LedgerSMB
The foundation for your business
LedgerSMB 1.8.18 released
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
LedgerSMB 1.8.18 released
- Subject: LedgerSMB 1.8.18 released
- From: Erik Huelsmann <..hidden..>
- Date: Mon, 23 Aug 2021 15:38:30 -0400
The LedgerSMB development team is happy to announce yet another new
version of its open source ERP and accounting application. This
release contains three fixes for security vulnerabilities. Users are
urged to upgrade as soon as possible. Special thanks go to "ranjit-git",
and sudheendra17, users of the https://huntr.dev/ platform, for disclosing
these issues responsibly to the development team. And to the platform
itself for sponsoring the work of these researchers.
This release contains the following fixes and improvements:
Changelog for 1.8.18
* Check whether HTML comes from a valid source; CVE-2021-3693
* Apply HTML escaping on error messages; CVE-2021-3694 (#5754)
* Fix several issues in `bin/prepare-company-database` (#5769)
* Prevent the application being wrapped in a frame; CVE-2021-3731
For installation instructions and system requirements, see
https://github.com/ledgersmb/LedgerSMB/blob/1.8.18/README.md
The release can be downloaded from our download site at
https://download.ledgersmb.org/f/Releases/1.8.18
The release can be downloaded from GitHub at
https://github.com/ledgersmb/LedgerSMB/releases/tag/1.8.18
Or pulled from Docker Hub using the command
$ docker pull ledgersmb/ledgersmb:1.8.18
These are the sha256 checksums of the uploaded files:
c3ed50b78a0cebc6ef7edfab6a5b1c7b6b5b2f5545bf2d680ad6c3f6cbca5be2 ledgersmb-1.8.18.tar.gz
133fae3563fa1be3eb4cd48ec06347187ba165bbeeb854c92ed03d9c08111ae0 ledgersmb-1.8.18.tar.gz.asc
_______________________________________________
announce mailing list -- ..hidden..
To unsubscribe send an email to ..hidden..