Changelog for LedgerSMB 1.1.5

Submitted by Chris Travers on
  • Updated version strings
  • Whitelisted redirect destinations in Form::redirect
  • Whitelisted destinations in bin/mozilla/am.pl
  • Limited logout redirect destinations
  • Whitelisted directories and file extensions used by the template editor
  • Converted the template editor to using 3-arg open
  • Limited configurable preferences in save_preferences
  • Moved (error|info)_function strings from $form into environment variables
  • Converted opens of $form->{IN} to 3-arg open in form printing
  • User config items are now truncated at first ne

Changelog for LedgerSMB v 1.0.0

Submitted by Chris Travers on

(Changes relative to the pre-fork SQL-Ledger 2.6.17)

  • Corrected sessionid security hole allowing bypass of login to main application
  • Corrected sessionid security hole allowing one to list logins and more.
  • Changed acc_trans.amount to NUMERIC
  • Tightened browser caching rules to prevent problems with back button.
  • Added an open content manual to the main distribution.
  • New logo.
  • Began whitespace reformatting of main application.