summaryrefslogtreecommitdiff
path: root/doc/release_notes
blob: 5e32f3f6ae6339831891d530de087290b8c18f99 (plain) 
    

  1. RELEASE NOTES
    2. 

  2. LedgerSMB 1.2.2
    3. 

  3. 

  4. 

  5. 

  6. 1:  Welcome to LedgerSMB
    7. 

  7. 

  8. LedgerSMB is an accounting and ERP program initially aimed at small to midsize
    9. 

  9. businesses.  Currently the financials and supply chain management modules are
    10. 

  10. fairly complete, while other modules such as project management exist in a
    11. 

  11. rudamentary form.  The initial features are identical to SQL-Ledger 2.6.17 from
    12. 

  12. which it was derived, but the feature set is starting to diverge rapidly.
    13. 

  13. 

  14. 1.1 System Requirements:
    15. 

  15. 

  16. * Perl 5.8.
    17. 

  17. * Apache, IIS, or other web server that supports CGI.
    18. 

  18. * PostgreSQL 8.0 or higher.  7.3 and 7.4 could be supported with some effort but
    19. 

  19. will not work out of the box.
    20. 

  20. * Any operating system that supports the above environment.
    21. 

  21. * The following CPAN modules:
    22. 

  22.     * Data::Dumper
    23. 

  23.     * Locale::Maketext
    24. 

  24.     * Locale::Maketext::Lexicon
    25. 

  25.     * MIME::Base64
    26. 

  26.     * Digest::MD5
    27. 

  27.     * HTML::Entities
    28. 

  28.     * DBI
    29. 

  29.     * DBD::Pg
    30. 

  30.     * Math::BigFloat
    31. 

  31.     * IO::File
    32. 

  32.     * Encode
    33. 

  33.     * Locale::Country
    34. 

  34.     * Locale::Language
    35. 

  35.     * Time::Local
    36. 

  36.     * Cwd
    37. 

  37.     * Config::Std
    38. 

  38.     * MIME::Lite
    39. 

  39. 

  40.     
    41. 

  41. 

  42. 2:  What's New in 1.2?
    43. 

  43. 

  44. 2.1: Database changes:
    45. 

  45. 

  46. All core tables now have defined primary keys.  This allows Slony-I to be 
    47. 

  47. supported out of the box.
    48. 

  48. 

  49. Chris Browne has contributed a setup script for Slony.  It is in the 
    50. 

  50. utils/replication directory.
    51. 

  51. 

  52. Also all user information has been moved into the database and the password 
    53. 

  53. algorythm has been changed from crypt to md5.  This means that users will need 
    54. 

  54. to convert their accounts prior to first login on the new system (if this is an
    55. 

  55. upgrade).
    56. 

  56. 

  57. Also now the defaults table has moved from a one column per value structure to a simple key->value structure.
    58. 

  58. 

  59. 

  60. 2.2:  Security
    61. 

  61. 

  62. LedgerSMB 1.2 has been through a detailed SQL injection audit of the codebase
    63. 

  63. inherited from SQL-Ledger.  As a result several vulnerabilities which were known
    64. 

  64. to be exploitable were corrected along with hundreds of places where
    65. 

  65. vulnerabilities may have been exploitable but we didn't have time to verify the
    66. 

  66. what was involved in exploiting it.  We believe though that many or most of the
    67. 

  67. issues were exploitable given a little time and effort.
    68. 

  68. 

  69. Also, we discovered the template editor's security system was moved from
    70. 

  70. blacklisting to whitelisting, eliminating a whole class of possible security
    71. 

  71. issues.
    72. 

  72. 

  73. 2.3:  New Features
    74. 

  74. 

  75. Metatron Technology Consulting's SL-POS codebase was merged with this project,
    76. 

  76. providing a framework for POS hardware support and more.
    77. 

  77. 

  78. Online credit card processing support has been added.
    79. 

  79. 

  80. LSMB now supports an arbitrary number of defined currencies for a business and 
    81. 

  81. is no longer limited to 3.
    82. 

  82. 

  83. 2.4:  Localization Changes
    84. 

  84. 

  85. Localization functions now use Gettext .po files on all platforms.  This means 
    86. 

  86. that standard translation management tools will work with LSMB translations.
    87. 

  87. 

  88. 2.5:  Other changes
    89. 

  89. 

  90. The ledger-smb.conf is now an inifile which will reduce the level of expertise 
    91. 

  91. necessary to configure it for non-Perl users.
    92. 

  92. 

  93. 3:  Known Issues
    94. 

  94. Reposting invoices is known to cause inaccuracies cost of goods sold and
    95. 

  95. inventory accounts.  This problem has been confirmed to affect SQL-Ledger 2.6.x 
    96. 

  96. as well and is caused by problems involving the de-allocation and trasaction
    97. 

  97. reversal routines.  It will be corrected (by removing the ability to truly
    98. 

  98. repost invoices) in an upcoming version as we continue to re-engineer the
    99. 

  99. application.
    100. 

  100. 

  101. 4:  Differences between LedgerSMB and SQL-Ledger(TM)
    102. 

  102. 

  103. 4.1: Login name restrictions
    104. 

  104. Logins in SQL-Ledger can contain any printable characters.  In LedgerSMB these
    105. 

  105. are restricted to alphanumeric characters and the symbols ., @, and -.
    106. 

  106. 

  107. 4.2: Session handling
    108. 

  108. SQL-Ledger as of 2.6.17 used session tokens for authentication.  These tokens
    109. 

  109. are based on the current timestamp and therefore insecure.  Furthermore, these
    110. 

  110. tokens are not tracked on the server, so one can easily forge credentials for
    111. 

  111. either the main application or the administrative interface.  While this was 
    112. 

  112. corrected in 2.6.18, the solutions chosen by SQL-Ledger (caching the crypted 
    113. 

  113. password by the browser) is not in line with commonly accepted best security
    114. 

  114. practices.
    115. 

  115. 

  116. LedgerSMB stores the sessions in the database.  These are generated as md5 sums
    117. 

  117. of random numbers and are believed to be reasonably secure.  The sessions time
    118. 

  118. out after a period of inactivity.  In the initial release both
    119. 

  119. SQL-Ledger-style session ID's and the newer version were required to access the
    120. 

  120. application.  In newer versions, the SQL-Ledger style session ID's have been 
    121. 

  121. removed.
    122. 

  122. 

  123. 4.3: Database Changes
    124. 

  124. Under certain circumstances where the Chart of Accounts is improperly modified,
    125. 

  125. it is possible to post transactions such that a portion of the transaction is
    126. 

  126. put into a NULL account.  LedgerSMB does not allow NULL values in the chart id
    127. 

  127. field of the transaction.
    128. 

  128. 

  129. Also, the transaction amount has been changed from FLOAT to NUMERIC so that
    130. 

  130. arbitrary precision mathematics can be used in third party reports.  This ought
    131. 

  131. to also allow SQL-Ledger to properly scale up better as SUM operations on
    132. 

  132. floating points are unsafe for large numbers of records where accounting data is
    133. 

  133. involved.
    134. 

  134. 

  135. 5:  Roadmap
    136. 

  136. This project has no defined roadmap but rather a set of statements and 
    137. 

  137. objectives contained in the documentation manager and trackers of sourceforge.
    138. 

  138. In general, our development is focused around the following principles:
    139. 

  139. 

  140. * LSMB as infrastructure:  LSMB should be accessible from other applications.
    141. 

  141. 

  142. * Universal applicability:  LSMB should be usable by any any business and should
    143. 

  143. always do the right thing in the background.  Businesses should never find that 
    144. 

  144. they have outgrown the software.
    145. 

  145. 

  146. * Focus on Small to Midsize Businesses:  LSMB's core market will remain in the
    147. 

  147. small to midsize market.
    148. 

  148. 

  149. 6:  Get Involved
    150. 

  150. Contributors should start by joining the LedgerSMB users and devel lists.  Code
    151. 

  151. contributions at the moment must be committed by either project maintainer and
    152. 

  152. should be submitted either using the patches interface at Sourceforge or the
    153. 

  153. devel mailing lists.
    154. 

  154. 

  155. Additionally, we can use help in QA, documentation, advocacy, and many other
    156. 

  156. places. 
    157. 

  157. 

  158. SQL-Ledger is a registered trademark of DWS systems and is not affiliated with 
    159. 

  159. this project or its members in any way.
    160. 

  160. 

  161. DEPRECATIONS:
    162. 

  162. =============================
    163. 

  163. The entire set of Perl modules and database structures should be seen as 
    164. 

  164. deprecated from the perspective of add-on development.  For advice in making
    165. 

  165. add-ons as upgrade-safe as possible, please email the -devel list.  Please 
    166. 

  166. include a description of what you are trying to accomplish.
    167. 

  167. 

  168. KNOWN ISSUES:
    169. 

  169. ==============================
    170. 

  170. Invoice and order data entry screens display incorrect total.  Correct amount 
    171. 

  171. is posted to the database, and invoices print properly, however.  This is a
    172. 

  172. display problem only.  A fix is expected to be available from the development 
    173. 

  173. team shortly after this version is released but will not not have been through 
    174. 

  174. full testing and this bug is not considered to be as severe as the
    175. 

  175. bugs that are fixed in this release.  You can either upgrade to the latest svn 
    176. 

  176. release in branches/1.2 or you can email a request to the list for the fix.
    177. 

  177. 

  178.
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-29 00:30:56 +0000