Posted by: Anonymous Coward
on November 10, 2006 11:44 PM
We are committed to doing LedgerSMB right. We are in the process of re-engineering the entire application. 1.2 will fix all outstanding security vulnerabilities except the lack of real permission management (which will be addressed in 1.3). In addition, every release, we are re-engineering a part of the system.
1.2 addresses defaults handling, tax handling, and a few other issues. 1.3 will, at a minimum, re-engineer the vendor/customer system allowing for multiple shipto's and the like.
Part of the problem is that, as the article implies SQL-Ledger is "almost good enough" but in many, many areas it lacks little bits here and there that are necessary.
Let me take a moment to illustrate a number of the issues we have fixed. THese are real issues that real customers have run into:
1) In places like Ontario where tax rules are fairly contextual (pastries are taxable if they are not individually wrapped, you buy fewer than 6, and the subtotal is greater than $4 CAD). SQL-Ledger and prior versions of LedgerSMB did not handle this correctly.
2) Localization was done in a very non-standard and bug-prone way. Customers in some locales were having bugs in the software caused by lacking translations.
3) THe point of sale system was inadequate for any retailer (even the smallest one). Now it will work at least for small retailers.
4) A huge number of security issues including both SQL injection and arbitrary code execution issues. (Of course, when we started, one could exploit these issues in SQL-Ledger without even logging on. Now at least, the login issue is fixed.)
In fact let me mention this to any readers: If you are running SQL-Ledger from version 2.4.4 through 2.6.17, please upgrade immediately. These versions allow non-authenticated users to hijack sessions, run arbitrary code, etc. through trivial and documented means.
5) The documentation from SQL-Ledger has erroneous information about how to run it on Windows with Perl 5.8. We now fully document this process.
6) We now document how to get server-side printing working on Windows.
7) We fully expect LedgerSMB 1.2 to ship with native OSX installers, rpm packages,<nobr> <wbr></nobr>.debs, gentoo ebuild support and maybe even Win32 installers (depending on how testing goes).
Learn about Linux
Download Linux
Get Linux help
A little more information
Posted by: Anonymous Coward on November 10, 2006 11:44 PM1.2 addresses defaults handling, tax handling, and a few other issues. 1.3 will, at a minimum, re-engineer the vendor/customer system allowing for multiple shipto's and the like.
Part of the problem is that, as the article implies SQL-Ledger is "almost good enough" but in many, many areas it lacks little bits here and there that are necessary.
Let me take a moment to illustrate a number of the issues we have fixed. THese are real issues that real customers have run into:
1) In places like Ontario where tax rules are fairly contextual (pastries are taxable if they are not individually wrapped, you buy fewer than 6, and the subtotal is greater than $4 CAD). SQL-Ledger and prior versions of LedgerSMB did not handle this correctly.
2) Localization was done in a very non-standard and bug-prone way. Customers in some locales were having bugs in the software caused by lacking translations.
3) THe point of sale system was inadequate for any retailer (even the smallest one). Now it will work at least for small retailers.
4) A huge number of security issues including both SQL injection and arbitrary code execution issues. (Of course, when we started, one could exploit these issues in SQL-Ledger without even logging on. Now at least, the login issue is fixed.)
In fact let me mention this to any readers: If you are running SQL-Ledger from version 2.4.4 through 2.6.17, please upgrade immediately. These versions allow non-authenticated users to hijack sessions, run arbitrary code, etc. through trivial and documented means.
5) The documentation from SQL-Ledger has erroneous information about how to run it on Windows with Perl 5.8. We now fully document this process.
6) We now document how to get server-side printing working on Windows.
7) We fully expect LedgerSMB 1.2 to ship with native OSX installers, rpm packages,<nobr> <wbr></nobr>.debs, gentoo ebuild support and maybe even Win32 installers (depending on how testing goes).
Best Wishes,
Chris Travers
LedgerSMB core team
#