Tryton Unconference Liège 2017 is coming!

Security Release for issue4155

Objavljeno: 2014-09-30 10:00:00+00:00 release security

Synopsis

A vulnerability in trytond has been found by duesenfranz, that might allow a malicious user to execute arbitrary commands on the server via the safe_eval function (see issue4155).

Impact

Any authenticated user can run arbitrary commands on the server with the permissions of the trytond user.

Workaround

There is no workaround.

Resolution

All users should upgrade trytond to the latest version of the used series.

Concern?

Any security concerns should be reported on the bug-tracker at https://bugs.tryton.org/ with the type security.

Nova Tryton izdaja 3.2

Objavljeno: 2014-04-21 20:00:00+00:00 release

Z veseljem vam sporočamo, da je izšla nova izdaja Trytona.

Ta izdaja v glavnem utrjuje več novih funkcionalnosti, dodanih v zadnjih dveh letih. Med drugim se ta izdaja z opustitvijo podpore za Python 2.6 pripravlja na bodočo selitev na Python 3 platformo. Kot ponavadi je v tej izdaji mnogo popravkov, izboljšav in novih modulov (glej spodaj).

Selitev s prejšnjih verzij je, seveda, v celoti podprta.

Večje spremembe v grafičnem uporabniškem vmesniku

  • Odjemalec uporablja krajevni časovni pas za prikaz datuma in časa.

  • Poleg ažuriranja obstoječih postavk je na urejevalnem seznamu izboljšano kopiranje/lepljenje za dodajanje novih postavk.

  • Gumbi na obrazcu so na voljo tudi meniju za ukrepe. Na ta način je mogoč hiter dostop preko tipkovnice in tudi omogoča proženje gumba za izbrane zapise.

    gumb v meniju za ukrepe
  • Gumbi in čarovniki lahko sedaj prožijo ukrepe na odjemalčevi strani. To pomeni, da se obnaša tako, kot da bi uporabnik kliknil na enega od gumbov na orodni vrstici.

  • Odjemalec sedaj uporablja zalogo povezav, ki omogoča pospešitev odjemalca pri zahtevah, katere lahko paralelizira.

  • Za hitrejše pripenjanje prilog lahko sedaj gumb za priloge sprejme povleci-in-spusti operacijo datoteke.

  • Dodan je nov gradnik multi-selection, ki kot zaledje uporablja polje Many2Many.

    multiselection
  • Odjemalec omogoča brskanje različic zapisa, če je le ta historiziran. Deluje tudi na celotnem naboru zapisov in v tem primeru odjemalec prikaže rezultat iskanja, kot da bi bilo iskanje izvedeno na datumu različice.

    različice

Večje spremembe na strežniški strani

  • Strežnik interno teče vedno v UTC časovnem pasu.
  • Metoda ModelStorage.write prejme podobne izboljšave kot metoda ModelStorage.create v inačici 2.8. To pomeni, da lahko spremeni različne vrednosti večim zapisom v enem klicu in tako izboljša zmogljivost z vrednotenjem vseh zapisov naenkrat in to samo spremenjena in odvisna polja. Poleg tega so bili z istim vmesnikom posodobljeni ukrepi pri veznim poljih.
  • Vpeljan je nov dekorator fields.depends, ki nadomešča opuščene atribute on_change, on_change_with, selection_change_with in autocomplete. Ta dekorator velja za klicane metode in rezultat je seštevek vseh metod s tem dekoratorjem na vseh modulih, kar prinaša modularnosti veliko več prožnosti.
  • Če je knjižnica bcrypt na voljo, jo Tryton uporablja za zgoščevanje gesel.
  • Vsi tipi polj imajo lahko sedaj domeno za omejevanje svojih vrednosti. Na odjemalčevi strani je večina domen podprtih pri prevrednotenju in inverziji.
  • Vrnjena vrednost on_change polja tipa One2Many sedaj uporablja indeks pri ključni besedi add. To omogoča določanje pozicije novega zapisa v seznamu, namesto da je vedno na koncu seznama.
  • Nova metoda ModelSQL.restore_history omogoča povrnitev vrednosti zapisa, ki so bile ob določenem datumu.

Moduli

account

  • Za izdelavo odpisov je dodana je nova vrsta dnevnika odpis (write-off).
  • Davki imajo sedaj neobvezen začetni in končni datum, kar omogoča kasnejše popravke.

account_fr

  • Francoski kontni načrt je posodobljen z novimi davčnimi stopnjami, vpeljanimi v letu 2014.

account_statement

  • Modul sedaj preprečuje uporabo že plačanih računov v pripravljenih izpiskih.
  • Za dodajanje nove razdelitvene postavke pod originalom modul uporablja nov indeks pri on_change.

account_stock_continental

  • Knjiženje prenosa zaloge je pospešeno.

bank

  • IBAN računi so sedaj vrednoteni in formatirani.

company

  • Družbi je dodano novo polje za časovni pas, da se pridobi pravilen datum za današnji dan.
  • Zaposlenec se isto jemlje iz konteksta, podobno kot družba. To omogoča uporabo večih odjemalcev z istim uporabnikom, a z različnimi zaposlenci.

production

  • Sedaj je možno določiti dejanski datum proizvodnje, kar omogoča vnašanje preteklih proizvodenj.

purchase

  • Vpeljano je opozorilo, ko se poskuša prejeti prenos zaloge dobavitelja brez porekla. Ponavadi je poreklo nabavni nalog.
  • Nabavni modul poskuša vzpostaviti povezavo med prenosom zaloge in postavkami prejetih računov.

sale

  • Enako opozorilo kot pri nabavnem modulu obstaja tudi za prenos zaloge kupca brez porekla.
  • Prodajni modul poskuša vzpostaviti povezavo med prenosom zaloge in postavkami izdanih računov.

stock

  • Vrnjena pošiljka dobavitelja ima lahko sedaj delno dodeljena.
  • Izračun količin zaloge je predelan, da omogoča enostavno nastavitev po meri in boljše iskanje.
  • Sedaj je možno določiti dejanski datum za vse pošiljke, kar omogoča vnašanje preteklih pošiljk.

stock_lot

  • Dodana je nova veza med serijo in prenosom zaloge.

Novi moduli

  • Modul party_relationship definira različne vrste razmerij med partnerji.
  • Modul account_payment omogoča izdelavo združenih plačil pri knjiženju postavk obveznosti in terjatev.
  • Modul account_payment_sepa omogoča izdelavo datotek za SEPA plačila.
  • Modul stock_package omogoča shranjevanje informacij o pakiranju pri vrnjenih pošiljkah kupcev in dobaviteljev.
  • Modul sale_shipment_grouping dodaja možnost, kako združiti promet zaloge iz prodaje.
  • Modul account_credit_limit vodi kreditni limit partnerjev.
  • Modul sale_credit_limit dodaja potrjeno prodajo k znesku kreditnega limita partnerja.

Security Release for issue3446

Objavljeno: 2013-11-04 10:00:00+00:00 release security

Synopsis

A vulnerability in tryton has been found, that might allow a malicious server to send a crafted extention as answer to a report request leading the client to write the report on any file of the client host with the right of the user running the client (see issue3446).

Impact

Any file can be created on the client host with the access permissions of the user running the client.

Workaround

Users should connect only to trusted servers.

Resolution

All users should upgrade to the latest version of the used series.

Concern?

Any security concerns should be reported on the bug-tracker at http://bugs.tryton.org/ with the type security.

Nova Tryton izdaja 3.0

Objavljeno: 2013-10-21 18:00:00+00:00 release

Z veseljem vam sporočamo izdajo 3.0 Trytona .

Ta izdaja prinaša nov koledarski pogled pri uporabniškem vmesniku in razkriva izid velike preureditve kode, ki se je začela pred 2 leti s projektom python-sql. Kot ponavadi so tu mnogi popravki napak, izboljšave in novi moduli (glej spodaj).

Migracija iz prejšnjih serije je v celoti podprta, seveda.

Večje spremembe v uporabniškem vmesniku

  • Na voljo je koledarski pogled, ki omogoča prikaz zapisov na koledarju s pomočjo datumskim polj za začetek in/ali konec. Podpira operacijo povleci-spusti za dogodke in popravljanje z dvoklikom. Pogled je optimiziran tako, da poizvede samo zapise prikazanih dogodkov.

    production calendar
  • URL shema, vpeljana v verziji 2.0, je sedaj dostopna v statusni vrstici pod vsemi zavihki. Ta URL omogoča odpiranje istega zavihka na kateremkoli drugem odjemalcu.

    url
  • Zahtevki so umaknjeni. Namesto tega se priporoča uporaba elektronskih sporočil z URLji.

  • Izbrani zapisi v seznamskem pogledu so shranjeni za preklop med sejami.

Večje spremembe na strežniški strani

  • Strežnik sedaj uporablja python-sql za izdelavo SQL poizvedb. Ta sprememba prinaša večjo združljivost z vsemi različnimi trenutno podprtimi podatkovnimi bazami (kakor tudi z bodočimi).
  • Metoda za iskanje sedaj lahko vrača celotno domeno (namesto omejene samo na AND stavek).
  • Za večjo modularnost je nekdanji atribut order_field nadomestila metoda order_<field name>
  • Zaledni del podatkovne baze se lahko dinamično nalaga, kar posledično pomeni, da ga je mogoče definirati z zunanjim trytond paketom.
  • Zmogljivost shrambe za MPTT se je povečala z odstranitvijo privzetega razvrščanja in s tem zmanjšanja števila poizvedb.
  • Na značko 'data' je možno dodati atribut grouped, kar omogoča izdelavo vseh zapisov istega modela naenkrat. To skrajšuje čas nameščanja modulov z velikimi količinami podatkov.
  • Oknu za ukrep je možno določiti privzeto razvrščanje.

Moduli

  • Več modulov je bilo prilagojeno novemu dizajnu za povezovanje izdelanih dokumentov z njihovim izvorom. Namesto kopiranja šifre izvora v sklic se sedaj uporablja sklicno polje in ponavadi je to polje na postavkah. To prinaša večji pregled nad vezami med dokumenti in brez izgube informacij, ki se lahko pojavi pri združevanju dokumentov.

account

  • Nov čarovnik olajšuje knjiženje izenačevanja neodložljivih kontov ob zaključku poslovnega leta.
  • Vsi konti iz kontnega načrta morajo vedno biti za isto podjetje. Ta omejitev drastično izboljšuje hitrost izračuna debeta/kredita.
  • Knjižba z eno samo postavko z vrednostjo 0 se samodejno uskladi, če je knjižena na konto za usklajevanje. S to možnostjo so računi z zneskom nič samodejno označeni kot plačani.
  • Možnost centraliziranega protikonta pri dnevniku je umaknjena.

account_invoice

  • Ko je račun knjižen, se za prikaz zneska uporablja knjižba namesto preračunavanja iz postavk. To nekoliko izboljšuje hitrost, posebej pri računih z veliko postavk.

account_statement

  • Sedaj je mogoče neposredno nastaviti račun na postavki izpiska, ki bo samodejno zapolnil informacijo o stranki in kontu.

stock

  • Sedaj je mogoče dobiti količino zaloge s poljubnim združevanjem, npr. izračun zaloge po šarži namesto po izdelku.
  • Šifra popisa je predelana, da omogoča enostavno prirejanje prometa in tudi omejitve po enoličnosti pri popisnih postavkah.
  • Predpomnilnik obdobja se lahko prilagodi, da pomni drugačno vrsto uskupinjenih količin.

stock_lot

  • Polji Količina in Predvidena količina sta bili dodani k šarži.
  • Mogoča je izdelava popisov s šaržo.
  • Predpomnilnik obdobja hrani tudi količine po šarži.

stock_supply

  • Nov čarovnik samodejno izdeluje notranje odpremnice.
  • V primeru, da pri izdelavi nabavnih zahtevkov vhodni promet od dobavitelja zamuja, bo čarovnik opozoril in tako lahko uporabnik po potrebi prestavi datume vhodnega prometa v prihodnost, drugače bo ta vhodni promet prezrt.

Novi moduli

  • Modul bank določa koncept banke in bančnega računa.
  • Modul account_dunning omogoča vodenje izterjav s sledenjem postopka različnih stopenj.
  • Modul account_dunning_letter dodaja izdelavo opominov pri obdelavi izterjav.
  • Modul sale_invoice_grouping dodajo možnost, kako združiti postavke računa, narejenih iz prodajnih nalogov.

Last maintenance releases for series 1.8

Objavljeno: 2013-05-16 12:00:00+00:00 release
Two weeks ago, the series 1.8 received its very last bugfix releases. Two-and-a-half year after the first release, we are going to close the maintenance for this series. Additionally series 2.0, 2.2, 2.4 and 2.6 got several bugfix releases that were already provided in the 2.8 series. As usual, no database update is required for these releases.

New Tryton release 2.8

Objavljeno: 2013-04-22 18:00:00+00:00 release

We are happy to announce the 2.8 release of Tryton.

This release brings many changes for the graphical user interface in order to improve the workflow of the users like bookmarks, auto-completion, global search and a review of all error messages to provide more information. As usual there are many bug-fixes, module improvements and new modules (see below).

Of course, migration from previous series is fully supported.

Major changes in graphical user interface

  • Add domains on Action Window: This feature allows to set above any list view tabs which filter the records. All modules have been updated to take advantage of it and thus it reduced the number of menu entries.
Action Window domain
  • Bookmarks for search: Users can now bookmark their own searches and recall them anytime.
Bookmark
  • Auto-completion on Many2One, Many2Many and One2Many: When typing in those fields, the client will try to auto-complete them to allow a fast encoding. The completion also proposes two more actions to create a new record and to enter a complex search.
Completion
  • Replace shortcuts by menu favorites: A new design for favorites aka shortcuts has been implemented for a better user experience.
Menu Favorites
  • Add global search: A quick entry box has been added on top of the menu. It allows to search over all the business documents and the menu entries for fast access. When a search result is selected, the client will open its form view or will trigger the action for menu entries. The kind of documents to search is configurable.
Global Search

Major changes on the server side

  • The create method takes now a list of values thus unifying the API. This also improves the creation performance by validating in a bunch the created records.
  • (Field, Operator, Operand) are replaced by Domain on Rule in addition to unify such definition, it speeds up the computation and eases caching.
  • A new kind of field Dict is introduced. This field allows to store a dictionary for which the definitions of the keys are stored in the database. This feature is used in the new module product_attribute (see below).
  • It was decided to remove _inherits because it doesn't fulfill its mission. It was replaced case by case by Function fields, by a Mixin class or simply by an explicit Many2One.
  • The selection values of Selection and Reference fields can now be dynamic thanks to the selection_change_with attribute.

Modules

account

  • The Move Sequence on Period is optional. So if it is empty the fiscal year's one will be used.
  • Tax Rule and Tax Group have sale, purchase or other kind attribute which allow to define where they can be used.

account_invoice

  • Invoice Sequences on Period are also optional.
  • When cancelling an Invoice, the existing move will be deleted if possible or cancelled with an opposite move.
  • On validate Supplier Invoice, the draft Move is created. This allows in case of two step validation to get reports already up to date.
  • Supplier Invoice and Credit Note can no longer be refunded automatically because they must be checked with the supplier one.

dashboard

  • To ease user to select the actions for the dashboard, they are filtered based on the usage dashboard.

party

  • The new url widget on list view is used for contact mechanisms.
Contact Mechanisms

purchase

  • It is now possible to let the delivery time empty for a product supplier. This means that we don't know when the supplier will deliver.

stock

  • With the new workflow design, it was no more a bottleneck to add it on stock move.
  • All shipment Many2One on Move have been merged into one single shipment Reference.

stock_supply

  • The method find_best_supplier doesn't optimize anymore on the delivery delay and so it fully respects the priority order to select a supplier.

timesheet

  • It is now possible to define a period on which a work can be used to fill a timesheet.

New modules

  • account_asset adds depreciation of fixed assets.
  • sale_supply adds a supply on sale option on product to generate purchase request from sale lines regardless of the stock levels.
  • sale_supply_drop_shipment adds a drop shipment option on product supplier if supply on sale is checked to generate a drop shipment.
  • project_invoice adds some invoice methods (Manual, On Effort, On Timesheet) on project.
  • product_attribute adds flexible attributes on product.
Product Attribute

Other changes in graphical user interface

  • It is possible to use a range for Date/Time fields in filter box.
  • Multi-selection for Selection field is allowed in filter box.
  • View list can now disply url's.
  • The Plugins menu is moved into the toolbar Actions.

Other changes on server side

  • The default language is stored in the database which prevents unexpected behaviors in case the configuration of the server is changed.
  • The unique constraint on model and field access has been removed to allow many modules create their own accesses that overlap.
  • The _constraints list is deprecated and is replaced by the validate method on ModelStorage to allow better error messages.
  • Now it is possible to search on the target of a Reference field.

Maintenance Releases for the supported series 1.8, 2.0, 2.2, 2.4 and 2.6

Objavljeno: 2012-12-24 12:00:00+00:00 release
The series 1.8, 2.0, 2.2, 2.4 and 2.6 got several bug fix releases. No database update is required for these bugfix releases.

New Tryton release 2.6

Objavljeno: 2012-10-23 12:00:00+00:00 release

We are happy to announce the 2.6 release of Tryton.

This release brings major changes in the API with the introduction of the Active Record pattern. But also the graphical user interface was not left without improvements. And as usual there are many bug-fixes, module improvements and new modules (as announced in the previous release news).

Of course, migration from previous series is fully supported.

Major changes in graphical user interface

  • Management of model access and create/delete field access.

    The client is now aware of the model access which allows the disable buttons when the user doesn't have access to it.

    It is also possible to manage the create/delete event on fields in addition to read/write.

  • Dynamic size limit on the One2Many, Many2Many and Char.

    It is now possible to limit the size of those fields and the client will enforce it.

  • Remove "Please wait" box. The popup was annoying because it make the client lost the focus.

  • Paste in editable list view. It is possible to paste from a spreadsheet to update a set of rows.

Major changes on the server side

  • Allow to use Reference field in One2Many & Many2Many.

    In addition to the Many2One, the reverse field could be a Reference field. In the future, the link between Move and Shipments will be done like that instead of having 4 exclusive Many2One fields.

  • All kind of buttons have been merge into one simple concept.

  • Active Record: This is the result of refactoring work started 2 years ago.

    Here are some benefits:

    • Reduce the amount of code (about 2.2k lines removed) for example on_change_with and getter of Function field can be merged.

    • Unify access to the value of record if it is stored or not in the database. It allows to remove of values dictionary on on_change method.

    • Remove loop over ids in getter of Function field:

      before:

      def getter(self, ids, name):
          res = {}
          for record in self.browse(ids):
              res[record.id] = …
          return res
      

      after:

      def getter(self, name):
          return self.…
      
    • Rationale the register process of Model (use copy of fields etc.)

    • Remove session in wizard. Now the wizard instance is the session.

  • Allow to store the views in a XML file instead of the database. This supports the modification of a view without updating the database. A good speedup for designing views.

  • A new kind of validation has been added the pre_validation.

    The new pre_validation allows to validate a record without saving it. This is used by the client to validate lines of a One2Many. With pre_validation it is possible to provide feedback to the user as soon as possible and before the record is saved.

Modules

account

  • The Trial Balance report displays now the start and end balance in addition to the debit and credit columns.
  • Double-clicking on Balance Sheet opens accounts.
  • The Account Chart doesn't show cumulate Debit/Credit by default but only for the current period.
  • The Aged Balance is computed over all fiscalyears.
  • The Account Moves have been refactored to include an origin field which allows to easily link it to the master document. They have two number fields for draft and posted.

account_stock_continental

  • Updating cost price create automaticaly a stock accounting move.

purchase

  • The purchase manages negative quantities on lines, they will generate Return Shipments and Credit Note.

stock

  • A graph has been added showing the evolution in past and future of the stock level for a product per warehouse.
product quantities per warehouse

New modules

  • stock_lot defines lot of products.
  • stock_split adds a wizard to split move.
  • account_fr adds French account chart.
  • production defines the basics for production management.
  • stock_supply_production adds automatic supply mechanisms via production requests.

Other changes graphical user interface

  • Constant interpolation has been added to line graph.
  • The group could have a readonly state.
  • It is possible to define a time format different of the classic '%H:%M:%S'.

Other changes on server side

  • The ModelSQL.default_sequence has been removed. The sequence fields will no more increase indefinitely.
  • The time format is validated, so it is possible to enforce the second to 0 for example.
  • __tryton__.py is replaced by tryton.cfg, a static file.
  • It is possible to use tuple as Reference value. It is useful to construct dynamic domain on such field in PYSON.