1.2.24 released

Hi all;

The LedgerSMB core team has released 1.2.24, which corrects three issues:

1) Filenames broken in batch printing.
2) LedgerSMB not running properly with Suexec.
3) A non-exploitable SQL injection issue in a stored procedure used
to manage custom fields in the database. This procedure is designed
to be run from a general purpose sql console like psql or pgAdmin III,
and runs with the permissions of the individual running the procedure.
Absent custom code, therefore, it does not pose privilege escalation
issues, and does not allow users of the application to run SQL queries
they wouldn't be able to run otherwise.

As always, changes in a production version include only bugfixes, and
it is generally recommended that users stay current.

Best Wishes,
Chris Travers

Posted by Chris Travers 2011-07-12

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

No, thanks