Sugar 220.127.116.11 is a security update released to address certain security vulnerabilities identified during our routine QA checks.
We strongly recommend that you install this update at the earliest opportunity. While we have not experienced any reported incidents relating to these vulnerabilities to date, failure to install this update could leave you exposed to the following types of malicious third party attacks:
- Authenticated admin users may cause arbitrary code to be executed.
- Authenticated admin users may initiate a cross-site scripting attack.
These vulnerabilities have been addressed in release 18.104.22.168 which is available for download from the Download Manager.
Administrators are strongly encouraged to upgrade their Sugar instances running 22.214.171.124 or earlier to 126.96.36.199 to prevent potential exploitation of these weaknesses.
The following are known issues in version 188.8.131.52:
- 65229 : The Forecast field of revenue line item records is not automatically updated based on the ranges specified in Admin > Forecast.
- 65340 : Recurring meetings and calls cause duplicate activity stream posts and duplicate emails.
- 65647 : Users will not see updates to their avatar images without first logging out and back in to Sugar.
- 65649 : Records incorrectly display the Download PDF and Email PDF options when no PDF templates are defined for the module.
- 65674 : Selecting an item from the Recently Viewed list under the module tab does not correctly update the list to include the selected record.
- 65869 : The Find Duplicates action from record view does not allow administrators to specify which fields should be used in duplicate detection nor does it allow regular users to select relevant fields. Default values from the current record are also not automatically available for the process.
- 66209 : Help text is not being displayed.
- 66520 : Notes may not be edited directly from the Contracts module’s Notes subpanel.
- 66521 : Likely, Best, and Worst amounts have a value of zero rather than being automatically calculated when a revenue line item is created through a workflow.
- 66571 : Accessing Sugar using the Chrome browser from an iOS device may cause performance issues. The Safari browser is recommended for use with iOS devices.
- 66573 : More than one user attempting to merge records simultaneously results in errors.
- 66580 : List view loads may experience performance issues as quantity of records loaded increases.
- 66826 : Numerical fields such as Bug Number may not be used with type ahead functionality to generate a list of potential matches when relating records.
- 67294 : Resetting the forecast time period does not set the current time period correctly and causes various issues in the application.
- 67445 : Multiple panels cannot be added as expected to the Record View layout in Studio.
- 67967 : The amounts in report charts (e.g. Pipeline By Team By User) do not display correctly if the “1000s separator” and “Decimal Symbol” preferences are changed.
- 68095 : Text provided for Campaign Tracker URLs is unexpectedly shortened after the first 30 characters.
- 68245 : Calendar dashlet may be missing from Legacy dashboard after upgrading to 7.2.0.
- 68407 : The selected tab (e.g. Show More) when viewing a module record (e.g. Contacts) remains sticky when creating new records in the module.
- 68426 : New panels added to the Record View layout in Studio does not display the panel options (Display Type, Collapse?) until the layout is saved in Studio.
- 68440 : Quick creating (e.g. Leads, Contacts, etc.) via the Emails dashlet on the Legacy dashboard opens up the legacy create view instead of the sidecar record view.
- 68448 : Changing the language on the login screen to Chinese, Japanese, etc. on Internet Explorer 10 causes login issues as the browser hangs.
- 68461 : Searching by non-primary email addresses in the module’s list view (e.g. Accounts) does not pull up results as expected.
- 68462 : Fields in the Other tab will appear in a different panel/tab (e.g. Business Card, Show More) after upgrading to 7.2.0.
- 68464 : Changes made to record view layouts via studio are not reflected when quick creating records until after the full creation view is used.
- 68975 : Changing the order of subpanels via Admin > Display Modules and Subpanels does not preserve the order upon save.
- 68979 : Changing the currency of a quote multiple times may introduce rounding errors to the line item price fields.
- 69388 : Leads created from an account record’s Leads subpanel are not automatically related to the account.
- 69390 : When a custom module has a 1-to-many relationship to “Activities”, the Notes and Tasks modules do not properly display labels for the relate fields to the custom module when editing a note or task record.
- 69391 : Changes made to module names via Admin > Rename Modules are not reflected on list views columns for modules which relate to the affected module. The column names may be corrected individually by modifying each listview’s column labels via Studio.
- 69899 : PHP’s upload_max_filesize and Sugar’s upload_maxsize configuration settings are not respected when uploading files exceeding these limits, though the uploaded files are still not able to be retrieved.
- 69998 : When accessing Sugar using the Chrome browser, an incomplete error or warning message is displayed when a new record is validated.
- 69877 : Working in sugar’s Legacy modules (e.g. Calls, Meetings, etc.) may cause performance issues which can be resolved by reloading the browser window.
- 69508 : Relating a new record via the Legacy module subpanel (e.g. Calls) in a module’s record view (e.g. Leads) causes the Next and Previous buttons to no longer appear in the record view. Navigating back to the list view and selecting a record will correct the issue by restoring the buttons again in the record view.
- 69792 : Records are not assigned to the correct Sugar users when import files are mapped using the Assigned User Name field. Mapping records using the Assigned User ID field corrects the issue.
- 70067 : The Organization Chart dashlet added to a new dashboard on the Home page appears blank when adding a new dashlet. Reloading the browser after saving the dashboard will correct the issue by displaying the Organization Chart dashlet again.
- 70097 : When accessing Sugar using Internet Explorer, the report chart does not display as expected when printed as PDF.
- 70106 : Enabling the SkypeOut integration does not allow calls to be made via Skype.
- 70124 : Studio’s formula builder displays several undesired functions (getListWhere, isForecastClosed, isForecastClosedWon, and isForecastClosedLost).