1.3.11 RC1 is out. This beta version includes a significant number of bug fixes and we hope to get the general release out in two days or so if no problems are found.
The complete changelog is below.
For those interested in validating, the key areas are fixes in multicurrency handling for payments and payment reversals, particularly relating to the batch payment system. This also fixes the customer/vendor dropdown boxes where used (they are disabled by default), a few permissions issues, and the like. The complete changelog is below.... read more
The LedgerSMB development team is very proud to release LedgerSMB
1.3.0. This release continues our strong commitment to security, data
integrity, and and robustness, introducing improved functionality in
many core areas, and adding new features that many businesses will
This is the most significant release to date in many ways. It is the
most secure release, and it performs the best under heavy load. At
the same time, it also provides the most features that many businesses
rely on heavily. This means that LedgerSMB 1.3.0 is suitable for a
much larger businesses and installations than previous versions.... read more
The web site is back up. Thanks for your patience.
Yesterday afternoon or evening, the LedgerSMB web site appears to have
gone down. The proximal cause appears to be a DNS migration gone awry
on the part of the registrar. The issues are ongoing and are not
expected to be resolved until tomorrow at the earliest. The project
is not going anywhere, though we expect to move to a different
registrar as quickly as possible.
For the past decade, I had previously used DiscountDomainRegistry.com
without any problems until this year when an earlier outage occurred
because of a change of control and subsequent migration. Now web.com
purchased them and did another migration and the result is that all
dns records are lost as far as I can tell, and they do not currently
provide me a way to correct them. Yesterday I spent an hour on hold
and then another half an hour on the phone with their tech support,
and the result was that they opened a ticket (and it now directs to a
parked domain marker). I called today and tech support flat out told
me they had no idea what to do in these cases, and that I should call
back tomorrow and speak to another department. The two tickets that
have been created have shown no activity on what I feel is an urgent
issue.... read more
The LedgerSMB core team has released 1.2.24, which corrects three issues:
1) Filenames broken in batch printing.
2) LedgerSMB not running properly with Suexec.
3) A non-exploitable SQL injection issue in a stored procedure used
to manage custom fields in the database. This procedure is designed
to be run from a general purpose sql console like psql or pgAdmin III,
and runs with the permissions of the individual running the procedure.
Absent custom code, therefore, it does not pose privilege escalation
issues, and does not allow users of the application to run SQL queries
they wouldn't be able to run otherwise.... read more
The LedgerSMB Development Team is please to announce the availability
of LedgerSMB 1.3.0 beta 4. This is a beta testing version, not
intended for general release yet. Currently however, all test cases
pass, and this is a good opportunity for people to install the
software and provide needed feedback to the development team.
I would like to personally thank Erik Huelsmann, John Locke, and Ian
Goodacre for providing many of the fixes which have made this release
possible as well as everyone who has contributed bug reports and
fixes, as well as contributed to all related discussions.... read more
This is likely to be our last development snapshot before 1.3 beta 4. It fixes a fair number of issues with the software, including 1099 reporting, user management, aging reports, etc. Adds some enhancements to reconciliation.
It has been brought to our attention that a number of security
vulnerabilities have been noted in SQL-Ledger. Several of these
affect earlier versions of LedgerSMB, and three hotfixes have been
released for problems that continue to affect the LedgerSMB codebase.
As always, we highly recommend testing all hotfixes before applying
them to a production environment.
The CVE's mentioned here are the ones attached to SQL-Ledger. Subtle
differences as to how these affect LedgerSMB are noted below.... read more
After a lot of hard work, LedgerSMB 1.3.0 is ready for beta testing. Please be aware that this is a beta-testing release and there may be unexpected bugs in places. Some things may not work as advertised. It can be downloaded from the sourceforge page (http://www.sourceforge.org/projects/ledger-smb/).
Check printing from single payment interface doesn't work. Check printing from the multiple payments interface works just fine. This will take a little more effort than anyone was able to put into it at this point. I expect to get this fixed (if nobody else does it first) early next month.... read more
This release fixes a serious bug which can render backups unusable, and fixes nearly fourty others.
LedgerSMB 1.2.8 has been released, correcting numerous bugs in previous releases. As some of the resolved issues relate to security and accounting logic, upgrades are recommended and encouraged.
LedgerSMB 1.2.6 has been released, correcting a number of bugs of various severity in past versions. It is generally recommended that all users upgrade to this version.
Due to serious issues found in 1.2.0 and 1.2.1, we have expedited the release of 1.2.2. This release corrects serious sales tax collection issues in 1.2.0. All users are advised to upgrade immediately.
LedgerSMB 1.2.0 has been released. The RPM and tarball can be verified with the group GPG key available at http://www.ledgersmb.org/download/ledgersmb.pub-key.gpg
This release adds a large number of security and data integrity enhancements to LSMB. It also adds an enhanced POS module, Slony-I support, gettext-based localization, a credit card processing framework (both card-present and card-not-present) and more.
LedgerSMB 1.1.12 has been released. It fixes the following issues:
1) Upgrade overwriting user authentication info,
2) Unable to generate sales orders from timecards.
This release fixes a number of bugs relating to database access and dataset creation. Testers are encouraged to upgrade as soon as possible.
The LedgerSMB team is pleased to announce the first release candidate of the upcoming 1.2 series. This release offers better security and data integrity, Slony support, better POS support, and more.
This release fixes a couple of bugs involving the template editor and sales order consolidation. This builds on the 1.1.5 security maintenance release and some of the bugs were introduced with the security fixes there.
The LedgerSMB development team is proud to announce the release of beta 1 of the next version of the software, 1.2. 1.2 will add many more features including support for card-present credit card processing, more POS hardware, and more.
Localization is now done according to open standards and uses a far more robust framework. Beta 1 has been released first as a tarball, with .RPM releases to follow. Other packages are likely to be added as we move towards 1.2.
After some delays, LedgerSMB 1.2 is now in feature freeze. Beta 1 will be released shortly.
1.2 will bring a number of benefits to LedgerSMB. The entire codebase has undergone a thorough audit for SQL injection attack, and numerous such vulnerabilities were corrected. Other security attack vectors have also been eliminated.
The enhancements of SL-POS have been merged into this current release, bringing pole display support and more. And real-time card-present credit card processing will also be supported.... read more
Today, Secunia released a security advisory for LedgerSMB citing
"unspecified SQL injection vulnerabilities." This response is to
re-emphesize several important points that LedgerSMB users should
consider with regard to the software in their own risk assessments and
First, the primary purpose of forking from SQL-Ledger was to correct
serious security deficiencies in that codebase. These shortcomings
still include a lack of a real permission enforcement system and thus
we have recommended segmenting accounts under different database users
and enforcing permissions at the database level. Also note that in
such a configuration, the exposure to SQL injection attacks is greatly
reduced.... read more
LedgerSMB Technical Preview has been released for those who don't use subversion. It includes a lot of new functionality, and more is planned for the full release once it is stabilized. This is for developers, and is not intended for production use.
THis includes Gentoo Ebuilds support.
The LedgerSMB project has released a document which is intended to clarify the direction that this application is going and how we will make LedgerSMB the best accounting software for small to midsize buisnesses.
Read the whole document at:
This is a maintenance release that corrects a few minor bugs.