• Corrected authentication bypass vulnerability in admin.pl

• Fixed DBI error on order consolidation
• Fixed whitelisting errors on template editing

Fixed another login issue

Changelog for Ledger SMB 1.1.6

• Fixed problem with login failures

• Updated version strings
• Whitelisted redirect destinations in Form::redirect
• Whitelisted destinations in bin/mozilla/am.pl
• Limited logout redirect destinations
• Whitelisted directories and file extensions used by the template editor
• Converted the template editor to using 3-arg open
• Limited configurable preferences in save_preferences
• Moved (error|info)_function strings from $form into environment variables
• Converted opens of $form->{IN} to 3-arg open in form printing
• User config items are now truncated at first newline when saving

• Fixed problem with parts_short trigger not being created
• Fixed problem with custom fields functions not being created
• Pg driver is now checked by default.

Database

• Added add_custom_field and drop_custom_field functions.

-- will be more integrated into API next version

• Added utility to partially recover from SQL-Ledger data corruption issues.
• Primary Key added to acc_trans table
• DB Updates now use one transaction per update file.
• FLOAT datatypes removed from database
• Protection against duplicate transaction id's.
• Added foreign key constraint to acc_trans.chart_id
• Database backups now use pg_dump
• Database creation routines now attempt to add plpgsql to the db if not there.

Security

• One is required to change the admin password when it is blank (on first login etc).

Usability

• We now support adding custom automation into a custom.pl
• Setup.pl use is now experimentally supported
• Disabled editing sub-assemblies in one area where it is unsafe.
• Utility included for near-real-time parts short email notifications.
• Fixed Lynx support
• Batch printing now available for checks
• Warnings are printed when check stub is truncated
• Sales Data Report added
• SL2LS.pl now dies if it cannot open the files with instructions on how to proceed manually
• Links between admin and login pages
• Experimental support for Windows printing

Changelog for LedgerSMB v 1.0.0p1

• Fixed directory transversal/arbitrary code execution vulnerability.

(Changes relative to the pre-fork SQL-Ledger 2.6.17)

• Corrected sessionid security hole allowing bypass of login to main application
• Corrected sessionid security hole allowing one to list logins and more.
• Changed acc_trans.amount to NUMERIC
• Tightened browser caching rules to prevent problems with back button.
• Added an open content manual to the main distribution.
• New logo.
• Began whitespace reformatting of main application.

LedgerSMB is a fork of a popular general ledger software package called SQL-Ledger largely written and maintained by Dieter Simader. If you are considering joining our community please take a look at our Code of Conduct.

Update July 14, 2009: Feature freeze for 1.3 is (finally) just around the corner! Expect an announcement soon!

SMB is an acronym for Small Medium Business.