summaryrefslogtreecommitdiff
path: root/doc/NEWS
Commit message (Collapse)AuthorAgeFilesLines
* Ignore null deferred postingsMichael Budde2019-01-231-0/+3
| | | | | | | | | | | | | | | | | | All-null transactions (i.e. a transaction where all postings have a null amount) are discarded during parsing and the `xact` object is free'd. But if the transaction contains a deferred posting this results in a use-after-free vulnerability because a reference to the deferred posting is stored in the account object which is later read when deferred postings are applied after parsing is finished. Ignore null deferred postings to prevent this – they should not have any effect any way. Thanks to Cory Duplantis for reporting this issue and providing an initial analysis. Ref TALOS-2017-0304, CVE-2017-2808 Fixes #1723
* Fix parsing issue involving effective datesMartin Michlmayr2019-01-151-0/+3
| | | | | | | | | | | | | | | | | Cory Duplantis reported that "A specially crafted journal file can cause [an] integer underflow resulting in code execution". Cory provided this test case: Expenses:Food:Groceries $ 37.50 ; ] [=2004/01/01] Note the ] that comes before [ after the ;. This issue was reported and described in great detail by Cory Duplantis of Cisco Talos. This issue is known as TALOS-2017-0303 and has been assigned CVE-2017-2807. Cory's description can be found at https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0303 Fixes #1722
* Update NEWS for 3.1.2Martin Michlmayr2019-01-121-9/+42
|
* Add release dates to doc/NEWSMartin Michlmayr2019-01-121-3/+3
|
* Remove trailing whitespaceMartin Michlmayr2019-01-091-7/+7
|
* Update doc/NEWS for 3.1.2Martin Michlmayr2016-11-121-5/+9
|
* Update doc/NEWS for 3.1.2Martin Michlmayr2016-07-291-1/+20
|
* Increase maximum length for regexMartin Michlmayr2016-02-151-0/+4
| | | | Fixes bug #981
* [doc] Correct boost versionsAlexis Hildebrandt2016-01-111-1/+1
| | | | | | whose build issues are fixed with the ledger 3.1.1 release. [ci skip]
* Bump version number to 3.1.1Alexis Hildebrandt2015-09-151-2/+8
|
* Update NEWSMartin Michlmayr2015-07-281-0/+2
|
* Document some changes in NEWSMartin Michlmayr2015-07-281-0/+22
|
* Small doc typo fixesJostein Berntsen2015-01-091-3/+3
|
* Update doc/NEWS for ledger 3.1Martin Michlmayr2014-10-051-2/+27
|
* Add another change to NEWSMartin Michlmayr2014-05-121-0/+2
|
* Update NEWS for 3.xMartin Michlmayr2014-05-121-0/+16
|
* Added NEWS entries for 2.6.2 and 2.6.3John Wiegley2010-06-191-0/+17
|
* Untabified all source filesJohn Wiegley2010-06-111-14/+14
|
* Updated NEWS file that there will be less newsJohn Wiegley2010-05-221-29/+8
|
* Some reformatting of the NEWS fileJohn Wiegley2009-02-191-16/+20
|
* Inverted the default display mode for balance reports. Use -n to collapseJohn Wiegley2009-02-081-7/+18
| | | | them, as this fits better with what -n does for register reports.
* Removed --reconcile and --reconcile-date.John Wiegley2009-02-071-0/+2
|
* Removed the nearly unknown --descend and --descend-if options.John Wiegley2009-02-061-3/+14
|
* Added a note about --anon to the NEWS file.John Wiegley2009-01-201-0/+6
|
* Moved several documentation files into the 'doc' directory.John Wiegley2008-08-071-0/+842
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-22 00:39:51 +0000