A new release of the InvoicePlane application is available: v1.4.10
You can download the latest version from the InvoicePlane website.
This version includes a security patch and the fix for PDF files that contain ZUGFeRD XML.
Please update your setup immediately
This version contains the patch for a recently disclosed security vulnerability that can be used to reset the password for all users of a setup. The exploit was published on the Exploit DB on 2016-11-11 at the same time when I got the email notification.
If you find a vulnerability, please send an email to email@example.com before publishing an exploit!
Having problems with URLs?
To address the latest problems with URL detection and subdirectories you now have to set the URL of your InvoicePlane instance in the
index.phpfile. Please do this either before installing or updating the application to prevent any issues.