This version includes a number of major bug fixes for the extended functionality of the software.
A bug has been discovered in the upgade scripts for LedgerSMB 1.1.0 and 1.1.1 which can cause the upgrade to fail.
A new version will be released no later than tomorrow.
This release fixes a few issues with the creation of a few of the new functions.
Thanks to Command Prompt, Inc. who is hosting the LedgerSMB website here: http://www.ledgersmb.org/
If there is something that you would like to see there, please let us know. Some features already planned: a live demo and some sort of community driven documentation (possibly via wiki).
Many usability enhancements including inventory activity reports, Experimental support is included for Windows server-side printing, and a utility is included for near-real-time email notifications of short parts. Additionally, there are security enhancements including the requirement that one change the admin password on first use. Finally, we have data integrity enhancements with the addition of several database-level protections including primary and foreign keys, and constraints.
We were notified today of a serious directory transversal and arbitrary code execution vulnerability in LedgerSMB. This vulnerability was inherited from SQL-Ledger, but after we notified Dieter, he fixed the problem (SQL-Ledger 2.6.19 is patched).
All users of LedgerSMB should upgrade to 1.0.0p1 immediately.
LedgerSMB 1.0.0 is an incrimental change from SQL-Ledger 2.6.17. It fixes critical security problems involving session handling. Other changes include tighter cache settings, a NOT NULL constraint on acc_trans.chart_id, and changing the acc_trans.amount from FLOAT to NUMERIC.
Over coming releases, a larger number of security and data integrity improvements will be made.
Additionally, this project offers Free documentation, and several controls to ensure that it will always be a truly open effort.