LedgerSMB 1.3.37 has been released. This is a significant release with a number of important fixes including two security fixes (please stay tuned for security advisories on these two usually-minor security issues). The two security fixes address client handling of authentication credentials and the possibility of someone with physical access to the same browser session having an unexpected amount of access after logout (to a varying degree on different browsers). Usually this is not an issue. In a few cases, though, it may be.
Additionally this release corrects a number of significant other issues. Among them are workflow fixes, a fix to the outstanding report so that the summary report only includes invoices listed in the details report, errors running the AP transactions and outstanding reports on PostgreSQL < 9.1, and a few other issues.
Please take a moment to look over the changelog below and the security advisory you will get shortly and consider upgrading.
Changelog for 1.3.37
* 1.3-1.2 downgrade now drops extensions (Chris T, 943)
* Fixed db names with spaces not supported (Chris T, 946)
* Fixed old code not working if clicked on after changing passwd (Chris 949)
* Fixed join projection issues in AP Outstanding (Chris T, 950)
* Added Apache 2.4 configuration file (Chris T)
* Fixed "save info" reporting "Draft Posted" (Chris T, 925)
* Fixed shipto causing db error on sales invoice (Chris T, 929)
* Fixed shipto including all addresses (Chris T, 929)
* Fixed shipto address not showing on invoice (Chris T, 929)
* Fixed fcgi blank screens on saving/deleting warehouse (Chris T, 902)
* Fixed blank screens after New on ar/ap transactions (Chris T, 924)
* Fixed back button handling after logout (Chris T)
* Fixed Chrome and some other browsers not properly logging out (Chris T)
* Added SQL-Ledger 2.8 migration script (Erik H)
* Removed sales/purchase order recurring logic (Chris T, 888)
* Removing references to missing line.gif (Chris T, 962)
* Fixed garbled UTF-8 characters appearing in web output (Erik H, 953)
* Removed crdate from ar/ap transactions and outstanding bug reports (Chris T)
Chris T is Chris Travers
Erik H is Erik Huelsmann