184.108.40.206 has been officially released for all commercial editions. The 220.127.116.11 release includes all defects and security vulnerabilities addressed in our 18.104.22.168 release which we did not release to the public. As always, we take data security and the protection of your private information very seriously at SugarCRM. We have taken action to minimize potential risks.
Following our investigations, we have no reason to believe that the vulnerabilities were exploited. However, we recommend that you take the immediate steps below to ensure that your data stays protected:
If you are an On-Demand customer, you do not need to take any action as we have already applied patches to address the identified vulnerabilities. All customers hosted in the On-Demand environment that may have been susceptible to these issues have been patched or upgraded and are therefore protected against these issues.
If you host your instance On-Site, you should carefully review the following instructions and take the actions outlined below at the earliest opportunity. Failure to take these actions could leave you exposed to malicious attacks:
Please visit our Download Manager to download the latest patch for your release, 22.214.171.124, which addresses this vulnerability. Our Installation and Upgrade Guide contains the appropriate guidance to apply this patch to your instance.
Version 7.5.x and lower
Please refer to our release announcement, Versions 6.5.23, 6.7.12, and 126.96.36.199 have been released!, for further instruction on how to safeguard your instance from these vulnerabilities.
The release notes for 188.8.131.52 can be found at the following links:
The release notes for 184.108.40.206 can be found at the following links:
If you want to ensure you are up-to-date on all our latest releases, please click the ‘Follow’ button under the Releases space in the community.