Changelog for LedgerSMB 1.2.0 Database: * Added script to configure Slony replication (Chris Browne) * Added defined primary keys to all tables (Chris T) * Database upgrades now use psql (Chris T) Security: * Added whitelist of allowed directories to file editor (Seneca) * Audited OE.pm, AA.pm, and AM.pm for SQL injection problems. (Chris T) * Forced edited files to have whitelisted extensions and no .. strings (Chris T) * Audited Form.pm for SQL-injection problems and move to new API (Chris T) * Audited BP.pm, CA.pm, CT.pm for SQL injection and moved to new API. (Chris T) * Audited IS.pm, IR.pm for SQL injection and moved to new API. (Chris T) * Audited User.pm for SQL injection. (Chris T) Localization: * Moved localization files to standard codes (Seneca) * Added cumulative tax support (Seneca) * Translations now use Gettext (Seneca) * Removed back-translation of function names for i18n (Seneca) * Corrected parsing of numbers so that they are multi-run safe (Chris T) * Added modular tax calculation support (no modules included yet) (Seneca) * Added "1 000.00" number format (Chris T) Code Quality and API: * Added logging module (Jason R) * Added session method abstraction (Chris T) * Broke out price matrix calls into PriceMatrix.pm (Chris T) * Added $form->callproc($procname, @args) returns @hashrefs (Chris T) * Corrected rounding errors (Seneca) * Code cleanup and template correction (Chris Murtagh) * New template system (Chris T) * IC.pm, OE.pm, and IS.pm are aware of custom fields (Chris T) * Added LedgerSMB::Sysconfig for site-wide configuration (Chris T) * LedgerSMB::IC is aware of custom fields (Chris T) * LedgerSMB::PE is aware of custom fields (Chris T) * Testing suite added (Seneca) Packaging: * Added first version of rpm spec from Mads Kiilerich (Chris T) * Added Gentoo ebuilds documentation and metadata (Jayson R). Point of Sale: * Added experimental TrustCommerce credit card processing (Chris T) * Merged most of the rest of the SL-POS interface (Chris T) * POS register now goes from add invoice to add invoice. (Chris T) * Added pole display and separate cash drawer open calls. (Chris T) User Interface: * Moved IS/IR/OE the lineitem column list to the LedgerSMB::Sysconfig Chris T) * Invoice now has an Onhand column (Chris T) * Added simple text import function for invoices received (PDT's) (Chris T) Other: * ledger-smb.conf is now an ini file (Seneca) Changelog for LedgerSMB 1.1.1 * Fixed problem with parts_short trigger not being created * Fixed problem with custom fields functions not being created * Pg driver is now checked by default. Changelog for LedgerSMB 1.1.0 Database * Added add_custom_field and drop_custom_field functions. -- will be more integrated into API next version * Added utility to partially recover from SQL-Ledger data corruption issues. * Primary Key added to acc_trans table * DB Updates now use one transaction per update file. * FLOAT datatypes removed from database * Protection against duplicate transaction id's. * Added foreign key constraint to acc_trans.chart_id * Database backups now use pg_dump * Database creation routines now attempt to add plpgsql to the db if not there. * Transaction reversal is now enforced by default Security * One is required to change the admin password when it is blank (on first login etc). Usability * We now support adding custom automation into a custom.pl * Setup.pl use is now experimentally supported * Disabled editing sub-assemblies in one area where it is unsafe. * Utility included for near-real-time parts short email notifications. * Fixed Lynx support * Batch printing now available for checks * Warnings are printed when check stub is truncated * Sales Data Report added * SL2LS.pl now dies if it cannot open the files with instructions on how to proceed manually * Links between admin and login pages * Experimental support for Windows printing Changelog for LedgerSMB v 1.0.0p1 * Fixed directory transversal/arbitrary code execution vulnerability. Changelog for LedgerSMB v 1.0.0 (Changes relative to the pre-fork SQL-Ledger 2.6.17) * Corrected sessionid security hole allowing bypass of login to main application * Corrected sessionid security hole allowing one to list logins and more. * Changed acc_trans.amount to NUMERIC * Tightened browser caching rules to prevent problems with back button. * Added an open content manual to the main distribution. * New logo. * Began whitespace reformatting of main application.