summaryrefslogtreecommitdiff
path: root/doc/release_notes
blob: dd8c0a52ad9ca46566f653d406974f095ba28cf0 (plain)
  1. RELEASE NOTES
  2. LedgerSMB 1.2.2
  3. 1: Welcome to LedgerSMB
  4. LedgerSMB is an accounting and ERP program initially aimed at small to midsize
  5. businesses. Currently the financials and supply chain management modules are
  6. fairly complete, while other modules such as project management exist in a
  7. rudamentary form. The initial features are identical to SQL-Ledger 2.6.17 from
  8. which it was derived, but the feature set is starting to diverge rapidly.
  9. 1.1 System Requirements:
  10. * Perl 5.8.
  11. * Apache, IIS, or other web server that supports CGI.
  12. * PostgreSQL 8.0 or higher. 7.3 and 7.4 could be supported with some effort but
  13. will not work out of the box.
  14. * Any operating system that supports the above environment.
  15. * The following CPAN modules:
  16. * Data::Dumper
  17. * Locale::Maketext
  18. * Locale::Maketext::Lexicon
  19. * MIME::Base64
  20. * Digest::MD5
  21. * HTML::Entities
  22. * DBI
  23. * DBD::Pg
  24. * Math::BigFloat
  25. * IO::File
  26. * Encode
  27. * Locale::Country
  28. * Locale::Language
  29. * Time::Local
  30. * Cwd
  31. * Config::Std
  32. * MIME::Lite
  33. 2: What's New in 1.2?
  34. 2.1: Database changes:
  35. All core tables now have defined primary keys. This allows Slony-I to be
  36. supported out of the box.
  37. Chris Browne has contributed a setup script for Slony. It is in the
  38. utils/replication directory.
  39. Also all user information has been moved into the database and the password
  40. algorythm has been changed from crypt to md5. This means that users will need
  41. to convert their accounts prior to first login on the new system (if this is an
  42. upgrade).
  43. Also now the defaults table has moved from a one column per value structure to a simple key->value structure.
  44. 2.2: Security
  45. LedgerSMB 1.2 has been through a detailed SQL injection audit of the codebase
  46. inherited from SQL-Ledger. As a result several vulnerabilities which were known
  47. to be exploitable were corrected along with hundreds of places where
  48. vulnerabilities may have been exploitable but we didn't have time to verify the
  49. what was involved in exploiting it. We believe though that many or most of the
  50. issues were exploitable given a little time and effort.
  51. Also, we discovered the template editor's security system was moved from
  52. blacklisting to whitelisting, eliminating a whole class of possible security
  53. issues.
  54. 2.3: New Features
  55. Metatron Technology Consulting's SL-POS codebase was merged with this project,
  56. providing a framework for POS hardware support and more.
  57. Online credit card processing support has been added.
  58. LSMB now supports an arbitrary number of defined currencies for a business and
  59. is no longer limited to 3.
  60. 2.4: Localization Changes
  61. Localization functions now use Gettext .po files on all platforms. This means
  62. that standard translation management tools will work with LSMB translations.
  63. Unfotunately, there is a known issue in the localization selection routines that
  64. was discovered as 1.2.2 was undergoing release validation. The problem has
  65. been fixed in the svn repository (branches/1.2/). If you need a pre-release
  66. tarball, please contact Chris Travers <chris.travers@gmail.com>. The problem
  67. will be corrected in 1.2.3.
  68. 2.5: Other changes
  69. The ledger-smb.conf is now an inifile which will reduce the level of expertise
  70. necessary to configure it for non-Perl users.
  71. 3: Known Issues
  72. Reposting invoices is known to cause inaccuracies cost of goods sold and
  73. inventory accounts. This problem has been confirmed to affect SQL-Ledger 2.6.x
  74. as well and is caused by problems involving the de-allocation and trasaction
  75. reversal routines. It will be corrected (by removing the ability to truly
  76. repost invoices) in an upcoming version as we continue to re-engineer the
  77. application.
  78. 4: Differences between LedgerSMB and SQL-Ledger(TM)
  79. 4.1: Login name restrictions
  80. Logins in SQL-Ledger can contain any printable characters. In LedgerSMB these
  81. are restricted to alphanumeric characters and the symbols ., @, and -.
  82. 4.2: Session handling
  83. SQL-Ledger as of 2.6.17 used session tokens for authentication. These tokens
  84. are based on the current timestamp and therefore insecure. Furthermore, these
  85. tokens are not tracked on the server, so one can easily forge credentials for
  86. either the main application or the administrative interface. While this was
  87. corrected in 2.6.18, the solutions chosen by SQL-Ledger (caching the crypted
  88. password by the browser) is not in line with commonly accepted best security
  89. practices.
  90. LedgerSMB stores the sessions in the database. These are generated as md5 sums
  91. of random numbers and are believed to be reasonably secure. The sessions time
  92. out after a period of inactivity. In the initial release both
  93. SQL-Ledger-style session ID's and the newer version were required to access the
  94. application. In newer versions, the SQL-Ledger style session ID's have been
  95. removed.
  96. 4.3: Database Changes
  97. Under certain circumstances where the Chart of Accounts is improperly modified,
  98. it is possible to post transactions such that a portion of the transaction is
  99. put into a NULL account. LedgerSMB does not allow NULL values in the chart id
  100. field of the transaction.
  101. Also, the transaction amount has been changed from FLOAT to NUMERIC so that
  102. arbitrary precision mathematics can be used in third party reports. This ought
  103. to also allow SQL-Ledger to properly scale up better as SUM operations on
  104. floating points are unsafe for large numbers of records where accounting data is
  105. involved.
  106. 5: Roadmap
  107. This project has no defined roadmap but rather a set of statements and
  108. objectives contained in the documentation manager and trackers of sourceforge.
  109. In general, our development is focused around the following principles:
  110. * LSMB as infrastructure: LSMB should be accessible from other applications.
  111. * Universal applicability: LSMB should be usable by any any business and should
  112. always do the right thing in the background. Businesses should never find that
  113. they have outgrown the software.
  114. * Focus on Small to Midsize Businesses: LSMB's core market will remain in the
  115. small to midsize market.
  116. 6: Get Involved
  117. Contributors should start by joining the LedgerSMB users and devel lists. Code
  118. contributions at the moment must be committed by either project maintainer and
  119. should be submitted either using the patches interface at Sourceforge or the
  120. devel mailing lists.
  121. Additionally, we can use help in QA, documentation, advocacy, and many other
  122. places.
  123. SQL-Ledger is a registered trademark of DWS systems and is not affiliated with
  124. this project or its members in any way.