InvoicePlane 1.4.10 released

A new release of the InvoicePlane application is available: v1.4.10
You can download the latest version from the InvoicePlane website.

Update Guide | Changelog

This version includes a security patch and the fix for PDF files that contain ZUGFeRD XML.

:bangbang: Please update your setup immediately :bangbang:

This version contains the patch for a recently disclosed security vulnerability that can be used to reset the password for all users of a setup. The exploit was published on the Exploit DB on 2016-11-11 at the same time when I got the email notification.
If you find a vulnerability, please send an email to before publishing an exploit!

:warning: Having problems with URLs?

To address the latest problems with URL detection and subdirectories you now have to set the URL of your InvoicePlane instance in the index.php file. Please do this either before installing or updating the application to prevent any issues.

1 Like

I upgraded to 1.4.10 and ran into one hiccup - There was no folder named ‘customer_files’ in /uploads so the setup would not complete. I created the folder and fixed permissions and all was well.

Not sure if I should make another support thread, but when I tried to upload the file to my server using cPanel, in order to update my 1.4.9 installation, cPanel tells me that there is a virus found in the file. Anyone can confirm whether it is indeed a virus? (see image below). I did full scan of my computer with up to date Norton and it came up with nothing. The file also gets deleted when I upload it via FileZilla.

The download archive for InvoicePlane 1.4.10 definitely does not contain any viruses

Here are the results for a Virustotal check of the official download file for 1.4.10 with the MD5 hash b0fe41d6d1aff2a8c9aa2fd9d126f790:

Also, {HEX}php.exe.globals is associated with false-positives by cPanel if you search for it on Google.

You may unzip the archive locally and upload all files separately to your webspace if cPanel doesn’t let you upload the archive.

Thank you for your help Kovah! I’ll keep trying:)


First of all! Thank you for this great tool! I am upgrading from 1.4.8 directly to 1.4.10 …

Followed the instructions. I still see the version 1.4.8 with no available update under my system settings. Is that the case?


When I try to do a clean install, the installer reverses the url to the ip-address of my server.
The following screen is blank because my webserver has several domains and need the domain-name to show a page.

Coul this be fixed?

Thanks you very much!

Please follow the official installation guide:

Hello Kovah, thank you for your reply!
I forgot to add the path in de index.php-file.
Thank you!

After upgrading to 1.4.10 from 1.4.9, in the version control i see 1.4.8.
Is there something wrong with this ?

Please open a new thread for this.

I’m having the same problem of @ysintos , plus after upgrading my system is still vulerable!

I joined the forums to say the same :slight_smile: Other than that small issue the install went great! Thanks for the hard work! I am looking forward to using the program.


Please check Error in version control after upgrading to 1.4.10 I suggest an answer as I got the same problem as you :slight_smile:

@Kovah The 3rd helper as MPDF generated seem still have non-latin problem

the vendor folder is separate with github project?

after I changed config.php in vendor/kovah/mpdf
from false to true
$this->autoLangToFont = true;

In fact, have one more place need to change:

$mpdf=new \mPDF(‘+aCJK’,‘A4’,‘’,‘’,32,25,27,25,16,13);

But I don’t know where should I put it in?

PS. The above unusual show text is Traditional Chinese, (Others Same with Simplify Chinese seems normally shown)