Changelog for LedgerSMB 1.2.0 * Audited OE.pm and AM.pm for SQL injection problems. (Chris Travers) * Forced edited files to have whitelisted extensions and no .. strings (Chris T) * Added $form->callproc($procname, @args) returns @hashrefs (Chris Travers) * Corrected rounding errors (Seneca) * Audited Form.pm for SQL-injection problems and move to new API (Chris Travers) * Code cleanup and template correction (Chris Murtagh) * New template system (Chris Travers) * OE.pm and IS.pm are aware of custom fields (Chris Travers) Changelog for LedgerSMB 1.1.1 * Fixed problem with parts_short trigger not being created * Fixed problem with custom fields functions not being created * Pg driver is now checked by default. Changelog for LedgerSMB 1.1.0 Database * Added add_custom_field and drop_custom_field functions. -- will be more integrated into API next version * Added utility to partially recover from SQL-Ledger data corruption issues. * Primary Key added to acc_trans table * DB Updates now use one transaction per update file. * FLOAT datatypes removed from database * Protection against duplicate transaction id's. * Added foreign key constraint to acc_trans.chart_id * Database backups now use pg_dump * Database creation routines now attempt to add plpgsql to the db if not there. * Transaction reversal is now enforced by default Security * One is required to change the admin password when it is blank (on first login etc). Usability * We now support adding custom automation into a custom.pl * Setup.pl use is now experimentally supported * Disabled editing sub-assemblies in one area where it is unsafe. * Utility included for near-real-time parts short email notifications. * Fixed Lynx support * Batch printing now available for checks * Warnings are printed when check stub is truncated * Sales Data Report added * SL2LS.pl now dies if it cannot open the files with instructions on how to proceed manually * Links between admin and login pages * Experimental support for Windows printing Changelog for LedgerSMB v 1.0.0p1 * Fixed directory transversal/arbitrary code execution vulnerability. Changelog for LedgerSMB v 1.0.0 (Changes relative to the pre-fork SQL-Ledger 2.6.17) * Corrected sessionid security hole allowing bypass of login to main application * Corrected sessionid security hole allowing one to list logins and more. * Changed acc_trans.amount to NUMERIC * Tightened browser caching rules to prevent problems with back button. * Added an open content manual to the main distribution. * New logo. * Began whitespace reformatting of main application.