system. When a | LedgerSMB database administrator has an active session in /setup.pl, | an attacker can trick the admin into clicking on a link which | automatically submits a request to setup.pl without the admin's | consent. This request can be used to create a new user account with | full application (/login.pl) privileges, leading to privilege | escalation. The vulnerability is patched in versions 1.10.30 and | 1.11.9. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-23831 https://www.cve.org/CVERecord?id=CVE-2024-23831 [1] https://github.com/ledgersmb/LedgerSMB/security/advisories/GHSA-98ff-f638-q… [2] https://github.com/ledgersmb/LedgerSMB/commit/8c2ae5be68a782d62cb9c0e17c012… Regards, Salvatore

2 1

LedgerSMB 1.9.28 released
by Erik Huelsmann 09 Jul '24

09 Jul '24

The LedgerSMB development team is happy to announce yet another new version of its open source ERP and accounting application. This release contains the following fixes and improvements: Changelog for 1.9.28 * Fix deletion of parts groups (#7363) * Align invoice/order entry between databases with and without parts (#7374) For installation instructions and system requirements, see https://github.com/ledgersmb/LedgerSMB/blob/1.9.28/README.md The release can be downloaded from our download site at https://download.ledgersmb.org/f/Releases/1.9.28 The release can be downloaded from GitHub at https://github.com/ledgersmb/LedgerSMB/releases/tag/1.9.28 Or pulled from the GitHub Container Registry $ docker pull ghcr.io/ledgersmb/ledgersmb:1.9.28 Or pulled from Docker Hub using the command $ docker pull ledgersmb/ledgersmb:1.9.28 These are the sha256 checksums of the uploaded files: 4b2c0c53de2d80f5fc5ec3f8ee3bea61e5624684ebb1c2d55b2c2472c904a5b4 ledgersmb-1.9.28.tar.gz ccad27a8f22c25bbea0c5fdef564df325e9c202bd95af5713c4f8c14038b0f49 ledgersmb-1.9.28.tar.gz.asc

1 0

LedgerSMB 1.9.29 released
by Erik Huelsmann 09 Jul '24

09 Jul '24

The LedgerSMB development team is happy to announce yet another new version of its open source ERP and accounting application. This release contains the following fixes and improvements: Changelog for 1.9.29 * Fix regression since 1.9.27 upgrading old companies while renaming setting * Fix selection of default AR/AP accounts while importing databases (#7419) For installation instructions and system requirements, see https://github.com/ledgersmb/LedgerSMB/blob/1.9.29/README.md The release can be downloaded from our download site at https://download.ledgersmb.org/f/Releases/1.9.29 The release can be downloaded from GitHub at https://github.com/ledgersmb/LedgerSMB/releases/tag/1.9.29 Or pulled from the GitHub Container Registry $ docker pull ghcr.io/ledgersmb/ledgersmb:1.9.29 Or pulled from Docker Hub using the command $ docker pull ledgersmb/ledgersmb:1.9.29 These are the sha256 checksums of the uploaded files: feaf830ea206b8a0a20a0efab93a5c70ccf29f028bc28f7156b0484ec2f99609 ledgersmb-1.9.29.tar.gz b49c86e9a6d37f528c4a884357bd9c4954fbdd6b7c27b41ea34c34c348d67d66 ledgersmb-1.9.29.tar.gz.asc

1 0

ledgersmb 1.6.33+ds-2.2 MIGRATED to testing
by Debian testing watch 09 Jul '24

09 Jul '24

FYI: The status of the ledgersmb source package in Debian's testing distribution has changed. Previous version: 1.6.33+ds-2.1 Current version: 1.6.33+ds-2.2 -- This email is automatically generated once a day. As the installation of new packages into testing happens multiple times a day you will receive later changes on the next day. See https://release.debian.org/testing-watch/ for more information.

1 0