Hi all; The LedgerSMB core team has released 1.2.24, which corrects three issues:
1) Filenames broken in batch printing. 2) LedgerSMB not running properly with Suexec. 3) A non-exploitable SQL injection issue in a stored procedure used to manage custom fields in the database. This procedure is designed to be run from a general purpose sql console like psql or pgAdmin III, and runs with the permissions of the individual running the procedure. Absent custom code, therefore, it does not pose privilege escalation issues, and does not allow users of the application to run SQL queries they wouldn't be able to run otherwise. As always, changes in a production version include only bugfixes, and it is generally recommended that users stay current. Best Wishes, Chris Travers ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2 _______________________________________________ Ledger-smb-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/ledger-smb-users
