Skip navigation
All Places > Releases > Blog > 2016 > July
2016
Alex Nassi

Version 7.7.1.0 Released!

Posted by Alex Nassi Employee Jul 21, 2016

We have officially released version 7.7.1.0 for all commercial editions. The 7.7.1.0 release is available to download for On-Site customers and is being automatically applied to On-Demand instances running an earlier version of Sugar releases.

 

This release addresses bugs identified in prior releases and includes fixes for recently detected security vulnerabilities that have since been carefully investigated and addressed.

 

Security Advisories

As always, we take data security and the protection of your private information very seriously at SugarCRM. We strive to address security vulnerabilities that come to our attention and inform our customers of those vulnerabilities so they can take steps to safeguard their Sugar instances.

 

For more information regarding the specific advisories, please refer to the following Security Advisory announcements:

 

Following our investigations, we have no reason to believe that the vulnerabilities were exploited. However, we encourage you to take the following actions to remediate the vulnerabilities in your Sugar instances:

 

On-Demand Customers

If you are hosted in Sugar On-Demand, no action is required.

 

Starting tonight, Thursday, July 21, 2016, we will begin executing upgrades for all affected customers. If you would like to know when we have scheduled your instance upgrade or request that we expedite the upgrade, please open a case.

 

On-Site Customers

If you host your instance On-Site (in any environment outside of our Sugar On-Demand environment), please visit our Download Manager to download 7.7.1.0 at the earliest opportunity, which address these vulnerabilities. Our Installation and Upgrade Guide contains the appropriate guidance to apply this patch to your instance. Failure to take these actions could leave you exposed to malicious attacks.

 

Customers hosting Sugar on their own servers can review the following installation and upgrade instructions:

 

For information about what is new in 7.7, please review Version 7.7 Released! in the community.

 

If upgrading now is not an option, and you are running a commercial version of Sugar, please open a case with our support team to request a hotfix for the security vulnerabilities. We will then supply a module loadable package that can be applied to your current version and edition of Sugar. Support tickets can be opened via our portal or by emailing support@sugarcrm.com. If you are not familiar with the support process, please review our knowledge base article on Working With Sugar Support.

 

7.7.1.0 Updates

Sugar 7.7.1.0 addresses bugs identified in prior releases which are detailed in the 7.7.1.0 Release Notes.

 

Sugar 7.7.1.0 is compatible and supported for new installations and upgrades for customers running a MySQL, DB2, Oracle, or MSSQL stack. Please visit the Supported Platforms page for a complete list of supported configurations. Changes to supported platforms include:

  • Added support for PHP 5.6 New
  • Updated versions of Firefox, Safari, and Chrome  Updated

 

7.7.1.0 Release Notes

The release notes for 7.7.1.0 can be found at the following links:

 

7.7.1.0 Development Changes

Developers should review the Development Changes sections of the 7.7.1.0 Release Notes to learn more about changes that could affect integrations and custom development:

 

If you want to ensure you are up-to-date on all our latest releases, please click the ‘Follow’ button under the Releases space in the community.

We have officially released versions 6.5.24 for all editions and 6.7.13, 7.5.2.5, 7.6.2.2 for all commercial editions. The reason for these patches is SugarCRM recently detected security vulnerabilities that have since been carefully investigated and addressed. As always, we take data security and the protection of your private information very seriously at SugarCRM. We have taken action to minimize potential risks.

 

For more information regarding the specific advisories, please refer to the following Security Advisory announcements:

 

Following our investigations, we have no reason to believe that the vulnerabilities were exploited. However, we recommend that you take the immediate steps below to ensure that your data stays protected:

 

On-Demand Customers

If you are hosted in Sugar On-Demand, no action is required.

 

Starting tonight, Thursday, July 21, 2016, we will begin executing upgrades for all affected customers. If you would like to know when we have scheduled your instance upgrade or request that we expedite the upgrade, please open a case.

 

Sugar instances will be upgraded based off the version you are currently running:

Current VersionUpgraded VersionAvailability to upgrade to Major Version
7.6.x7.6.2.2No
7.5.x7.5.2.5

No

6.7.x6.7.13Yes (7.6.2.2)
6.5.x6.5.24No

 

For the releases above with no ability to upgrade to another major version, we plan to release a version (tentatively 7.7.1.1) within the next 30 days that will support upgrades from the 6.5, 7.5, and 7.6 releases. If you are planning a major version upgrade for one of these versions before this roll-out, we recommend you open a case today to schedule the major version upgrade with our support team so that we can apply the security patch after that upgrade completes.

 

On-Site Customers

If you host your instance On-Site (in any environment outside of our Sugar On-Demand environment), please carefully review the following instructions and take the actions outlined below at the earliest opportunity. The actions you need to take depend on the version of Sugar you currently run. Failure to take these actions could leave you exposed to malicious attacks:

 

Version 7.6.x

Please visit our Download Manager to download the latest patch for your release, 7.6.2.2, which address these vulnerabilities. Our Installation and Upgrade Guide contains the appropriate guidance to apply these patches to your instance.

 

Version 7.5.x

Please visit our Download Manager to download the latest patch for your release, 7.6.2.2, which address these vulnerabilities. Our Installation and Upgrade Guide contains the appropriate guidance to apply these patches to your instance.

 

Version 6.5.x

Please visit our Download Manager to download the latest patch for your release, 6.5.24, which addresses these vulnerabilities. Community Edition patches are available through SourceForge. Our Installation and Upgrade Guide contains the appropriate guidance to apply this patch to your instance.

 

As with the Sugar On-Demand upgrade matrix, customers running 6.5.24, 7.5.2.5, or 7.6.2.2 will not have the ability to upgrade to another major release until our planned release (tentatively 7.7.1.1). If you are planning a major version upgrade before this release, our recommendation is to execute the major version upgrade as soon as possible and apply the applicable security patch for that release after that upgrade completes.

 

If upgrading now is not an option, and you are running a commercial version of Sugar, please open a case with our support team to request a hotfix for the security vulnerabilities. We will then supply a module loadable package that can be applied to your current version and edition of Sugar. Please note that we will only supply hotfixes for supported versions. Support tickets can be opened via our portal or by emailing support@sugarcrm.com. If you are not familiar with the support process, please review our knowledge base article on Working With Sugar Support.

 

Release Notes

The release notes for 6.5.24 can be found at the following links:

 

The release notes for 6.7.13 can be found at the following links:

 

The release notes for 7.5.2.5 can be found at the following links:

 

The release notes for 7.6.2.2 can be found at the following links:

 

If you want to ensure you are up-to-date on all our latest releases, please click the ‘Follow’ button under the Releases space in the community.