summaryrefslogtreecommitdiff
path: root/doc/release_notes
blob: 50f417d8d264f840d984d76b6f716cdb53665e89 (plain)
  1. RELEASE NOTES
  2. LedgerSMB 1.2.13
  3. 1: Welcome to LedgerSMB
  4. LedgerSMB is an accounting and ERP program initially aimed at small to midsize
  5. businesses. Currently the financials and supply chain management modules are
  6. fairly complete, while other modules such as project management exist in a
  7. rudamentary form. The initial features are identical to SQL-Ledger 2.6.17 from
  8. which it was derived, but the feature set is starting to diverge rapidly.
  9. 1.1 System Requirements:
  10. * Perl 5.8.
  11. * Apache, IIS, or other web server that supports CGI.
  12. * PostgreSQL 8.0 or higher. 7.3 and 7.4 could be supported with some effort but
  13. will not work out of the box. 8.3 is expected to raise issues but they will be
  14. corrected as we become aware of the problems.
  15. * Any operating system that supports the above environment.
  16. * The following CPAN modules:
  17. * Data::Dumper
  18. * Locale::Maketext
  19. * Locale::Maketext::Lexicon
  20. * MIME::Base64
  21. * Digest::MD5
  22. * HTML::Entities
  23. * DBI
  24. * DBD::Pg
  25. * Math::BigFloat
  26. * IO::File
  27. * Encode
  28. * Locale::Country
  29. * Locale::Language
  30. * Time::Local
  31. * Cwd
  32. * Config::Std
  33. * MIME::Lite
  34. 2: What's New in 1.2?
  35. 2.1: Database changes:
  36. All core tables now have defined primary keys. This allows Slony-I to be
  37. supported out of the box.
  38. Chris Browne has contributed a setup script for Slony. It is in the
  39. utils/replication directory.
  40. Also all user information has been moved into the database and the password
  41. algorythm has been changed from crypt to md5. This means that users will need
  42. to convert their accounts prior to first login on the new system (if this is an
  43. upgrade).
  44. Also now the defaults table has moved from a one column per value structure to a simple key->value structure.
  45. 2.2: Security
  46. LedgerSMB 1.2 has been through a detailed SQL injection audit of the codebase
  47. inherited from SQL-Ledger. As a result several vulnerabilities which were known
  48. to be exploitable were corrected along with hundreds of places where
  49. vulnerabilities may have been exploitable but we didn't have time to verify the
  50. what was involved in exploiting it. We believe though that many or most of the
  51. issues were exploitable given a little time and effort.
  52. Also, we discovered the template editor's security system was moved from
  53. blacklisting to whitelisting, eliminating a whole class of possible security
  54. issues.
  55. 2.3: New Features in 1.2.x
  56. Metatron Technology Consulting's SL-POS codebase was merged with this project,
  57. providing a framework for POS hardware support and more.
  58. Online credit card processing support has been added.
  59. LSMB now supports an arbitrary number of defined currencies for a business and
  60. is no longer limited to 3.
  61. 2.4: Localization Changes
  62. Localization functions now use Gettext .po files on all platforms. This means
  63. that standard translation management tools will work with LSMB translations.
  64. 2.5: Other changes
  65. The ledger-smb.conf is now an inifile which will reduce the level of expertise
  66. necessary to configure it for non-Perl users.
  67. 3: Known Issues
  68. 3.1: Reposting Invoices:
  69. Reposting invoices is known to cause inaccuracies cost of goods sold and
  70. inventory accounts. This problem has been confirmed to affect SQL-Ledger 2.6.x
  71. as well and is caused by problems involving the de-allocation and trasaction
  72. reversal routines. It will be corrected (by removing the ability to truly
  73. repost invoices) in an upcoming version as we continue to re-engineer the
  74. application.
  75. Additionally there is a known issue where reposting invoices more than once causes
  76. a primary key issue on the transactions table. A fix for this is distributed in
  77. sql/fixes.
  78. 3.2: Tax rate changes
  79. LedgerSMB 1.2.x's database structure does not handle tax rate changes properly. A
  80. fix for this is in the sql/fixes directory.
  81. 3.3: Warehouse Tracking
  82. LedgerSMB inherited an issue from SQL-Ledger where a shipped sales order deletes all
  83. known shipping information. There is a fix for this in the sql/fixes directory.
  84. 3.4: Recurring transactions
  85. LedgerSMB's database structure does not handle certain areas properly regarding
  86. recurring transactions. A fix for this issue is in the sql/fixes directory.
  87. 4: Differences between LedgerSMB and SQL-Ledger(TM)
  88. 4.1: Login name restrictions
  89. Logins in SQL-Ledger can contain any printable characters. In LedgerSMB these
  90. are restricted to alphanumeric characters and the symbols ., @, and -.
  91. 4.2: Session handling
  92. SQL-Ledger as of 2.6.17 used session tokens for authentication. These tokens
  93. are based on the current timestamp and therefore insecure. Furthermore, these
  94. tokens are not tracked on the server, so one can easily forge credentials for
  95. either the main application or the administrative interface. While this was
  96. corrected in 2.6.18, the solutions chosen by SQL-Ledger (caching the crypted
  97. password by the browser) is not in line with commonly accepted best security
  98. practices.
  99. LedgerSMB stores the sessions in the database. These are generated as md5 sums
  100. of random numbers and are believed to be reasonably secure. The sessions time
  101. out after a period of inactivity. In the initial release both
  102. SQL-Ledger-style session ID's and the newer version were required to access the
  103. application. In newer versions, the SQL-Ledger style session ID's have been
  104. removed.
  105. 4.3: Database Changes
  106. Under certain circumstances where the Chart of Accounts is improperly modified,
  107. it is possible to post transactions such that a portion of the transaction is
  108. put into a NULL account. LedgerSMB does not allow NULL values in the chart id
  109. field of the transaction.
  110. Also, the transaction amount has been changed from FLOAT to NUMERIC so that
  111. arbitrary precision mathematics can be used in third party reports. This ought
  112. to also allow SQL-Ledger to properly scale up better as SUM operations on
  113. floating points are unsafe for large numbers of records where accounting data is
  114. involved.
  115. 5: Roadmap
  116. This project has no defined roadmap but rather a set of statements and
  117. objectives contained in the documentation manager and trackers of sourceforge.
  118. In general, our development is focused around the following principles:
  119. * LSMB as infrastructure: LSMB should be accessible from other applications.
  120. * Universal applicability: LSMB should be usable by any any business and should
  121. always do the right thing in the background. Businesses should never find that
  122. they have outgrown the software.
  123. * Focus on Small to Midsize Businesses: LSMB's core market will remain in the
  124. small to midsize market.
  125. 6: Get Involved
  126. Contributors should start by joining the LedgerSMB users and devel lists. Code
  127. contributions at the moment must be committed by either project maintainer and
  128. should be submitted either using the patches interface at Sourceforge or the
  129. devel mailing lists.
  130. Additionally, we can use help in QA, documentation, advocacy, and many other
  131. places.
  132. SQL-Ledger is a registered trademark of DWS systems and is not affiliated with
  133. this project or its members in any way.
  134. DEPRECATIONS:
  135. =============================
  136. The entire set of Perl modules and database structures should be seen as
  137. deprecated from the perspective of add-on development. For advice in making
  138. add-ons as upgrade-safe as possible, please email the -devel list. Please
  139. include a description of what you are trying to accomplish.
  140. KNOWN ISSUES:
  141. ==============================
  142. The POS printing system gives an access denied message because the printer
  143. triggers the directory transversal checks. To work around this problem, ensure
  144. that you do not need to use absolute paths for the printer program (use lpr or
  145. put netdirect.pl in /usr/local/bin and reference without the full path).
  146. Also the POS system requires some additional configuration both in the chart of
  147. accounts and in the system itself. Please edit the pos.conf.pl and create
  148. appropriate till accounts.
  149. Bugs Fixed in 1.2.6:
  150. ================================
  151. 1) Customer_id field not found error when posting AP transaction. This error
  152. was caused by a mistake in the performance optimizations made in 1.2.5.
  153. 2) Erroneous headers printed to balance sheet and income statement.
  154. 3) Meta tags were added to force UTF-8 charsets, fixing occasional display
  155. issues with multibyte characters where Apache was misconfigured.
  156. 4) ledgersmb-httpd.conf is now more internally consistant. The alias directive
  157. was changed to /ledgersmb (from /ledger-smb).
  158. 5) Minor html fixes were added to ca.pl, contributed by Donna Robertson
  159. 6) Error when searching for customer by address is corrected.
  160. 7) Invalid format for integer error fixed when saving projects unconnected to
  161. customers.
  162. None of the above fixes involved changes to API's that are widely used by the
  163. application. Impacts elsewhere from these bug fixes should be minimal.
  164. 8) Unbound placeholder error when saving items with custom fields. This error
  165. involved a centrally used API that is invoked when custom fields exist. The fix
  166. is only likely to affect those installations which have custom fields attached
  167. to orders, invoices, or parts.