Alex Nassi

Versions 6.5.20, 6.7.9, and 7.2.2.3 have been released!

Discussion created by Alex Nassi Employee on Dec 16, 2014
We have officially released versions 6.5.20 for all editions and 6.7.9 and 7.2.2.3 for all commercial editions. The reason for these patches is SugarCRM recently detected security vulnerabilities that have since been carefully investigated and addressed. As always, we take data security and the protection of your private information very seriously at SugarCRM. We have taken action to minimize potential risks. 

Following our investigations, we have no reason to believe that the vulnerabilities were exploited. However, we recommend that you take the immediate steps below to ensure that your data stays protected:

On-Demand Customers
If you are an On-Demand customer, you do not need to take any action as we have already applied patches to address the issues identified vulnerabilities. All customers hosted in the On-Demand environment that may have been susceptible to these issues have been patched or upgraded and are therefore protected against these issues.

On-Site Customers
If you host your instance On-Site, you must carefully review the following instructions and take the actions outlined below at the earliest opportunity. Failure to take these actions could leave you exposed to malicious attacks:

Version 7.2.x
Please visit our Download Manager to download the latest patch for your release, 7.2.2.3, which addresses this vulnerability. Our Installation and Upgrade Guide contains the appropriate guidance to apply this patch to your instance.

Version 7.1.x
Since version 7.1 is no longer supported, we strongly recommend upgrading to 7.2.2.0, at which point you can apply the patch to upgrade to 7.2.2.3, which addresses this vulnerability. You can download the necessary patches via our Download Manager.  Our Installation and Upgrade Guide contains the appropriate guidance to apply this patch to your instance.

Version 6.5.x
Please visit our Download Manager to download the latest patch for your release, 6.5.20, which addresses this vulnerability. Our Installation and Upgrade Guide contains the appropriate guidance to apply this patch to your instance.  If upgrading now is not an option, and you are running a commercial version of Sugar, please open a case with our support team to request a hotfix for the security vulnerability.  We will then supply a module loadable package that can be applied to your current version and edition of Sugar.  Support tickets can be opened via our portal or by emailing support@sugarcrm.com. If you are not familiar with the support process, please review our knowledge base article on Working With Sugar Support.

Release Notes
The release notes for 6.5.20 can be found at the following links:
Ultimate 6.5.20 Release Notes
Enterprise 6.5.20 Release Notes
Corporate 6.5.20 Release Notes
Professional 6.5.20 Release Notes
Community Edition 6.5.20 Release Notes
 
The release notes for 6.7.9 can be found at the following links:
Ultimate 6.7.9 Release Notes
Enterprise 6.7.9 Release Notes
Corporate 6.7.9 Release Notes
Professional 6.7.9 Release Notes

The release notes for 7.2.2.3 can be found at the following links:
Ultimate 7.2.2.3 Release Notes
Enterprise 7.2.2.3 Release Notes
Corporate 7.2.2.3 Release Notes
Professional 7.2.2.3 Release Notes

If you want to ensure you are up-to-date on all our latest releases, please click the ‘Follow’ button under our ‘Releases' category in the community.

Outcomes