Tryton Unconference Liège 2017 is coming!

Security Release for issue4155

Veröffentlicht: 2014-09-30 10:00:00+00:00 release security

Synopsis

A vulnerability in trytond has been found by duesenfranz, that might allow a malicious user to execute arbitrary commands on the server via the safe_eval function (see issue4155).

Impact

Any authenticated user can run arbitrary commands on the server with the permissions of the trytond user.

Workaround

There is no workaround.

Resolution

All users should upgrade trytond to the latest version of the used series.

Concern?

Any security concerns should be reported on the bug-tracker at https://bugs.tryton.org/ with the type security.

New Tryton release 3.2

Veröffentlicht: 2014-04-21 20:00:00+00:00 release

We are happy to announce the 3.2 release of Tryton.

This release mainly consolidates many new functionalities added in last two years. Also it prepares the future migration to Python 3 by dropping the support for Python 2.6. But also as usual there are many bug-fixes, improvements and new modules (see below).

Of course, migration from previous series is fully supported.

Major changes in graphical user interface

  • The client uses the local timezone to display date time.

  • The copy/paste on editable list has been improved to add new lines if needed beside of updating existing records.

  • The buttons of the view are also available in the action menu. This allows fast access using keyboard shortcuts but also trigger the button for a list of selected records.

    button action menu
  • Buttons and wizards can now trigger actions from the client side. This means it behaves like if the user clicked on one of the tool bar buttons.

  • The client uses now a pool of connections, this allows to speed up the client on requests that can be parallelized.

  • The attachment button can now receive drag & drop of file to quickly create attachments.

  • There is a new widget multi-selection, it uses the Many2Many field as backend. It is very useful and more visual when there is a small number of selection.

    multiselection
  • The client allows to browse the revisions of a record if it is historized. It also works on a full list of records, in this case the client shows the result of the search as if it was done at the revision date.

    revisions

Major changes on the server side

  • The server runs internally always in UTC timezone.
  • The ModelStorage.write method receives the similar improvements as the ModelStorage.create in version 2.8. This means it can write different values to many sets of records in one call and so this improves the performance by validating all the records at once and also it will validate only the modified and dependant fields. Also the action values of relation fields have been updated with the same interface.
  • A new decorator fields.depends is introduced to replace the deprecated on_change, on_change_with, selection_change_with and autocomplete fields attributes. This decorator applies on the called methods and the result will be the sum of all depends of all the modules, this brings much more flexibility to the modularity.
  • Tryton uses bcrypt to hash password if the library is available.
  • All types of field can now have a domain to constraint its value and most of the domains are supported for pre-validation and inversion on the client side.
  • The on_change returned value of One2Many uses now an index for the add keyword. This allows to define the position of the new record in the list instead of being always at the bottom.
  • A new method ModelSQL.restore_history allows to restore the values of a record as they were at a specific date time.

Modules

Account

  • A new journal type write-off has been added to ease the creation of write-offs.
  • Taxes has now an optional start and end, this allows to manage the changes over time.

French Chart of Account

  • The French chart of account has been updated for the new tax rates of 2014.

Account Statement

  • The module prevents now to use an already paid invoice in draft statements.
  • It uses the new index of on_change to add the new split line under the original.

Account Stock Continental

  • The creation of account move for stock move is speed-up.

Bank

  • The IBAN numbers are now validated and formatted.

Company

  • A new timezone field is added to the company to get the right date for today.
  • The employee is also taken from the context just like the company. This allows to use many clients with the same user but different employees.

Production

  • It is now possible to define the effective date of a production. This allows to enter past productions.

Purchase

  • There is now a warning when trying to receive a supplier stock move without an origin. Normally, the origin should be a purchase order.
  • The purchase tries to create links between stock moves and invoice lines.

Sale

  • The same warning exists for customer move without origin.
  • The sale tries as the purchase to create links between stock moves and invoice lines.

Stock

  • Supplier Shipment Return can now have partial assignation
  • The computation of stock quantities has been reworked to allow easy customization and better search.
  • It is now possible to define the effective date for all shipments. This allows to enter past shipments.

Stock Lot

  • A new relate has been added from lot to moves.

New modules

  • The Party Relationship module defines different types of relations between parties.
  • The Account Payment module allows to generate grouped payments for receivable and payable account move lines.
  • The Account Payment SEPA module allows to generate SEPA files for payments.
  • The Stock Package module allows to store packaging information about customer and supplier return shipments.
  • The Sale Shipment Grouping module adds an option to define how stock moves generated from sales will be grouped.
  • The Account Credit Limit module manages credit limit of parties.
  • The Sale Credit Limit module adds confirmed sale to the credit amount of the party.

Security Release for issue3446

Veröffentlicht: 2013-11-04 10:00:00+00:00 release security

Synopsis

A vulnerability in tryton has been found, that might allow a malicious server to send a crafted extention as answer to a report request leading the client to write the report on any file of the client host with the right of the user running the client (see issue3446).

Impact

Any file can be created on the client host with the access permissions of the user running the client.

Workaround

Users should connect only to trusted servers.

Resolution

All users should upgrade to the latest version of the used series.

Concern?

Any security concerns should be reported on the bug-tracker at http://bugs.tryton.org/ with the type security.

Neues Tryton Release 3.0

Veröffentlicht: 2013-10-21 18:00:00+00:00 release

Wir freuen uns, die Veröffentlichung von Tryton 3.0 bekannt zu geben!

Dieses Release bringt eine neue Kalenderansicht im Frontend, und ist weiterhin das Ergebnis eines weitreichenden Code-Refactorings, welches mit dem python-sql Projekt vor 2 Jahren gestartet ist. Des weiteren gibt es auch viele Fehlerkorrekturen, Verbesserungen und neue Module (siehe unten).

Wie immer ist die Migration aus älteren Versionen voll unterstützt.

Wesentliche Änderungen in der GUI

  • Eine Kalenderansicht ist nun verfügbar. Diese erlaubt die Anzeige von Vorgängen basierend auf Start- und/oder End-Datum bzw. -zeit. Drag&Drop von Events sowie editieren per Doppelklick wird unterstützt. Die Ansicht ist dahingehend optimiert, nur die anzuzeigenden Events abzurufen.

    Produktionskalender
  • Das URL-Schema, in Tryton 2.0 eingeführt, ist nun am Fuße aller Tabs sichtbar. Die URL erlaubt das Öffnen des gleichen Tab auf einem anderen Client.

    URL
  • Requests wurden wieder entfernt. Stattdessen sollen besser EMails mit URL genutzt werden.

  • Die ausgewählten Datensätze in einer Listanzeige sind persistent zwischen Sitzungen.

Wesentliche Änderungen am Server

  • Der Server nutzt nun python-sql um SQL Abfragen zu erzeugen. Dies verbessert die Kompatibilität zwischen unterschiedlichen Datenbanken - sowohl momentan unterstützten wie auch zukünftigen.
  • Die Sucher Methode kann nun die komplette Domäne zurückgeben (anstatt einer die durch eine AND Bedingung limitiert ist).
  • Das ältere order_field Attribut wurde ersetzt durch die Methode order_<field name> um eine höhere Modularität zu erreichen.
  • Das Datenbank-Backend kann dynamisch geladen werden, damit kann es in einem externen Package von trytond definiert werden.
  • Die Performance der MPTT Speicherung wurde verbessert indem die Standard-Sortierung entfernt und die Anzahl der Abfragen verringert wurde.
  • Ein neues Attribut grouped kann zum data -Tag hinzugefügt werden. Das erlaubt die gleichzeitige Erzeugung aller Datensätze eines Modells. Damit verkürzt sich die Installationszeit von Modulen mit großen Datensätzen.
  • Man kann nun eine Standard-Sortierung bei Action Windows definieren.

Module

  • Viele Module wurden einer neuen Entwicklung angepasst, bei dem erzeugte Dokumente mit ihrem Ursprung verlinkt werden. Anstatt den Code des Originals als Referenz zu kopieren wird ein Referenzfeld verwendet. Dies verbessert die Nachverfolgbarkeit der Verlinkungen zwischen Dokumenten ohne Informationsverlust, wenn diese später konsolidiert werden.

Account

  • Ein neuer Assistent vereinfacht die Saldenerzeugung bei nicht abgegrenzten Konten am Jahresende.
  • Alle Konten eines Kontenplans müssen in der gleichen Firma liegen. Durch diese Beschränkung wird die Performance bei der Soll/Haben Berechnung dramatisch erhöht.
  • Jede Buchung mit einer Nullzeile/Nullwert ist automatisch ausgeziffert wenn sie auf einem Abstimmungskonto ist. Damit werden Rechnungen mit Wert Null automatisch als gezahlt markiert.
  • Die centralised counterpart Option wurde vom Journal entfernt.

Account Invoice

  • Sobald eine Rechnung gebucht ist, werden die zugehörigen Buchungssätze genutzt, um die Buchungswerte anzuzeigen, anstatt sie aus den Rechnungszeilen zu berechnen. Das erhöht etwas die Performance, besonders bei Rechnungen mit vielen Zeilen.

Account Statement

  • Es ist jetzt möglich, direkt eine Rechnung auf eine Auftragzeile abzusetzen. Partnerdaten und Konto werden automatisch gezogen.

Stock

  • Es ist nun möglich den Bestand mit einem beliebigen Gruppierungsparameter abzufragen. So kann z.B. der Bestand pro Charge anstatt nur auf Artikelebene abgefragt werden.
  • Der Code des Bestandsmoduls wurde überarbeitet, um ein einfacheres Customizing der Bestandsbewegungen sowie der Constraints zu erreichen.
  • Der Periodencache kann nun verschieden gruppierte Mengen vorhalten.

Stock Lot

  • Felder für Menge und Forecastmenge sind jetzt auf Chargenebene.
  • Es können Bestände mit Charge angelegt werden.
  • Der Periodencache speichert Mengen pro Charge.

Stock Supply

  • Ein neuer Assistent erzeugt automatisch interne Warenbewegungen.
  • Wenn eine Bestellanforderung angelegt wird, und es bereits bekannt ist dass der Lieferant nicht zum Wunschlieferdatum liefern kann, erstellt der Assistent eine Warnung, damit der User diese erwarteten Wareneingänge in die Zukunft legen kann, da sie sonst für diese Bestellung ignoriert würden.

Neue Module

  • Das Bank Modul bringt die Referenz zu Banken und Bankkonten.
  • Das Account Dunning Modul stellt das Mahnwesen über mehrere Stufen bereit.
  • Das Account Dunning Letter Modul erzeugt die entsprechenden Mahnbriefe.
  • Das Sale Invoice Grouping Modul erlaubt die Gruppierung von Rechnungszeilen, die dem jeweiligen Verkauf zugrunde liegen.

Letztes Bugfix-Release für Tryton 1.8

Veröffentlicht: 2013-05-16 12:00:00+00:00 release
Vor 2 Wochen ist das letzte Bugfix-Release für Tryton 1.8 erschienen. Nach zweieinhalb Jahren werden wir die Pflege des 1.8-Zweiges damit einstellen. Die Tryton-Releases 2.0, 2.2, 2.4 und 2.6 haben verschiedene Bugfixes erhalten, die bereits in 2.8 enthalten sind. Wie immer ist kein Datenbank-Upgrade notwendig für dieses Bugfix-Release.

New Tryton release 2.8

Veröffentlicht: 2013-04-22 18:00:00+00:00 release

We are happy to announce the 2.8 release of Tryton.

This release brings many changes for the graphical user interface in order to improve the workflow of the users like bookmarks, auto-completion, global search and a review of all error messages to provide more information. As usual there are many bug-fixes, module improvements and new modules (see below).

Of course, migration from previous series is fully supported.

Major changes in graphical user interface

  • Add domains on Action Window: This feature allows to set above any list view tabs which filter the records. All modules have been updated to take advantage of it and thus it reduced the number of menu entries.
Action Window domain
  • Bookmarks for search: Users can now bookmark their own searches and recall them anytime.
Bookmark
  • Auto-completion on Many2One, Many2Many and One2Many: When typing in those fields, the client will try to auto-complete them to allow a fast encoding. The completion also proposes two more actions to create a new record and to enter a complex search.
Completion
  • Replace shortcuts by menu favorites: A new design for favorites aka shortcuts has been implemented for a better user experience.
Menu Favorites
  • Add global search: A quick entry box has been added on top of the menu. It allows to search over all the business documents and the menu entries for fast access. When a search result is selected, the client will open its form view or will trigger the action for menu entries. The kind of documents to search is configurable.
Global Search

Major changes on the server side

  • The create method takes now a list of values thus unifying the API. This also improves the creation performance by validating in a bunch the created records.
  • (Field, Operator, Operand) are replaced by Domain on Rule in addition to unify such definition, it speeds up the computation and eases caching.
  • A new kind of field Dict is introduced. This field allows to store a dictionary for which the definitions of the keys are stored in the database. This feature is used in the new module product_attribute (see below).
  • It was decided to remove _inherits because it doesn't fulfill its mission. It was replaced case by case by Function fields, by a Mixin class or simply by an explicit Many2One.
  • The selection values of Selection and Reference fields can now be dynamic thanks to the selection_change_with attribute.

Modules

account

  • The Move Sequence on Period is optional. So if it is empty the fiscal year's one will be used.
  • Tax Rule and Tax Group have sale, purchase or other kind attribute which allow to define where they can be used.

account_invoice

  • Invoice Sequences on Period are also optional.
  • When cancelling an Invoice, the existing move will be deleted if possible or cancelled with an opposite move.
  • On validate Supplier Invoice, the draft Move is created. This allows in case of two step validation to get reports already up to date.
  • Supplier Invoice and Credit Note can no longer be refunded automatically because they must be checked with the supplier one.

dashboard

  • To ease user to select the actions for the dashboard, they are filtered based on the usage dashboard.

party

  • The new url widget on list view is used for contact mechanisms.
Contact Mechanisms

purchase

  • It is now possible to let the delivery time empty for a product supplier. This means that we don't know when the supplier will deliver.

stock

  • With the new workflow design, it was no more a bottleneck to add it on stock move.
  • All shipment Many2One on Move have been merged into one single shipment Reference.

stock_supply

  • The method find_best_supplier doesn't optimize anymore on the delivery delay and so it fully respects the priority order to select a supplier.

timesheet

  • It is now possible to define a period on which a work can be used to fill a timesheet.

New modules

  • account_asset adds depreciation of fixed assets.
  • sale_supply adds a supply on sale option on product to generate purchase request from sale lines regardless of the stock levels.
  • sale_supply_drop_shipment adds a drop shipment option on product supplier if supply on sale is checked to generate a drop shipment.
  • project_invoice adds some invoice methods (Manual, On Effort, On Timesheet) on project.
  • product_attribute adds flexible attributes on product.
Product Attribute

Other changes in graphical user interface

  • It is possible to use a range for Date/Time fields in filter box.
  • Multi-selection for Selection field is allowed in filter box.
  • View list can now disply url's.
  • The Plugins menu is moved into the toolbar Actions.

Other changes on server side

  • The default language is stored in the database which prevents unexpected behaviors in case the configuration of the server is changed.
  • The unique constraint on model and field access has been removed to allow many modules create their own accesses that overlap.
  • The _constraints list is deprecated and is replaced by the validate method on ModelStorage to allow better error messages.
  • Now it is possible to search on the target of a Reference field.

Maintenance Releases for the supported series 1.8, 2.0, 2.2, 2.4 and 2.6

Veröffentlicht: 2012-12-24 12:00:00+00:00 release
The series 1.8, 2.0, 2.2, 2.4 and 2.6 got several bug fix releases. No database update is required for these bugfix releases.

New Tryton release 2.6

Veröffentlicht: 2012-10-23 12:00:00+00:00 release

We are happy to announce the 2.6 release of Tryton.

This release brings major changes in the API with the introduction of the Active Record pattern. But also the graphical user interface was not left without improvements. And as usual there are many bug-fixes, module improvements and new modules (as announced in the previous release news).

Of course, migration from previous series is fully supported.

Major changes in graphical user interface

  • Management of model access and create/delete field access.

    The client is now aware of the model access which allows the disable buttons when the user doesn't have access to it.

    It is also possible to manage the create/delete event on fields in addition to read/write.

  • Dynamic size limit on the One2Many, Many2Many and Char.

    It is now possible to limit the size of those fields and the client will enforce it.

  • Remove "Please wait" box. The popup was annoying because it make the client lost the focus.

  • Paste in editable list view. It is possible to paste from a spreadsheet to update a set of rows.

Major changes on the server side

  • Allow to use Reference field in One2Many & Many2Many.

    In addition to the Many2One, the reverse field could be a Reference field. In the future, the link between Move and Shipments will be done like that instead of having 4 exclusive Many2One fields.

  • All kind of buttons have been merge into one simple concept.

  • Active Record: This is the result of refactoring work started 2 years ago.

    Here are some benefits:

    • Reduce the amount of code (about 2.2k lines removed) for example on_change_with and getter of Function field can be merged.

    • Unify access to the value of record if it is stored or not in the database. It allows to remove of values dictionary on on_change method.

    • Remove loop over ids in getter of Function field:

      before:

      def getter(self, ids, name):
          res = {}
          for record in self.browse(ids):
              res[record.id] = …
          return res
      

      after:

      def getter(self, name):
          return self.…
      
    • Rationale the register process of Model (use copy of fields etc.)

    • Remove session in wizard. Now the wizard instance is the session.

  • Allow to store the views in a XML file instead of the database. This supports the modification of a view without updating the database. A good speedup for designing views.

  • A new kind of validation has been added the pre_validation.

    The new pre_validation allows to validate a record without saving it. This is used by the client to validate lines of a One2Many. With pre_validation it is possible to provide feedback to the user as soon as possible and before the record is saved.

Modules

account

  • The Trial Balance report displays now the start and end balance in addition to the debit and credit columns.
  • Double-clicking on Balance Sheet opens accounts.
  • The Account Chart doesn't show cumulate Debit/Credit by default but only for the current period.
  • The Aged Balance is computed over all fiscalyears.
  • The Account Moves have been refactored to include an origin field which allows to easily link it to the master document. They have two number fields for draft and posted.

account_stock_continental

  • Updating cost price create automaticaly a stock accounting move.

purchase

  • The purchase manages negative quantities on lines, they will generate Return Shipments and Credit Note.

stock

  • A graph has been added showing the evolution in past and future of the stock level for a product per warehouse.
product quantities per warehouse

New modules

  • stock_lot defines lot of products.
  • stock_split adds a wizard to split move.
  • account_fr adds French account chart.
  • production defines the basics for production management.
  • stock_supply_production adds automatic supply mechanisms via production requests.

Other changes graphical user interface

  • Constant interpolation has been added to line graph.
  • The group could have a readonly state.
  • It is possible to define a time format different of the classic '%H:%M:%S'.

Other changes on server side

  • The ModelSQL.default_sequence has been removed. The sequence fields will no more increase indefinitely.
  • The time format is validated, so it is possible to enforce the second to 0 for example.
  • __tryton__.py is replaced by tryton.cfg, a static file.
  • It is possible to use tuple as Reference value. It is useful to construct dynamic domain on such field in PYSON.