Releases: InvoicePlane/InvoicePlane
Releases · InvoicePlane/InvoicePlane
v1.7.1
v1.7.1
InvoicePlane v1.7.1
| Hash Format | Hash |
|---|---|
| MD5 | 987184eeea87ff2fada0abd7af1f5f2b |
| SHA-256 | ca3bb70cd14b33b2891e0616133538dabf88a22d450631dab5bab5905857c471 |
Many thanks to @IamLeandrooooo, @SonNTB21DCAT164, and @lukasz-rybak for their contributions.
Security Improvements
This release addresses several potential XSS (Cross-Site Scripting) concerns by properly sanitizing and escaping key fields across the application. These changes improve security without affecting user workflow.
Fields now properly sanitized and escaped:
- Client address fields – safe display ensured
- Custom field labels – protected in all custom field views
- Invoice numbers – escaped in all templates and views
- Payment method names – sanitized on input, escaped on output
- Quote numbers – escaped in all templates and views
- Quote passwords – sanitized on input
- Quote notes – sanitized on input
- Sumex observations – sanitized on input
- Tax rate names – sanitized on input, escaped on output
Additional improvements:
- Email template content – HTML properly escaped
- Uploaded file names – sanitized to prevent log poisoning
Most XSS vulnerabilities have been mitigated through proper input sanitization and output escaping (
htmlsc) on the affected fields.
Bug Fixes and Improvements
- #1377 – QR code image width reduced to 100px
- #1375 – Email address verification now supports comma and semicolon separators
Important Security Notice: SVG Logo Files
SVG logo uploads have been disabled due to security risks. SVG files can contain embedded scripts that could be exploited for XSS attacks. Only safe image formats are supported:
- PNG (supports transparency)
- JPG/JPEG (photographs)
- GIF (simple graphics)
Impact on existing SVG logos:
- Existing SVG logos will be blocked in the application
- A warning message will appear in the settings page
- Users can remove them and upload replacements in supported formats
Conversion options:
-
Online converters:
-
Desktop software:
- Inkscape (free, open-source)
- Adobe Illustrator
- GIMP
-
Inkscape conversion steps:
- Open your SVG file in Inkscape
- Go to File → Export PNG Image
- Set your desired resolution (300 DPI recommended)
- Click Export
Full Changelog: v1.7.0 → v1.7.1
Contributors
IamLeandrooooo, SonNTB21DCAT164, and lukasz-rybak
Assets 3
0
Join discussion
v1.6.5
v1.6.5
InvoicePlane v1.6.5
| Hash Format | Hash |
|---|---|
| MD5 | 67a6901c8101e956b792d9441340c30f |
| SHA-256 | 17b29d6c1324a8b7e4988b97564c7709ca270832c28d65455711a54666949014 |
Release Notes:
See the Release Notes of version 1.7.1
InvoicePlane 1.6.5 is compatible with PHP 8.1.
InvoicePlane 1.7.1 is compatible with PHP 8.1 through 8.4 (for now)
New Contributors
- @ErikKrause made their first contribution in #1302
- @drewangell made their first contribution in #1289
- @PatrickGTR made their first contribution icn #1373
- @laodc made their first contribution in #1375
Full Changelog: v1.6.4...v1.6.5
Contributors
PatrickGTR, ErikKrause, and 2 other contributors
Assets 3
v1.7.0
v1.7.0
| Hash Format | Hash |
|---|---|
| MD5 | 3fe691d10254368c031494bfb37af9c7 |
| SHA-256 | da85a8c586a2325d48e0edaf8ff4c6a54579c6a0fa1d849a251420701e4dcaff |
What's Changed
- PHP 8.2+ compatibility thanks to @sudwebdesign
New Contributors
- @ErikKrause made their first contribution in #1302
- @drewangell made their first contribution in #1289
- @PatrickGTR made their first contribution in #1373
- @laodc made their first contribution in #1375
Full Changelog: v1.6.4...v1.7.0
Contributors
sudwebdesign, PatrickGTR, and 3 other contributors
Assets 3
v1.6.4
InvoicePlane v1.6.4
v1.6.4.zip
| Hash Format | Hash |
|---|---|
| MD5 | 6b45992f372ac12835f57721dba62974 |
| SHA-256 | b7e1b7bce4b4db2753dd6196e1e3576587ac3a05e600bf619789691bdc616fe2 |
Thank you
Thank you very much @lukasz-rybak for helping with a security vulnerability.
Huge thanks to @lukasz-rybak @pumpi, @naui95, @mheiduk, @onny, @PatrickGTR @drewangell @xeruf and @xam-ps, @ThierryHFR for helping. Without you guys this release wouldn't have been possible.
New Contributors
- @ErikKrause made their first contribution in #1302
- @drewangell made their first contribution in #1289
- @PatrickGTR made their first contribution in #1373
- @laodc made their first contribution in #1375
Improvements / Changes
Security & Stability
- IP-1381 Add version checking, logging and log sanitization for client_einvoicing fields
- IP-1383 Fix file access vulnerabilities across all controllers using reusable helper
Other improvements
- IP-1302 Update number_helper.php to avoid empty string warning by @ErikKrause
- IP-1306 composer.json omit version string by @onny
- IP-1310 Make
$show_item_discountsavailable in InvoicePlane_Web.php - IP-1368prevent format_number returning non-numeric values by @naui95
- IP-1377Reduce QR code image width to 100px
- IP-1334 Add default_order_by method for recurring invoices
- IP-1350 Show open invoices on guest index
- IP-1375 Fix email address verification to allow comma and semicolon separators by @laodc
- IP-1373 Remove deprecated Docker libraries by @PatrickGTR
Fixed
- IP-1307 Sending emails to multiple email addresses gives error message
- IP-1304 index.php causes issues on Alpine Docker images
- IP-1333 Upload handling fixes
- IP-1340 Wrong quote/invoice guest download attachment button default template
- IP-1289 PayPal Advanced Credit Cards & Venmo support by @drewangell
- IP-1313 New templates with named footers by @naui95
Full Changelog: v1.6.3...v1.6.4
Contributors
mheiduk, pumpi, and 10 other contributors
Assets 3
v1.7.0 Beta 1
InvoicePlane v1.7.0-beta-1
v1.7.0-beta-1.zip
| Hash Format | Hash |
|---|---|
| MD5 | dbbdea359801b4a442fd9db93ffd253e |
| SHA-256 | ae77fd142450a95eae5708847e2aed756b43d6be1d8f496563faead6357fce5c |
What’s Changed (since v1.6.4 beta 1)
Features & Improvements
- PHP 8.2+ compatibility
Full Changelog:
development...prep/v170
v1.6.4 Beta 1
InvoicePlane v1.6.4-beta-1
v1.6.4-beta-1.zip
| Hash Format | Hash |
|---|---|
| MD5 | f25d2ed999dc12fe53d43dcc4295bac6 |
| SHA-256 | f96eea4de21c49346a5989a72e15b758e7605f2d860a7ddf1117fad31b0741e2 |
Thank You
Huge thanks to @onny, @naui95, @drewangell, and @ErikKrause for driving this release forward.
Your contributions made this version possible.
New Contributors
- @ErikKrause made their first contribution in #1302
- @drewangell made their first contribution in #1289
What’s Changed (since v1.6.3)
Features & Improvements
- [IP-1302] Update
number_helper.phpto avoid empty string warning — @ErikKrause - [IP-1313] Implement new templates with named footers — @naui95
- [IP-1288] PayPal Advanced Credit Cards & Venmo support — @drewangell
- [IP-1333] Add
default_order_bymethod for recurring invoices - [IP-1310] Make
$show_item_discountsavailable inInvoicePlane_Web.php - [IP-1322] Show open invoices on guest index
- [IP-1306] Remove version string from
composer.json— @onny
Fixes
- [IP-1307] Sending emails to multiple addresses triggered an error
- [IP-1304] Code in
index.phpcaused issues on Alpine-based Docker images - [IP-1338] Fix file uploads
- [IP-1325] Fix “Sales by Year”
- [IP-1324] Fix guest “Get File”
Full Changelog
v1.6.3...v1.6.4-beta-1
Contributors
onny, naui95, and 2 other contributors
Assets 3
v1.6.3
v1.6.3.zip
| Hash Format | Hash |
|---|---|
| MD5 | 8130c1f7885788df91e8fa398c66deb0 |
| SHA-256 | 4a3d7b9d10a785ccd5add44a230d95aad588848e10eed47969f0008f371b9f24 |
Thank you
Huge thanks to @sudwebdesign, @pumpi, @mheiduk, @onny, @xeruf and @xam-ps for helping. Without you guys this release wouldn't have been possible
New Contributors
- @onny made their first contribution in #1241
- @RobiNN1 made their first contribution in #1014
- @xeruf made their first contribution in #1061
- @NiklasSchmitt made their first contribution in #1073
- @redxtech made their first contribution in #1098
- @VizardAlpha made their first contribution in #1129
- @idressos made their first contribution in #1175
- @tstoeter made their first contribution in #1185
- @LOK-Soft made their first contribution in #1204
- @MrKrisKrisu made their first contribution in #1219
What's Changed (since v1.6.2)
Major Features & E-Invoicing
- [IP-1268] E-invoicing infrastructure update by @sudwebdesign
- [IP-1272] E-invoicing enhancements by @sudwebdesign
- [IP-1247] Processing e-invoices flow (and some bugfixes) for version 1.6.3 by @nielsdrost7
- [IP-1282] feat: Legacy calculation setup step by @pumpi
- [IP-1281] fix: Client overview shows wrong e-Invoicing state by @pumpi
Changed / Improvements
- [IP-1277] Replace node-sass with sass by @onny
- [IP-1261] Guest Payment stripe flow & online_payment lang improved by @nielsdrost7
- [IP-1178] Add custom_fields in controllers/Settings by @sudwebdesign
- [IP-1206] Add report: Invoices per client by @mheiduk
- [IP-1228] Improve number_helper & standardize_amount (fix european format) by @sudwebdesign
- [IP-1229] Remove unattended standardize_amount in payments view form by @sudwebdesign
- [IP-1241] Add pagination to invoice and quote templates by @onny
- [IP-1219] Sort invoices by date instead of id by @MrKrisKrisu
- [IP-1222] Sort quotes by date instead of id by @sudwebdesign
Fixed
- [IP-1179] Fix #fullpage-loader (Spinner) never showed after save by @sudwebdesign
- [IP-1174] Removed '.pdf' from Invoices.php downloads to fix issue by @HeapReaper
- [IP-1175] Check invoice balance before rendering QR code in web view by @idressos
- [IP-1183] Fix summary client delete button go to 404 (link2form) by @sudwebdesign
- [IP-1185] Fix styling in clients table header by @tstoeter
- [IP-1186] Style2class for amounts & balances (th & tr) by @sudwebdesign
- [IP-1197] Send email show blank page (php>=8.2) by @sudwebdesign
- [IP-1199] Add invoice_status case in template_helper by @sudwebdesign
- [IP-1201] Fix SMTP password wrong after saving settings by @sudwebdesign
- [IP-1204] Update template_helper.php to fix email template with custom single choice field by @LOK-Soft
- [IP-1251] fix: amount of the credit transfer cannot be smaller than 0.01 Euro by @mheiduk
- [IP-1278] Fix: Styling issues by @pumpi
- [IP-1283] fix: Client detail view exception by @pumpi
Full Changelog: v1.6.2...v1.6.3
Contributors
mheiduk, pumpi, and 14 other contributors
Assets 3
v1.6.3-rc2
v1.6.3-rc2.zip
| Hash Format | Hash |
|---|---|
| MD5 | a946acd6b1cac62a229b82ba11c4e016 |
| SHA-256 | b274b61f41480f95eef187786d81b47cd051295b14bddec2eafef7cecffba7c0 |
Huge thanks to @pumpi, @onny, @sudwebdesign , @xam-ps and @HeapReaper for helping. Without you guys this release wouldn't have been possible
This is the final pre-release before we tag and release 1.6.3
What's Changed
- [IP-1275]: Replace node-sass with sass by @onny in #1277
- Development v163rc2 by @sudwebdesign in #1272
- Fix: little stylish details in einvoice-users-check-lists table
- Add a system to set the legacy_calculation automatically to false when user use e-Invoice. (PR 1272)
- [IP-1270]: Fix: VAT is calculated wrong in RC1
- [IP-1271]: Fix: Payment Method not copied from recurring invoice to generated invoice
Full Changelog: v1.6.3-rc1...v1.6.3-rc2
Contributors
pumpi, onny, and 3 other contributors
Assets 3
v1.6.3-rc1
v1.6.3-rc1.zip
| Hash Format | Hash |
|---|---|
| MD5 | aa541848c1bfb27d20201e3b1c233f9f |
| SHA-256 | b0d8a012f88ca3be7346fc4fef0b7cf0e934bcb5803141eb682669412c50b903 |
Huge thanks to @sudwebdesign , @xam-ps and @AeroBytesNL for helping. Without you guys this release wouldn't have been possible
Changelog:
- Development v163rc1 by @sudwebdesign in #1268
Fixed:
- Adjust setup logic to add the lower case for all languages
- pull-1195): Prevent empty rules in Form_validation for products and tasks
- Uploader (Controller): remove old system and unnecessary checks
- [script.js] Replace JSON.parse with json_parse, improve frontend error reporting
Refactored:
- My_Form_validation::run(), tested with CI 3.1.13/3.3 (for PHP 8.2+)
- Rector: Efficient sets for deadCode, codeQuality, codingStyle
- Add composer scripts: phpcs, rector, and check for code validation
Changed:
- Update composer versions, package.json, yarn, and locks
- Improve GH templates, workflows, and docs (no TRANSLATION.md)
- pull-1232): Upgrade default and user language handling to lowercase
- Drop E_STRICT reporting for PHP 8.4, adjust Rector rules
- Add CI_ENV=production to ipconfig for cleaner error handling
- Enhance
.gitignoreand cleanup TODOs - README: Restore badges, add floating favicon
Full Changelog: v1.6.3-rc0...v1.6.3-rc1
Contributors
sudwebdesign, xam-ps, and HeapReaper
Assets 3
v1.6.3-rc0
v1.6.3-rc0.zip
| Hash Format | Hash |
|---|---|
| MD5 | 84e11a22b01868bd51e4cb222224d457 |
| SHA-256 | 77538d333fb081bffbfdbe84f2d96201d5be53de7502dd933b86e3c7ea077964 |
Huge thanks to @sudwebdesign , @xam-ps and @AeroBytesNL for helping. Without you guys this release wouldn't have been possible
New Contributors
- @idressos made their first contribution in #1175
- @tstoeter made their first contribution in #1185
- @LOK-Soft made their first contribution in #1204
- @MrKrisKrisu made their first contribution in #1219
- @onny made their first contribution in #1241
Changelog:
New Features
- IP-939 Implement e-invoice processing flow and related bugfixes – by @sudwebdesign
- IP-1206 Add Invoices per Client report – by @mheiduk
- IP-1241 Add pagination to invoice and quote templates – by @onny
Changed
- IP-1219 Sort invoices by date instead of ID – by @MrKrisKrisu
- IP-1222 Sort quotes by date instead of ID – by @sudwebdesign
Fixed
- IP-1169 Add custom_fields to Settings controller – by @sudwebdesign
- IP-1174 Remove
.pdffrom invoice downloads – by @AeroBytesNL - IP-1175 Skip QR code rendering if invoice balance is 0 – by @idressos
- IP-1179 Fix fullpage-loader spinner not showing – by @sudwebdesign
- IP-1183 Fix client delete button 404 – by @sudwebdesign
- IP-1184 Fix styling in clients table header – by @tstoeter
- IP-1196 Fix email blank page on PHP ≥ 8.2 – by @sudwebdesign
- IP-1198 Add invoice_status to template_helper – by @sudwebdesign
- IP-1200 Fix SMTP password not saving correctly – by @sudwebdesign
- IP-1204 Fix email template with custom single choice field – by @LOK-Soft
- IP-1251 Fix credit transfer amount can't be < 0.01 EUR – by @mheiduk
- IP-1164 Fix missing
ifcheck – by @nielsdrost7 - IP-1165 General fix for small issue – by @nielsdrost7
UI / Styling
- IP-1186 Style amounts & balances in tables – by @sudwebdesign
Improvements
- IP-1228 Improve number_helper and EU formatting – by @sudwebdesign
- IP-1229 Remove stray standardize_amount in payment form – by @sudwebdesign
- IP-1261 Improve guest Stripe payment flow and translation labels – by @nielsdrost7
Full Changelog: v1.6.2-beta-3...v1.6.3-rc0
Contributors
mheiduk, onny, and 8 other contributors