Release Notes: This release corrects major issues with denial of service issues and an SQL injection issue. It also corrects some issues with the price matrix logic.
Release Notes: This release corrects a login bypass vulnerability and several other major bugs.
Release Notes: This release fixes one major security bug that allowed arbitrary code execution due to directory transversal in the login query variable. It also corrects a more minor bug in currency selection during the automatic generation of sales orders. This release also corrects an error in version strings that might lead an administrator to think mistakenly that a vulnerable version of the software was running.
Release Notes: This version corrects a major security hole allowing unauthenticated users to access administrative functions. If you cannot upgrade and are using 1.1.8 or earlier, please protect your admin.pl with HTTP authentication.
Release Notes: This release backports a large number of significant security enhancements. These include whitelisting redirection files, whitelisting template editing and processing directories, converting many file operations to use 3 arg open formats, and the moving of custom error and info handling function names into environment variables. The username check during config load was converted from a regex to a string comparison. A directory traversal check was added for the username used in $USER.conf generation. All users are advised to upgrade as soon as possible.
Release Notes: This fix corrects an urgent directory transversal and arbitrary code execution bug, which was inherited from the SQL-Ledger codebase. All users are encouraged to upgrade immediately.