LedgerSMB is a fork of SQL-Ledger that seeks to
provide better security and data integrity
controls, better community support, open
documentation, and more.
Information regarding Project Releases and Project Resources. Note that the information here is a quote from Freecode.com page, and the downloads themselves may not be hosted on OSDN.
New features include the use of PI tags in the templates, Slony-I support (and setup scripts), additional POS hardware support, and a framework for integrating credit card processing into the application. Additionally, the code has undergone a security audit and a large number of security enhancements have been made. Among others, numerous inherited SQL injection vulnerabilities have been fixed, and the system no longer depends on Perl scripts which are both writable and executable by the server.
This release is meant to be the last release
candidate before 1.2.0 stable. All known bind
variable bugs have been closed out. Documentation
has been updated, and the configuration file
ledger-smb.conf has been renamed to
ledgersmb.conf.
Sales orders previously could not be generated
from timecards. The installation would overwriting
existing user authentication data. Both of these
serious bugs were fixed.
This release fixes one major security bug that
allowed arbitrary code execution due to directory
transversal in the login query variable. It also
corrects a more minor bug in currency selection
during the automatic generation of sales orders.
This release also corrects an error in version
strings that might lead an administrator to think
mistakenly that a vulnerable version of the
software was running.
