Projects / LedgerSMB / Releases / Major security fixes

RSS All releases tagged Major security fixes

  •  12 Sep 2008 04:32

Release Notes: This release corrects major issues with denial of service issues and an SQL injection issue. It also corrects some issues with the price matrix logic.

  •  16 Jul 2007 15:19

Release Notes: This release corrects a login bypass vulnerability and several other major bugs.

  •  18 Mar 2007 00:43

Release Notes: This release fixes one major security bug that allowed arbitrary code execution due to directory transversal in the login query variable. It also corrects a more minor bug in currency selection during the automatic generation of sales orders. This release also corrects an error in version strings that might lead an administrator to think mistakenly that a vulnerable version of the software was running.

  •  11 Mar 2007 14:13

Release Notes: This version corrects a major security hole allowing unauthenticated users to access administrative functions. If you cannot upgrade and are using 1.1.8 or earlier, please protect your admin.pl with HTTP authentication.

  •  12 Jan 2007 23:23

Release Notes: This release backports a large number of significant security enhancements. These include whitelisting redirection files, whitelisting template editing and processing directories, converting many file operations to use 3 arg open formats, and the moving of custom error and info handling function names into environment variables. The username check during config load was converted from a regex to a string comparison. A directory traversal check was added for the username used in $USER.conf generation. All users are advised to upgrade as soon as possible.

  •  11 Sep 2006 22:09

Release Notes: This fix corrects an urgent directory transversal and arbitrary code execution bug, which was inherited from the SQL-Ledger codebase. All users are encouraged to upgrade immediately.

Screenshot

Project Spotlight

Nulloy

A music player with a waveform seek bar.

Screenshot

Project Spotlight

Code Browser

A folding text editor.