• Fixed DBI error on order consolidation
• Fixed whitelisting errors on template editing

Fixed another login issue

Changelog for Ledger SMB 1.1.6

• Fixed problem with login failures

• Updated version strings
• Whitelisted redirect destinations in Form::redirect
• Whitelisted destinations in bin/mozilla/am.pl
• Limited logout redirect destinations
• Whitelisted directories and file extensions used by the template editor
• Converted the template editor to using 3-arg open
• Limited configurable preferences in save_preferences
• Moved (error|info)_function strings from $form into environment variables
• Converted opens of $form->{IN} to 3-arg open in form printing
• User config items are now truncated at first ne

• Fixed problem with parts_short trigger not being created
• Fixed problem with custom fields functions not being created
• Pg driver is now checked by default.

Database

• Added add_custom_field and drop_custom_field functions.

-- will be more integrated into API next version

Changelog for LedgerSMB v 1.0.0p1

• Fixed directory transversal/arbitrary code execution vulnerability.

(Changes relative to the pre-fork SQL-Ledger 2.6.17)

• Corrected sessionid security hole allowing bypass of login to main application
• Corrected sessionid security hole allowing one to list logins and more.
• Changed acc_trans.amount to NUMERIC
• Tightened browser caching rules to prevent problems with back button.
• Added an open content manual to the main distribution.
• New logo.
• Began whitespace reformatting of main application.