We have officially released version 7.7.1.0 for all commercial editions. The 7.7.1.0 release is available to download for On-Site customers and is being automatically applied to On-Demand instances running an earlier version of Sugar releases.
This release addresses bugs identified in prior releases and includes fixes for recently detected security vulnerabilities that have since been carefully investigated and addressed.
Security Advisories
As always, we take data security and the protection of your private information very seriously at SugarCRM. We strive to address security vulnerabilities that come to our attention and inform our customers of those vulnerabilities so they can take steps to safeguard their Sugar instances.
For more information regarding the specific advisories, please refer to the following Security Advisory announcements:
- Security Advisory sugarcrm-sa-2016-003 : Authenticated users may cause arbitrary SQL to be executed.
- Security Advisory sugarcrm-sa-2016-004 : Authenticated users may obtain user-sensitive data.
- Security Advisory sugarcrm-sa-2016-005 : Authenticated users may cause arbitrary code to be executed.
- Security Advisory sugarcrm-sa-2016-006 : Authenticated users may cause arbitrary code to be executed.
- Security Advisory sugarcrm-sa-2016-008 : Unauthenticated users may cause arbitrary code to be executed.
Following our investigations, we have no reason to believe that the vulnerabilities were exploited. However, we encourage you to take the following actions to remediate the vulnerabilities in your Sugar instances:
On-Demand Customers
If you are hosted in Sugar On-Demand, no action is required.
Starting tonight, Thursday, July 21, 2016, we will begin executing upgrades for all affected customers. If you would like to know when we have scheduled your instance upgrade or request that we expedite the upgrade, please open a case.
On-Site Customers
If you host your instance On-Site (in any environment outside of our Sugar On-Demand environment), please visit our Download Manager to download 7.7.1.0 at the earliest opportunity, which address these vulnerabilities. Our Installation and Upgrade Guide contains the appropriate guidance to apply this patch to your instance. Failure to take these actions could leave you exposed to malicious attacks.
Customers hosting Sugar on their own servers can review the following installation and upgrade instructions:
- Ultimate 7.7 Installation and Upgrade Guide
- Enterprise 7.7 Installation and Upgrade Guide
- Corporate 7.7 Installation and Upgrade Guide
- Professional 7.7 Installation and Upgrade Guide
For information about what is new in 7.7, please review Version 7.7 Released! in the community.
If upgrading now is not an option, and you are running a commercial version of Sugar, please open a case with our support team to request a hotfix for the security vulnerabilities. We will then supply a module loadable package that can be applied to your current version and edition of Sugar. Support tickets can be opened via our portal or by emailing support@sugarcrm.com. If you are not familiar with the support process, please review our knowledge base article on Working With Sugar Support.
7.7.1.0 Updates
Sugar 7.7.1.0 addresses bugs identified in prior releases which are detailed in the 7.7.1.0 Release Notes.
Sugar 7.7.1.0 is compatible and supported for new installations and upgrades for customers running a MySQL, DB2, Oracle, or MSSQL stack. Please visit the Supported Platforms page for a complete list of supported configurations. Changes to supported platforms include:
- Added support for PHP 5.6 New
- Updated versions of Firefox, Safari, and Chrome Updated
7.7.1.0 Release Notes
The release notes for 7.7.1.0 can be found at the following links:
- Ultimate 7.7.1.0 Release Notes
- Enterprise 7.7.1.0 Release Notes
- Corporate 7.7.1.0 Release Notes
- Professional 7.7.1.0 Release Notes
7.7.1.0 Development Changes
Developers should review the Development Changes sections of the 7.7.1.0 Release Notes to learn more about changes that could affect integrations and custom development:
- Ultimate 7.7.1.0 Release Notes - Development Changes
- Enterprise 7.7.1.0 Release Notes - Development Changes
- Corporate 7.7.1.0 Release Notes - Development Changes
- Professional 7.7.1.0 Release Notes - Development Changes
If you want to ensure you are up-to-date on all our latest releases, please click the ‘Follow’ button under the Explore space in the community.