[tryton-announces] Security Release for issue #93
Security Release for issue #93 Cédric Krier has found that python-sql does not escape non-_expression_ for unary operators (like And and Or) which makes any system exposing those vulnerable to an SQL injection attack. Impact CVSS v3.0 Base Score: 9.1 Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Changed Confidentiality: High Integrity: Low Availability: Low Workaround There is no known workaround. Resolution All affected users should upgrade python-sql to the latest version. Affected versions: <= 1.5.1 Non affected versions: >= 1.5.2 Reference https://bugs.tryton.org/python-sql/93 Concerns? Any security concerns should be reported on the bug-tracker at https://bugs.tryton.org/python-sql with the confidential checkbox checked. 1 post - 1 participant Read full topic URL: https://discuss.tryton.org/t/security-release-for-issue-93/7889
[tryton-announces] Security Release for issues #13505 and #13506
Security Release for issues #13505 and #13506 Albert Cervera has found that trytond allows to execute reports for records that user has no read access and also for reports limited to a set of group that the user is not. Impact CVSS v3.0 Base Score: 4.3 Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: None Availability: None Workaround There is no known workaround. Resolution All affected users should upgrade trytond to the latest version. Affected versions per series: trytond: 7.2: <= 7.2.8 7.0: <= 7.0.17 6.0: <= 6.0.51 Non affected versions per series: trytond: 7.2: >= 7.2.9 7.0: >= 7.0.18 6.0: >= 6.0.52 Reference https://bugs.tryton.org/13505 https://bugs.tryton.org/13506 Concerns? Any security concerns should be reported on the bug-tracker at https://bugs.tryton.org/ with the confidential checkbox checked. 1 post - 1 participant Read full topic URL: https://discuss.tryton.org/t/security-release-for-issues-13505-and-13506/7846
[tryton-announces] Release 1.5.0 of python-sql
Release 1.5.0 of python-sql We are proud to announce the release of the version 1.5.0 of python-sql. python-sql is a library to write SQL queries in a pythonic way. It is mainly developed for Tryton but it has no external dependencies and is agnostic to any framework or SQL database. In addition to bug-fixes, this release contains the following improvements: Add MERGE query Support “UPSERT” with ON CONFLICT clause on INSERT query Remove default escape char on LIKE and ILIKE Add GROUPING SETS, CUBE, and ROLLUP clauses for GROUP BY. python-sql is available on PyPI: python-sql 1.5.0. 1 post - 1 participant Read full topic URL: https://discuss.tryton.org/t/release-1-5-0-of-python-sql/7278
[tryton-announces] Tryton Release 7.2
Tryton Release 7.2 We are proud to announce the 7.2 release of Tryton. This release provides many bug fixes, performance improvements and some fine tuning. It also adds 5 new modules. You can give it a try on the demo server, use the docker image or download it here. As usual upgrading from previous series is fully supported but some manual steps are needed to update from 7.0 to 7.2. Here is a list of the most noticeable changes: Changes for the User Clients You can now request to reset your password from the login dialog. Doing this sends a temporary password to your email address. The PYSON widgets display the value using operators which are more user-friendly. Web Client The binary and image widgets now support drag and drop to set their value. Desktop Client On list and tree views, there is now a contextual menu that allows you to copy the contents of a cell or a column. Accounting It is now possible to modify the dates of a period even if it contains posted moves as long as the existing moves stay inside the new period dates. This useful to correct mistakes or even extend a period. A warning is now raised when you validate an invoice for which some lines do not have the expected default taxes. This helps to detect mistakes. When an invoice in another currency is paid, the currency exchange amount is now booked automatically into a configured account. You can now enter the amount of the transaction in a second currency on statements. This makes it easier to do the reconciliation between the statement and invoices based on a second currency. Company Employees are now automatically deactivated once their end date has passed. It is now possible to use some placeholders in the header and footer of company reports like the company name, phone, website etc. Marketing Some reports are now available on marketing scenario and activities. They calculate and display the open, click and click-through rates. UTM parameters can be added to marketing emails so you can follow their results. Product You can now store the Manufacturer Part Number and brand as a product identifier. Tryton now supports to adding images to product categories. You can now use non-square images on products. The module resizes the images to fit the requested size but keeps the aspect ratio. Production The production number is now only set when the order progresses to waiting. This prevents the supply module from consuming number for production request that are subsequently deleted. Purchase It is now possible to remove ignored invoices and stock moves from purchases. This is useful when you have ignored the invoice or shipping exception by mistake and need to correct it. Sale It is now possible to remove the ignored invoices and stock moves from sales. This is useful when you have ignored the invoice or shipping exception by mistake and need to correct it. The product on sale opportunity lines can be omitted, a description and a note can be used instead. Stock The drop shipment (like the other shipments) can now be split. This is useful to match exactly how the supplier shipped the products. The shipment numbers are now only set when it progresses to a waiting state. This prevents consuming sequences numbers for requests that are going to be deleted. The lot trace now optionally displays the source and destination locations. This can be useful when investigating the traceability of a lot. Web Shop It is now possible to limit a web shop by country. The web shop supports price lists to calculate the sale price and the non sale price. New Modules Stock Product Location Place The Stock Product Location Place Module allows defining the place where each product is stored within each location. Account SYSCOHADA The Account SYSCOHADA Module provides templates for the chart of account for OHADA countries. Account Export The Account Export Module provides the basis to allow accounting moves to be exported to external accounting software. Account Export WinBooks The Account Export WinBooks Module adds support to export accounting data to WinBooks. Web Shop Product Data Feed The Web Shop Product Data Feed Module exposes web shop products as a data feed for Google Merchant and Meta for business. Changes for the System Administrator Server It is now possible to update the database without updating the indexes or to create the indexes concurrently. These are useful options when updating busy system. It is possible to define a timeout for some RPC calls. This helps preventing users from overloading the system with expensive requests. Changes for the Developer Server We added send_message methods to simplify sending emails using python’s Message. A new kind of field fmany2one is now available, which is a type of many2one field but stores a different field to the id. It is used mainly in the infrastructure to create foreign keys based on a model or field name. The read-only relational fields are no longer copied by default. This was source of variou
[tryton-announces] Security Release for issue #13142
Security Release for issue #13142 Cédric Krier has found that trytond accepts compressed content from unauthenticated requests which makes it vulnerable to zip bomb attacks. Impact CVSS v3.0 Base Score: 5.3 Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: Low Workaround A proxy can be deployed in front of the trytond server to forbid this kind of request. Resolution All affected users should upgrade trytond to the latest version. Affected versions per series: trytond: 7.0: <= 7.0.9 6.8: <= 6.8.14 6.0: <= 6.0.44 Non affected versions per series: trytond: 7.0: >= 7.0.10 6.8: >= 6.8.15 6.0: >= 6.0.45 Reference Accept request with gzip content encoding may make server vulnerable to zip bomb (#13142) · Issues · Tryton / Tryton · GitLab Concerns? Any security concerns should be reported on the bug-tracker at https://bugs.tryton.org/ with the confidential checkbox checked. 1 post - 1 participant Read full topic URL: https://discuss.tryton.org/t/security-release-for-issue-13142/7196
[tryton-announces] Security Release for issue #12428
Security Release for issue #12428 Synopsis Edbo and Cédric Krier have found that record rules are not enforced by trytond when only reading fields without an SQL type (like Function fields). Impact CVSS v3.0 Base Score: 6.5 Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None Workaround There is no known workaround. Resolution All affected users should upgrade trytond to the latest version. Affected versions per series: trytond: 6.8: <= 6.8.2 6.6: <= 6.6.10 6.0: <= 6.0.33 5.0: <= 5.0.59 Non affected versions per series: trytond: 6.8: >= 6.8.3 6.6: >= 6.6.11 6.0: >= 6.0.34 5.0: >= 5.0.60 Reference Record rules not enforced when reading only fields without SQL type (#12428) · Issues · Tryton / Tryton · GitLab Concerns? Any security concerns should be reported on the bug-tracker at https://bugs.tryton.org/ with the confidential checkbox checked. 1 post - 1 participant Read full topic URL: https://discuss.tryton.org/t/security-release-for-issue-12428/6397
[tryton-announces] Newsletter March 2023
Newsletter March 2023 This is the last newsletter for the Tryton 6.6 series. You will find the latest development: Changes for the User A warning is raised when cancelling an account move related to an invoice, because the invoice will be marked as paid and not cancelled. The receivable/payable lines now have a column with the cumulative balance. This helps you see the evolution of the customer/supplier debt. We’ve added links from party to its purchase and sales lines in addition to the purchases and sales. Also all those links show the number of pending and done records. An option to cancel a move with a reversal move has been added. So, when checked, Tryton will post the move with the debit and credit swapped over, instead of posting negative debits and credits. Now Tryton notifies the user when they are registering a party identifier that is already in use with another party. This helps prevent duplicate parties from being created. The stock moves and invoice lines linked to a sale or purchase line are now displayed on their form. This is useful to understand the status of an order. Tryton now supports setting a price for a carrier cost that is based on weight even if the products have no weight. We’ve added a new category of unit of measure for energy with some common units like the Joule and Kilowatt-hour. And we removed the non-standard “Work day” unit because its value depends on the company’s working practices. New Modules Changes for the System Administrator The size of each cache can now be fine tuned using entries in the configuration file. So you no longer need to develop a new module to change the cache size for a particular usage. Changes for the Developer The server now includes the tools to generate barcodes and QR codes. The product module makes use of a method that generates the barcode for a corresponding product identifier. We’ve added two methods on the Field. searchable which returns True if the field can be used in a domain _expression_ and sortable if the field can be used in an order _expression_. The list-form view now has abilities to do validation, pre-validation and automatic saving when the selected record changes. This mimics the behaviour of the editable list. Also the selections are now restored on list-form view. New types of exceptions have been introduced: RPCReturnException and ButtonActionException. They are used to launch an action from a button using an exception (which rolls back the transaction started by the button). This is useful if, for example, you need to launch a wizard before executing a transition. Now it’s easy to extend the context keys that the caches must ignore. For the calendar view, it is possible to scroll to a time, by default, by including the calendar_scroll_time key in the context. This is only supported by the web client for now. 1 post - 1 participant Read full topic URL: https://discuss.tryton.org/t/newsletter-march-2023/5933
[tryton-announces] Newsletter February 2023
Newsletter February 2023 A lot of new features have landed in Tryton this month. Some of them were on hold to prepare the migration to Heptapod but we are catching up quickly thanks to the new contribution workflow. Changes for the User Direct debit payments are no longer created for blocked receivable lines. Rounding errors for multiple taxes applied to the same line, are now allocated between each tax line to provide a more accurate result. A carrier is now required to quote a sale that has a shipment cost set. This avoids an incoherent setup which then misses quoting the carrier cost. For consistency we renamed the field “Name” on account reconciliation to “Number” as it is generated from a sequence. We now use a circle border for avatar images of individuals and a square border for groups like companies. The country organizations can now be used as criteria for tariff codes and duty rates. We now show all the criteria for the tariff codes on the product form. The translate popup has been reworked to be clearer. It uses now a toggle button to start editing the translation for a language and uses a label to indicate a translation is fuzzy. We changed the boolean operators in the search box from and and or to & and |. This way the searches are independent of the language and we do not need to have a way of escaping them. The clients no longer select the first record of each list by default. The default size of the desktop client has been increased. When trying to assign shipments or productions, all the documents that can be fully assigned are now assigned instead of being all or nothing. We notify users when they configure a product that is to be supplied on sale but which also has a purchase order point configured. The sale, purchase, commission and stock report records can now be searched by name. New Modules Changes for the System Administrator The weekly and monthly timesheet reports now also have access rules. The supervisor now has access to the timesheet reports for the employees he supervises. The production now automatically creates stock lots for output products that require one and that have a sequence configured. Changes for the Developer Tryton will now warn when foreign relation records must be saved implicitly. This is to enforce a design pattern which groups together saving for performance. Tryton no longer validates the domain for empty fields. This simplifies domain definitions for fields that are not required, as they do not need to care about the case when a field is empty. As side effect the clients don’t enforce the uniqueness of values in non-required fields. The client now considers a domain that uses the in clause with a single value to be a unique value. The target_search attribute of Many2One fields has been removed in favor of an automatic decision based on the number of rows in the target table. The ORM now uses the EXIST operator instead of IN to search on One2Many fields when the target table has many rows. Any needed tables are now locked at the beginning of the transaction. This guarantees that the latest values are read from the table. This is managed automatically by restarting the transaction if a table lock is requested during the execution of the code. We added support for different types of borders on images and icons (but only for the web client). The warehouse locations are now stored on the shipments at the point the are created. This ensures that the domain based on them stays valid during the whole life of the shipment. The cookiecutter template is now included in the monorepo. This allows it to be versioned by series. New exceptions have been added to stop the transaction but still return a result. This result can be an action for the client to launch. To speed-up loading a list of records, the clients can now retrieve in the read call the string to display for selection fields. 2 posts - 1 participant Read full topic URL: https://discuss.tryton.org/t/newsletter-february-2023/5848
[tryton-announces] Newsletter February 2022
Newsletter February 2022 A lot of new features have landed in Tryton this month. Some of them were on hold to prepare the migration to Heptapod but we are catching up quickly thanks to the new contribution workflow. Changes for the User Direct debit payments are no longer created for blocked receivable lines. Rounding errors for multiple taxes applied to the same line, are now allocated between each tax line to provide a more accurate result. A carrier is now required to quote a sale that has a shipment cost set. This avoids an incoherent setup which then misses quoting the carrier cost. For consistency we renamed the field “Name” on account reconciliation to “Number” as it is generated from a sequence. We now use a circle border for avatar images of individuals and a square border for groups like companies. The country organizations can now be used as criteria for tariff codes and duty rates. We now show all the criteria for the tariff codes on the product form. The translate popup has been reworked to be clearer. It uses now a toggle button to start editing the translation for a language and uses a label to indicate a translation is fuzzy. We changed the boolean operators in the search box from and to & and or to |. This way the searches are independent of the language and we do not need to have a way to escape them. The clients do not select any more the first record of each list by default. The default size of the desktop client has been increased. When trying to assign shipments or productions, all the documents that can be fully assigned are now assigned instead of being all or nothing. We notify the users when they configure a product as to be supplied on sale but with also a purchase order point configured. The sale, purchase, commission and stock report records can now be searched by name. New Modules Changes for the System Administrator The weekly and monthly timesheet reports have now also access rules. The supervisor has now access to the timesheet reports of the employees he supervises. The production creates now automatically lots for output product that requires one and whom has a sequence configured. Changes for the Developer Tryton will now warn when foreign relation records must be saved implicitly. This is to enforce a design pattern which groups together saving for performance. Tryton no longer validates the domain for empty fields. This simplifies domain definitions for fields that are not required, as they do not need to care about the case when a field is empty. As side effect the clients don’t enforce the uniqueness of values in non-required fields. The client now considers a domain that uses the in clause with a single value to be a unique value. The target_search attribute of Many2One fields has been removed in favor of an automatic decision based on the number of rows in the target table. The ORM now uses the EXIST operator instead of IN to search on One2Many fields when the target table has many rows. Any needed tables are now locked at the beginning of the transaction. This guarantees that the latest values are read from the table. This is managed automatically by restarting the transaction if a table lock is requested during the execution of the code. We added support for different types of borders on images and icons (but only for the web client). The warehouse locations are now stored on the shipments at the creation. This ensures that the domain based on them stays valid during the all life of the shipment. The cookiecutter template is now included in the monorepo. This way it will be versioned per series. New exceptions have been added to stop the transaction but return a result which can be an action to launch for the client. To speed-up the loading of the list of records, the clients can now retrieve in the read call the string to display for selection field. 1 post - 1 participant Read full topic URL: https://discuss.tryton.org/t/newsletter-february-2022/5848
[tryton-announces] Newsletter January 2023
Newsletter January 2023 The Tryton team wishes you a happy new year. The big news is that the Tryton development has been migrated to Heptapod. Developers should review the new guide to submit changes. But also the series 6.6 is the first one to have Flatpack build client for Linux published on Flathub. Changes for the User The lot number is no more copied when duplicate a lot which has a sequence configured. Such that the new lot has the next number in the sequence. We added a relate to open the lots from the product form. This is useful to create for example the lots for assets. We added the party and the description from the invoice to the invoice line list. This is useful to select invoice line when filling a landed cost or a shipment cost form. The stock lot can not be deactivated. This simplifies the lot management by removing lots that are no more used. The xxx2Many widgets displays now the number of selected record. This helps to prevent mistakes when managing large list of records. The error message, when trying to modify a record protected by XML declaration, has been improved to include the name and type of the record and optionally the field. Changes for the Developer We use now the “match pattern” to find accounting journal. This improves the possibilities to customize the selection of journal. 1 post - 1 participant Read full topic URL: https://discuss.tryton.org/t/newsletter-january-2023/5777
[tryton-announces] Newsletter December 2022
Newsletter December 2022 After the release 6.6, the support for the series 6.2 has ended and we are already back at work and those improvements have already landed: Changes for the User We now display the general ledger information like debit, credit and balance on the account form. This is useful when you are browsing account moves and you want to quickly check that information. Changes for the Developer The RPC call to retrieve the list of selections for a field are now cached by the client for 1 day if they are based on class method. We’ve added an identifier_get method to the Product model that retrieves the first identifier that matches any of the identifier types passed. The tariff codes are now using the standard ir.calendar.month instead of a custom selection. 1 post - 1 participant Read full topic URL: https://discuss.tryton.org/t/newsletter-december-2022/5698
[tryton-announces] Tryton Release 6.6
Tryton Release 6.6 We are proud to announce the 6.6 release of Tryton. This release provides many bug fixes, performance improvements and some fine tuning. What is also significant is the addition of 10 new modules and support for the Ukrainian language. You can give it a try on the demo server, use the docker image or download it here. As usual migration from previous series is fully supported. No manual operations are needed to migrate from 6.4 to 6.6. Here is a list of the most noticeable changes: Changes for the User The validation error messages have been improved to include the record name and the value causing the problem to make it easier for the user to solve the issue. Saved CSV exports now have an option to include a header row or not. Accounting We added a wizard which allows move lines to be delegated to another party. This is useful when a debt is transferred to someone else or when correcting mistakes. When a delegation like this is done for an invoice move, the new party is stored as an alternative payee on the invoice. It is also possible to define the alternative payee before posting the invoice. The statement lines now require a party to be set for any accounts that require a party. This gives direct feedback to the user instead of later raising an error popup. Now, before posting a landed cost or a shipment cost, we show the user how the cost will be allocated. This helps prevent mistakes. Once posted it’s still possible to see the allocation. Commission It is now possible to create a commission manually. This is useful to record commissions that are calculated by another system. The commissions can now be included (or not) in the stock margin report thanks to the contextual checkbox. Country We’ve added country organizations, this is used to store a list of countries are currently in a organization. By default we create and setup major economic organizations like the European Union, the North American Free Trade Agreement, and Southern Common Market etc. We’ve also added the UN M49 regions which group countries based on their geographical location. This is useful for reporting. Incoterm We now display the transport mode on the carrier list. Marketing It is now possible for a party to unsubscribe from a scenario. This will prevent any new records (like sales) linked to the party from starting a new activity for the scenario. The number of subscribed emails per list is now calculated. This is often interesting information, and can indicate the popularity of a mailing list. Party The contact mechanisms can now be linked to an address. This is useful to record, for example, that a phone number is at a specific place. The relationships between parties now have start and end dates. When the current date is no longer between the start and end date of the relationship, the relationship is automatically inactive. Purchase We added reporting for purchases. It shows information such as the quantity, amount of expense and the trend. The reports can be grouped by supplier or product. Sale The sale reporting can now use the new regions to group sales. Sales now support the collection of goods from the warehouse. This is done by simply using the warehouse address as the shipment address. We now store which employee has processed the major states of a complaint. This is useful for auditing when something has gone wrong. The subscriptions now have a revision number that increases each time the subscription is modified by going back to the draft state. All the modifications are also historized. The sales opportunity now uses the default payment term for the customer if they have one. The subscription services are now displayed on the product form. This makes it easier and faster to create a new service. Stock It is now possible to cancel a move that is done, if the stock period is not yet closed (but only by code). This allows shipments, that are cancelled in the middle of the workflow (for example after picking), to cancel the intermediary moves (and, for example, leave the outgoing location empty). Outgoing shipments support pickup at the warehouse, if the address is the warehouse address. It is now possible to reset packed customer shipments. This is useful when a user discovers a mistake just before shipping. We no longer check that there are no consumable products in a location that is being deactivated. Only goods are checked. If a user has set a stock lot on the supplier moves of a drop shipment, we copy the lot to the customer moves. We added support for the preferred notification method for the DPD carrier. We now use, by default, the contact mechanism linked to the shipping address for all the shipping services. New Modules Account Consolidation The Account Consolidation Module allows consolidated accounting reports for multiple companies. Account Statement SEPA The Account Statement SEPA Module implements importing CAMT.052, CAMT.053 and CAMT.054 SEPA files as statements. Authenti
[tryton-announces] Newsletter October 2022
Newsletter October 2022 A lot of improvements have landed in Tryton in preparation of the coming release 6.6. Changes for the User The subscription services are now displayed on the product form. This simplifies the creation of new services. A packed customer shipment can now be reset. This is useful in case of a mistake. The subscriptions are now historized with an incremental revision like the sales orders. We now support pickup from the warehouse. So on the sale order and customer shipment, it is possible to select the warehouse address as delivery/shipment address if the warehouse is configured to allow pickup. We can now register sale opportunities in currencies other than the company’s one. The configured default payment term is now used as the default value. The sale opportunity reports have been reworked to be more flexible like the sale reports. We added a wizard to delegate payable or receivable lines to another party. It is now possible to define a different payee on the invoice than the party that is invoiced. We added the UN M49 regions to group countries by geography or politics. They are useful for reporting. We also added the concept of country organizations. The import script brings in the ones that are most commonly needed in a business application. The sale report per region uses now the UN M49 regions as an upper level above country. It is now possible to cancel stock moves that have been done. This allows shipments to cancel them when the shipment is cancelled instead of leaving those products in an intermediate location. The default currency has been remove on stock move as it was error prone. New Modules The Carrier Carriage Module extends support for carriers by adding carriers before and after the main carrier. The Account Consolidation Module allows consolidated accounting reports that include multiple companies. The Sale Product Recommendation Module provides facilities to implement recommendations for products during sales. The Sale Product Recommendation Association Rule Module implements recommendations based on association rule learning from previous sales. The Account Statement SEPA Module implements the import of the CAMT.052, CAMT.053 and CAMT.054 SEPA files as statement. Changes for the System Administrator The requests originating from a browser extension are now considered as null. The web client checks now that it is compatible with the server like the desktop client. This allows to detect wrong installation. Changes for the Developer The backend module is now documented. It is now possible to call products by location grouped by date. Thanks to this new feature the shortage calculation only makes a single call for the full supply period. The size field attribute, when it is in a PYSON statement, can now evaluate to None. We removed the constraint that both parts of an If PYSON statement must evaluate to a value of the same type. The resulting type is now the union of the types of each part of the if statement. The account type amount now also supports a date range in the context. The methods strip_wildcard remove only one wildcard. This allows the user to force the server to do a search with pattern matching instead of full text by doubling the wildcard. The Char fields remove now leading and trailing white spaces by default. It is disabled by default on Text fields. But the behavior can be configured for each field. The feature can also remove only leading or only trailing white spaces. The synchronization between drop shipment moves have been improved. It allows now to synchronize also the lots. 1 post - 1 participant Read full topic URL: https://discuss.tryton.org/t/newsletter-october-2022/5523
[tryton-announces] Newsletter for September 2022
Newsletter for September 2022 We hope that everybody had a pleasant Summer and enjoyed their holidays. The Tryton team have got back to work on the ERP. Here’s a list of the latest improvements that have already been published. Changes for the User The record name and value are now included in the generic validation error message. This helps the user to better understand the problem and correct it. We’ve added the flag of each country and subdivision. The country flag is now part of the record name. Changes for the System Administrator The server command lines now have completion thanks to argcomplete. 1 post - 1 participant Read full topic URL: https://discuss.tryton.org/t/newsletter-for-september-2022/5503
[tryton-announces] Newsletter August 2022
Newsletter August 2022 The summer did not stop the Tryton developments, here are the new features that landed: Changes for the User Saved CSV exports now also set the header in the same way as when run from the wizard. The account chart reports now use a context form instead of a setup wizard. This allows the report configuration to be instantly changed instead of needing to close and re-open it. The cost allocation for a shipment and landed cost is now shown before and after posting. This enhances understanding and can help prevent mistakes. New Modules The Sale Promotion Coupon Payment Module includes the same parties as the payments to allow the usage to be counted per party. Changes for the System Administrator The logging messages now include the duration spent processing the request or task. The logging messages containing the request parameters are now truncated at 80 chars. Changes for the Developer The payment modules link together the same parties that have used the same payment methods. A promotion coupon can now count together identical parties. Tryton now uses an implicit join clause on sub-queries when searching on Many2One fields. This allows the database engine to use a better SubPlan, reducing the complexity from O(n²) to O(n log(n)) by using the index on the primary key. 1 post - 1 participant Read full topic URL: https://discuss.tryton.org/t/newsletter-august-2022/5426
[tryton-announces] Newsletter July 2022
Newsletter July 2022 Here are some improvements that have already landed in the development tree for the next release 6.6. Changes for the User We now show the number of email addresses that are subscribed to a marketing mailing list. The commission on products can now be included in the stock margin report. It is now possible to define marketing scenarios from which user can unsubscribe. For example with a scenario that reminds the customer of pending sales, the customer can now unsubscribe for all sales instead of just the one that is pending. When inactivating a location, Tryton does not check whether there are still consumable products in it. The types of UPS service have been updated. It is now possible to define the start and end date for a relationship between parties. Once the relationship has ended those relationships are no longer active. Changes for the System Administrator We now use a delay instead of a datetime in UTC for the reset password expiration. This is easier to understand for the user. Changes for the Developer The TableHandlers are now a singleton per table. This avoids having to reload the table definitions between instantiations in different modules. The product lead time is now a MultiValue so it can be customized to depend on the warehouse, the company etc. 1 post - 1 participant Read full topic URL: https://discuss.tryton.org/t/newsletter-july-2022/5372
[tryton-announces] Tryton Release 6.4
Tryton Release 6.4 We are proud to announce the 6.4 release of Tryton. This release provides many bug fixes, performance improvements and some fine tuning. What is also remarkable is the addition of 9 new modules. You can give it a try on the demo server, use the docker image or download it here. As usual migration from previous series is fully supported. No manual operations are required. Here is a list of the most noticeable changes: Changes for the User It is now possible for modules to display a notification message from the server while user is filling a form. This is already used by the sale_stock_quantity module to display a message when user select a product with not enough forecast quantity. Users can now choose which optional columns are display on the list or tree views. All modules have been reviewed to make optional none essential columns and thus provide a lean interface by default. Some views can now be used for edition but not creation of new record. This can be used for example to set an editable list for modification but creation must always go through the form. The CSV import now skip empty rows inside One2Many. It is now possible to import many One2Many fields in the same file but with different length. The CSV import error messages have been improved to include the model, field an column. This eases the task of solving problems. More (click for more details) Web Client The reference fields can now be opened from the list and tree views like the Many2One. They are rendered as a link which open a new tab with the form of the target. Desktop Client The CSV export encoded in UTF-8 include by default the Byte Order Mark to increase compatibility with other systems. The multi-selection widget uses now the same default selection behavior as other list. This solves inconsistency in the behavior. Accounting The reconciliation wizard has now an option to automatically reconcile the default suggestions. This speed up the process for accounting with a lot of entries when the system is well configured. Similar to the debit type, we now have also an optional credit type on account. Of course an accountant can only have one optional debit or credit type. The general ledger displays now by default only the debit/credit columns only when there are actually lines in the account for the period. And it display the number of lines. We now use the invoice date (instead of the accounting date) to enforce the sequence order of the customer invoice. This is more flexible and still valid with most country rules. When validating interactively a supplier invoice with the same reference as an existing one, Tryton raises a warning because it could be that the user is entering the same invoice twice. Now lines in a payable or receivable account can only be added to a payment if they have a maturity date. This avoid to create payment for pure accounting lines. The receivable payments can now be processed without the need of being approved first but just being submitted. This simplify the workflow of receiving payments like checks where there is no need for a second approval. It is also now possible to edit the amount of a processing payment. This is because sometimes we can read a different amount on a check than what the bank will read. We do no more create dunning for lines with a pending payment. It is no more possible to select reconciled payment or group when entering a statement. This simplify the selection task for the user and for the rare case where he needs to select such payment, he can still unreconcile before selection. The clearing line of a payment is now automatically reconciled with all the statement lines linked to it. The user can now choose the allocation method to apply to shipment cost. More (click for more details) Banking Tryton can now fill or create the related bank from an IBAN. When searching for a bank name, Tryton is also searching on the BIC. Party The country name on a printed address is always in English following the international standard. The SIREN and SIRET codes are now managed as identifiers on the party. A party identifier can now be linked to an address of the party. The SIRET number uses this new feature. The “autonomous city” are now allowed as subdivision for Spain. All the lines of the street are used now for the record name of an address. Product It is now forbidden to decrease the number of digits of a unit of measure. This prevents to make invalid existing quantity linked to this unit. We warn now user who try to deactivate a product that still has stock. Production The stock move form shows now also the optional linked production. Purchase It is now possible to define a default currency for each supplier. Sale It is now possible to define a default currency for each customer. The origin name of invoice line for advance payment is now filled with the advance payment condition name. The advance payments are now recalled with a negative quantity instead of
[tryton-announces] Release of python-sql 1.4.0
Release of python-sql 1.4.0 We are proud to announce the release of the version 1.4.0 of python-sql. python-sql is a library to write SQL queries in a pythonic way. It is mainly developed for Tryton but it has no external dependencies and is agnostic to any framework or SQL database. In addition to bug-fixes, this release contains the following improvements: Use unittest discover Use only column name for INSERT and UPDATE Add escape to Like operators Add default literal ‘*’ _expression_ to Count Add support for Python 3.10 python-sql is available on PyPI: python-sql · PyPI 1 post - 1 participant Read full topic URL: https://discuss.tryton.org/t/release-of-python-sql-1-4-0/5227
[tryton-announces] Releaset of Relatorio 0.10.1
Releaset of Relatorio 0.10.1 We are proud to announce the release of Relatorio version 0.10.1. Relatorio is a templating library mainly for OpenDocument using also OpenDocument as source format. This is a bug-fix release which: Add support for Python 3.10 Support directive applying to itself Keep tail of directive Use unittest discover The package is available at https://pypi.org/project/relatorio/0.10.1/ The documentation is available at https://relatorio.readthedocs.io/en/0.10.1/ 1 post - 1 participant Read full topic URL: https://discuss.tryton.org/t/releaset-of-relatorio-0-10-1/5226
[tryton-announces] Newsletter April 2022
Newsletter April 2022 Close to the future release 6.4, we still have a lot of new features landing in Tryton: Changes for the User Stock moves without a quantity are no longer required to be put in a package. The volume dimensions have been added to packages. The multi-selection in the desktop client now behaves in the same way as the web client to select multiple value use the CTRL and SHIFT buttons. The country name on addresses is now always displayed in English as requested by postal norm. Now when multiple statement lines fulfill a payment, or a group of payments, they are reconciled automatically with the clearing lines. The manual payment processed amount can now be edited. This is useful, for example, when the amount read from a received check does not match the amount read by the bank. The lots now have upward and downward traces. If you are already using lots, the history of traceability will available. There is now a configurable expiration delay for the Stripe setup intent. This is useful to avoid keeping old intents that online customers will never complete. The production is now displayed on the stock move form. It is no longer possible to delete a tax identifier on a party if it is used on an invoice. We now use the invoice date instead of the accounting date to enforce the sequence of customer invoices. This is more flexible and is valid for most of the countries. A negative debit/credit is used now to book cash change on the point of sale. This avoids artificially increasing the debit/credit total of the account. The stock package type can now be deactivated if they are no longer used. We added support for the UPS notification service options. The cost price on the outgoing moves of a drop shipment are now recalculated when the unit price of the supplier is changed. This provides a more accurate margin report. We now store the employee who approved the refund of a Stripe or Braintree payment. The sales from the POS are now included in the sale reporting. The clients disable the previous/next navigation buttons when there is no record to select. We warn users who try to deactivate a product when it still has stock. Changes for the Developer We use now a unique Reference fields for the relation of statement line with invoice, payment etc. The parse of XML data file have been improved to enforce the type of record used in ref attribute, to support Reference field value with ref attribute. There is now a batch size when pushing to the queue. When the number of records is greater, the task is divided. The invoices and lines have now a field that contains the numbers of the linked shipments. This field can be used to customize the invoice report to display the shipments. Tryton uses now the best selectors available on the OS to wait for data to read instead of always using select. The MultiSelection field always returns a immutable tuple. It is now possible to deactivate the record of button. This is useful when customizing existing buttons. The CORS options is now also support on the root path. We prevent to create/delete singleton from the clients. This provides a better user experience. The domain inversion removes now also the duplicate clauses. 1 post - 1 participant Read full topic URL: https://discuss.tryton.org/t/newsletter-april-2022/5150
[tryton-announces] Security Release for issue11219 and issue11244
Security Release for issue11219 and issue11244 Synopsis XML parsing vulnerabilities have been found by Jeremy Mousset in trytond and some modules. With issue11219 an authenticated user can make the server to parse a crafted XML SEPA file to access arbitrary files on the system. With issue11244 an non authenticated user can sent a crafted XML-RPC message to consume all the resources of the server. Impact issue11219 CVSS v3.0 Base Score: 6.5 Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None issue11244 CVSS v3.0 Base Score: 7.5 Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High Workaround It is possible to activate defusedxml and upgrade expat to 2.4.1 or newer. Resolution All affected users should upgrade trytond and proteus to the latest version. Affected versions per series: trytond: 6.2: <= 6.2.5 6.0: <= 6.0.15 5.0: <= 5.0.45 proteus 6.2: <= 6.2.1 6.0: <= 6.0.4 5.0: <= 5.0.11 Non affected versions per series: trytond: 6.2: >= 6.2.6 6.0: >= 6.0.16 5.0: >= 5.0.46 proteus: 6.2: >= 6.2.2 6.0: >= 6.0.5 5.0: >= 5.0.12 Reference Issue 11219: A user can read the content of files on the machine running trytond by exploiting XEE vulnerability in camt54 parsing - Tryton issue tracker Issue 11244: A non authenticated user can cause a denial of service with a single request using an xml bomb attack on xmlrpc - Tryton issue tracker Concern? Any security concerns should be reported on the bug-tracker at https://bugs.tryton.org/ with the type security. 1 post - 1 participant Read full topic URL: https://discuss.tryton.org/t/security-release-for-issue11219-and-issue11244/5059
[tryton-announces] Newsletter March 2022
Newsletter March 2022 Here’s a sneak peak at the improvements that landed during the last month. Changes for the User To shipments we’ve added a field that calculates the total weight of the packages. It is now possible to configure which units are used for the shipment volume and weight (instead of the hard coded values). The clients now have an upper limit when counting records. They also use a human readable format for the count to a precision of 4 figures, and now display the number of record selected as well. Users can now configure for each view which optional columns to display. All the list views have been reviewed to add or mark optional columns and provide a simplified version by default. The model, field and column is now displayed in the import error message. This makes it easier for the user to find mistakes in a CSV file. Tryton now also searches for the BIC when searching by bank name. And when searching bank account numbers, it only searches for the starting number. We added a test to reconcile all the lines when running the reconcile account wizard. This ensures this special case is always found even if the number of lines is greater than the reconciliation chunk. The general ledger now hides the debit/credit columns if there are no lines for the period. And by default the list opens with only the accounts that contains lines. A default statement journal is created automatically when the account_statement module is activated. This eases on-boarding new users. When searching for a payment to link to a statement line, Tryton displays first the payment with the closest amount. The chart of account now forces child accounts to have the same type as the parent account (if it has one). Tryton now supports the Shopify webhook which allows orders to be updated as soon as the event happens (instead of needing to wait for the scheduled task). The SIREN and SIRET numbers are now stored as party identifiers. And an identifier can be linked to an address in the same way as SIRET. We raise now a warning when validating a supplier invoice with the same reference as another invoice. It is now forbidden to decrease the number of digits of a measure. This is needed to prevent validation error on existing record using this measure. New Modules The Account Invoice Watermark Module adds a draft or paid watermark to the printed invoice. The Account Tax Non-Deductible Module allows defining non-deductible taxes and reporting them. The Sale Invoice Date Module fills in the invoice date for invoices created by sales. The invoice date is used for grouping, allowing invoices to be generated based on a period (i.e: for Monthly Invoices). Changes for the Developer We support limit and offset to ModelSQL count search and search_count. The ORM optimizes the query to avoid reading unnecessary records when the limit is smaller than the number of records in the table. We improved the parsing of get_eval_fields function to be 60% faster. The desktop client uses by default UTF-8 with BOM for the CSV import/export. The domain of Reference fields are now a dictionary which contain a domain per target model. The order of unsorted Selection field is now based on the index of the field definition. For example ordering sales by state field, will put first the draft then quotation etc. The server retries by default 5 times on temporary SMTP server error. We replaced the ilike operator on Reference field by a simple like. This may allow the database engine to use indexes. 1 post - 1 participant Read full topic URL: https://discuss.tryton.org/t/newsletter-march-2022/5009
[tryton-announces] Newsletter February 2022
Newsletter February 2022 Time goes by and improvements to Tryton continue to be made. Here you can find the latest changes which have been included in the last month. Changes for the User The forecasts are now used for all supply calculations instead of only the purchase requests. In the web client, the list of tabs no longer wraps on large screens but scrolls horizontally and each tab entry takes up the full width on small screens. We now calculate an early date for the partial quantity if there isn’t one for the full quantity. It is no longer possible to close (or remove) the type of an account that is already used in account move lines. The auto-detection of CSV headers now stops on the first error in the web client. We now support editing Shopify orders. The accounts can have another type when their balance is a credit. This is the opposite of the existing debit type. We do not create any more dunning for lines with pending payment. Production orders with missing early moves are no more proposed for early planning. We renamed the split lines accounting wizard into reschedule lines to be less confusing. Changes for the System Administrator The country module supports pycountry version 22.1.10. We mirror the geonames zip files and use our mirror by default. This was needed because the original host has frequent downtime. We removed the entropy check on user password. We found that it was not a good way to enforce good password. We recommend to use the forbidden list instead. Changes for the Developer We process sales for Shopify asynchronously as it can be quite slow due to the Shopify rate limit. The view_id is now set in the context when parsing the view. So it can be used to apply attributes depending on the view in ModelView.view_attributes. We replaced the deepcopy of the JSON-RPC result in the desktop client by a faster implementation based on the json types. The country module can now load subdivisions with unknown types. This was needed to support future versions of pycountry. The ORM uses now the already cached data to instantiate relational target records for which the context depends on other fields. This optimization prevents extra SQL queries for most of the cases. The stock margin report retrieves the product’s unit from the SQL query instead of using a Function field which was triggering a second execution of the table query. We replaced the back-off time on Shopify API calls by an automatic retry loop. This allows to make the first calls quickly until it consume the available bucket. The board action domain is now limited to active_id and active_ids and they are stored in a dedicated _actions dictionary. We added on ir.ui.view the view_get RPC method which can be used by the board to support inheritance like the other views. The xpath inheritance of views applies now on all matching elements (instead of only the first) by default. 1 post - 1 participant Read full topic URL: https://discuss.tryton.org/t/newsletter-february-2022/4948
[tryton-announces] Newsletter January 2022
Newsletter January 2022 The Tryton team wishes you a happy new year. Here are the changes that the team has already prepared for the next version. Changes for the User We store the factors used to allocate landed costs. They will be used if the landed cost is cancelled instead of recalculating them (which can result in different factors over time). When recalling advance payments we now invoice a negative quantity instead of a negative price. The attention name is now part of the default address format. Changes for the System Administrator It is now possible to set combined authentication method options which can be used to make some of the authentication methods optional. In a base installation of Tryton the options are for connections from an IP address in a known network and for client connections from a known device. This can be used, for example, to enforce the second factor, such as SMS authentication, only for external IPs. Changes for the Developer We’ve added a simple logger to the web client which provides similar API to the python logger. The log level can be changed from the browser console by running: Sao.Logger.set_level(Sao.Logging.INFO); We now enforce the import order in the .py files using isort (see our Python style guidelines). The tests, run with tox, now report their coverage. It is now possible with the creatable attribute to specify if a view can be used to create new record. The client will automatically switch to another view if the user tries to create a record from a view where this is false, even if the view is editable. We’ve added support for Python 3.10 and removed Python 3.6 following to our policy to support only upstream supported versions. The Shopify module will delete only the metafields that are managed by Tryton. We’ve replaced the balanced move check Python code with an SQL query. This speeds up the process a lot especially for moves that have lots of lines. 1 post - 1 participant Read full topic URL: https://discuss.tryton.org/t/newsletter-january-2022/4875
[tryton-announces] Newsletter December 2021
Newsletter December 2021 After release 6.2 we have already resumed development with some cleaning and performance improvements. Changes for the User The early planning for stock quantities now takes internal incoming requests into account. You can now define a delay after which an email notification will be sent. The reset password email now displays how long it is valid instead of the UTC expiry date and time. The record names for addresses now contains all the street lines instead of just the first one. Changes for the System Administrator It is now possible to send test emails without a database. Changes for the Developer The PostgreSQL back-end now uses the JSONB type by default to store the value of Dict fields. We activated support for window functions when using SQLite versions greater than 3.25.0. We use RENAME and DROP COLUMN when using SQLite versions that support them. It is now possible to customize the states of the shipments with which a sale can be grouped. The button to generate SEPA messages has been prefixed by sepa avoiding any name clashes with other modules. It is possible to mark the getter of a Function field as not depending on the context. By doing this it can be stored in the transaction cache in readonly transactions. The cache of instances passed to Function field getters are now prefilled with data already calculated for the instance. The order in which the Function fields are called can be tuned to take advantage of this behavior when the calculations depend on other Function fields from the same record. 1 post - 1 participant Read full topic URL: https://discuss.tryton.org/t/newsletter-december-2021/4774
[tryton-announces] Tryton Release 6.2
Tryton Release 6.2 We are proud to announce the 6.2 release of Tryton . This release provides many bug fixes, fine tuning and many performance improvements. But it is also remarkable by the addition of not less than 13 new modules from which we can highlight the basis for a point of sale and an integration with Shopify. You can give it a try on the demo server, use the docker image or download it here. As usual migration from previous series is fully supported. No manual operations are required. Here is a list of the most noticeable changes: Changes for the User It is now possible to import and export data from binary fields using CSV. The data is encoded into base64 in the file. You can now customize the name of the records used in the report to construct the filename. The code of the language must now be unique in the system. This remove possible ambiguity with the translations. Web Client The web client has now on each tree view, a button to fold/unfold the selected rows. Keyboard shortcuts (aka accesskey) has been added to every widgets and buttons of the web client. By pressing CTRL+F1, the keys are shown next to each widget and button. Accounting It is now possible to configure rules to automatically debit the customer with a direct debit payment. This rules are compatible with all the payment modules like SEPA, Stripe or Braintree. The payments are created by launching a wizard from the payment menu. The invoice and dunning form have now an action to launch a wizard to reschedule the payment terms. The wizard allow defining new terms by dividing the existing line. When updating an asset now, we store a revision which stores the updated data, a document as origin and a description. It is also possible to reset to draft an asset that have not yet any posted lines. This gives a grace time to correct mistakes. But it is also possible to force the re-computation of the pending lines. More (click for more details) Commission We have now reporting of commission per agent and period. The amount can be grouped per year, month or day and it is possible to filter only the invoiced commissions. When creating commissions, it is not possible to select only some agents. Customs A country of origin can be defined for each product. Party It is now possible to define one contact mechanism of each type at the creation of a party. The main usage is to ease importing via CSV parties with their email, phone etc. When a party is replaced by another, the identifiers of the former one are transferred to the new one but deactivated. More (click for more details) Product We added a computed field on the variants that compute a name based on their attribute values. This avoid the need to define different suffix for each variant if the attributes are enough to distinct them. The service and kit products can have now only a fixed cost price. The other methods are all based on stock move which practically does nothing for service nor kit. More (click for more details) Production To allocate the production cost between the output products, Tryton use the list price. Now if one of the output product has not list price, the production will raise a warning before ignoring it. Purchase We compute the purchase date for the request created from a requisition. The computation is using the lead time of the defined supplier or the best one found. Sale The default invoice, shipment and shipment cost methods can now be defined by customer. If they are empty then the general default method is used. We extended the existing sale reports to have one general without any grouping (useful to have grant total) and another grouped in a tree per customer category. There is now a wizard to test the setup of a recurrence rule (used for subscription). As rules can be complex it is useful to be able to see the result based on a tested date. More (click for more details) Stock We added a wizard on the customer shipment (and supplier return) to print all the package labels at once. And also reprint the label just for one package. The client can sent them directly to the default printer of the host machine. (This replace the dummy label report.) It is again possible to group different warehouses under a view location. Web Shop The product images are now used for the web shops. There is a check box to mark the image as to be published on the web shops. New Modules Account Budget The Account Budget Module provides the ability to set budgets for accounts over a defined period of time. These budgets can then be used to track the total amount from relevant transactions against the budgeted amount. Account Move Line Grouping The Account Move Line Grouping Module adds a view that displays move lines grouped. Account Rule The Account Rule Module allows rules which substitute default accounts with other accounts. Account Stock Shipment Cost The Account Stock Shipment Cost Module allocates shipment cost based on invoice. Analytic Budget The Analy
[tryton-announces] Newsletter October 2021
Newsletter October 2021 Red Leaf Trees Near the Road1280×853 332 KB Here are the latest improvements in preparation for the upcoming 6.2 release. Changes for the User The sale module currently provides reporting that displays relevant data grouped by products, categories etc. We now also have a general report that is not grouped but just displays totals. We now support products without a list price. The user will be warned if they try to post an invoice with a date in the future. The web client now has a button to fold/unfold the selected records of a tree. The dunning records now store their own age. New Modules The Product Image Attribute Module adds attributes to product images. Changes for the System Administrator The errors that are raised during non-interactive operations (like scheduled tasks or queued jobs) are now listed in the administration entry. These error can be processed by a user, and once solved the task or the job is submitted again. The trytond-stat command displays the node name on which the process is running. This is useful when the directory that contains the stat socket is shared between multiple machines. On first login the configuration wizard now has a step that makes it easy to activate modules on the system. Changes for the Developer The MPTT behavior has been improved to avoid a full rebuild when creating nested records. It now does a classic update for each level. The ModelStorage class now has a count() method that returns an estimate of the number of records stored. It uses caching and random invalidation to minimize the cost. We now use str instead of repr when constructing the warning keys. This allows the same key to be constructed using proteus. The method remove_forbidden_chars has been added to the tools as it is used by many modules. The ModelSQL.search method optimizes some queries by using a UNION of sub-queries when clauses contain straight columns of the table and columns of a joined table. In these cases the database can use indexes. The context can normally only be modified with the Transaction.set_context context manager. In order to enforce this behavior, the context is now an ImmutableDict. The title of emails generated from a report no longer contain the name of the record from which the report is generated. The value of the Dict field is an ImmutableDict but the values must also be immutable. So we now use a tuple instead of list. The server now uses the bigdecimal type from XML-RPC. For performance reasons we use __slots__ for the classes registered in the Pool. But as this can be broken when one class does not define it we added a generic test which ensures that all the classes in the Pool have __slots__ defined. When proteus is configured to use XML-RPC, it authenticates on each request. This is slow as we are using a slow hashing method for security and to protect against brute-force attacks. Now proteus can be configured to use a session with XML-RPC. The grouping option to format numeric widget can be configured on the view. We unified the way we set email From headers. Tryton now sets the Reply-To and On-Behalf-Of headers when needed. 1 post - 1 participant Read full topic URL: https://discuss.tryton.org/t/newsletter-october-2021/4659
[tryton-announces] Release 1.3.0 of python-sql
Release 1.3.0 of python-sql We are proud to announce the release of the version 1.3.0 of python-sql. python-sql is a library to write SQL queries in a pythonic way. It is mainly developed for Tryton but it has no external dependencies and is agnostic to any framework or SQL database. In addition to bug-fixes, this release contains the following improvements: Add GROUPS frame to Window Add exclude to Window Add method for each type of join Support Select queries in conditionals and functions Remove support for Python older than 3.5 python-sql is available on PyPI: python-sql · PyPI 1 post - 1 participant Read full topic URL: https://discuss.tryton.org/t/release-1-3-0-of-python-sql/4618
[tryton-announces] Release of Relatorio 0.10.0
Release of Relatorio 0.10.0 We are glad to announce the release of Relatorio version 0.10.0. Relatorio is a templating library mainly for OpenDocument using also OpenDocument as source format. This is a minor feature release which: Add relatorio-render script Add templating of meta in opendocument Remove support for Python older than 3.5 The package is available at relatorio · PyPI The documentation is available at Welcome to relatorio’s documentation! — relatorio 0.9.4 documentation 1 post - 1 participant Read full topic URL: https://discuss.tryton.org/t/release-of-relatorio-0-10-0/4612
[tryton-announces] Newsletter for September 2021
Newsletter for September 2021 Green and Gray Scissors1280×853 222 KB We hope that everybody had a nice Summer and enjoyed their holidays. The Tryton team continued working on the ERP and we are back with a resume of the latest improvements. Changes for the User We added a frame around the image widget. This makes the widget cleaner when empty. More party identifiers and tax identifiers have been added for Austria, Ukraine and Vietnam. The rule keywords from statement lines are now stored in such way that they can be used for future matching. This adds a form of learning behavior to the statement rules engine. We added a new wizard to split accounting lines. This is useful to reschedule payable or receivable lines by applying a new maturity date to each new line. The wizard can also be used on dunning and invoice lines to reschedule them. It is now possible to set accounts for taxes of type “None”. This is useful for taxes that are entered manually on the invoice because the account will be filled in automatically. New Modules The Stock Package Shipping Sendcloud Module allows package labels to be generated for shipments made by any of Sendcloud’s supported carriers. The Account Budget Module provides the ability to set budgets for accounts over a defined period of time. These budgets can then be used to track the total amount from relevant transactions against the budgeted amount. The Analytic Budget Module provides the ability to set budgets for analytic accounts over a defined period of time. These budgets can then be used to track the total amount from relevant transactions against the budgeted amount. The Product Image Module adds images to each product and variant. Changes for the System Administrator We improved the error management in the script used to import postal codes. Changes for the Developer We moved and renamed the cost_warehouse from the product_cost_warehouse module to the warehouse in the stock module. By doing this it can now be used by any module that depends on the stock module. The complete locale definition for the user’s language is now sent to the clients. Proteus now also fills in the wizard actions attribute when the result is an empty list. The number widgets’ width attribute is now also used as its default display width. The currency module defines a new Monetary field. This is derived from the Numeric field by adding a currency attribute which contains the name of the field which stores the currency. The desktop clients render these fields using the monetary format and with the currency symbol by default. It is now also possible to use a string as the digits value on number fields (instead of the usual pair of integers). The string must contain the name of a Many2One field which points to a Model that inherits from DigitsMixin and that provides a get_digits method. This allowed the removal of all the Function fields that provided the currency and unit digits. Another benefit is that clients cache the value for each DigitsMixin record for 1 day by default, so this change also reduces the load on the server. We reduced the number of times we save the cost values when doing multiple moves. We no longer try to read records that were deleted after being instantiated from a browse list. The digits argument to the format_number method of Report is now optional. If it is not specified, or is set to None, it will display all the significant digits. 2 posts - 2 participants Read full topic URL: https://discuss.tryton.org/t/newsletter-for-september-2021/4525
[tryton-announces] Newsletter for August 2021
Newsletter for August 2021 Summer Letter Cube on Soil1280×773 102 KB Development has slowed down a bit during the summer but improvements are still being made. Changes for the User The clients now only use the last menu entry as the label on each tab. A new sales report by customer category has been added. In order to close an accounting period, inactive accounts must now be balanced. New Modules The Account Stock Shipment Cost Module allocates shipment costs based on invoices. Changes for the System Administrator The server will now use argon2 or scrypt to hash passwords by default. Changes for the Developer It is now possible to use a PYSON _expression_ as the key for a PYSON.In with a dict object. 2 posts - 2 participants Read full topic URL: https://discuss.tryton.org/t/newsletter-for-august-2021/4443
[tryton-announces] Newsletter for July 2021
Newsletter for July 2021 Happy woman showing wooden signboard saying open1280×1065 188 KB After the 6.0 release, development has restarted. Here are some changes that have already landed: Changes for the User We always try and automatically reconcile the oldest account move lines first. The desktop client sets the mnemonic keys using the first letter of the label that is available on the user’s keyboard. It is now possible to reset asset depreciations to draft if none of the moves have yet been posted. Binary fields can now be exported or imported by CSV. The data must be encoded into base64. We removed the unique product constraint on Bill Of Materials. When a manual tax is added to an invoice, we now also register a tax line with the base amount for the tax reporting. We allow warehouses to be grouped under a common view location. The commission module gained a report that shows the commission per agent. The web client now has accesskeys for each widget and button. They are displayed using the key combination +. The statement journals can now be deactivated as the company can close its related bank account. Changes for the System Administrator The trytond-console command can now be started with a read-only transaction. Changes for the Developer We implemented the BOOL_AND and BOOL_OR SQL functions in the SQLite back-end. We use the i18n Genshi extension to enable better translations of the gift card emails. We added a unique constraint for the language codes. The clients now search and get Dict keys in a single call for improved performance. We added to res.user.warning a method to format the warning name based on a list of records. 2 posts - 2 participants Read full topic URL: https://discuss.tryton.org/t/newsletter-for-july-2021/4338
[tryton-announces] Tryton Release 6.0
Tryton Release 6.0 Gray Concrete Road Between Green Trees Under White Clouds and Blue Sky1280×853 156 KB We are proud to announce the 6.0 Long Term Support release of Tryton . This release provides many bug fixes and some significant improvements. Among other changes you will find the display of attached documents, reinforced security and many accounting improvements. There are also no more than 11 new modules that include support for things such as Incoterms, Avatars and Product kits. Tryton has now also been translated into Romanian which brings the number of languages to 24. You can give it a try on the demo server, use the docker image or download it here. As usual migration from previous series is fully supported. Some manual operations may be required, see Migration from 5.8 to 6.0. Here is a list of the most noticeable changes: Changes for the User The clients can now display documents inside a form. The supported document formats are dependent on the client. For the web client it is the one supported by the browser (usually images and pdfs). And for the desktop client it is also images and the formats supported by Evince. Attachment with document displayed in web client1918×985 72.3 KB Attachment with document displayed in desktop client×647 33.2 KB Thanks to the document widget, it is possible to display, next to any form, a preview of the attachments. This can be used, for example, when entering a supplier invoice from the attached PDF. Supplier invoice form with attachment preview in web client1918×985 95.9 KB Supplier invoice form with attachment preview in desktop client1436×860 78.1 KB When sending an email from the client, in addition to being able to attach any report, it is now possible to also attach any of the record’s attachments. More The dialog opened under a revision show in their title the revision. When exporting into CSV file a tree, the first column is indented according to its level in the tree. When opening many dialog, the title is now composed of a breadcrumb trail of all the dialog opened before. This avoid to loose the user in his navigation. The name of the tabs opened from the menu is now the name of the menu entry. Web Client The CSV export and import dialog can now be reordered using drag and drop. The web client can now also propose completion for the search input of the xxx2Many and Dict widgets. The email and URL widgets now use the appropriate input type. So that mobile devices can display the best virtual keyboard. More Each selection entry can display its own help text. Desktop Client When printing reports that are single (like the invoice), the server sends a zip file containing one document for each record. The client now recognizes these files and can send each file from the zip to the printer. When running the client on UNIX platforms, it is now possible to use the direct print feature. The client will uses the lp or lpr commands and for OpenDocuments it uses soffice. (It continues to use the print command on Windows). Some reports can take a long time to generate so the client runs them with an asynchronous request. This allows the user to still perform other operations while the report is being generated. An interactive search has been added to the list and tree views. It pops up when you start to type on the list and puts the focus on the first line which matches the results. You can jump to the next matching entry with +↓ and previous with +↑. Desktop client quick searching on sale lines1176×396 39.6 KB Accounting The Income Statement and Balance Sheet can now be printed. Only the records that are open in the client are printed. The general journal is now printed from a list of moves. This adds, as a nice side effect, the ability to print a single move if needed. The General Ledger (accounts and lines) can now be filtered by journal. And from the lines it is also possible to perform a reconciliation. The terms on the Aged Balance can now be expressed in weeks and years in addition to the existing days and months. The Spanish accounting module now provides a report for the VAT book. Companies can not always deduct the full amount of the taxes on supplier invoices. We now allow the accountant to set the deductible rate of each invoice line. You can set a default value for the rate on the product category. Some companies can never deduct taxes, thus they can be configured to always use a 0% deductible rate. It is now possible to make the link between invoice lines and stock moves after they have been posted and done. In these cases the unit price is also updated on the stock move, and if needed the cost price will be recalculated. More Account type from balance statement can be marked as debt. So they can be used directly to book invoices. It is now possible to open directly from a party his general ledger accounts. The balance of the general ledger lines start with the start value of the account. The reconciliation sequence can now
[tryton-announces] Newsletter for April 2021
Newsletter for April 2021 Pink Flowers On Trees1280×853 486 KB A lot of development has finally landed, laying a solid foundation for the upcoming 6.0 release. Changes for the User We’ve improved the default ordering for shipments and production orders. It is now based on either the effective date or the planned date. The shipping labels can now be stored in the filestore. Doing this can help to reduce the size of the database. The price list formula can explicitly use the list price of a product. This is useful for some regulated business where the purchase price is fixed based on the public price. The report that shows the quantities of a product by warehouse can now display it for multiple products. We also added a relate from assigned shipments and productions to show the quantities for all the products included in the document. It is now possible to modify the dimension of packages. By default, they are filled in with the value from the package type. The main use case is for pallets where the height is only known after it is filled in. The import and export CSV dialog for the web client now supports drag and drop on the columns to reorder them. Any stock moves that get cancelled are now automatically removed from the package they were linked to. The income statement and balance sheet can now be printed. When exporting tree structures as CSV data the first column is now indented. The client now allows sending emails with any of the record’s existing attachments. The stock packages now display the tracking URL for each carrier. Changes to the shipment cost on shipments has been simplified. This has been done by adding an edit checkbox which helps avoid unexpected re-calculations of the cost when moves are changed. We replaced the “Print General Journal” with a generic report on accounting moves. This provides more flexibility on what content is printed. It is now possible to configure the party identifiers that are available. We removed the unpractical tree structure from companies. The user’s “Main Company” has been replaced by a flat list. It is now possible to define a supplier invoice line as a price correction to update the cost price of its product. When the carrier cost is not fully covered by the shipment cost paid by the customer, the unsold part is added to the outgoing moves as a shipment cost. The return purchases are now linked to the original purchase. The calculated weight of a shipment parcel now also includes the weight of the package used. The general ledger lines display now the cumulative balance starting at the balance of the account. New Modules The Purchase Price List Module allows price lists to be defined for suppliers. The Stock Shipment Cost Module adds a shipment cost to outgoing moves. This cost is added to the product margin reports. The Stock Quantity Issue Module helps to solve stock quantity issues. The Product Cost Warehouse Module allows the cost price of products to be calculated separately for each warehouse. The Stock Quantity Early Planning Module helps reduce stock levels by proposing earlier use of stock. The Incoterm Module is used to manage Incoterms on sales, purchases and shipments. The Autopilot Module stores all user inputs in a blockchain, automatically analyses and predicts the best next logical step in business (yes, AI with tensor flow) and finally act autonomous, e.g. purchase products and sell them, without human interaction. The Avatar Module adds an avatar to each party. Changes for the System Administrator The groups can have now a parent from which they inherit their access permissions. This is useful, for example, when creating “Administration” groups which normally have all the rights from the standard group along with some additional rights. We added a new command trytond-stat which displays the currently processed requests, tasks and jobs for each of the trytond processes on the host. Changes for the Developer We’ve added a method to post invoices by batch. It delegates the numbering to a deferred task. This can be used to reduce contention on the invoice numbering sequence. We’ve added a generic test in the company module that ensures the company context is set on fields that target a company multivalue model. The MPTT update is now only called for affected fields. A new route decorator has been added to allow null as its origin. This is useful for web-extensions like Chronos as browsers now use this origin instead of the extension ID. Model.__access__ is a new attribute which contains the names of a relation field for which the access rights must also be checked. This simplifies the definition of access rights for documents composed of several models like, for example, the invoice with lines and taxes. The actions can now define whether they run on the selected records (as usual) or the listed records. Also if the action is run on a tree structure then a path for each record is sent to the server. The context fields of parent rec
[tryton-announces] Newsletter for March 2021
Newsletter for March 2021 Five Bulb Lights1280×853 97 KB Here’s a sneak peak at the improvements that landed during the last month. Changes for the User We now show the carrier on the shipment list so it’s possible to prioritize shipments based on the carrier. We’ve added a wizard to make it easy to add lots to stock moves. The sequence to use for the lot number can be configured for each product. We ensure the unit prices for stock moves are up to date when their invoices are posted or their moves are done. The account move lines created by a statement now have the statement line as their origin. This makes it simpler to audit the accounts. We now use the menu path from which a window was opened as its name. We now warn the user when they try to post a statement with cancelled or paid invoices and then remove them from the statement. A delivery usage checkbox has been added to contact mechanisms just like for addresses. It can be used, for example, to indicate which email address to send notifications related to deliveries. The clients now display the revision on the dialog. This is useful, for example, when opening the party dialog from the invoice when the history is activated. This way the user can see from which date the information is displayed. It is easy to get lost when quickly opening consecutive dialog fields. To improve the situation, the clients now display breadcrumbs in the title showing the browsing path to the dialog. We’ve added the new identifiers from python-stdnum 1.15. We no longer create accounting moves for stock when the amount involved is 0. There is now a scheduled task that can be configured to fetch currency rates at a specific frequency. By default it gets the rates from the European Central Bank. New Modules Changes for the System Administrator We’ve added device cookie support to the clients. This allows these clients to not be affected by the brute force attack protection. Changes for the Developer It is now possible to send emails with different “FROM” addresses for the envelope and header. All the warnings can be skipped automatically by adding a single key named _skip_warnings to the context. We’ve added the trigonometric functions to the SQLite back-end. Any fields that are loaded eagerly are no longer instantiated automatically but instead the id is just stored in the cache. The instantiation is done only if the field is actually accessed. This improves the performance of some operations by up to 13%, but the actual improvements you can expect will depend a lot on of the number of fields the model has. It is now possible to define help text for each selection value. However, at the moment only the web client can display it. We made the ModelView.parse_view method public. This allows the XML that makes up the view to be modified by code before it is sent to the client. It is now possible to group the report renderings by header. As the OpenDocument format only supports a single header and footer definition, this feature renders a different file for each header and places them in a zip file if needed. This is used when rendering company related reports which display the company information in the header/footer. In order to simplify the dependencies in our web client, we replaced tempusdominus with the browser’s native input methods for types date, datetime-local and time when available. In order to make better use of the browse cache, the getter method of Function fields is called with cache sized groups of records. 2 posts - 1 participant Read full topic URL: https://discuss.tryton.org/t/newsletter-for-march-2021/3810
[tryton-announces] Security Release for issue10068
Security Release for issue10068 Synopsis A vulnerability in trytond has been found by German Dario Alvarez. With issue10068, the WSGI server does not prevent serving files outside the root directory. This allows an attacker to retrieve the content of files for which the trytond user has read access. Impact CVSS v3.0 Base Score: 7.5 Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None Workaround It is possible to setup a reverse-proxy in front of trytond that sanitize the request path. Resolution All affected users should upgrade trytond to the latest version. Affected versions per series: 5.8: <= 5.8.3 5.6: <= 5.6.12 5.0: <=5.0.32 Non affected versions per series: 5.8: >= 5.8.4 5.6: >= 5.6.13 5.0: >=5.0.33 Reference Issue 10068: Directory loader can escape root directory - Tryton issue tracker Concern? Any security concerns should be reported on the bug-tracker at https://bugs.tryton.org/ with the type security. 2 posts - 1 participant Read full topic URL: https://discuss.tryton.org/t/security-release-for-issue10068/3803
[tryton-announces] Newsletter for February 2021
Newsletter for February 2021 Colorful air balloons flying over picturesque rocky terrain1280×960 229 KB Improvements to Tryton continue to be made. Here you can find the latest changes which have been included in the last month. Changes for the User Tryton now displays the reconciliation column on the general ledger line so users can use the field as a search filter. It’s also possible to filter the general ledger by journal to only display the ledger for specific journals. We added a new set of reports which display various margins based on the stock moves. You can browse the margins per product or category. Product variants are now automatically deactivated when their template is deactivated. Also the product supplier and customer can be deactivated and are also automatically deactivated when their template is deactivated. The sale complaint creates an invoice correction when the action is to create a credit note. This is needed so that the quantity invoiced is kept coherent with the stock move quantity and to update the unit price. It is now possible to amend a purchase or sale line that does not have a product. A default lead time can now be set on supplier parties. It is used if the product supplier does not have a lead time or if there is no product supplier. It is now possible to define a default lead time for all salable products. It is used if the product has no lead time defined. The desktop client now displays a waiting watch when generating a long report. It is now possible to define a specific payment term date on the invoice. This is useful when entering a supplier invoice so the exact due date is recorded. It works also for customer invoices. New Modules A new module has landed in Tryton that extends the carrier selection to allow use of a country’s subdivision or a zip code _expression_. Changes for the System Administrator All caches are now cleared automatically when a new module is loaded. This means that on multi-server setups, other instances do not need to be restarted if the list of activated modules changes. The pool of other trytond processes are refreshed automatically when new modules are activated. This avoids the need to manually restart those processes. A new option has been added to trytond-admin that runs a validation on a percentage of the records, or all the records, from the listed models and reports any errors. This can be used to probe the database after a upgrade to ensure that everything is still correct. Changes for the Developer The HTML editor supports now the Genshi element directives. This means that users can now, for example, use it to create email templates with directives like for-loop etc. We have removed the foreign key constraint for the sequence used to number the invoice. We detected that the foreign key was a source of lock contention. We improved the execution time of the sale reports by using a Common Table _expression_ for the currency rate. On large database, the time went down from 2m to 1.5s. 2 posts - 1 participant Read full topic URL: https://discuss.tryton.org/t/newsletter-for-february-2021/3667
[tryton-announces] Newsletter January 2021
Newsletter January 2021 Person Holding A Happy New Year Text On A Black Board1280×1920 352 KB The Tryton team wishes you a happy new year. Here are the changes that the team has already prepared for the next version. Changes for the User To the marketing email we’ve added the same formatting functions that are available for reports. On the desktop client we added an interactive search on words in all the visible cells. As the move number depends on the journal, we made the journal read-only on the move once it has been numbered. We added options to let you choose the product and the format of the label for the DPD carrier. We now support packages for shipping returns. We allow the shipment cost price to be edited. Sale promotions can be applied on the total amount of the sale. The shipment costs are excluded by default from the total amount of the promotion. We’ve added relates from requests to purchases and vice versa. There is now a configuration to set a default customer payment term. If not configured we now use, by default, the payment term and invoice method of the party’s last purchase. We’ve added a summary of the description from the document lines in the lists. This is useful when the line has no product selected and only the description can distinguish it from other lines. The customers on Braintree and Stripe are now updated when their parameters are modified. The sale complaint displays the amount returned or credited for the complaint. Changes for the Developer We’ve removed the #tryton-commit channel. For alternatives see Remove irc notification on #tryton-commit. When trytond generates a default form view, it now also includes all the available buttons. The Python copy module is now supported when you want to copy model instances. The ModelView.button_change now supports dependencies to other methods (like fields.depends). For performance we now eagerly load all the Function fields with the same multiple getter. We’ve added an automated test to check the validity of the long_description of the package. For that we use the twine check command. We’ve removed the check for access right on instances. The clients now support empty values for time-delta converters. These empty converters are ignored when formatting the value. We’ve activated support for Python 3.9. The TaxableMixin has been added to the sale line so amounts with tax included can be calculated. We’ve added a new tool firstline which returns the first non-empty line of some text. We create a cache for the model names. It is used to speed things up when filling in the Reference fields selection. 2 posts - 1 participant Read full topic URL: https://discuss.tryton.org/t/newsletter-january-2021/3544
[tryton-announces] Newsletter December 2020
Newsletter December 2020 Brown Wooden Arrow Signed1280×1109 310 KB Development restarted straight after release 5.8, as you can see with these changes. Changes for the User You can now deactivate complaint types. This is useful when the company has stopped using certain complaint types. The aged balance report now supports more units of time (“week” and “year”) for the terms. Also the terms are updated to sensible standard values when the unit is changed. The commission date is now based on the invoice date or the payment date. We have unified the PYSON format in all the clients. They do not necessarily generate exactly the same strings but they can be copied between clients. On small screens the tabs on the list view could take too much space on the screen. Now they are forced into a single line with a scrollbar. Also on small screens we no longer display the next/previous buttons so there is now more space available for useful information. We added a relate from parties to their drop shipments like we have for other shipments. The effective date of the drop shipment can now be set manually. This is useful if adding them afterwards. We added a button on the product category that lets you add/remove lots of products from it easily. This is useful when a new category is created and you already have lots of products in the system. Using this you no longer need to edit each product in turn, but can instead add all the selected products in one go. When invoicing projects based on a time-sheet, it is common that you only want to invoice up to a particular date (for example the end of the month). We’ve added to these projects a date field that limits which time-sheet lines get selected when creating the invoice. Changes for the Developer Tryton now makes sure that char fields do not contain white spaces characters, except for normal spaces. It can be confusing for users when they are searching, as the other white spaces characters are not distinct and web browsers replace those white spaces by normal spaces. The caches for customer payment methods (Stripe and Braintree) no longer depend on the context. This increases the cache hit ratio for these values and so avoids unnecessary network requests for those services. The server no longer sets the extra_files attribute for the werkzeug server if it is not running in developer mode. This reduces the startup time by a small amount. 2 posts - 1 participant Read full topic URL: https://discuss.tryton.org/t/newsletter-december-2020/3454
[tryton-announces] Tryton Release 5.8
Tryton Release 5.8 Person drawing a ghost1280×853 169 KB We are proud to announce the 5.8 release of Tryton. This release provides many bug fixes and some significant improvements. Among other changes you will find big general performance improvements, a new theme for the web client and support for web shops. You can give it a try on the demo server, use the docker image or download it here . As usual the migration from previous series is fully supported. Some manual operation may be required, see Migration from 5.6 to 5.8. Here is a list of the most noticeable changes: Changes for the User Sending a report by email from the client has been completely reworked. We no longer rely on the local email client but now the emails are sent by the server on behalf of the user. It is also possible to setup predefined templates including: the subject, the body, the recipients and the attached reports. Sending sale quotation by email1918×985 75.7 KB The clients can now display, next to a value, the symbol from its unit of measure or its currency. This helps lighten the user interface and avoid confusion. All of Tryton’s forms and lists have been update to use this new feature in the appropriate places. When using a list view that uses this feature you can still search for a particular unit or currency. The administrator can share a user’s existing search bookmark with all the users. In this case the shared bookmarks will only be editable by the administrators. This is useful if you want to setup a common search query that is often performed by many users. The clients update the state of the delete button, and whether records can be edited, based on the dynamic access rules defined in the record rules. This of course compliments the existing rules based on access groups. The clients place copied records at the same position as newly created records. This means that the clients inspect the order applied to the list and deduce the correct place for the new record. More The check boxes on editable list views can’t be checked/unchecked without first selecting the row. The report name, proposed by the client when they are saved, now contains the name of the records on which it was based. The CSV export now formats the duration values. It uses the same locale format as the client, or when the locale option is not activated, it uses the total number of seconds. It is now possible to import a duration value from a CSV file. When a view for a model is opened without a name (e.g. using an URL), the client will use the default model name as its title (instead of nothing). The default colors for graphs and calendars can be configured on the client side. The URL, provided on the export CSV dialog, now includes the current context. Web Client The web client now comes with a default Tryton theme (instead of the default Bootstrap theme) based on Bootswatch Paper. The theme can be deactivated or replaced on installation. Party list on web client1918×985 117 KB Party form on web client1918×985 113 KB Party list on web client with small screen375×812 23.2 KB Party form on web client with small screen375×812 23.2 KB If a user opens multiple browser tabs, all connected to the same server, any changes to the preferences are kept per tab and survive a page reload. This allows the user to change companies on one tab, and if they reload the other tab it will stay linked to the original company. The totals shown at the bottom of a list are now always visible even if the list is longer than the screen. List of time-sheet lines with sum stick to the bottom1393×910 145 KB More Tryton now puts the field name in the input name attribute. This helps the browser suggest smarter auto-completion. CSV exports are now always encoded in UTF-8. This is because browsers do not provide a standard way to use a different encoding format. PYSON expressions can now be written using the .get, .in_ and .contains methods as in the desktop client. Tryton now uses a new library for the date time picker which improves where the popup gets positioned. Accounting It is now possible to open any general ledger accounts that require a party. This shows a breakdown of the balances of the account per party. The tax rule lines now have a start and end date which are used as criteria to determine when they are applied. This is useful, for example, for companies that need to start applying VAT for other European countries (because their turnover has reached the appropriate threshold). Each invoice line can now define a specific tax date. This can be used when a credit note is posted that applies to a previous period during which, for example, the tax rate was different. Now the credit note will have the same tax calculation without the need to change the accounting date of the invoice. The reconciliation wizard now keeps you on the same account/party after each reconciliation if there are still more lines to reconcile. We’ve added some fields on payment groups
[tryton-announces] Release 1.2.0 of python-sql
Release 1.2.0 of python-sql We are proud to announce the release of the version 1.2.0 of python-sql. python-sql is a library to write SQL queries in a pythonic way. It is mainly developed for Tryton but it has no external dependencies and is agnostic to any framework or SQL database. In addition to bug-fixes, this release contains the following improvements: Add explicit Windows to Select Fix missing Windows definitions in nested expressions python-sql is available on PyPI: https://pypi.org/project/python-sql/1.2.0/ 2 posts - 1 participant Read full topic URL: https://discuss.tryton.org/t/release-1-2-0-of-python-sql/3324
[tryton-announces] Newsletter October 2020
Newsletter October 2020 Yellow Arrow Led Signage1280×719 121 KB We are now on the home straight leading up to the 5.8 release. However, there will be some more changes over the next few weeks. You can already contribute to this new release by helping to translate or testing and reporting issues. Changes for the User The tax rule lines now have a start and end date which are used as criteria to determine when they are applied. This is useful, for example, for companies that need to start applying VAT for other European countries (because their turnover has reached the appropriate threshold). It is now possible to open the general ledger accounts that require a party. This displays the balances of the account per party. Each invoice line can now define a specific tax date. This can be used when a credit note is posted that applies to a previous period during which, for example, the tax rate was different. Now the credit note will have the same tax calculation without the need to change the accounting date of the invoice. We added some French taxes that were missing: Taxes for services purchase outside Europe Base for service sales inside Europe to code 0206 Service sales outside Europe to code 0033 Sometimes you may want to stop using a specific payment journal (e.g. when changing payment provider). So we now allow payment journals to be deactivated. Sending a report by email from the client has been completely reworked. We no longer rely on the local email client but now the emails are sent by the server on behalf of the user. It is also possible to setup predefined templates including: the subject, the body, the recipients and the attached reports. The record names used to generate a report are now added to the report’s file name. The administrators can now share some bookmarks with all the users. New Modules The marketing_email module manages mailing lists. It allows email addresses to be subscribed and unsubscribed from a list. And can be used to send emails to all the subscribed email addresses (with an unsubscribe link included in the email). The stock_assign_manual module adds a wizard to shipments and productions that allows you to decide from precisely which locations you want to pick products. Changes for the Developer You can now compare date and datetime values in PYSON statements. We started to use tempusdominus and Popper.js for the date picker on the web client. This fixes some display issues we’d noticed with the popup. The report engine now supports Genshi’s MsgDirective. This is very useful when using HTML templates because it allows you to include the formatting tags in the translation. The report engine no longer uses the relatorio template loader. Instead we keep the parsed report in memory for faster access (and to avoid writing it to a temporary directory). The default report classes, created on the fly, can now also be extended using registered mixins. The web client always exports the CSV file in UTF-8 (because browser does not support any other encoding). But we’ve added the UTF-8 BOM on Windows to ensure that programs like Excel open them correctly. We added a language attribute to the XML tag. This allows its contents to be skipped if the language is not translatable. Initially this has been used to only load the appropriate minimal charts of accounts. The read API has been extended to include the boolean properties _write and _delete that define whether the record can be modified or deleted by the user based on the access rules. This allows the clients to preventatively deactivate the corresponding actions in the user interface. It is now possible to format currency values with a different number of digits than the currency. This is useful, for example, to show unit prices to 4 decimal places. 3 posts - 1 participant Read full topic URL: https://discuss.tryton.org/t/newsletter-october-2020/3192
[tryton-announces] Newsletter September 2020
Newsletter September 2020 Colorful pattern1280×853 113 KB This month we got a major improvement with a new theme for the web client. Contents: Changes for the user Changes for the developer Changes for the User We now set the name attribute of the elements generated by the web client. This allows the browser to provide better auto-suggestions to the user. We now use the original cost price of a product to update the FIFO cost price when it is returned. This gives a more accurate and logical value, especially when there is no stock of the product left. It is now possible to delete or detach a source from a Stripe customer. This is useful if you know that a specific source can no longer be trusted. We added a relate action to the email notifications from any record. So users can easily access, for example, all the notification emails sent for a specific sales order. We added a relate action to the stock moves from a product or variant. This is useful if you want to find the last moves that happened to a product. A dedicated view is now used to show shipment moves. This lets the user focus on the important information only. It is already possible to define a sequence to generate the product variant code. Now we also have a sequence for the product template code. The web client has got a new default theme based on the bootswatch Paper theme. But it is still easy to deactivate it and use your own theme. List of sales on web client1918×985 174 KB Sale form on web client1918×985 133 KB We now automatically fill in the default accounts (like receivable and payable) when creating or updating a chart of accounts if the template only has a single option available. Changes for the Developer We now use the fields.depends to get the carrier context when computing the carrier cost. This makes it simpler to extend this with third-party modules. We fixed a cache ordering issue in ModelStorage which made browsing a large number of records in depth (more than 2k by default) randomly slower than expected. Now the time is roughly constant. The stock assignation method now automatically fills in the grouping value on the assigned move that’s used to compute the quantities. This allows you to easily write modules that set the lot on assignation for example. On busy systems, the queue table can grow quickly. So we’ve added a scheduled task that runs each day which removes completed tasks that are over 1 month old. We now allow a successful or failed payment to be put back to a processing state. This is because, in some cases (like with Stripe payments), you may need to update a payment that has already been successful (e.g. in the case of a refund). The new transition allows you to avoid using the failed state just for the purpose of performing this change. 2 posts - 1 participant Read full topic URL: https://discuss.tryton.org/t/newsletter-september-2020/3132
[tryton-announces] Newsletter August 2020
Newsletter August 2020 Pile of White and Black Boxes1280×853 78.3 KB This month we kept refining existing features to improve the user experience, smooth workflows and empower users. Contents: Changes for the user Changes for the developer Changes for the User The subject of the marketing automation and notification emails can now be rendered using the value of the record. This way the subject can be more specific which increases the chances of it being opened. We added a view that can be opened from the product that shows the incoming and outgoing stock moves by warehouse. Each move has cumulative quantity fields which help the user adjust their plans in order to avoid shortages. The German federal ministry of finance announced on June 30 a cut in value-added-tax rates from 19% to 16% for the standard rate and from 7% to 5% for the reduced rate. As the tax cut is temporary, lasting from July 1 until December 31, we introduced new tax definitions into the account_de_skr03 module for the periods before, during and after the cut. All the wizard messages have been reviewed and normalized. Now they use proper icons and all the unnecessary exclamation marks have been removed. The default color for the graphs is now managed by the client instead of the server. So the client can be customized to use a color which fits nicely with the theme. The party module has been updated to use the latest version of python-stdnum and so includes more tax identifiers for countries like Andorra, Guatemala, Japan, Moldova, New Zealand, Peru, Paraguay, Uruguay, Venezuela and South Africa. If you are missing a standard identifier, we’d like to remind you that the best way to get it in Tryton, it is to contribute it to python-stdnum. We keep the last average cost price for FIFO products when the quantity in stock is below zero. We automatically remove any carriage returns from the fields in the FEC export as they are not allowed. Any closed accounts are no longer shown when opening the details of the balance sheet. The clients place copied records at the same position as newly created records. This means that the clients inspect the order applied to the list and deduce the correct place for the new record. The stock move assignation wizards have been reworked and merged into a single wizard. This now provides four options if all the moves cannot be assigned: “Cancel” to restore the the moves to their initial state, “Wait” to leave the moves partially assigned, “Ignore” to set the quantity to 0 for non assigned moves and “Force” to force the assignation of all moves. You no longer need to set analytic accounts on the move that balances the non-deferral account when closing the fiscal year. The reconciliation wizard now keeps you on the same account/party after each reconciliation if there are still more lines to reconcile. Changes for the Developer We require the cost price to be filled in for all outgoing and incoming moves now. It was already filled in automatically by the code but this is now enforced to ensure the developer doesn’t forget it. We also require a unit price for drop shipment and customer return moves. We’ve added model, record and records attributes to the wizards these are filled in using values from the active context. This simplifies and normalizes writing wizards. Tryton also checks that the user has read access to the records before executing the wizard. We have added a test to ensure it is possible to try and assign a move with unsaved values. This behavior is interesting because it allows you to set the value on the move as an assignation parameter while keeping the original values unchanged for the remaining quantities. In order to minimize the data sent to the client, we now send only explicitly declared fields from actions instead of just excluding some. This is because we have found, over time, when a new field is added to the actions, we often forget to exclude it if it is not needed by the clients. A common pattern used in Tryton to create grouped records is to use a list of tuples composed of key-value pairs. In order to use the itertools.groupby we need to sort the list. But sometimes it includes None values and in Python 3 it is not possible to order lists containing None. So we’ve added a tool sortable_values which takes care of this by providing a key function which can be used to order the list of values that may contain None. It is now possible to define a keyword action that applies to any model. This is useful when creating a generic action which uses the active_model value. We added an option to sendmail to raise an exception if it fails. With this it is possible to tie a transaction’s success to the sending of an email. To the tools we’ve added a function to escape wildcards from strings. It is now possible to define default values on routes. This can be used, for example, to set a default database on a simple route. The session reset now uses an autocommit transaction which avoids
[tryton-announces] Security Release for issue9453
Security Release for issue9453 Synopsis A vulnerability in sao has been found by Cédric Krier. With issue 9453, the web client does not escape the HTML tags from user data in translated richtext widgets. This allows cross-site scripting attacks which can result in session hijacking, persistent phishing attacks, and persistent external redirects to a malicious source. Impact CVSS v3.0 Base Score: 4.6 Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: Required Scope: Unchanged Confidentiality: Low Integrity: Low Availability: None Workaround There is no existing workaround. Resolution All affected users should upgrade sao to the latest version. Affected versions per series: 5.6: <= 5.6.4 5.4: <= 5.4.10 5.2: <= 5.2.18 5.0: <=5.0.26 Non affected versions per series: 5.6: >= 5.6.5 5.4: >= 5.4.11 5.2: >= 5.2.19 5.0: >= 5.0.27 Reference issue9453 Concern? Any security concerns should be reported on the bug-tracker at https://bugs.tryton.org/ with the type security . 2 posts - 1 participant Read full topic URL: https://discuss.tryton.org/t/security-release-for-issue9453/3005
[tryton-announces] Newsletter July 2020
Newsletter July 2020 Sea Waves Splashing1280×1599 251 KB Development has reached cruising speed. A major improvement has landed which reduces memory usage on the server by between 30% and 40% and increases its speed by around 15%. Contents: Changes for the user Changes for the system administrator Changes for the developer Changes for the User The web client keeps the context on reloads even if the user preferences were changed in another tab. So this means that you can open one tab for each company and if you reload one of them by mistake, it stays logged in to the same company. We have a rule engine that automatically fills in the analytic accounts on accounting move lines. But sometimes the rule engine is not properly configured or new cases get added. So, we’ve added a button on the lines with missing analytic accounts to reapply the rules after they have been fixed. An optional shipping date has been added to the sale order. It allows the shipment to be postponed to on or after this date. An employee criteria has been added to the selection of the commission agent. The employee used is the one who does the quotation for the sale. This, for example, allows rules to be created that provide commission to the employees that generate the sales. The products and variants are now ordered using code and name by default. We’ve added some fields on payment group to show aggregate information like the amount and the amount succeeded etc. Until now a promotion was only applied if the price of all of the lines was reduced. But now it is always applied on every line for which the price is reduced. It is now possible to credit an invoice without keeping the agent. Companies may not want to request reimbursement of commission that has already been given. The stock moves unit price is now automatically updated based on the posted invoices when it is done. This helps keep a more accurate cost price calculation and ensures better reporting. The taxes of the German chart of account have been updated to follow the new rates between the 1st July 2020 and the 31st December 2020. The patch should be applicable on previous series if you need it. Changes for the System Administrator We added the inherited name or type to the view record name. This makes it easier to select the correct view when creating an extension from the administration interface. Changes for the Developer The name of “cancelled” state has been unified across the whole application. The scripts written using Proteus now also support the TRYTOND_DATABASE_URI environment variable the same way as the trytond commands. Records are now stored internally using a custom class instead of a generic dictionary. This has reduced memory usage for records by between 30% and 40%. We have also improved the average access time for field values by around 15% by using a shorter execution path. The hash method used with records has been improved to reduce collisions between unsaved records. This speeds up the calls to ModelStorage.save when used with new records. We now provide a cached_property decorator in the tools. By default it is the new decorator from the Python stdlib with a fallback to the Werkzeug version. Tryton will not write to existing targets when re-adding them on xxx2Many fields. This is an operation that the clients always sent when the field was modified because they didn’t know if the records were existing targets. This change prevents access errors from being raised when the operation is not allowed. The Python evaluation of domain with a None value now always returns None. This implements the same behavior as the SQL evaluation. We’ve added a parameter to the Stripe payment so they can be charged on-session. This is useful when implementing a checkout form using the sale payments. We now support the webhook payment_intent.cancel event. This is useful if you give your customers the option to cancel their payment intents. 2 posts - 1 participant Read full topic URL: https://discuss.tryton.org/t/newsletter-july-2020/2837
[tryton-announces] Security Release for issue9394
Security Release for issue9394 Synopsis A vulnerability in sao has been found by Cédric Krier. With issue9394, the web client does not escape the HTML tags from user data. This allows cross-site scripting attacks which can result in session hijacking, persistent phishing attacks, and persistent external redirects to a malicious source. Impact CVSS v3.0 Base Score: 3.5 Attack Vector: Network Attack Complexity: Low Privileges Required: High User Interaction: Required Scope: Unchanged Confidentiality: Low Integrity: Low Availability: None Workaround There is no existing workaround. Resolution All affected users should upgrade sao to the latest version. Affected versions per series: 5.6: <= 5.6.3 5.4: <= 5.4.9 5.2: <= 5.2.17 5.0: <=5.0.25 Non affected versions per series: 5.6: >= 5.6.4 5.4: >= 5.4.10 5.2: >= 5.2.18 5.0: >= 5.0.26 Reference issue9394 Concern? Any security concerns should be reported on the bug-tracker at https://bugs.tryton.org/ with the type security . 2 posts - 1 participant Read full topic URL: https://discuss.tryton.org/t/security-release-for-issue9394/2947
[tryton-announces] Newsletter October 2021
Newsletter October 2021 Red Leaf Trees Near the Road1280×853 332 KB Here are the latest improvements in preparation for the upcoming 6.2 release. Changes for the User The sale module currently provides reporting that displays relevant data grouped by products, categories etc. We now also have a general report that is not grouped but just displays totals. We now support products without a list price. The user will be warned if they try to post an invoice with a date in the future. The web client now has a button to fold/unfold the selected records of a tree. The dunning records now store their own age. New Modules The Product Image Attribute Module adds attributes to product images. Changes for the System Administrator The errors that are raised during non-interactive operations (like scheduled tasks or queued jobs) are now listed in the administration entry. These error can be processed by a user, and once solved the task or the job is submitted again. The trytond-stat command displays the node name on which the process is running. This is useful when the directory that contains the stat socket is shared between multiple machines. On first login the configuration wizard now has a step that makes it easy to activate modules on the system. Changes for the Developer The MPTT behavior has been improved to avoid a full rebuild when creating nested records. It now does a classic update for each level. The ModelStorage class now has a count() method that returns an estimate of the number of records stored. It uses caching and random invalidation to minimize the cost. We now use str instead of repr when constructing the warning keys. This allows the same key to be constructed using proteus. The method remove_forbidden_chars has been added to the tools as it is used by many modules. The ModelSQL.search method optimizes some queries by using a UNION of sub-queries when clauses contain straight columns of the table and columns of a joined table. In these cases the database can use indexes. The context can normally only be modified with the Transaction.set_context context manager. In order to enforce this behavior, the context is now an ImmutableDict. The title of emails generated from a report no longer contain the name of the record from which the report is generated. The value of the Dict field is an ImmutableDict but the values must also be immutable. So we now use a tuple instead of list. The server now uses the bigdecimal type from XML-RPC. For performance reasons we use __slots__ for the classes registered in the Pool. But as this can be broken when one class does not define it we added a generic test which ensures that all the classes in the Pool have __slots__ defined. When proteus is configured to use XML-RPC, it authenticates on each request. This is slow as we are using a slow hashing method for security and to protect against brute-force attacks. Now proteus can be configured to use a session with XML-RPC. The grouping option to format numeric widget can be configured on the view. We unified the way we set email From headers. Tryton now sets the Reply-To and On-Behalf-Of headers when needed. 1 post - 1 participant Read full topic URL: https://discuss.tryton.org/t/newsletter-october-2021/4659
[tryton-announces] Release 1.3.0 of python-sql
Release 1.3.0 of python-sql We are proud to announce the release of the version 1.3.0 of python-sql. python-sql is a library to write SQL queries in a pythonic way. It is mainly developed for Tryton but it has no external dependencies and is agnostic to any framework or SQL database. In addition to bug-fixes, this release contains the following improvements: Add GROUPS frame to Window Add exclude to Window Add method for each type of join Support Select queries in conditionals and functions Remove support for Python older than 3.5 python-sql is available on PyPI: python-sql · PyPI 1 post - 1 participant Read full topic URL: https://discuss.tryton.org/t/release-1-3-0-of-python-sql/4618
[tryton-announces] Release of Relatorio 0.10.0
Release of Relatorio 0.10.0 We are glad to announce the release of Relatorio version 0.10.0. Relatorio is a templating library mainly for OpenDocument using also OpenDocument as source format. This is a minor feature release which: Add relatorio-render script Add templating of meta in opendocument Remove support for Python older than 3.5 The package is available at relatorio · PyPI The documentation is available at Welcome to relatorio’s documentation! — relatorio 0.9.3 documentation 1 post - 1 participant Read full topic URL: https://discuss.tryton.org/t/release-of-relatorio-0-10-0/4612
[tryton-announces] Newsletter for September 2021
Newsletter for September 2021 Green and Gray Scissors1280×853 222 KB We hope that everybody had a nice Summer and enjoyed their holidays. The Tryton team continued working on the ERP and we are back with a resume of the latest improvements. Changes for the User We added a frame around the image widget. This makes the widget cleaner when empty. More party identifiers and tax identifiers have been added for Austria, Ukraine and Vietnam. The rule keywords from statement lines are now stored in such way that they can be used for future matching. This adds a form of learning behavior to the statement rules engine. We added a new wizard to split accounting lines. This is useful to reschedule payable or receivable lines by applying a new maturity date to each new line. The wizard can also be used on dunning and invoice lines to reschedule them. It is now possible to set accounts for taxes of type “None”. This is useful for taxes that are entered manually on the invoice because the account will be filled in automatically. New Modules The Stock Package Shipping Sendcloud Module allows package labels to be generated for shipments made by any of Sendcloud’s supported carriers. The Account Budget Module provides the ability to set budgets for accounts over a defined period of time. These budgets can then be used to track the total amount from relevant transactions against the budgeted amount. The Analytic Budget Module provides the ability to set budgets for analytic accounts over a defined period of time. These budgets can then be used to track the total amount from relevant transactions against the budgeted amount. The Product Image Module adds images to each product and variant. Changes for the System Administrator We improved the error management in the script used to import postal codes. Changes for the Developer We moved and renamed the cost_warehouse from the product_cost_warehouse module to the warehouse in the stock module. By doing this it can now be used by any module that depends on the stock module. The complete locale definition for the user’s language is now sent to the clients. Proteus now also fills in the wizard actions attribute when the result is an empty list. The number widgets’ width attribute is now also used as its default display width. The currency module defines a new Monetary field. This is derived from the Numeric field by adding a currency attribute which contains the name of the field which stores the currency. The desktop clients render these fields using the monetary format and with the currency symbol by default. It is now also possible to use a string as the digits value on number fields (instead of the usual pair of integers). The string must contain the name of a Many2One field which points to a Model that inherits from DigitsMixin and that provides a get_digits method. This allowed the removal of all the Function fields that provided the currency and unit digits. Another benefit is that clients cache the value for each DigitsMixin record for 1 day by default, so this change also reduces the load on the server. We reduced the number of times we save the cost values when doing multiple moves. We no longer try to read records that were deleted after being instantiated from a browse list. The digits argument to the format_number method of Report is now optional. If it is not specified, or is set to None, it will display all the significant digits. 1 post - 1 participant Read full topic URL: https://discuss.tryton.org/t/newsletter-for-september-2021/4525
[tryton-announces] Newsletter for August 2021
Newsletter for August 2021 Summer Letter Cube on Soil1280×773 102 KB Development has slowed down a bit during the summer but improvements are still being made. Changes for the User The clients now only use the last menu entry as the label on each tab. A new sales report by customer category has been added. In order to close an accounting period, inactive accounts must now be balanced. New Modules The Account Stock Shipment Cost Module allocates shipment costs based on invoices. Changes for the System Administrator The server will now use argon2 or scrypt to hash passwords by default. Changes for the Developer It is now possible to use a PYSON _expression_ as the key for a PYSON.In with a dict object. 1 post - 1 participant Read full topic URL: https://discuss.tryton.org/t/newsletter-for-august-2021/4443
[tryton-announces] Newsletter for July 2021
Newsletter for July 2021 Happy woman showing wooden signboard saying open1280×1065 188 KB After the release 6.0, the development has restarted. Here are some changes that already landed: Changes for the User We always try and automatically reconcile the oldest account move lines first. The desktop client sets the mnemonic keys using the first letter of the label that is available on the user’s keyboard. It is now possible to reset asset depreciations to draft if none of the moves have yet been posted. Binary fields can now be exported or imported by CSV. The data must be encoded into base64. We removed the unique product constraint on Bill Of Materials. When a manual tax is added to an invoice, we now also register a tax line with the base amount for the tax reporting. We allow warehouses to be grouped under a common view location. The commission module gained a report that shows the commission per agent. The web client now has accesskeys for each widget and button. They are displayed using the key combination +. The statement journals can now be deactivated as the company can close its related bank account. Changes for the System Administrator The trytond-console command can now be started with a read-only transaction. Changes for the Developer We implemented the BOOL_AND and BOOL_OR SQL functions in the SQLite back-end. We use the i18n Genshi extension to enable better translations of the gift card emails. We added a unique constraint for the language codes. The clients now search and get Dict keys in a single call for improved performance. We added to res.user.warning a method to format the warning name based on a list of records. 1 post - 1 participant Read full topic URL: https://discuss.tryton.org/t/newsletter-for-july-2021/4338
[tryton-announces] Tryton Release 6.0
Tryton Release 6.0 Gray Concrete Road Between Green Trees Under White Clouds and Blue Sky1280×853 156 KB We are proud to announce the 6.0 Long Term Support release of Tryton . This release provides many bug fixes and some significant improvements. Among other changes you will find the display of attached documents, reinforced security and many accounting improvements. There are also no more than 11 new modules that include support for things such as Incoterms, Avatars and Product kits. Tryton has now also been translated into Romanian which brings the number of languages to 24. You can give it a try on the demo server, use the docker image or download it here. As usual migration from previous series is fully supported. Some manual operations may be required, see Migration from 5.8 to 6.0. Here is a list of the most noticeable changes: Changes for the User The clients can now display documents inside a form. The supported document formats are dependent on the client. For the web client it is the one supported by the browser (usually images and pdfs). And for the desktop client it is also images and the formats supported by Evince. Attachment with document displayed in web client1918×985 72.3 KB Attachment with document displayed in desktop client×647 33.2 KB Thanks to the document widget, it is possible to display, next to any form, a preview of the attachments. This can be used, for example, when entering a supplier invoice from the attached PDF. Supplier invoice form with attachment preview in web client1918×985 95.9 KB Supplier invoice form with attachment preview in desktop client1436×860 78.1 KB When sending an email from the client, in addition to being able to attach any report, it is now possible to also attach any of the record’s attachments. More The dialog opened under a revision show in their title the revision. When exporting into CSV file a tree, the first column is indented according to its level in the tree. When opening many dialog, the title is now composed of a breadcrumb trail of all the dialog opened before. This avoid to loose the user in his navigation. The name of the tabs opened from the menu is now the name of the menu entry. Web Client The CSV export and import dialog can now be reordered using drag and drop. The web client can now also propose completion for the search input of the xxx2Many and Dict widgets. The email and URL widgets now use the appropriate input type. So that mobile devices can display the best virtual keyboard. More Each selection entry can display its own help text. Desktop Client When printing reports that are single (like the invoice), the server sends a zip file containing one document for each record. The client now recognizes these files and can send each file from the zip to the printer. When running the client on UNIX platforms, it is now possible to use the direct print feature. The client will uses the lp or lpr commands and for OpenDocuments it uses soffice. (It continues to use the print command on Windows). Some reports can take a long time to generate so the client runs them with an asynchronous request. This allows the user to still perform other operations while the report is being generated. An interactive search has been added to the list and tree views. It pops up when you start to type on the list and puts the focus on the first line which matches the results. You can jump to the next matching entry with +↓ and previous with +↑. Desktop client quick searching on sale lines1176×396 39.6 KB Accounting The Income Statement and Balance Sheet can now be printed. Only the records that are open in the client are printed. The general journal is now printed from a list of moves. This adds, as a nice side effect, the ability to print a single move if needed. The General Ledger (accounts and lines) can now be filtered by journal. And from the lines it is also possible to perform a reconciliation. The terms on the Aged Balance can now be expressed in weeks and years in addition to the existing days and months. The Spanish accounting module now provides a report for the VAT book. Companies can not always deduct the full amount of the taxes on supplier invoices. We now allow the accountant to set the deductible rate of each invoice line. You can set a default value for the rate on the product category. Some companies can never deduct taxes, thus they can be configured to always use a 0% deductible rate. It is now possible to make the link between invoice lines and stock moves after they have been posted and done. In these cases the unit price is also updated on the stock move, and if needed the cost price will be recalculated. More Account type from balance statement can be marked as debt. So they can be used directly to book invoices. It is now possible to open directly from a party his general ledger accounts. The balance of the general ledger lines start with the start value of the account. The reconciliation sequence can now
[tryton-announces] Newsletter for April 2021
Newsletter for April 2021 Pink Flowers On Trees1280×853 486 KB A lot of development has finally landed, laying a solid foundation for the upcoming 6.0 release. Changes for the User We’ve improved the default ordering for shipments and production orders. It is now based on either the effective date or the planned date. The shipping labels can now be stored in the filestore. Doing this can help to reduce the size of the database. The price list formula can explicitly use the list price of a product. This is useful for some regulated business where the purchase price is fixed based on the public price. The report that shows the quantities of a product by warehouse can now display it for multiple products. We also added a relate from assigned shipments and productions to show the quantities for all the products included in the document. It is now possible to modify the dimension of packages. By default, they are filled in with the value from the package type. The main use case is for pallets where the height is only known after it is filled in. The import and export CSV dialog for the web client now supports drag and drop on the columns to reorder them. Any stock moves that get cancelled are now automatically removed from the package they were linked to. The income statement and balance sheet can now be printed. When exporting tree structures as CSV data the first column is now indented. The client now allows sending emails with any of the record’s existing attachments. The stock packages now display the tracking URL for each carrier. Changes to the shipment cost on shipments has been simplified. This has been done by adding an edit checkbox which helps avoid unexpected re-calculations of the cost when moves are changed. We replaced the “Print General Journal” with a generic report on accounting moves. This provides more flexibility on what content is printed. It is now possible to configure the party identifiers that are available. We removed the unpractical tree structure from companies. The user’s “Main Company” has been replaced by a flat list. It is now possible to define a supplier invoice line as a price correction to update the cost price of its product. When the carrier cost is not fully covered by the shipment cost paid by the customer, the unsold part is added to the outgoing moves as a shipment cost. The return purchases are now linked to the original purchase. The calculated weight of a shipment parcel now also includes the weight of the package used. The general ledger lines display now the cumulative balance starting at the balance of the account. New Modules The Purchase Price List Module allows price lists to be defined for suppliers. The Stock Shipment Cost Module adds a shipment cost to outgoing moves. This cost is added to the product margin reports. The Stock Quantity Issue Module helps to solve stock quantity issues. The Product Cost Warehouse Module allows the cost price of products to be calculated separately for each warehouse. The Stock Quantity Early Planning Module helps reduce stock levels by proposing earlier use of stock. The Incoterm Module is used to manage Incoterms on sales, purchases and shipments. The Autopilot Module stores all user inputs in a blockchain, automatically analyses and predicts the best next logical step in business (yes, AI with tensor flow) and finally act autonomous, e.g. purchase products and sell them, without human interaction. The Avatar Module adds an avatar to each party. Changes for the System Administrator The groups can have now a parent from which they inherit their access permissions. This is useful, for example, when creating “Administration” groups which normally have all the rights from the standard group along with some additional rights. We added a new command trytond-stat which displays the currently processed requests, tasks and jobs for each of the trytond processes on the host. Changes for the Developer We’ve added a method to post invoices by batch. It delegates the numbering to a deferred task. This can be used to reduce contention on the invoice numbering sequence. We’ve added a generic test in the company module that ensures the company context is set on fields that target a company multivalue model. The MPTT update is now only called for affected fields. A new route decorator has been added to allow null as its origin. This is useful for web-extensions like Chronos as browsers now use this origin instead of the extension ID. Model.__access__ is a new attribute which contains the names of a relation field for which the access rights must also be checked. This simplifies the definition of access rights for documents composed of several models like, for example, the invoice with lines and taxes. The actions can now define whether they run on the selected records (as usual) or the listed records. Also if the action is run on a tree structure then a path for each record is sent to the server. The context fields of parent reco
[tryton-announces] Newsletter for March 2021
Newsletter for March 2021 Five Bulb Lights1280×853 97 KB Here’s a sneak peak at the improvements that landed during the last month. Changes for the User We now show the carrier on the shipment list so it’s possible to prioritize shipments based on the carrier. We’ve added a wizard to make it easy to add lots to stock moves. The sequence to use for the lot number can be configured for each product. We ensure the unit prices for stock moves are up to date when their invoices are posted or their moves are done. The account move lines created by a statement now have the statement line as their origin. This makes it simpler to audit the accounts. We now use the menu path from which a window was opened as its name. We now warn the user when they try to post a statement with cancelled or paid invoices and then remove them from the statement. A delivery usage checkbox has been added to contact mechanisms just like for addresses. It can be used, for example, to indicate which email address to send notifications related to deliveries. The clients now display the revision on the dialog. This is useful, for example, when opening the party dialog from the invoice when the history is activated. This way the user can see from which date the information is displayed. It is easy to get lost when quickly opening consecutive dialog fields. To improve the situation, the clients now display breadcrumbs in the title showing the browsing path to the dialog. We’ve added the new identifiers from python-stdnum 1.15. We no longer create accounting moves for stock when the amount involved is 0. There is now a scheduled task that can be configured to fetch currency rates at a specific frequency. By default it gets the rates from the European Central Bank. New Modules Changes for the System Administrator We’ve added device cookie support to the clients. This allows these clients to not be affected by the brute force attack protection. Changes for the Developer It is now possible to send emails with different “FROM” addresses for the envelope and header. All the warnings can be skipped automatically by adding a single key named _skip_warnings to the context. We’ve added the trigonometric functions to the SQLite back-end. Any fields that are loaded eagerly are no longer instantiated automatically but instead the id is just stored in the cache. The instantiation is done only if the field is actually accessed. This improves the performance of some operations by up to 13%, but the actual improvements you can expect will depend a lot on of the number of fields the model has. It is now possible to define help text for each selection value. However, at the moment only the web client can display it. We made the ModelView.parse_view method public. This allows the XML that makes up the view to be modified by code before it is sent to the client. It is now possible to group the report renderings by header. As the OpenDocument format only supports a single header and footer definition, this feature renders a different file for each header and places them in a zip file if needed. This is used when rendering company related reports which display the company information in the header/footer. In order to simplify the dependencies in our web client, we replaced tempusdominus with the browser’s native input methods for types date, datetime-local and time when available. In order to make better use of the browse cache, the getter method of Function fields is called with cache sized groups of records. 1 post - 1 participant Read full topic URL: https://discuss.tryton.org/t/newsletter-for-march-2021/3810
[tryton-announces] Security Release for issue10068
Security Release for issue10068 Synopsis A vulnerability in trytond has been found by German Dario Alvarez. With issue10068, the WSGI server does not prevent serving files outside the root directory. This allows an attacker to retrieve the content of files for which the trytond user has read access. Impact CVSS v3.0 Base Score: 7.5 Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None Workaround It is possible to setup a reverse-proxy in front of trytond that sanitize the request path. Resolution All affected users should upgrade trytond to the latest version. Affected versions per series: 5.8: <= 5.8.3 5.6: <= 5.6.12 5.0: <=5.0.32 Non affected versions per series: 5.8: >= 5.8.4 5.6: >= 5.6.13 5.0: >=5.0.33 Reference Issue 10068: Directory loader can escape root directory - Tryton issue tracker Concern? Any security concerns should be reported on the bug-tracker at https://bugs.tryton.org/ with the type security. 1 post - 1 participant Read full topic URL: https://discuss.tryton.org/t/security-release-for-issue10068/3803
[tryton-announces] Newsletter for February 2021
Newsletter for February 2021 Colorful air balloons flying over picturesque rocky terrain1280×960 229 KB Improvements to Tryton continue to be made. Here you can find the latest changes which have been included in the last month. Changes for the User Tryton now displays the reconciliation column on the general ledger line so users can use the field as a search filter. It’s also possible to filter the general ledger by journal to only display the ledger for specific journals. We added a new set of reports which display various margins based on the stock moves. You can browse the margins per product or category. Product variants are now automatically deactivated when their template is deactivated. Also the product supplier and customer can be deactivated and are also automatically deactivated when their template is deactivated. The sale complaint creates an invoice correction when the action is to create a credit note. This is needed so that the quantity invoiced is kept coherent with the stock move quantity and to update the unit price. It is now possible to amend a purchase or sale line that does not have a product. A default lead time can now be set on supplier parties. It is used if the product supplier does not have a lead time or if there is no product supplier. It is now possible to define a default lead time for all salable products. It is used if the product has no lead time defined. The desktop client now displays a waiting watch when generating a long report. It is now possible to define a specific payment term date on the invoice. This is useful when entering a supplier invoice so the exact due date is recorded. It works also for customer invoices. New Modules A new module has landed in Tryton that extends the carrier selection to allow use of a country’s subdivision or a zip code _expression_. Changes for the System Administrator All caches are now cleared automatically when a new module is loaded. This means that on multi-server setups, other instances do not need to be restarted if the list of activated modules changes. The pool of other trytond processes are refreshed automatically when new modules are activated. This avoids the need to manually restart those processes. A new option has been added to trytond-admin that runs a validation on a percentage of the records, or all the records, from the listed models and reports any errors. This can be used to probe the database after a upgrade to ensure that everything is still correct. Changes for the Developer The HTML editor supports now the Genshi element directives. This means that users can now, for example, use it to create email templates with directives like for-loop etc. We have removed the foreign key constraint for the sequence used to number the invoice. We detected that the foreign key was a source of lock contention. We improved the execution time of the sale reports by using a Common Table _expression_ for the currency rate. On large database, the time went down from 2m to 1.5s. 1 post - 1 participant Read full topic URL: https://discuss.tryton.org/t/newsletter-for-february-2021/3667
[tryton-announces] Newsletter January 2021
Newsletter January 2021 Person Holding A Happy New Year Text On A Black Board1280×1920 352 KB The Tryton team wishes you a happy new year. Here are the changes that the team has already prepared for the next version. Changes for the User To the marketing email we’ve added the same formatting functions that are available for reports. On the desktop client we added an interactive search on words in all the visible cells. As the move number depends on the journal, we made the journal read-only on the move once it has been numbered. We added options to let you choose the product and the format of the label for the DPD carrier. We now support packages for shipping returns. We allow the shipment cost price to be edited. Sale promotions can be applied on the total amount of the sale. The shipment costs are excluded by default from the total amount of the promotion. We’ve added relates from requests to purchases and vice versa. There is now a configuration to set a default customer payment term. If not configured we now use, by default, the payment term and invoice method of the party’s last purchase. We’ve added a summary of the description from the document lines in the lists. This is useful when the line has no product selected and only the description can distinguish it from other lines. The customers on Braintree and Stripe are now updated when their parameters are modified. The sale complaint displays the amount returned or credited for the complaint. Changes for the Developer We’ve removed the #tryton-commit channel. For alternatives see Remove irc notification on #tryton-commit. When trytond generates a default form view, it now also includes all the available buttons. The Python copy module is now supported when you want to copy model instances. The ModelView.button_change now supports dependencies to other methods (like fields.depends). For performance we now eagerly load all the Function fields with the same multiple getter. We’ve added an automated test to check the validity of the long_description of the package. For that we use the twine check command. We’ve removed the check for access right on instances. The clients now support empty values for time-delta converters. These empty converters are ignored when formatting the value. We’ve activated support for Python 3.9. The TaxableMixin has been added to the sale line so amounts with tax included can be calculated. We’ve added a new tool firstline which returns the first non-empty line of some text. We create a cache for the model names. It is used to speed things up when filling in the Reference fields selection. 1 post - 1 participant Read full topic URL: https://discuss.tryton.org/t/newsletter-january-2021/3544
[tryton-announces] Newsletter December 2020
Newsletter December 2020 Brown Wooden Arrow Signed1280×1109 310 KB Development restarted straight after release 5.8, as you can see with these changes. Changes for the User You can now deactivate complaint types. This is useful when the company has stopped using certain complaint types. The aged balance report now supports more units of time (“week” and “year”) for the terms. Also the terms are updated to sensible standard values when the unit is changed. The commission date is now based on the invoice date or the payment date. We have unified the PYSON format in all the clients. They do not necessarily generate exactly the same strings but they can be copied between clients. On small screens the tabs on the list view could take too much space on the screen. Now they are forced into a single line with a scrollbar. Also on small screens we no longer display the next/previous buttons so there is now more space available for useful information. We added a relate from parties to their drop shipments like we have for other shipments. The effective date of the drop shipment can now be set manually. This is useful if adding them afterwards. We added a button on the product category that lets you add/remove lots of products from it easily. This is useful when a new category is created and you already have lots of products in the system. Using this you no longer need to edit each product in turn, but can instead add all the selected products in one go. When invoicing projects based on a time-sheet, it is common that you only want to invoice up to a particular date (for example the end of the month). We’ve added to these projects a date field that limits which time-sheet lines get selected when creating the invoice. Changes for the Developer Tryton now makes sure that char fields do not contain white spaces characters, except for normal spaces. It can be confusing for users when they are searching, as the other white spaces characters are not distinct and web browsers replace those white spaces by normal spaces. The caches for customer payment methods (Stripe and Braintree) no longer depend on the context. This increases the cache hit ratio for these values and so avoids unnecessary network requests for those services. The server no longer sets the extra_files attribute for the werkzeug server if it is not running in developer mode. This reduces the startup time by a small amount. 1 post - 1 participant Read full topic URL: https://discuss.tryton.org/t/newsletter-december-2020/3454
[tryton-announces] Tryton Release 5.8
Tryton Release 5.8 Person drawing a ghost1280×853 169 KB We are proud to announce the 5.8 release of Tryton. This release provides many bug fixes and some significant improvements. Among other changes you will find big general performance improvements, a new theme for the web client and support for web shops. You can give it a try on the demo server, use the docker image or download it here . As usual the migration from previous series is fully supported. Some manual operation may be required, see Migration from 5.6 to 5.8. Here is a list of the most noticeable changes: Changes for the User Sending a report by email from the client has been completely reworked. We no longer rely on the local email client but now the emails are sent by the server on behalf of the user. It is also possible to setup predefined templates including: the subject, the body, the recipients and the attached reports. Sending sale quotation by email1918×985 75.7 KB The clients can now display, next to a value, the symbol from its unit of measure or its currency. This helps lighten the user interface and avoid confusion. All of Tryton’s forms and lists have been update to use this new feature in the appropriate places. When using a list view that uses this feature you can still search for a particular unit or currency. The administrator can share a user’s existing search bookmark with all the users. In this case the shared bookmarks will only be editable by the administrators. This is useful if you want to setup a common search query that is often performed by many users. The clients update the state of the delete button, and whether records can be edited, based on the dynamic access rules defined in the record rules. This of course compliments the existing rules based on access groups. The clients place copied records at the same position as newly created records. This means that the clients inspect the order applied to the list and deduce the correct place for the new record. More The check boxes on editable list views can’t be checked/unchecked without first selecting the row. The report name, proposed by the client when they are saved, now contains the name of the records on which it was based. The CSV export now formats the duration values. It uses the same locale format as the client, or when the locale option is not activated, it uses the total number of seconds. It is now possible to import a duration value from a CSV file. When a view for a model is opened without a name (e.g. using an URL), the client will use the default model name as its title (instead of nothing). The default colors for graphs and calendars can be configured on the client side. The URL, provided on the export CSV dialog, now includes the current context. Web Client The web client now comes with a default Tryton theme (instead of the default Bootstrap theme) based on Bootswatch Paper. The theme can be deactivated or replaced on installation. Party list on web client1918×985 117 KB Party form on web client1918×985 113 KB Party list on web client with small screen375×812 23.2 KB Party form on web client with small screen375×812 23.2 KB If a user opens multiple browser tabs, all connected to the same server, any changes to the preferences are kept per tab and survive a page reload. This allows the user to change companies on one tab, and if they reload the other tab it will stay linked to the original company. The totals shown at the bottom of a list are now always visible even if the list is longer than the screen. List of time-sheet lines with sum stick to the bottom1393×910 145 KB More Tryton now puts the field name in the input name attribute. This helps the browser suggest smarter auto-completion. CSV exports are now always encoded in UTF-8. This is because browsers do not provide a standard way to use a different encoding format. PYSON expressions can now be written using the .get, .in_ and .contains methods as in the desktop client. Tryton now uses a new library for the date time picker which improves where the popup gets positioned. Accounting It is now possible to open any general ledger accounts that require a party. This shows a breakdown of the balances of the account per party. The tax rule lines now have a start and end date which are used as criteria to determine when they are applied. This is useful, for example, for companies that need to start applying VAT for other European countries (because their turnover has reached the appropriate threshold). Each invoice line can now define a specific tax date. This can be used when a credit note is posted that applies to a previous period during which, for example, the tax rate was different. Now the credit note will have the same tax calculation without the need to change the accounting date of the invoice. The reconciliation wizard now keeps you on the same account/party after each reconciliation if there are still more lines to reconcile. We’ve added some fields on payment groups
[tryton-announces] Release 1.2.0 of python-sql
Release 1.2.0 of python-sql We are proud to announce the release of the version 1.2.0 of python-sql. python-sql is a library to write SQL queries in a pythonic way. It is mainly developed for Tryton but it has no external dependencies and is agnostic to any framework or SQL database. In addition to bug-fixes, this release contains the following improvements: Add explicit Windows to Select Fix missing Windows definitions in nested expressions python-sql is available on PyPI: https://pypi.org/project/python-sql/1.2.0/ 1 post - 1 participant Read full topic URL: https://discuss.tryton.org/t/release-1-2-0-of-python-sql/3324
[tryton-announces] Newsletter October 2020
Newsletter October 2020 Yellow Arrow Led Signage1280×719 121 KB We are now on the home straight leading up to the 5.8 release. However, there will be some more changes over the next few weeks. You can already contribute to this new release by helping to translate or testing and reporting issues. Changes for the User The tax rule lines now have a start and end date which are used as criteria to determine when they are applied. This is useful, for example, for companies that need to start applying VAT for other European countries (because their turnover has reached the appropriate threshold). It is now possible to open the general ledger accounts that require a party. This displays the balances of the account per party. Each invoice line can now define a specific tax date. This can be used when a credit note is posted that applies to a previous period during which, for example, the tax rate was different. Now the credit note will have the same tax calculation without the need to change the accounting date of the invoice. We added some French taxes that were missing: Taxes for services purchase outside Europe Base for service sales inside Europe to code 0206 Service sales outside Europe to code 0033 Sometimes you may want to stop using a specific payment journal (e.g. when changing payment provider). So we now allow payment journals to be deactivated. Sending a report by email from the client has been completely reworked. We no longer rely on the local email client but now the emails are sent by the server on behalf of the user. It is also possible to setup predefined templates including: the subject, the body, the recipients and the attached reports. The record names used to generate a report are now added to the report’s file name. The administrators can now share some bookmarks with all the users. New Modules The marketing_email module manages mailing lists. It allows email addresses to be subscribed and unsubscribed from a list. And can be used to send emails to all the subscribed email addresses (with an unsubscribe link included in the email). The stock_assign_manual module adds a wizard to shipments and productions that allows you to decide from precisely which locations you want to pick products. Changes for the Developer You can now compare date and datetime values in PYSON statements. We started to use tempusdominus and Popper.js for the date picker on the web client. This fixes some display issues we’d noticed with the popup. The report engine now supports Genshi’s MsgDirective. This is very useful when using HTML templates because it allows you to include the formatting tags in the translation. The report engine no longer uses the relatorio template loader. Instead we keep the parsed report in memory for faster access (and to avoid writing it to a temporary directory). The default report classes, created on the fly, can now also be extended using registered mixins. The web client always exports the CSV file in UTF-8 (because browser does not support any other encoding). But we’ve added the UTF-8 BOM on Windows to ensure that programs like Excel open them correctly. We added a language attribute to the XML tag. This allows its contents to be skipped if the language is not translatable. Initially this has been used to only load the appropriate minimal charts of accounts. The read API has been extended to include the boolean properties _write and _delete that define whether the record can be modified or deleted by the user based on the access rules. This allows the clients to preventatively deactivate the corresponding actions in the user interface. It is now possible to format currency values with a different number of digits than the currency. This is useful, for example, to show unit prices to 4 decimal places. 1 post - 1 participant Read full topic URL: https://discuss.tryton.org/t/newsletter-october-2020/3192
[tryton-announces] Newsletter September 2020
Newsletter September 2020 Colorful pattern1280×853 113 KB This month we got a major improvement with a new theme for the web client. Contents: Changes for the user Changes for the developer Changes for the User We now set the name attribute of the elements generated by the web client. This allows the browser to provide better auto-suggestions to the user. We now use the original cost price of a product to update the FIFO cost price when it is returned. This gives a more accurate and logical value, especially when there is no stock of the product left. It is now possible to delete or detach a source from a Stripe customer. This is useful if you know that a specific source can no longer be trusted. We added a relate action to the email notifications from any record. So users can easily access, for example, all the notification emails sent for a specific sales order. We added a relate action to the stock moves from a product or variant. This is useful if you want to find the last moves that happened to a product. A dedicated view is now used to show shipment moves. This lets the user focus on the important information only. It is already possible to define a sequence to generate the product variant code. Now we also have a sequence for the product template code. The web client has got a new default theme based on the bootswatch Paper theme. But it is still easy to deactivate it and use your own theme. List of sales on web client1918×985 174 KB Sale form on web client1918×985 133 KB We now automatically fill in the default accounts (like receivable and payable) when creating or updating a chart of accounts if the template only has a single option available. Changes for the Developer We now use the fields.depends to get the carrier context when computing the carrier cost. This makes it simpler to extend this with third-party modules. We fixed a cache ordering issue in ModelStorage which made browsing a large number of records in depth (more than 2k by default) randomly slower than expected. Now the time is roughly constant. The stock assignation method now automatically fills in the grouping value on the assigned move that’s used to compute the quantities. This allows you to easily write modules that set the lot on assignation for example. On busy systems, the queue table can grow quickly. So we’ve added a scheduled task that runs each day which removes completed tasks that are over 1 month old. We now allow a successful or failed payment to be put back to a processing state. This is because, in some cases (like with Stripe payments), you may need to update a payment that has already been successful (e.g. in the case of a refund). The new transition allows you to avoid using the failed state just for the purpose of performing this change. 1 post - 1 participant Read full topic URL: https://discuss.tryton.org/t/newsletter-september-2020/3132
[tryton-announces] Newsletter August 2020
Newsletter August 2020 Pile of White and Black Boxes1280×853 78.3 KB This month we kept refining existing features to improve the user experience, smooth workflows and empower users. Contents: Changes for the user Changes for the developer Changes for the User The subject of the marketing automation and notification emails can now be rendered using the value of the record. This way the subject can be more specific which increases the chances of it being opened. We added a view that can be opened from the product that shows the incoming and outgoing stock moves by warehouse. Each move has cumulative quantity fields which help the user adjust their plans in order to avoid shortages. The German federal ministry of finance announced on June 30 a cut in value-added-tax rates from 19% to 16% for the standard rate and from 7% to 5% for the reduced rate. As the tax cut is temporary, lasting from July 1 until December 31, we introduced new tax definitions into the account_de_skr03 module for the periods before, during and after the cut. All the wizard messages have been reviewed and normalized. Now they use proper icons and all the unnecessary exclamation marks have been removed. The default color for the graphs is now managed by the client instead of the server. So the client can be customized to use a color which fits nicely with the theme. The party module has been updated to use the latest version of python-stdnum and so includes more tax identifiers for countries like Andorra, Guatemala, Japan, Moldova, New Zealand, Peru, Paraguay, Uruguay, Venezuela and South Africa. If you are missing a standard identifier, we’d like to remind you that the best way to get it in Tryton, it is to contribute it to python-stdnum. We keep the last average cost price for FIFO products when the quantity in stock is below zero. We automatically remove any carriage returns from the fields in the FEC export as they are not allowed. Any closed accounts are no longer shown when opening the details of the balance sheet. The clients place copied records at the same position as newly created records. This means that the clients inspect the order applied to the list and deduce the correct place for the new record. The stock move assignation wizards have been reworked and merged into a single wizard. This now provides four options if all the moves cannot be assigned: “Cancel” to restore the the moves to their initial state, “Wait” to leave the moves partially assigned, “Ignore” to set the quantity to 0 for non assigned moves and “Force” to force the assignation of all moves. You no longer need to set analytic accounts on the move that balances the non-deferral account when closing the fiscal year. The reconciliation wizard now keeps you on the same account/party after each reconciliation if there are still more lines to reconcile. Changes for the Developer We require the cost price to be filled in for all outgoing and incoming moves now. It was already filled in automatically by the code but this is now enforced to ensure the developer doesn’t forget it. We also require a unit price for drop shipment and customer return moves. We’ve added model, record and records attributes to the wizards these are filled in using values from the active context. This simplifies and normalizes writing wizards. Tryton also checks that the user has read access to the records before executing the wizard. We have added a test to ensure it is possible to try and assign a move with unsaved values. This behavior is interesting because it allows you to set the value on the move as an assignation parameter while keeping the original values unchanged for the remaining quantities. In order to minimize the data sent to the client, we now send only explicitly declared fields from actions instead of just excluding some. This is because we have found, over time, when a new field is added to the actions, we often forget to exclude it if it is not needed by the clients. A common pattern used in Tryton to create grouped records is to use a list of tuples composed of key-value pairs. In order to use the itertools.groupby we need to sort the list. But sometimes it includes None values and in Python 3 it is not possible to order lists containing None. So we’ve added a tool sortable_values which takes care of this by providing a key function which can be used to order the list of values that may contain None. It is now possible to define a keyword action that applies to any model. This is useful when creating a generic action which uses the active_model value. We added an option to sendmail to raise an exception if it fails. With this it is possible to tie a transaction’s success to the sending of an email. To the tools we’ve added a function to escape wildcards from strings. It is now possible to define default values on routes. This can be used, for example, to set a default database on a simple route. The session reset now uses an autocommit transaction which avoids
[tryton-announces] Security Release for issue9453
Security Release for issue9453 Synopsis A vulnerability in sao has been found by Cédric Krier. With issue 9453, the web client does not escape the HTML tags from user data in translated richtext widgets. This allows cross-site scripting attacks which can result in session hijacking, persistent phishing attacks, and persistent external redirects to a malicious source. Impact CVSS v3.0 Base Score: 4.6 Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: Required Scope: Unchanged Confidentiality: Low Integrity: Low Availability: None Workaround There is no existing workaround. Resolution All affected users should upgrade sao to the latest version. Affected versions per series: 5.6: <= 5.6.4 5.4: <= 5.4.10 5.2: <= 5.2.18 5.0: <=5.0.26 Non affected versions per series: 5.6: >= 5.6.5 5.4: >= 5.4.11 5.2: >= 5.2.19 5.0: >= 5.0.27 Reference issue9453 Concern? Any security concerns should be reported on the bug-tracker at https://bugs.tryton.org/ with the type security . 1 post - 1 participant Read full topic URL: https://discuss.tryton.org/t/security-release-for-issue9453/3005
[tryton-announces] Newsletter July 2020
Newsletter July 2020 Sea Waves Splashing1280×1599 251 KB Development has reached cruising speed. A major improvement has landed which reduces memory usage on the server by between 30% and 40% and increases its speed by around 15%. Contents: Changes for the user Changes for the system administrator Changes for the developer Changes for the User The web client keeps the context on reloads even if the user preferences were changed in another tab. So this means that you can open one tab for each company and if you reload one of them by mistake, it stays logged in to the same company. We have a rule engine that automatically fills in the analytic accounts on accounting move lines. But sometimes the rule engine is not properly configured or new cases get added. So, we’ve added a button on the lines with missing analytic accounts to reapply the rules after they have been fixed. An optional shipping date has been added to the sale order. It allows the shipment to be postponed to on or after this date. An employee criteria has been added to the selection of the commission agent. The employee used is the one who does the quotation for the sale. This, for example, allows rules to be created that provide commission to the employees that generate the sales. The products and variants are now ordered using code and name by default. We’ve added some fields on payment group to show aggregate information like the amount and the amount succeeded etc. Until now a promotion was only applied if the price of all of the lines was reduced. But now it is always applied on every line for which the price is reduced. It is now possible to credit an invoice without keeping the agent. Companies may not want to request reimbursement of commission that has already been given. The stock moves unit price is now automatically updated based on the posted invoices when it is done. This helps keep a more accurate cost price calculation and ensures better reporting. The taxes of the German chart of account have been updated to follow the new rates between the 1st July 2020 and the 31st December 2020. The patch should be applicable on previous series if you need it. Changes for the System Administrator We added the inherited name or type to the view record name. This makes it easier to select the correct view when creating an extension from the administration interface. Changes for the Developer The name of “cancelled” state has been unified across the whole application. The scripts written using Proteus now also support the TRYTOND_DATABASE_URI environment variable the same way as the trytond commands. Records are now stored internally using a custom class instead of a generic dictionary. This has reduced memory usage for records by between 30% and 40%. We have also improved the average access time for field values by around 15% by using a shorter execution path. The hash method used with records has been improved to reduce collisions between unsaved records. This speeds up the calls to ModelStorage.save when used with new records. We now provide a cached_property decorator in the tools. By default it is the new decorator from the Python stdlib with a fallback to the Werkzeug version. Tryton will not write to existing targets when re-adding them on xxx2Many fields. This is an operation that the clients always sent when the field was modified because they didn’t know if the records were existing targets. This change prevents access errors from being raised when the operation is not allowed. The Python evaluation of domain with a None value now always returns None. This implements the same behavior as the SQL evaluation. We’ve added a parameter to the Stripe payment so they can be charged on-session. This is useful when implementing a checkout form using the sale payments. We now support the webhook payment_intent.cancel event. This is useful if you give your customers the option to cancel their payment intents. 1 post - 1 participant Read full topic URL: https://discuss.tryton.org/t/newsletter-july-2020/2837
[tryton-announces] Security Release for issue9394
Security Release for issue9394 Synopsis A vulnerability in sao has been found by Cédric Krier. With issue9394, the web client does not escape the HTML tags from user data. This allows cross-site scripting attacks which can result in session hijacking, persistent phishing attacks, and persistent external redirects to a malicious source. Impact CVSS v3.0 Base Score: 3.5 Attack Vector: Network Attack Complexity: Low Privileges Required: High User Interaction: Required Scope: Unchanged Confidentiality: Low Integrity: Low Availability: None Workaround There is no existing workaround. Resolution All affected users should upgrade sao to the latest version. Affected versions per series: 5.6: <= 5.6.3 5.4: <= 5.4.9 5.2: <= 5.2.17 5.0: <=5.0.25 Non affected versions per series: 5.6: >= 5.6.4 5.4: >= 5.4.10 5.2: >= 5.2.18 5.0: >= 5.0.26 Reference issue9394 Concern? Any security concerns should be reported on the bug-tracker at https://bugs.tryton.org/ with the type security . 1 post - 1 participant Read full topic URL: https://discuss.tryton.org/t/security-release-for-issue9394/2947
[tryton-announces] Security Release for issue9405
Security Release for issue9405 Synopsis A vulnerability in sao has been found by Coopengo and solved by Nicolas Évrard. With issue 9405, the web client does not escape the HTML tags from user data in richtext widgets. This allows cross-site scripting attacks which can result in session hijacking, persistent phishing attacks, and persistent external redirects to a malicious source. Impact CVSS v3.0 Base Score: 4.6 Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: Required Scope: Unchanged Confidentiality: Low Integrity: Low Availability: None Workaround There is no existing workaround. Resolution All affected users should upgrade sao to the latest version. Affected versions per series: 5.6: <= 5.6.3 5.4: <= 5.4.9 5.2: <= 5.2.17 5.0: <=5.0.25 Non affected versions per series: 5.6: >= 5.6.4 5.4: >= 5.4.10 5.2: >= 5.2.18 5.0: >= 5.0.26 Reference issue9405 Concern? Any security concerns should be reported on the bug-tracker at https://bugs.tryton.org/ with the type security . 1 post - 1 participant Read full topic URL: https://discuss.tryton.org/t/security-release-for-issue9405/2948
