Sugar 6.7.7 is a security update released to address certain security vulnerabilities identified during our routine QA checks.
We strongly recommend that you install this update at the earliest opportunity. While we have not experienced any reported incidents relating to these vulnerabilities to date, failure to install this update could leave you exposed to the following types of malicious third party attacks:
- Authenticated admin users may cause arbitrary code to be executed.
- Authenticated admin users may initiate a cross-site scripting attack.
These vulnerabilities have been addressed in release 6.7.7.
Administrators are strongly encouraged to upgrade their Sugar instances running 6.7.6 or earlier to 6.7.7 to prevent potential exploitation of these weaknesses.
- 59109 : Sales managers’ “No Opportunities” checkbox available in User Profile > Advanced is not respected in the Forecasts module.
- 59213 : Renaming the Forecasts module in Admin > Rename Modules does not affect all instances of the word “Forecast”.
- 61232 : After an opportunity is first loaded to the Forecasts module, any updates to the opportunity’s probability will not affect its forecasting range. The opportunity will retain the original range designation throughout the sales cycle according to its original probability.
- 67579 : The IBM Smartcloud Connector does not allow users to access their Smart Cloud accounts.