Released on November 15th, 2018
This document describes the changes and functionality available in Sugar® Enterprise 8.0.2. Sugar 8.0.2 is only available for customers on the annual upgrade path. For customers upgrading from 184.108.40.206, please refer to the Sugar 8.0.0 Release Notes for additional features, fixed issues, and developer changes occurring between versions 220.127.116.11 and 8.0.2.
Administrator and End User
We strongly recommend that you install this update at the earliest opportunity. While we have not experienced any reported incidents relating to these vulnerabilities to date, failure to install this update could leave you exposed to malicious third-party attacks. For more information regarding this, please refer to the following Security Advisory announcements:
- Security Advisory sugarcrm-sa-2018-006 : Authenticated users may cause arbitrary code to be executed.
- Security Advisory sugarcrm-sa-2018-007 : Authenticated administrative users may cause arbitrary code to be executed.
- Security Advisory sugarcrm-sa-2018-008 : Authenticated administrative users may cause arbitrary code to be executed.
- Security Advisory sugarcrm-sa-2018-009 : Authenticated administrative users may cause arbitrary code to be executed.
- Security Advisory sugarcrm-sa-2018-010 : Authenticated users may cause arbitrary code to be executed.
- Security Advisory sugarcrm-sa-2018-013 : Authenticated users may cause arbitrary code to be executed.
- Security Advisory sugarcrm-sa-2018-014 : Authenticated administrative users may cause arbitrary code to be executed.
These vulnerabilities have been addressed in release 8.0.2 which is available for download from the Download Manager.
Administrators are strongly encouraged to upgrade their Sugar instances running 8.0.1 and prior to version 8.0.2 to prevent potential exploitation of these weaknesses.
The following issues are resolved in this release. Support portal users can use the following links for more details about each issue:
- 81327 : PHP warning messages regarding Redis connection failures are errantly being written to the apache error logs.
- 81301 : Upgrades may be non-performant or fail when the instance includes a large number of emails and attachments.
- 81244 : Unexpected errors may occur in the system after upgrading from 7.9.x to 8.0.0 if Sugar is running on a Windows server and already has the email settings configured.
- 81146 : The Run Email Reminder Notifications scheduler job may fail to send out email reminders for meetings and calls.
- 80879 : When in-line editing from a list view, calculated date fields based on related date fields may prevent the record from being saved.
- 80864 : The link to a lead's related opportunity is blank on the lead-conversion confirmation screen. As a workaround, open the preview panel for the opportunity's row to access a link to the opportunity.
- 79994 : Custom field values belonging to deleted records are not removed from the database as expected by the Prune Database on 1st of Month scheduler job.
- 73696 : Users attempting to navigate elsewhere after exporting from Legacy modules are instead redirected to the Home page.
The following are known issues in this release. Support portal users can use the following links for more details about each issue:
- 80834 : Line charts may not render correctly when viewing report records in the Chrome browser.
- 80829 : Date and datetime fields do not respect the user's preferred format when included on PDFs.
- 80785 : Global search results may not display as expected on Microsoft Edge and Internet Explorer browsers. As a workaround, use Chrome or Firefox to access Sugar when possible.
- 80730 : Reports without charts are improperly available to select in the Saved Reports Chart dashlet.
- 80681 : Making changes to a report's relationship-based filters may result in an error when running the report. As a workaround, re-create the report with the desired filter without making any changes to it.
- 80605 : Integrations and customizations using the REST v4.1 API may no longer work as expected for instances running on PHP 7.1.
- 80583 : Attempting to erase fields (e.g. Description) marked as "Personal Information" from the Opportunities module do not work as expected and result in a 500 error.
- 80430 : Sugar cloud sessions may time out with a 500 error due to a database issue.
- 80376 : Uninstalling custom modules from Sugar may not delete the associated workflows as expected. As a workaround, remove the affected workflow via the database.
- 80250 : Receive Message events configured for a record related to the process definition's target module may not behave as expected.
- 80091 : Creating a dashboard may not work as expected and result in an error for users without private teams. Navigating to Admin > Repair and running "Repair Teams" will help resolve the issue.
- 80083, 79251 : In certain circumstances, performing a list view search may not return correct results as expected.
- 80002 : Generating PDFs using previously existing PDF templates may not display data as expected after upgrading to Sugar versions 7.9 or higher.
- 80001 : Email messages sent via Advanced Workflow may display HTML formatting when records are created using SOAP/REST v4.1. It is recommended to use the latest version of the API.
- 79947 : Calculated fields may not populate when the record has multiple calculated fields using the related() function to the same module (e.g. related ($accounts, field1) and related($accounts, field2)).
- 79925 : Email messages that have been archived to Sugar and contain embedded or inline images show empty containers instead of images in the email's record view and preview.
- 79919 : Having multiple Advanced Workflow wait events in flight for a single record may cause subpanels to display duplicate entries for that record.
- 79777 : The billing address and shipping address for quotes created via the "Quotes (Bill To)" or "Quotes (Ship To)" subpanel may appear incorrectly if the related record's (e.g. Accounts) billing and shipping address is different.
- 79767 : Advanced Workflow processes do not send email messages to contact recipients as expected. As a workaround, manually type the contact's email address in the Send Message event's recipient field and press "Enter".
- 79763 : The Account Name field does not get populated as expected for quoted line items related to a quote.
- 79752 : When using Internet Explorer 11 with Advanced Workflows, columns cannot be deleted from process business rules in the Rules Builder. As a workaround, please use another supported browser.
- 79715 : The Follow button does not appear in the Contracts record view as expected.
- 79712 : The "Sign" and "Get latest" links do not appear as expected in the Documents subpanel of the Contracts module.
- 79704 : When logged into Sugar with certain languages (e.g. Russian), the list view's Record Actions menu may not appear as expected for some modules (e.g. Dashboards).
- 79698 : When merging records, fields that are required under certain conditions are required even if the conditions have not been met.
- 79686 : The List Order field in the Contract Types, Manufacturers, Tax Rates, and Shipping Providers modules does not control the order in which the options are listed in the corresponding fields (Type Name, Manufacturer Name, Shipping Provider, Tax Rate) for the Contracts, Quotes, and Product Catalog modules.
- 79643 : Inbound emails containing emojis may not get imported into Sugar as expected.
- 79640 : The Home (Sugar cube) icon shifts position in the navigation bar when "Allow users to select modules to appear in the navigation bar" is enabled.
- 79510 : Email addresses are not shown on the import summary screen even though they were properly imported.
- 79492 : Setting the log level to "Error" may result in multiple relationship errors being written to the log file.
- 79469 : When a web-to-lead form is created without including a redirect URL, the visitor may improperly get directed to an error page upon submitting the form.
- 79458 : Subpanels for related legacy modules may not display for the Qutoes record view as expected.
- 79344 : The quoted line item total may not respect the user's preferred currency as expected.
- 79318 : When a user has team-based permissions enabled for their default team (i.e. "Additional Permissions Enabled"), the setting may not be respected when creating a new record.
- 79186 : When searching for records that contain an apostrophe (e.g. Johnny's) in the name via SugarCRM Mobile or the desktop version of Sugar, the search result may improperly display the tag (e.g. Johnny's) in the record's name.
- 79173 : When attempting to navigate away from the module or save the record, the Unsaved changes warning message may unexpectedly appear for modules containing custom dependent fields.
- 79166 : Session locking may cause performance issues in Sugar.
- 79131 : When the "Listview items per page" setting in Admin > System Settings contains a large value (e.g. 50 or greater), it may cause an issue with rendering the "Download PDF" and "Email PDF" options in the record view's actions menu. Changing the "Listview items per page" setting to "20" may help resolve the issue.
- 79108 : When editing a record via the list view preview on the intelligence pane, the Resolve Conflict drawer may appear unexpectedly upon save.
- 79009 : When the targeted module contains a broken field, configuring an Action element in a process definition causes the Process Design canvas to time out.
- 78976 : The Process Management list view for Advanced Workflow may time out if the number of total processes exceeds one million records. To help prevent this issue, periodically prune the database table to remove closed, canceled, and/or terminated processes.
- 78890 : Updating composer in instances with custom modules deployed from module builder may cause unexpected errors.
- 78885 : An Advanced Workflow process may be prematurely considered complete when part of the process remains unexecuted in job queue.
- 78850 : The Saved Reports Chart dashlet may not render the chart as expected for certain reports when the Bar chart value placement field is set to an option other than "None" or "Total". Selecting "None" or "Total" for the Bar chart value placement field will render the charts properly in the dashlet.
- 78736 : Out-of-the-box dashboards may incorrectly be recreated after deleting it from the home page or intelligence pane.
- 78719 : Users may encounter an unexpected behavior when accessing Sugar if the Date Modified field in the user account contains the same value as another user.
- 78709 : Users assigned a role with Delete, Edit, or Export permission set to "Owner" may improperly be restricted from downloading and emailing PDFs.
- 78668 : In certain circumstances, the tooltip (e.g. Create) may continue to persist improperly while navigating through Sugar. Reloading the web browser will clear the tooltip from the screen.
- 78667 : Attempting to scroll in Sidecar modules (e.g. Meetings) may not work as expected when logged into Sugar on iPad.
- 78600 : Special characters are improperly allowed to be entered in dropdown lists' item names.
- 78582 : Process definitions do not enforce the requirement that multiple paths must converge before an End event.
- 78580 : Saving a record without completing the Salutation field which is marked as required in Admin > Studio may result in unexpected behavior.
- 78570, 78509, 78507, 76151 : When accessing Sugar using Internet Explorer or Firefox, attempting to clear a saved filter from the list view or subpanel search may not work as expected. As a workaround, select the All "Module Name" option from the Filter options list to clear the applied filter.
- 78527 : Inline editing a TextArea field via the subpanel may not work as expected. Reloading the web browser will resolve the issue and allow the user to inline edit the field properly.
- 78487 : When renaming modules via Admin > Rename Modules, only the most recent changes will remain and any previous updates to module names will be incorrectly removed after save.
- 78471 : Setting the default date format in the user's profile to "mm/dd/yyyy" may cause the time periods on the Forecasts Settings page to incorrectly display "Invalid date".
- 78334 : Performing certain actions in records containing calculated fields with rollup functions (e.g. rollupSum) and a large number of related records may cause performance issues in Sugar.
- 78315 : The same Process ID may be used for multiple processes if a process definition's Start condition is triggered by simultaneous events.
- 78229 : Downloading the import file template may take longer than expected for module's containing a large number of records.
- 78128 : For dropdown list values, a value's Display Label will improperly revert to a blank value if its Item Name is 0 (zero).
- 78065 : Moving a stock field between the columns (e.g. Hidden, Available) for the List View and Subpanel layouts in Studio may result in unexpected behavior.
- 77820 : The Visibility Editor window may not load as expected and display an error if there is a large number of dropdown dependencies defined in the visibility editor.
- 77780 : Instances using MS SQL may see unexpected behavior due to a lack of ORDER BY clause in the list view query.
- 77738 : Attempting to merge two records (e.g. accounts) may fail with an error if the record that is being merged to the primary record contains a large number of related records (e.g. contacts).
- 77719 : If a process definition contains a Wait event that is relative to a date field, the process does not adjust for changes that may occur to the date field after the Wait event's initiation.
- 77609 : Generating reports with empty relate fields may not include the associated record in the report result as expected if the related record has been deleted.
- 77601 : Advanced Workflow cannot add related records when the target module is on the "one" side of a one-to-many relationship.
- 77302 : Upgrades may fail due to queries posted by the upgrade exceeding the max_allowed_packet database setting.
- 77287 : Performing certain actions (e.g. import, mass update) in Sugar may result in performance issues if there are numerous calculated fields to be updated in related records. As a workaround, add the following line to the config_override.php file to disable the related calculation field updates: $sugar_config['disable_related_calc_fields']=true;. But keep in mind that the affected calculated values will not be updated and running Recalculate Values on related records.
- 77249 : Guests may not get imported to call or meeting records as expected.
- 77087 : When a record is assigned to the user's default private team, changing the Teams field from the private team to another team (e.g. Global) may incorrectly display the team name with the user's last name appended to the end (e.g. Global Smith).
- 77055 : Attempting to mass update the user's outbound email client via Admin > User Management may not work as expected.
- 76401 : The data in the report chart may be inconsistent between the report chart dashlet and the Reports module.
- 76014 : Mass-updating a large number of records that trigger the start event on one or more process definitions will result in a PHP timeout error. Additionally, any processes created before PHP timed out may be corrupt.
- 76000, 75999 : Setting the Collation option to "utf8mb4_general_ci" via Admin > Locale may cause unexpected errors.
- 75254 : Printing reports (e.g. Summation With Details report) to PDF may not work as expected when logged into Sugar via a mobile browser.
- 74919 : Performing certain actions (e.g. Quick Repair and Rebuild) in Sugar that rebuild the cache files may cause unexpected issues in the system if there are multiple users logged in and utilizing Sugar. As a workaround, perform such actions during off-hours where users are not utilizing the system.
- 74628 : Certain workflows using a Relate-type field in the condition may fail to load as expected and result in errors after upgrading to 7.6.x.x. As a workaround, run the following query in the instance's expressions table:
UPDATE expressions SET exp_type="id" WHERE exp_type="relate" AND lhs_field="assigned_user_id"
- 74539 : Custom fields may not display as expected when previewing call and meeting records via the intelligence pane.
- 74416 : Creating a Summation-type report that is grouped and sorted by a certain field (e.g. Month: Expected Close Date, Quarter: Expected Close Date) in a related module (e.g. Opportunities) may cause the run-time filter to not work as expected.
- 74382 : The Case Summary dashlet may not work as expected and cause an internal server error if the account record has a large number of related cases.
- 74350 : An unexpected error may occur when saving a record if there is an issue with the user's default team in the database. As a workaround, run the following query in the instance's team sets table. The affected users will then need to edit their profile to configure their default teams again.
UPDATE team_sets SET deleted=1 WHERE id NOT IN ("select team_set_id from team_sets_teams where deleted=0") AND deleted=0
- 74097 : Changing the instance's opportunity model from "Opportunities and Revenue Line Items" to "Opportunities" may cause data to not display correctly when viewing the campaign's ROI.
- 73912 : Certain reports may not generate as expected if the last group-by field is a date (e.g. Opportunities > Month: Expected Close Date) and the chart type is set (e.g. Horizontal Bar). As a workaround, do not use the date field as the last grouping in the Define Group By step or change the chart type to "None".
- 73689 : When users adjust the list view or subpanel column widths, the user's preferred column size may not be preserved if the browser window is resized.
- 73566 : Calculated or dependent fields containing a related() function may not get calculated until after save for activity-type modules (e.g. Notes).
- 73468 : Time-elapse workflow may not trigger as expected when a date field (e.g. Expected Close Date) in the condition is set to a date in the future.
- 72810 : Filtering the list view search using custom checkbox fields may not work as expected.
- 72625, 71848 : When a large number (e.g. 60) of PDF templates are available in a module, users may not be able to scroll through the full list of templates via the "Download PDF" or "Email PDF" options in the record view. As a workaround, changing the screen resolution or reducing the number of templates may help resolve the issue.
- 72581 : Attempting to merge records in modules containing required dependent fields may not work as expected.
- 71950 : Adding TinyMCE to a TextArea-type field (e.g. Description) may cause the field to not display properly in record view when accessing Sugar via certain browsers (e.g. Firefox).
- 71733 : Printing archived emails via the browser's print option may not display correctly.
- 70940 : Attempting to disable the SAML authentication via Admin > Password Management may not work as expected if the authenticationClass property in config.php has been set to SAMLAuthenticate.
- 70024 : Scheduled reports may have incorrect or missing charts in the emailed PDF. Select "Print as PDF" from the report's Actions menu to see the updated chart.
- 69985 : If a custom module has a relationship with an individual Activity-type module (e.g. Tasks), this related module may not be available to select when creating a workflow action to create a record in a module (Tasks) associated with the target module (e.g. custom module). As a workaround, create a one-to-many relationship between the custom module and the Activities module, and the appropriate Activity-type module (e.g. Tasks) will be available to select when creating the workflow action
- 69957 : Large number of activity stream records may cause performance issues.
- 68975 : Changing the order of subpanels via Admin > Display Modules and Subpanels does not preserve the order upon save.
- 68461 : Searching by non-primary email addresses in the module's list view (e.g. Accounts) does not pull up results as expected.
- 68112 : Matrix-type reports display incorrectly when exported to PDF.
- 67886 : During lead conversion, the newly created opportunity record does not get associated to the Revenue Line Item, causing the lead conversion to not complete successfully. As a workaround, create the opportunity record during lead conversion then manually associate the opportunity to the Revenue Line Item.
The following changes in this release may affect developers:
- Filter API performance has been significantly improved in this release by optimizing how the API queries the database. Instead of running a single complex SQL query, Filter API requests are now implemented using two simpler SQL queries. This change should significantly improve list view performance for modules with many records and complex team security rules.