7.11.x Releases

7.11.23

Released 19/11/2021

Assets

Security

  • CVE: Pending - Fixed file check bypass

  • CVE: Pending - Local File Inclusion

Bug Fixes

  • Fix 8432 - Remove index limit from mssql index names upon create and repair.

  • PR: 8957 - Fix typo in word administrator

  • PR: 9368 - Fix 9217 - Revert "Fix Users index incompatible with MSSQL".

  • PR: 9360 - Fix 9358 - Meeting invite notification emails are not sending to all invitees.

  • PR: 9361 - Fix 9192: Fix duplication of folders_rel table entries.

  • PR: 9246 - Fix 6994: Update pollMonitoredInboxesAOP to double check that SugarFolder has been retrieved correctly.

  • PR: 9367 - Update PDF template warning

Community

Special thanks to everyone who reporting the security issues addressed in this release!

Victor Garcia

Special thanks to the following members for their contributions and participation in this release!

Please visit the official website to find the appropriate upgrade package.

To report any security issues please follow our Security Process and send them directly to us via email security@suitecrm.com


7.11.22

Released 24/09/2021

Assets

Security

  • CVE: Pending - Privilege Escalation vulnerability

  • CVE: Pending - Local File Inclusion

Bug Fixes

  • PR: 9277 - Issue - 9269 - Fix #9269 - edit view jumps to tab with validation error upon save,if hidden

  • PR: 9259 - Issue: 9269 - Fix #9257 Adjusting references and tests to reflect updated GoogleAPIalias

  • PR: 9262 - Fix #9262 - Add the Overview label to Security Groups detailview

  • PR: 9286 - Fix #9286 - EmailsComposeView.js Formatting

  • PR: 9293 - Fix #9293 - Error on audit save

  • PR: 9297 - Fix #9297 - V8 API Auth issues on windows

Community

Special thanks to everyone who reporting the security issues addressed in this release!

Konstantin Damotsev

Special thanks to the following members for their contributions and participation in this release!

Please visit the official website to find the appropriate upgrade package.

To report any security issues please follow our Security Process and send them directly to us via email security@suitecrm.com


7.11.21

Released 20/08/2021

Assets

Security

  • CWE-1236: Improper Neutralization of Formula Elements in a CSV File

  • CWE-284: : Improper Access Control

Bug Fixes

  • PR: 8716 - Correct Layout of date fields

  • PR: 8921 - Link Fix - Upgrade Documentation

  • PR: 8922 - Notes for translators on abbreviations

  • PR: 8923 - Indentation Fix

  • PR: 8925 - Space Typo Fix

  • PR: 8929 - Moving comment next to the string

  • PR: 8930 - https url fix

  • PR: 8931 - SuiteP template translators notes

  • PR: 9180 - Issue: 9179 - Fix for: #9179 AOR_Charts getShortenedLabel fails on utf8 characters

  • PR: 9072 - Make Projects Importable

  • PR: 9102 - Issue: 4145 - Fix for: Email Address - "invalid" and "opt_out" options are lost

  • PR: 9206 - Issue: 9205 - Fix #9205 - Duplicate audit records

  • PR: 8534 - Fix Archive Folder Query

  • PR: 8587 - Add cases to email object_arr

  • PR: 8685 - Only init Currency when saving

  • PR: 8732 - AOR_Reports generating php notices due to undef

  • PR: 9044 - Change pdfheader/pdffooter data type to longtext

  • PR: 9084 - Set default perms on new log file

  • PR: 9195 - Update CaseUpdatesHook.php

  • PR: 8485 - Fix function declaration of TabController::get_key_array()

  • PR: 9008 - Wrong spelling of ProspectLists module

  • PR: 9202 - Issue: 9201 - Filter form label styling

  • PR: 9238 - Issue: 9237 - Fix #9237 where dates in aow actions & conditions are not saved or displayed correctly

  • PR: 9223 - Issue: 6997 - User profile password auto-fill

  • PR: 9182 - Allow filtering Survey campaigns

  • PR: 8992 - Issue: 8991 - Small bit of duplicate code

  • PR: 9007 - Wrong spelling of AOR_Reports module

  • PR: 9069 - Inline Edit: Help text containing quotes is not correctly displayed

  • PR: 8613 - Improve Contacts Duplicate List

  • PR: 8898 - Retrieve SuiteCRM version in get_server_info

Community

Special thanks to everyone who reporting the security issues addressed in this release!

Hagai Wechsler

Special thanks to the following members for their contributions and participation in this release!

Please visit the official website to find the appropriate upgrade package.

To report any security issues please follow our Security Process and send them directly to us via email security@suitecrm.com


7.11.20

Released 02/06/2021

Assets

Security

Bug Fixes

  • PR: 8731 Issue: 7285 - Database failure when filter custom fields by V8 API

  • PR: 9149 Issue: 8319 - Multiple IMAP Inboxes

  • Issue: 9106 - JSON Error in related field’s popup

  • Issue: 9166 - Fix Missing locale in FullCalender 3.10

  • Fix Users index incompatible with MSSQL

  • Fix Php compatibility within Admin ConfigureTabs

  • Fix Email Address loading performance

  • Fix theme - dashletclose.png loading error in console

  • Fix theme - Footer text colour inconsistency

  • Fix theme - Menu overflow top module alignment

  • Fix theme - Admin settings empty error displays line

  • Change populateDefaultValues fatal log on empty field_defs to warning

Community

Special thanks to everyone who reporting the security issues addressed in this release!

Daniel Sundbeck

Special thanks to the following members for their contributions and participation in this release!

Please visit the official website to find the appropriate upgrade package.

To report any security issues please follow our Security Process and send them directly to us via email security@suitecrm.com


7.11.19

Released 28/04/2021

Assets

Security

  • CVE: Pending - XSS Vulnerability

  • CVE: Pending - XSS Vulnerability

  • CVE: Pending - XSS Vulnerability

  • CVE: Pending - XSS Vulnerability

  • CVE: Pending - XSS Vulnerability

  • CVE: Pending - Fixed Dependency

  • CVE: Pending - Fixed stored XSS vulnerability

  • CVE: Pending - Fixed stored XSS vulnerability

  • CVE: Pending - Fixed file check bypass

  • CVE: Pending - Improved file upload checks

Bug Fixes

  • PR: 8642 - Issue: 5107 - Fix Inline edit date/datetime issue

  • PR: 7999 - Prevent securitygroups mass assign damage

  • PR: 8571 - Remove duplicate code in users detailviewdefs

  • PR: 8514 - Implement effective opcache file clearing

  • PR: 8700 - Various problems in PHPDocs throughout the codebase.

  • PR: 9068 - Issue: 9067 - Fix the drop down width

  • PR: 9093 - Add Additional api filter option like

  • PR: 9090 - User menu alignment

  • PR: 8570 - Issue: 6051 - Modulebuilder labels edit fixes

  • PR: 9088 - Update JQuery JS Library to v3.6.0

  • PR: 9000 - Issue: 8999 - Hardcoded 'by' label in calls

  • PR: 9035 - Issue: 9034 - Business Hours does not work in non-english languages

  • PR: 8910 - Update the V8 Api to allow for upload of documents similar to notes

  • PR: 9010 - Add missing 'view task' label on calendar

  • PR: 9003 - Issue: 8894 - Add missing label for calendar dashlet

  • PR: 9032 - Prevent Notice Error During Import

  • PR: 8206 - Issue: 8182 - Update updateTimeDateFields to handle undefined dates

  • PR: 9076 - Issue: 9075 - Removing deleted related beans via link

  • PR: 8988 - Improve upon solution which doesn’t cache incomplete beans

  • PR: 7884 - Issue: 6800 - Elasticsearch: Elastic index name is hardcoded

  • PR: 9060 - Project Form action should not be changed if delete is not confirmed

  • PR: 9059 - Issue: 8676 - New Scheduled Reports does not run

  • PR: 9079 - Issue: 2645 - Calendar quick create ignores required fields

  • PR: 9054 - Add missing scheduler label for trimSugarFeeds

  • PR: 9070 - Fix php compatibility issues

  • PR: 8974 - Issue: 8956 - Email compose body not shown in detail view

  • PR: 9096 - Issue: 7772 - Only index ElasticSearch when enabled

  • PR: 9101 - Fix LangText exception breaking ElasticSearch

  • PR: 8513 - Issue: 8472 - No or not complete Searchresults using elasticsearch engine

  • PR: 8981 - Issue: 8916 - Misspelled elasticsearch labels

  • PR: 9080 - Update config for google/apiclient at composer.json

Community

_Special thanks to everyone who reporting the security issues addressed in this release!

Cory Billington, Thanhlocpanda of VinCSS (Member of Vingroup), Hao Wang, Sam Sanoop, Chris Forbes, James Addison

Special thanks to the following members for their contributions and participation in this release!

Please visit the official website to find the appropriate upgrade package.

To report any security issues please follow our Security Process and send them directly to us via email security@suitecrm.com


7.11.18

Released 05/11/2020

Release Notes

Important - This release resolves an important issue in 7.11.16 and 7.11.17 that can cause issues in many areas of the crm, including in reports, roles and currency. We recommend all users of 7.11.16 and 7.11.17 to upgrade to this release asap. see issues 8936 and 8934 for more details

Important - Update 17 March 2021 - The upgrade patch has been updated to version 1.0.1. This update addresses an issue in which the upgrade patch may have prevented the option to select "Next" after a successful system check when upgrading. Special thanks to JanSiero for highlighting this issue and fix.

Bug Fixes

  • Issue: 8936 - +/- get removed from start of text

  • Issue: 8934 - Report main group issues

  • Issue: 8391 - Yesterday period option in reports show correct time

  • Issue: 8863 - Cannot report on Employee Status

  • Issue: 8918 - Regression with download.php image fields

  • Issue: 8941 - Cannot delete reports fields

  • Issue: 8826 - PDF Report contains blank space when using a Main Group and Total

Community

Special thanks to the following members for their contributions and participation in this release!

Please visit the official website to find the appropriate upgrade package.

To report any security issues please follow our Security Process and send them directly to us via email security@suitecrm.com


7.11.17

Released 29/10/2020

Release Notes

7.11.17 addresses an issue in 7.11.16 where Email compose body field was missing after upgrade to 7.11.16, please refer to the 7.11.16 release note for the further details and changes

Bug Fixes

  • Issue: 8913 - Email compose body field missing after upgrade to 7.11.16


7.11.16

Released 28/10/2020

Release Notes

Important - This release removes the YUI3 JavaScript Library from the codebase due to security concerns for the discontinued project. If you have code within your instance that still specifically requires or makes use of YUI3 you made need to update your code or include YUI3 manually, prior to updating to this release.

Security

  • Important Security Issue

  • Important Security Issue

  • Important Security Issue

  • Moderate Security Issue

  • Moderate Security Issue

  • Moderate Security Issue

  • Moderate Security Issue

  • Moderate Security Issue

Security issues information will be added shortly

Enhancements

  • PR: 8818 - Add 'Contains' as valid opp for multienum

  • PR: 8814 - Allow custom SugarFieldBase class

  • Move TinyMCE Editor to composer

Bug Fixes

  • Issue: 7972 - IMAP import fails with Office 365

  • Issue: 8688 - Fatal error on install with MySQL 8

  • Issue: 6046 - DBMS reserved words fail in MySQL8

  • Issue: 8830 - File names with underscores in download.php

  • Issue: 8610 - Uninitialised variables in ModuleInstaller.php

  • Issue: 4435 - TinyMCE pagebreaks work correctly

  • Issue: 8771 - Silent failure when no PHP-json module installed

  • Issue: 8905 - Report joins fail on one to one relationships

  • Issue: 8904 - Optimistic Locking is not compatible with all field types

  • Issue: 8904 - Optimistic locking module definition incorrectly set on some modules

  • Issue: 8903 - Campaign Bounce email import - better mine type recognition

  • Issue: 8882 - Delegates subpanel select all / select page doesn’t work

  • Issue: 7306 - API v8 not working on php-fcgid - Missing /api/.htaccess

  • Issue: 8486 - Rewriting of '.htaccess' file

  • Issue: 8535 - Email To field being deleted on save

  • Issue: 8730 - duplicate Compose Email Modal from Activities subpanel

  • Issue: 8641 - Compose button / Related ID not set when no email

  • Issue: 8812 - Add to target list in Campaign results

  • Issue: 8824 - Too few arguments on SugarWebServiceImpl set_relationship

  • Issue: 8677 - Subpanel end navigation

  • Issue: 8888 - Fixes DynamicField reference

  • Issue: 8785 - Incorrect Syntax in install.php

  • Issue: 8795 - Change log level to warn loading non existing Bean

  • Issue: 8819 - Update OutboundEmail.php to handle deleted rows

  • Issue: 6427 - Stacked Bar chart totals incorrect

  • Issue: 8348 - V8 API CORS prevents DELETE HTTP call

  • Issue: 8816 - module name on logic_hook install

  • Issue: 3468 - Email template retrieving cached beans

  • Issue: 8841 - Change private to protected to fix EmailMan overrides

  • Issue: 8490 - Fix php Notices

  • Issue - Calender fails to display event the last over 3 weeks

  • Issue - Theme display issues - Header & Footer clean up, Action and List view view buttons

Community

_Special thanks to everyone who reporting the security issues addressed in this release!

Luis Noriega wizlynx group, M. Cory Billington (@_th3y), Hao Wang, QuickCRM, pgorod & Apple Information Security

Special thanks to the following members for their contributions and participation in this release!

Please visit the official website to find the appropriate upgrade package.

To report any security issues please follow our Security Process and send them directly to us via email security@suitecrm.com


7.11.15

Released 10/06/2020

Release Notes

7.11.15 addresses an issue in 7.11.14 where the change log would fail to display, please refer to the 7.11.14 release note for the further details and changes


7.11.14

Released 09/06/2020

Release Notes

This release includes an additional patch that you can install if you are having issue upgrading. This allows you apply the enhancements and fixes we have brought in recent release to the upgrade wizard, prior to you upgrading to hopefully resolve many issue we have seen in the community. To apply the patch download it from the here and install via module loader, not via the upgrade wizard. Then proceed to upgrade as normal.

Security

  • Moderate Security Issue

  • Moderate Security Issue

  • Moderate Security Issue

  • Moderate Security Issue

  • Moderate Security Issue

Full disclosure of the security issues addressed in this release will be made at a later date

Enhancements

  • PR: 7795 - PR: 7806 Custom Extend Core Modules

  • PR: 8405 - Remove deprecated sudo from .travis.yml

  • PR: 8506 - Increase driver timeouts to be a little more lenient

  • PR: 8523 - Update the index on the target list - targets middle table

  • PR: 8618 - Move OAuth2 Encryption Key into config.php

  • PR: 8639 - Display Data table under maps in any language

  • PR: 8638 - Check permissions only on required directories on upgrade system checks

Bug Fixes

  • PR: 6669 - Issue: 5526 - Fix Inline edit date/datetime issue

  • PR: 7056 - Issue: 3911 - LDAPAutheticate warnings in log

  • PR: 7863 - Issue: 7723 - Fix missing campaign analysis graphs

  • PR: 8208 - Issue: 6676 - Add editview check to stop cacheing issues for dates on aow conditions

  • PR: 8257 - Issue: 8261 - Handling of temp files during Upgrades

  • PR: 8481 - Issue: 8450 - Minor bug in GridLayoutMetaDataParser::addField()

  • PR: 8483 - Fix function declaration of SugarFieldTime::save()

  • PR: 8504 - Issue: 8499 - API V8 issues for password grants SuiteCRM 7.10.22

  • PR: 8511 - Issue: 5012 - Remove maxLength from user name in DB config

  • PR: 8550 - Issue: 8549 - Added CSS to make case updates textfield re-sizeable

  • PR: 8559 - Fix issue for non based on Emails Campaigns

  • PR: 8594 - Fix db convert directly calling abstract function

  • PR: 8596 - Add missing business hours calculation to reports

  • PR: 8597 - Issue: 5836 - Fix/5836 two factor authentication redirect

  • PR: 8598 - Fix usage of deprecated Redis::delete() function

  • PR: 8601 - Fix PHP notices Fix missing query offset in SugarBean::get_linked_beans() warnings

  • PR: 8607 - Fix missing query offset in SugarBean::get_linked_beans()

  • PR: 8629 - Fix string within sub query

  • PR: 8635 - Download link displayed twice. No Delete link in Diagnostic

  • PR: 8636 - Issue: 8489 - No validation when using header save button in AOS_Products

  • PR: 8638 - Issue: 8637 - Upgrade Wizard fatal error after upgrade on windows

  • PR: 8646 - Fix Report navigation display

  • PR: 8647 - Issue: 5487 - Report groups repeat for each record

  • PR: 8648 - Issue: 7821 - Fix Username alignment in all screen widths

  • PR: 8651 - Fix warnings when running upgrade via cli

  • PR: 8652 - Issue: 8643 - Reports do not work related module custom fields

  • PR: 8654 - Fix naming from SugarCRM Reports to AOR_Reports

  • PR: 8655 - Reports: Remove useless recalculation

  • PR: 8659 - Issue: 7766 - Invalid depreciated log in SugarBean fixUpFormatting

  • PR: 8661 - Task Status key is displayed in View Summary

  • PR: 8754 - Remove unused google service from the vendor directory

  • PR: 8755 - Issue: 7152 - Fix cases Update text not saving when using html field

  • PR: 8758 - Issue: 8757 - Time format preference typo

Community

_Special thanks to everyone who reporting the security issues addressed in this release!

Đào Quốc Vương, Global Ip Action & Connor Shea

Special thanks to the following members for their contributions and participation in this release!

Please visit the official website to find the appropriate upgrade package.

To report any security issues please follow our Security Process and send them directly to us via email security@suitecrm.com


7.11.13

Released 25/03/2020

Release Notes

Security

  • Critical Security Vulnerability

  • Important Security Issue

  • Important Security Issue

Full disclosure of the security issues addressed in this release will be made at a later date

Bug Fixes

  • Issue: 5836 - Two Factor Authentication redirect to User profile

  • Issue: 8582 - DBManager::convert calls abstract function

  • Issue: 6676 - Multiple datetime value condition issues in Workflow / Reports

  • Issue: 7011 - Intial User Login Duplicate Timezone Request / Blank screen

  • Issue: 8261 - Upgrade Issues - Handling of temp files during Upgrades

  • Issue: 8483 - Fix function declaration of SugarFieldTime::save()

Community

Special thanks to all who contributed to this release!

Please visit the official website to find the appropriate upgrade package.

To report any security issues please follow our Security Process and send them directly to us via email security@suitecrm.com


7.11.12

Released 14/02/2020

Release Notes

Security

Bug Fixes

  • Issue: 8541 - MySQL Database breaking on special characters

  • Backward incompatible config changes

Community

Special thanks to Egidio Romano for reporting the security issues addressed in this release!

Please visit the official website to find the appropriate upgrade package.

To report any security issues please follow our Security Process and send them directly to us via email security@suitecrm.com


7.11.11

Released 10/02/2020

Assets

Administrators Note 1/2

You may notice when installing SuiteCRM a new panel which allows for the configuration of different collations and type-sets. This is part of our progression towards resolving issues with special characters and emojis. Currently available sets include utf8 and utf8mb4.

Administrators Note 2/2

Within this release, we have also resolved a few known issues with the upgrade process; however, they will unfortunately not take effect until the next upgrade cycle. Therefore it is vital that if you encounter any problems while installing that you review and follow the recommended process within the SuiteDocs upgrade debugging page which can be found here

Potential breaking change with package container-interop

If you maintain a CRM utilising container-interop for API extension, you should note that this release may require some small changes to routing as seen below:

Instead of Interop

use Interop\Container\ContainerInterface;

Make use of Psr

use Psr\Container\ContainerInterface;

Release Notes

Security

  • CVE: CVE-2020-8787 - Bean ID validation strictness

  • CVE: CVE-2020-8783 - Neutralization of potential vulnerability with use of Special Elements within SQL

  • CVE: CVE-2020-8784 - Neutralization of potential vulnerability with use of Special Elements within SQL

  • CVE: CVE-2020-8785 - Neutralization of potential vulnerability with use of Special Elements within SQL

  • CVE: CVE-2020-8786 - Neutralization of potential vulnerability with use of Special Elements within SQL

Enhancements

  • PR: 8100 - Issue: 8099 - Add a way to hide/show columnChooser in ListViews

  • PR: 7879 - Issue: 7876 - Render phone fields as links

  • PR: 8215 - Scroll QR&R to see the 'sync with vardefs' part

  • PR: 8164 - More inclusive language

  • PR: 8160 - Updated CONTRIBUTING.md

  • PR: 7798 - Database character set configuration

Bug Fixes

  • PR: 8422 - Issue: 8421 - Fix issue with validation on aos settings

  • PR: 8395 - Issue: 6000 - Notifications not working when using mssql

  • PR: 8353 - Issue: 8351 - Datepicker missing in massupdate for custom datetime field type

  • PR: 8298 - Issue: 8295 - Fix sorting icons showing counterwise

  • PR: 8285 - Issue: 6990 - Run Email Notification not working

  • PR: 8274 - Issue: 8273 - Check the selected e-mail client

  • PR: 8233 - Issue: 8057 - Backport various PHP 7.4 fixes

  • PR: 8205 - Issue: 8180 - Font colour is the same as the search bar bg

  • PR: 8053 - Issue: 7874 - Unable to use custom _head.tpl file (alternative fix)

  • PR: 8139 - Issue: 8134 - Logo not in left-hand corner anymore

  • PR: 8158 - Issue: 8151 - Updating FPEvent unit test to use correct array

  • PR: 8181 - Issue: 7305 - Scheduled reports execute in the timezone specified

  • PR: 8188 - Issue: 8183 - Non-group records show on list view if group only access

  • PR: 8190 - Issue: 8173 - Workflow actions missing in edit and detail view

  • PR: 8424 - Remove 'buggy version check' from php version checker

  • PR: 8363 - Adding fix to silent upgrade’s upgrade history save

  • PR: 8346 - Update links

  • PR: 8344 - Email1 field now gets populated through API

  • PR: 8340 - API returns the emailAddress Relationship link

  • PR: 8322 - Remove Schedulers cron instructions from filter pop-up

  • PR: 8258 - Fix "!" in pQuery and add tests

  • PR: 8243 - Clear PHP notice on Home page and improve suitecrm.log message

  • PR: 8198 - Unit test fixes for 7.10.x

  • PR: 7832 - V8 API swagger.json

  • PR: 6709 - Avoid printing js content in CLI commands

  • PR: 8458 - Fix install layout db options

  • PR: 8468 - Fix slim api

  • PR: 8193 - Fixed employees module not appearing in ACL role list

  • PR: 8326 - Logo upload

Development

  • PR: 8231 - Issue: 7891 - Clean up include/ tests

  • PR: 8218 - Issue: 7744 - Remove deprecated functions from utils.php

  • PR: 8217 - Issue: 7744 - Remove the deprecated load_menu() function in utils.php

  • PR: 7807 - Issue: 7740 - Replacing the StateChecker with database truncation in tests

  • PR: 8379 - Deprecate _pp functions

  • PR: 8378 - Misc code formatting improvements

  • PR: 8350 - Add tests for splitTime() on TimeDate

  • PR: 8314 - Fix parameter order for asserts in unit tests

  • PR: 8300 - Add tests for TimeDate class

  • PR: 8313 - Add more TimeDate tests

  • PR: 8299 - Add tests and PHPDocs for return_bytes function

  • PR: 8296 - A few more little fixes for the formatting in the test suite.

  • PR: 8283 - Unit test cleanup

  • PR: 8253 - Remove some old code referencing PHP 5.3

  • PR: 8252 - Deprecate various utils functions that are unused

  • PR: 8249 - Add unit tests for is_admin() function

  • PR: 8236 - Update the Travis Code Coverage job

  • PR: 8235 - Clean up misc unit tests

  • PR: 8234 - Add tests for check_php_version

  • PR: 8216 - Add a PHPDoc comment and test to unencodeMultienum()

  • PR: 8156 - tests: throw an error in case exit() is called during testing

  • PR: 8477 - Fix/Avoid WebDriver Timeouts in Travis createModule Tests

  • PR: 8509 - Fixing typo in seperator/separator change

  • PR: 8518 - Fix backwards compatibility with seperator/separator css

  • PR: 7580 - Update export_excel_compatible to work with all Excel versions

  • PR: 8297 - Add PHPDoc and deprecate unTranslateNum

  • PR: 8310 - Backport more PHP 7.4 fixes

  • PR: 8152 - Update html-purifier to 4.12

  • PR: 8161 - Fix a PHP warning in Meeting.php

Community

Special thanks to Egidio Romano for reporting the security issues addressed in this release!

Special thanks to the following members for their contributions and participation in this release!

Please visit the official website to find the appropriate upgrade package.

To report any security issues please follow our Security Process and send them directly to us via email security@suitecrm.com


7.11.10

Released 11/11/2019

Release Notes

Security

  • CVE: Unassigned - SQL Injection

Bug Fixes

  • PR: 8185 - Issue: 7946 - Removed unnecessary JSSource files

  • PR: 8187 - Issue: 8183 - Non-group records show on list view if group only access

  • PR: 8189 - Issue: 8151 - Email Template

  • PR: 8190 - Issue: 8173 - Workflow actions missing in edit and detail view

  • PR: 8192 - Fixed employees module not appearing in ACL role list

  • PR: 8207 - Issue: 8203 - Repair Administration section ISSUENAME Google Calendar settings menu option

Please visit the official website to find the appropriate upgrade package.

To report any security issues please follow our Security Process and send them directly to us via email security@suitecrm.com


7.11.9

Released 04/11/2019

Release Notes

Security

Enhancements

  • PR: 7198 - Add Robo API commands

  • PR: 5464 - Filter email templates on Events

  • PR: 7829 - Issue: 7828 - Robo tasks for common actions that are performed in Repair Administration module

  • PR: 7819 - Issue: 7817 - Added option to filter WorkFlows by module name

  • PR: 7809 - Robo: Add a --filter option to tests:unit for filtering tests

  • PR: 7808 - Issue: 7621 - Add support for config_override.test.php

  • PR: 7844 - SuiteP: Add html data tags to allow module and field identification

  • PR: 7837 - Issue: 7836 - Robo task to compile css in a custom theme

  • PR: 7834 - Workflow: Properly delete records which are marked as deleted

  • PR: 7910 - Issue: 7885 - Add a SECURITY.md to the repository

Bug Fixes

  • PR: 8154 - Issue: 8153 - SQL query in the ACLAction code

  • PR: 8151 - Resolve issue with email templates

  • PR: 7659 - Icons not rendering properly in Alerts

  • PR: 7655 - Issue: 7648 - Case Module: Description field not showing after Save and continue

  • PR: 7650 - 'customMetadate' typo in DashletGeneric.php

  • PR: 7643 - Issue: 7622 - Make the code:coverage Robo command work outside of CI

  • PR: 7641 - Issue: 7396 - Update button clears DateTime parameter in Reports Module

  • PR: 7638 - Issue: 7315 - Adding parameter date field in Reports module causes error in Browser console

  • PR: 7627 - Update sugar_3.js to fix a MassUpdate undefined error

  • PR: 7587 - Issue: 7586 - Unnecessary include in UserService

  • PR: 7529 - Codacy

  • PR: 7525 - API Create Relationship via Link

  • PR: 7515 - Scheduled Reports: Fix report name relation and popup search

  • PR: 7428 - Issue: 7427 - Show logs lines that was made by anonymous

  • PR: 7195 - Inspections compatibility

  • PR: 7193 - Remove Unused Import

  • PR: 7141 - Type casting

  • PR: 6765 - Issue: 321 - Hitting enter in the password input saves the user but not the password

  • PR: 6503 - Add a SAML2 metadata endpoint

  • PR: 5537 - Issue: 5520 - Do not clear existing attachments when loading a template

  • PR: 4471 - Update DeleteRelationship.php

  • PR: 3820 - search_by_module REST API

  • PR: 7826 - Issue: 2825 - Now we translate the title tag for recently viewed links

  • PR: 7822 - Issue: 7821 - User name is not aligned in 1200px to 1600px screens

  • PR: 7818 - InboundEmailTest: Make tests independent to make them work with the state checker

  • PR: 7816 - Removing an item from subpanel should only require the item edit access right

  • PR: 7815 - Save email addresses before saving company/person

  • PR: 7814 - SQL query bug for quote purchase subpanel

  • PR: 7813 - Issue: 7810 - Pencil present in Top Menu for users with non editing permission

  • PR: 7802 - Issue: 6830 - Code coverage as a separate stage in CI

  • PR: 7797 - Issue: 7779 - PHP Fatal error in modules/Connectors

  • PR: 7783 - Issue: 7780 - Bad css format in Date and Date Range Inputs in search forms

  • PR: 7782 - Issue: 7781 - Now we can compile SuiteP only one color_scheme

  • PR: 7777 - Issue: 7784 - Grouping by with xxx_usdollar currency fields

  • PR: 7774 - EmailMarketing: Add security groups support

  • PR: 7773 - Make robo test commands fail if tests fail

  • PR: 7771 - Issue: 7620 - Add dotenv support for the test environment

  • PR: 7762 - Issue: 7761 - htaccess issue

  • PR: 7760 - SugarEmail: Fix 'to' field not being filled when the last record doesn’t have an email

  • PR: 7746 - Issue: 7675 - Add a function to compare properly indices definitions

  • PR: 7741 - Clean up a bunch of unit tests

  • PR: 7711 - Issue: 2928 - Clear Zend OPcache when writing files

  • PR: 7690 - Composerify Zend Lucene

  • PR: 7906 - Update Gitattributes + codeception.dist.yml

  • PR: 7904 - Issue: 7903 - Verify if $bean is_subclass_of SugarBean so we can check access

  • PR: 7900 - Issue: 7869 - Protect against illegal string offset warnings in aow_utils

  • PR: 7899 - Issue: 7868 - 'Undefined index: leads_id' notices in AOR_Report.php

  • PR: 7898 - Issue: 7552 - AOR Reports - Mysqli_query failed when execute Report as normal User

  • PR: 7892 - Issue: 5652 - Ending spaces in language strings

  • PR: 7877 - Issue: 7875 - Wrong render in DateRangeInput using 'Between' Option

  • PR: 7871 - Issue: 7870 - Improvements in css for date_input and labels in EditView

  • PR: 7865 - Refixed #7393 without breaking headers for non-pulldown fields

  • PR: 7866 - Issue: 6535 - Replace contact_xxx in templates also for leads/prospects/users

  • PR: 7864 - Issue: 7642 - Replace Title with Job Title

  • PR: 7858 - Issue: 6442 - Fix Issue when importing non UTF-8 CSV file

  • PR: 7857 - Issue: 7848 - Temporarily revert PHP 5.5 from the Travis build

  • PR: 7855 - Issue: 7613 - Status/State usage causing translation errors

  • PR: 7853 - Issue: 7848 - Move the PHP 5.6 job to xenial

  • PR: 7847 - Issue: 6012 - Emails being sent from 'Root User'

  • PR: 7841 - Update issue 'Undefined index: docType' PHP notice PR templates to comment on how to include code

  • PR: 7839 - Issue: 7838 - 'Undefined index: docType' PHP notice

  • PR: 7833 - SugarFeed: Various fixes for 7.10.19/20 regressions

  • PR: 7965 - Issue: 7964 - Report Total Field formatting is inconsistent

  • PR: 7963 - Issue: 7962 - Sending emails with apostrophe in email address

  • PR: 7959 - Issue: 3860 - Fix typo in InboundEmail.php

  • PR: 7957 - Silent upgrade

  • PR: 7956 - Issue: 7955 - Admin blank screen post upgrade to 7.11.8

  • PR: 7952 - Update the .gitattributes export-ignore list

  • PR: 7951 - Issue: 6691 - Typo in key - LBL_ORIGINAL_MESSAGE_SEPERATOR

  • PR: 7950 - Issue: 7926 - Do not divide by adjustment if it equals 0

  • PR: 7944 - Issue: 3129 - Use correct Business Hours field name for opening hours check

  • PR: 7943 - Issue: 7942 - Add bool to eligible fields for merging

  • PR: 7930 - Typos in audit template metadata

  • PR: 7929 - Issue: 7928 - Upgrade wizard recommends composer update instead of composer install

  • PR: 7925 - Enable Delete button in Actions menu

  • PR: 7924 - Issue: 7923 - Verify the variable is an array

  • PR: 7922 - Issue: 7880 - InboundEmail mime parser

  • PR: 7918 - Issue: 7917 - Issue with french translation

  • PR: 7913 - Issue: 7912 - Avoid PHP Notices in getVardefs() method

  • PR: 7909 - htaccess

  • PR: 8039 - Misc improvements to the acceptance tests

  • PR: 8032 - Issue: 3857 - Retain date properly when saving a stored query

  • PR: 8031 - Issue: 7758 - Disable Action menu has no effect on menus in subpanel

  • PR: 8030 - Issue: 7738 - Email Template selection in email module is not working in Edge/IE11

  • PR: 8029 - Updated mkdir calls to throw RuntimeExceptions

  • PR: 8028 - Issue: 7874 - Unable to use custom _head.tpl file

  • PR: 8027 - Issue: 7882 - No 'Server response time' in SuiteP

  • PR: 8026 - Issue: 8025 - OAuth2 ClieOAuth Keys Fixed a grammatical error in include/templates/Template.phpnts and Tokens icons are missing

  • PR: 8020 - Fixed a grammatical error in include/templates/Template.php

  • PR: 8018 - Move RebuildConfig.php from using XTemplate to using Smarty

  • PR: 8015 - Make the pagination buttons on DetailView pages links.

  • PR: 8010 - Skip cache building if custom class exists for dashlets

  • PR: 8009 - Update contributing.md

  • PR: 7998 - Issue: 7997 - Datetime field caching issue

  • PR: 7995 - Typos and made it grammatically better

  • PR: 7994 - Update config.yml to include 7.10.x branch

  • PR: 7990 - AOW_WorkFlow: Delete all related beans when deleting a workflow

  • PR: 7989 - BeanFactory: Don’t return deleted beans from the cache

  • PR: 7986 - Updated LoggerManager to use @method + code cleanup

  • PR: 7981 - Issue: 5709 - Paths to milestone image

  • PR: 7978 - Issue: 7971 - Textarea in EditView overlaps other fields

  • PR: 7976 - Replace deprecated array index accessors

  • PR: 7970 - Issue: 7969 - Cannot call logger

  • PR: 7966 - Email css error

  • PR: 8086 - Link contributors badge to contributors insights

  • PR: 8076 - Issue: 8057 - Deprecated usage of join

  • PR: 8075 - Issue: 8057 - Misc PHP 7.4 deprecations

  • PR: 8073 - Issue: 8057 - Remove all uses of get_magic_quotes_gpc

  • PR: 8068 - Issue: 7764 - Undefined index: server_unique_key

  • PR: 8067 - Added the deprecated lowercase v8 API to codecov ignore list

  • PR: 8064 - Issue: 8063 - Change isset() to !empty()

  • PR: 8061 - Issue: 6314 - Unused language strings in ver. 7.10.8

  • PR: 8060 - Issue: 7987 - Apache log

  • PR: 8059 - Added a check for SUGARCRM restrictions in htaccess

  • PR: 8058 - Issue: 8057 - Deprecated usages of implode

  • PR: 8056 - Issue: 7128 - Remove scheme to avoid mixed content error

  • PR: 8054 - Improve footer styling for new stats item

  • PR: 8051 - Issue: 7397 - Implement Refresh Token Grant

  • PR: 8050 - Issue: 8001 - Non-distinct person entries for each meeting/call invited to

  • PR: 8049 - Header cleanup

  • PR: 8041 - Remove BusinessCard-related code

  • PR: 7908 - Update composer.lock + Rebuild SASS/JS

  • PR: 7921 - Complete previous fix when ElasticSearch disabled

  • PR: 7945 - Issue: 7312 - Google Calendar data is cleared if SuiteCRM cal is deleted

  • PR: 7954 - Issue: 7953 - Elasticsearch default size setting

  • PR: 7901 - Issue: 7886 - Elasticsearch Indexing memory usage

Development

  • PR: 8000 - More PHP 7.4 array accessor deprecations

  • PR: 6750 - Issue: 4754 - Remove PHP4 style constructors

  • PR: 8085 - Deprecated string concatenation

  • PR: 8080 - Replaced alias functions

Community

Special thanks to the following members for their contributions and participation in this release!

Please visit the official website to find the appropriate upgrade package.

To report any security issues please follow our Security Process and send them directly to us via email security@suitecrm.com


7.11.8

Released 23/08/2019

Release Notes

Security

Enhancements

Potential breaking change with Smarty

If you maintain a custom SuiteCRM theme, you should note that this release may require some small changes to your .tpl Smarty files. This is because of a legacy customization to Smarty that was removed when it was moved to inclusion via Composer.

The only breaking change will be if you’ve used the theme_template attribute for any Smarty includes. You’ll need to remove the theme_template attribute and change the file attribute to use the full path:

{* before *}
{ include file="_head.tpl" theme_template=true }

{* after *}
{ include file="themes/SuiteP/tpls/_head.tpl" }

Plugin files are still usable in the same way as before – at ./include/Smarty/plugins/ – and can be required explicitly. Custom plugins should still go in ./custom/include/Smarty/plugins/. It should be noted that all other files in ./include/Smarty have been replaced by empty files to prevent errors in case users were `require`ing the files. They’re deprecated, and requires referencing them can be safely removed. Smarty’s internal files will be autoloaded by Composer by default.

Bug Fixes

  • PR: 7719 - Fix/backwards compatibility

  • PR: 7718 - Issue: 6982 - New user password not being generated

  • PR: 7713 - Issue: 7712 - Case insensitive detection of header X-CampTrackID

  • PR: 7699 - Issue: 7667 - Cannot import Email if plain-text plus attachment

  • PR: 7697 - Folder include/SugarCharts/Jit missing in 7.11.7 installation

  • PR: 7695 - Add a proper return type to getUserRoleNames()

  • PR: 7689 - Format InlineEditing.js with prettier

  • PR: 7683 - Issue: 6415 - Bug when inbound email Leave Messages On Server set to No

  • PR: 7682 - Documents - Image Field Does Not Display Uploaded Image

  • PR: 7681 - Issue: 7138 - EmailMan sendEmail missing restricted_addresses check

  • PR: 7610 - Fixed error message css + email warning config option

Community

Special thanks to the following members for their contributions and participation in this release!


Please visit the official website to find the appropriate upgrade package.

To report any security issues please follow our Security Process and send them directly to us via email security@suitecrm.com


7.11.7

Released 31st July 2019

Release Notes

Security

  • #CVE-2019-13335 - Security Issue - Fixed SSRF

  • Security Issue - Fixed privilege escalation

Enhancements

  • #7374 Robo test-running commands

  • #7474 SecuritySuite 3.1.16

  • #7503 Scheduled Reports: Enable security groups support and add the subpanel

Bug Fixes

  • #3756 Fixed #3756 - Calendar pop-ups now auto close after 500ms

  • #6850 SAML2: Use php-saml from composer

  • #7154 Fixes SugarPHPMailer encountered an error: Could not access file

  • #5754 Fixed #5754 - Error with custom fields on getQuery from One2Many relationships

  • #7345 Get ChromeDriver’s latest release in Robo task

  • #7390 Fixed #7390 - Unable to set Minimum Password Length in Password Management

  • #7433 Clean up codeception environments

  • #5552 Fixed #5552 - Inbound Email Auto-reply send email without Attachments

  • #6992 Fixed #6992 - Group Email Inbox accounts doesn’t respect reply as option in admin

  • #7477 Remove unused webDriverHelper variables

  • #3756 Fixed #3756 - Popup Studio and Calendar don’t auto-close

  • #7409 Fixed #7409 - Managing Delegates Removes main windows Scrolling

  • #7421 Fixed #7421 - Use of ampersand (&) in email subject sends email subject misformatted

  • #7491 Remove unnecessary test files

  • #7492 Replace the createAccount method

  • #7509 Fixed #7509 - Using prefix index to not hit Key threshold in MySQL5.6/UTF-8

  • #7511 Fixed #7511 - Silent installer tries to do unknown things on completion

  • #7467 Fixed #7467 - Survey entry-point broken in 7.11.5

  • #7267 Fixed #7267 - Database Failure after upgrading to Version 7.11.4

  • #7407 Fixed #7407 - "Users may send as themselves" broken - Invalid address: (punyEncode)

  • #7520 PSR-2

  • #6935 Fixed #6935 - Cookie path is not respected if globally set

  • #6470 Fixed #6470 - Email module: Inline image not shown in received/sent email

  • #7530 Fix missing function getAssignedEmailsCountForUsers

  • #7535 Misc automated testing improvements

  • #7536 Cleanup files created by acceptance tests between test runs

  • #7304 Fixed #7304 - ListView: Fix selection count for the "Select All" case

  • #7541 ListView: Fix the selection count when executing an action without any selection

  • #7542 ListView: Fix selection when switch from "select all" to "select page"

  • #7550 SugarWidgetSubPanelEmailLink: Fix missing opt-in ticks after inline editing

  • #7553 sugar_3.js: Remove unused send_form_for_emails()

  • #7554 Fixed email attachment icon

  • #7284 Fixed #7284 - Top of dashlets being cut off by nav bar nd positioning of dashlet pop-up

  • #7561 Add a get_current_language() helper function

  • #7562 Fix/silent upgrade

  • #7547 Fixed #7547 - use correct login image on install.php

  • #5190 Fixed #5190 - Attachment in detail view of non imported email doesn’t show

  • #7565 Add wait to HomeCest so it won’t flake

  • #7567 Fixed #7567 - Missing Contracts from selection of Related to: field

  • #4881 Fixed #4881 - Detail view of no imported email is different as imported + missing time unit + attachments

  • #2464 Fixed #2464 - Logo upload function is not working

  • #7573 Remove sugar references

  • #7582 Fix codecov path

  • #7209 Fixed #7209 - Inline Edit alert Even if I dont make a change

  • #7588 Fix pagination button class

  • #7298 Fixed #7298 - Emails 'Bulk Action' is disabled after upgrade to 7.10.16

  • #7594 Fixed #7594 - Remove include/timezone/timezones.php

  • #7607 Remove lastView variables from tests

  • #7599 Fixed #7599 - Unwanted email generated in case creation & update

  • #7608 Fixed #7608 - A non-numeric value encountered at ListViewSubPanel.php

  • #7624 Fixed email settings "data error"

  • #6996 Escaped strings issue, breaks "My favorites" filters and perhaps other things

  • #7639 Fixed DB failure with activities subpanel

Community

Special thanks to all members for their contributions and participation in this release!


Please visit the official website to find the appropriate upgrade.

To report any security issues please follow our Security Process and send them directly to us via email security@suitecrm.com


7.11.6

Released 1st July 2019

Release Notes

Security

  • #7439 - Update password hash to use php password_hash by default.

Bug Fixes

  • #7455 Fixed #7455 - Keep Lead photo when converting to Contact.

  • #7249 Fixed #7249 - Admin user cannot edit another user’s Mail Accounts.

  • #7156 Fixed #7156 - Slow SQL query in include/SugarFolders/SugarFolders.php causing slow emails interface in 7.10.x (and 7.11.x).

  • #7402 Fixed #7402 - Popup selects are broken.

  • #6866 Fixed #6866 - 7.10.12 Auto Import of Emails not working.

  • #3727 Fixed #3727 - IMAP server delete button on DetailView.

  • #7319 Fixed #7319 - Activity Stream dashlet "reply" function doesn’t appear to do anything.

  • #4116 Fixed #4116 - Wrong error_1.csv with multiple imports.

  • #7393 Fixed #7393 - Displaying dropdown db value instead of dropdown label in group header in Reports module.

  • #7344 Fixed #7344 - Automated Testing improvements.

  • #7391 Fixed #7391 - DB Error on audit logging large multi select fields.

  • #7107 Fixed #7107 - SQL errors with sql_mode=STRICT_TRANS_TABLES

  • #7238 Fixed #7238 - Incorrect user_id saved in users_signatures table when admin updates a signature.

  • #7351 Fixed #7351 - Fields last_name and first_name in Users too short.

  • #7357 Fixed #7357 - Home module index page loading bad MySugar file location.

  • #6379 Fixed #6379 - Unable to GET deleted records through API.

  • #6343 Fixed #6343 - installer fails, if posix is not installed on linux systems.

  • #7234 Fixed #7234 - Get subpaneldefs.php from custom/modules/MODULE_NAME/metadata.

  • #6872 Fixed #6872 - Installation and upgrades files checksums not provided.

  • #5173 Fixed #5173 - Email inline editing does not work properly (ver. 7.10-RC-2).

  • #2049 Fixed #2049 - 7.7.2 - Calendar Activities are off by 1 day.

  • #6140 Fixed #6140 - Switch from league/url to league/uri due to deprecation.

  • #6445 Fixed #6445 - Campaigns Wizard - EMail Template "Assigned to" issue.

  • #7241 Fixed #7241 - Some files still use the DB global variable.

  • #6420 Fixed #6420 - Campaigns: Test-Emails sent out twice.

  • #5652 Fixed #5652 - Ending spaces in language strings.

  • #6915 Fixed #6915 - File OAuth2Tokens/metadata/editviewdefs.php is Missing.

  • #7183 Fixed #7183 - My Cases dashlet searchFields status default values are incorrect.

  • #7369 Fixed #7369 - Reports module doesn’t have all all formats for displaying date.

  • #7370 Fixed #7370 - Reports module timezone date issue.

  • #7308 Fixed #7308 - Sub-Theme changes don’t always update.

  • #6851 Fixed #6851 - The query fails while managing event delegates in MSSQL.

  • #6882 Fixed #6882 - Email Address Removed if email is forwarded using outlook.

  • #7206 - Add php-cs-fixer to composer.json as a dev dependency.

  • #7356 - Configurable elasticsearch host in acceptance test.

  • #4198 - fixing a recursion issue on reminders.

  • #7297 - Fixed the support forum link.

  • #7240 - EmailTemplates: Improve image url replacement.

  • #7341 - Fix zero padding issue with openssl decryption.

  • #7329 - StateChecker: Don’t save hash debug traces.

  • #7253 - Fixed issue with undecoded subjects coming from Emails DetailView.

  • #7381 - tests: change the test config default date format to match the unit tests.

  • #7410 - StateChecker: disable save_traces by default.

  • #7418 - Remove repetitive instance URL visits from tests.

  • #7389 - Avoid caching incomplete beans in during SugarBean→fill_in_relationship_fields.

  • #7436 - Simplify the acceptance and install suite configs.

  • #7444 - IMAP StateSaver test fix

  • #7453 - Cache Composer files in Travis. (hotfix-7.10.x PR).

  • #7451 - Add composer validate job in Travis.

  • #7449 - Remove some incomplete tests and miscellaneous formatting fixes for the unit test suite

  • #7442 - Replace most instances of $I→wait(n) with waitForX.

  • #7437 - Remove wait from Codeception Travis env

  • #7452 - Disable stopOnFailure and stopOnError in PHPUnit config.


Please visit the official website to find the appropriate upgrade.

To report any security issues please follow our Security Process and send them directly to us via email security@suitecrm.com


7.11.5

Released 3rd June 2019

Release Notes

Security

  • #CVE-2019-12601 - Security Issue - Fix possible SQL Injection: InboundEmail.php

  • #CVE-2019-12600 - Security Issue - Fix possible SQL Injection: reassignUserRecords.php

  • #CVE-2019-12598 - Security Issue - Fix possible SQL injection

  • #CVE-2019-12599 - Security Issue - Survey module: Inputs are not sanitized (security issue)

Bug Fixes

  • #6882 Fixed #6882 - Email Address Removed if email is forwarded using outlook.

  • #6851 Fixed #6851 - The query fails while managing event delegates in MSSQL.

  • #7133 Fixed #7133 - Changes in Studio do not make an override file.

  • #6445 Fixed #6445 - Campaigns Wizard - EMail Template "Assigned to" issue.

  • #7241 Fixed #7241 - Some files still use the DB global variable.

  • #7310 Fixed #7310 - 7.10.x-hotfix CI is failing.

  • #7174 Fixed #7174 - /Api/V8 needs the ability to return a list of modules.

  • #7175 Fixed #7175 - /Api/V8 needs the ability to a list of module’s fields.

  • #6420 Fixed #6420 - Campaigns: Test-Emails sent out twice.

  • #5652 Fixed #5652 - Ending spaces in language strings.

  • #6915 Fixed #6915 - File OAuth2Tokens/metadata/editviewdefs.php is Missing.

  • #7250 Fixed #7250 - Notices in ListViews.

  • #7183 Fixed #7183 - My Cases dashlet searchFields status default values are incorrect.

  • #7288 Fixed #7288 - Field name in Campaigns is too short.

  • #7271 Fixed #7271 - Email Template selection in email module is not working for 7.10.16.

  • #7291 Fixed #7291 - Field name in ProspectLists is too short.

  • #7268 Fixed #7268 - Fatal Error with PHP7.3 with LoggerManager.php.

  • #6504 Fixed #6504 - Multiple bounce handling problems.

  • #7173 - Fix V8 API authorization header passing with apache+php-fpm.

  • #7263 - Travis due date fix.

  • #7273 - install.php: Syntax error upload logo.

  • #7290 - RFC: travis-ci: add a job for PHP 7.3.

  • #7297 - Fix support forum link.

  • #7240 - EmailTemplates: Improve image url replacement.

  • #4198 - fixing a recursion issue on reminders.

Please visit the official website to find the appropriate upgrade.

To report any security issues please follow our Security Process and send them directly to us via email security@suitecrm.com


7.11.4

Released 30th April 2019

Release Notes

Security

  • Security Issue - Fixed SQL injection

  • Security Issue - Fixed XSS vulnerability

  • Security Issue - Fixed Oauth2 access control issue

Bug Fixes

  • #7188 Fixed #7188 - ACL doesn’t work on JSON API V8.

  • #6829 Fixed #6829 - Cache composer packages on Travis CI.

  • #6540 Fixed #6540 - [language] Hard coded messages in Elasticsearch.

  • #6126 Fixed #6126 - If field value contains single quote, on each save CRM will treat this field as a changed.

  • #5724 Fixed #5724 - Map Area - Import Option Fails : An Error has occurred.

  • #7221 Fixed #7221 - stdClass::$message_id undefinded for IMAP.

  • #7220 Fixed #7220 - Description/note fields in the contract line items formats the numeric values as currency.

  • #6480 Fixed #6480 - REST API - Prevent "Too few arguments to function SugarWebServiceImplv4" after API call.

  • #7080 Fixed #7080 - API returns wrong module string address for email addresses.

  • #7221 Fixed #7221 - stdClass::$message_id undefinded for IMAP.

  • #4661 Fixed #4661 - Ability to create / edit object’s "Created By" "Date Created" using API.

  • #6483 Fixed #6483 - V8 API Doesn’t popuplate created_by and modified_user_id.

  • #7188 Fixed #7188 - ACL doesn’t work on JSON API V8.

  • #6480 Fixed #6480 - REST API - Prevent "Too few arguments to function SugarWebServiceImplv4" after API call.

  • #6483 Fixed #6483 - V8 API Doesn’t popuplate created_by and modified_user_id.

  • #6864 Fixed #6864 - API - overzealous method visibility.

  • #6037 Fixed #6037 - AOR Reports - Issue with related records in reports.

  • #7162 Fixed #7162 - Popup select All records btn hidden in SuiteCRM 7.11.x.

  • #7166 Fixed #7166 - Upgrad to 7.11.3 version email body is empty.

  • #5746 Fixed #5746 - Unable to order results descending on get_relationships API method .

  • #6455 Fixed #6455 - The V8 API does not allow filtering by custom fields.

  • #7189 Fixed #7189 - Fatal error when loading custom views.

  • #7207 Fixed #7207 - Get Menu.php from custom/modules/MODULE_NAME/.

  • #7095 Fixed #7095 - Api relationship links are missing the /Api and start with /V8 .

  • #6950 Fixed #6950 - We should have a way to add composer dependencies safe-upgrade.

  • #49 Fixed #49 - Support pthreads.

  • #6761 Fixed #6761 - Api/V8 - Unable to Delete (unlink) relationships.

  • #48 - Browser title not correct for custom modules.

  • #46 - Spanish reminders added to notify template.

  • #7147 - Api - fix relate fields not populating on get_list.

  • #6744 - Fix emails losing confirmed opt-in when converting a lead to a contact.

  • #6680 - Change default view on template to avoid date created/modified issues.

  • #7214 - Fixed DeleteRelationshipParams typo.

  • #7213 - Fixed relationship links url.

  • #7229 - Remove hardcoded encryption key.

  • #7176 - Remove codecov patch status.

  • #7217 - Fix AOS_Product_Categories test name.

Users of ALL previous 7.11.x releases are advised to Upgrade to 7.11.4 as soon as possible.

Please visit the official website to find the appropriate upgrade. To report any security issues please follow our Security Process and send them directly to us via email security@suitecrm.com

7.11.3

Released 28th Mar 2019

Release Notes

Security

Enhancements

  • #6806 WYSIWYG Field type core contribution.

  • #6710 Performing an upgrade from the CLI.

  • #6823 UI change: Displaying proper popup of list of PDF Templates

Bug Fixes

  • #7101 Fix (little) v8 API for v7.10.10+

  • #7099 Fix/mssql folder support

  • #7091 Fix obscured milestone radio buttons in Project Templates

  • #7075 Fixed missing curly brace in SoapPortalUser.php.

  • #6921 Fixed #6921 - Verbose logs for popErrorLevel

  • #7049 Give cookie a default value to stop from throwing notices.

  • #6978 Fixed #6998 - cron.php fails because there is no check whether ElasticSearch is enabled

  • #6978 Fixed #6978 - Hosting company is blocking ports because of YamlRunnerTest.php

  • #6985 Fixed #6985 - Exception on Repair/Quick Repair and Rebuild

  • #6755 Fixed #6755 - Adding setFooter('{PAGENO}') to the PDF

  • #7044 Fixed Content-Type header missing in some cases for the getImage entry point.

  • #6733 Fixed - AOR Reports: Add a security groups subpanel.

  • #7034 Fixed - Removed sugar reference.

  • #6729 Fixed #6729 - Email Style Issue - Black screen.

  • #6822 Fixed - Now using secure cookies when appropriate.

  • #7084 Fixed #7084 - Fix Error in SearchForm2.php when having a function in field definition.

  • #7045 Fixed - EmailTemplates: Only show subpanels in the DetailView.

  • #7060 Fixed - warnings in log.

  • #7067 Fixed #7067 - InLine Date Edit bug - Call to a member function format() on boolean.

  • #7064 Fixed - Use the provided method to make sure the index exists.

  • #551 Fixed #551 - add functionality to save new labels for relationships.

  • #6942 Fixed - issue with tab panel and quick create form.

  • #5497 Fixed #5497 - Reports: Hide inaccessible modules in the reports editor.

  • #7082 Fixed - EmailTemplates: Fix undefined property error when creating a new template.

  • #7035 Fixed - Increase minimum recommended memory to 64Mb (for 7.10.x).

  • #3592 Fixed #3592 - Problems with quotations.

  • #675 Fixed #675 - Suitecrm 7.3.2 Calendar entries are not displayed.

  • #7012 Fixed - Codecov threshold.

  • #6844 Fixed #6844 - Reduce travis output - DotReporter.

  • #6185 Fixed #6185 - Top menu mouse out does not close sub.

  • #5662 Fixed #5662 - EmailTemplate: Fix images URLs not being converted with mozaik.

  • #7043 Fixed - Random unittest error in SugarControllerTest.

  • #7041 Fixed - Any Phone search on Contacts module added missing field phone_home on SearchFields.

  • #7032 Fixed #7032 - Add setLevelMapping method.

  • #7004 Fixed - PDF templates from setting no value when 0.00 is entered.

  • #7008 Fixed - Remove Robofile.php + Update composer.lock.

  • #7021 Fixed - link to testing documentation. [ci-skip].

  • #5706 Fixed #5706 - 7.10.4 - Checkboxes are missing in downloaded PDF from Reports.

  • #2531 Fixed #2531 - 7.10.4 - Report Writer - Boolean Field will not export to CSV

  • #6936 Fixed #6936 - Global link Employees always reset list query.

  • #5985 Fixed - unified search "no results" page.

  • #6815 Fixed - unittests: Fixes for PHP 7.3.

  • #7051 Fixed #7051 - Changed a limit of 2.147.483 seconds for autoRefresh.

  • #7054 Fixed #7054 - Email body blank when sent as plaintext only.

  • #7025 Fixed #7025 - Sent date for emails in History View Summary is incorrect.

  • #6860 Fixed - Reports: Hides inaccessible modules in the reports editor.

  • #5967 Fixed #5967 - AOR Reports - incorrect calculation for date quarter periods.


Users of ALL previous 7.11.x releases are advised to Upgrade to 7.11.3 as soon as possible.

Please visit the official website to find the appropriate upgrade.

To report any security issues please follow our Security Process and send them directly to us via email security@suitecrm.com


7.11.2

Released 19th Feb 2019

Release Notes

Enhancements

  • #6186 Feature/robo coding standards

Bug Fixes

  • #4361 Fixed #4361 Use Parameter $imageJSONEncode if returning sprites

  • #6832 Fixed #6832 - Project Coding Standards being ignored

  • #6867 Confirm opt-in fix

  • #6870 Fixed #6870 - Composer deprecation warning

  • #6796 Fixed #6796 duplicated code and broken braces introduced in a previous merge

  • #6886 Fix/php lint

  • #6894 Duplicate: Reports: Fix "One of" operator for multi select fields

  • #6904 Fixed #6904 - In Campaign view status page, row is out of box

  • #6916 Fixed #6916 - 7.11.1 Fatal: Object of class EmailAddress could not be converted to string

  • #6036 Fixed #6036 - Reports entering a date parameter with Period operator

  • #6298 Fixed #6298 - Pagination not working on list views

  • #6932 Fixed #6932 - 7.11.1: Newer version of PHPMailer is not compatible with Email:email2Send method

  • #6778 Fixed #6778 - Role Management - Header change doesn’t update entire colum

  • #2117 Fixed #2117 - Redundant More Button in SuiteP

  • #6865 Fixed #6865 - Move consolidation/robo to "require" in composer

  • #6865 Fixed #6419 - Reserved mssql keyword in query, crash business hours module

  • #6966 Fixed #6966 - Email to field wrong UFT-8 encoding

  • #6955 Fix missing quotes typo

Please visit the official website to find the appropriate upgrade.

To report any security issues please follow our Security Process and send them directly to us via email security@suitecrm.com


7.11.1

Released 31st Jan 2019

Release Notes

Bug Fixes

Emails
  • #6810 Resolved issue with email config within campaign wizard.

  • #6785 Resolved issue with system not sending attahcments.

  • #6767 Resolved Email view when using non default folders.

  • #6766 The SMTP Port saved as a string instead of int.

  • #6484 Inseting images from local disk rendered and saved within email templates.

  • #5961 Resolved saving attachments in the Email template editor.


Miscellaneous
  • #6787 Resolves critial issue when a new user being created the password wasn’t being saved.

  • #6786 No longer display "%20" instead of a space when in dropdown editor

  • #6468 Fixed possibility of NULL value breaking module builder templates

  • #6758 Removed duplication language strings.

  • #6140 Replaced league/url league/uri

  • #6516 Fillers now stay as saved in Gridlayout

  • #532 here is now an edit/remove in the projects subpanel

  • #6453 LDAP fix.

  • #6743 Add email account name to the inbox button '''

Developer
  • #6759 No longer deletes composer.lock on travis.

  • #6764 Travis Fix.


Please visit the official website to find the appropriate upgrade.

To report any security issues please follow our Security Process and send them directly to us via email security@suitecrm.com.


Release Stats

In total, we have merged 12 Pull Requests with 3 of these from Community contributions!

Please visit the official website to find the appropriate upgrade.

To report any security issues please follow our Security Process and send them directly to us via email security@suitecrm.com.


7.11.0

Released 14th Jan 2019

Release Notes

Enhancements

Google Calendar Synchronisation

Users can authenticate using their Google login and synchronise their Meetings between a Google calendar – these include updates, reminders, and invitees.

  • #6146 Synchronise SuiteCRM with Google Calendar

Elasticsearch

Elasticsearch is an open-source, broadly-distributable, readily-scalable, enterprise-grade RESTful search engine. It provides a highly flexible solution to centrally store and index your data that can be accessed extremely quickly via its API. By including Elasticsearch as a core search engine integration SuiteCRM can now provide users a faster and better scalable way to perform full text searches via Global Search on larger data volumes than before.

  • #6222 Global search with Elasticsearch integration

  • #1348 Added new 'Copy emails from WorkFlow Module' option to Workflow’s 'Create Record' action

This allows the user to copy a record’s email addresses using the workflow module actions to the newly created record if the option is checked.

  • #6533 Adding the ability to set subpanels to display as flat buttons via layoutdefs

$layout_defs['Leads']['subpanel_setup']['history']['flat'] = 1
  • #6493 Developers have the ability to extend the Favourites and Tracker functionality in SugarView

  • #3008 Developers have the ability to inject module vardefs or custom data into the DOM to utilise in complex JS functionality.

$data = $this->getVardefsData('Accounts');
$this->addDomJS($data, 'vardefs');

Bug Fixes

Emails
  • #6734 Resolved the bug where users were unable to navigate using the tab order

  • #6590 Insert images in Email Templates with tinyMCE

  • #4046 Fixed #4046 - 7.9.4 - imported emails are not auto related to related records when you reply to/reply to all/ forward them

  • #6402 Fixed #6402 - Resolved mass update of Users for Email Client.

  • #6351 Fixed #6351 - Now only sends one email when using activities subpanel as intended

  • #6485 Fixed #6485 - Resolves opt-in tick for external email clients

  • #6487 Fixed #6487 - Resolves the DB time shown for related email addresses in reports module

  • #6472 Fixed #6472 - Resolved wrong sized image for email templates in the campaign wizard

  • #5420 Date_sent filled correctly, Drafts will send and Layout fixed.

  • #4999 Fixed #4999 - Resolved sent emails now appear in the sent folder.

  • #6611 Fixed #6611 - Resolved Email Template now displays in List View correctly

  • #6713 Fix email related to when importing an email


Miscellaneous
  • #3763 Fixed #3763 - Resolved the bug that stopped users to navigate using tab order

  • #717 Fixed #717 - Corrects Field Indention on Detailview when by itself on panel

  • #707 Fixed #707 - Resolves the issue of users unable to clone a field in studio

  • #583 Fixed #583 - Adds the visual cue that a module is highlighted on main navigation

  • #3083 Fixed #3083 - Calendar pop up windows are incorrectly displayed under MENU bar index

  • #6004 Fixed #6004 - Fix round up for quotes/invoices where there is an increase in integral part

  • #6302 Fixed #6302 - installWizard styling

  • #6150 Fixed #6150 - This shows all the records of Parent Type in listview

  • #5477 Fixed #5477 - Resolves issue of Fillers Cause Spacing Issues on the DetailView when they are left of a Field

  • #6340 Fixed #6340 - Email Compose Dropdown now recognises specialised characters

  • #5948 Fixed #5948 - Resolved inline editing on the "content" field on the Campaign Module

  • #6647 Generate chart colours based on labels

  • #5783 Fixed #5783 - Resolved so that the geocoded table header is now visible

  • #2741 Fixed #2741 - Custom search field subquery now checks all values

  • #5771 Fixed #5771 - Resolves the Salutation variable missing in campaigns when used.

  • #6530 Fixed #6530 - unsubscribed users no longer showing up as subscribed

  • #6190 Fixed #6190 - You can now access Change Log from Document Detail View

  • #6549 Fixed #6549 - No longer a missing surveys_campaigns relationship

  • #6565 fixes google calender language formatting

  • #6579 Fixed #6579 - Resolved Calendar creating an extra meeting after Repeat End by

  • #6552 Fixed #6552 - Resolved AOR_Report exporting apostrophies to CSV.

  • #6599 Fixed #6511 - Resolved the Document Attachment Subpanel is now correct

  • #6594 Fixed #6594 - Resolved Calendar now updates visually when not using "Shared Calendar Separate"

  • #6629 Resolved link now gets deleted in documents

  • #6653 Resolved campaing wizard no longer shows the template editor in all steps

  • #6651 Fixed #6651 - Added LBL_CHECKMARK to SecurityGruop language

  • #4872 Fixed #4872 - Fixed so subpanel actions are no longer failing if refresh_page=1

  • #6738 Resolves the issue of when creating a row the delete collumn will now display correctly.

  • #6687 Minor grammar fixes to log entry

  • #532 Fixed #532 - Add the edit/remove button to Project Tasks subpanel


Developer
  • #6260 New Tests for Inbound Email functionality

  • #2400 Fixed #2400 - Language manifest is duplicated and overwritten on each install

  • #6464 Codecov exclude

  • #6548 code cleanup

  • #6585 php_zip_utils.php

  • #6586 Fixed #6586 - Fix an erroneously-commented return statement.

  • #6592 Updated contributing.md

  • #6568 Fixed #6568 - Change minimun and recommended PHP

  • #5508 Fixed #5508 - Upgrade phpMailer to 6.x

  • #6566 Update composer.json + composer.lock

  • #6603 Added/Refactor: Clean MySql Queries in SugarFolders

  • #5509 Fixed #5509 - [language] Now has the correct label for 'FOR_AMOUNT' in activity stream

  • #6637 Vardefs definition in dom

  • #6648 Fixed #6648 - We add a task in RoboFile.php for cleaning cache directory

  • #6678 Resolved blank screen on PasswordManager

  • #6698 Copyright revision

  • #6539 Cleanup, Refactoring and bugfix for Google Sync

  • #6303 Fixed #6303 - Administration / System Settings / ERROR in log: argument cache/themes/SuiteP/modules is not a file or a dir


Developer Note

Change in file location:

Library Old Location New Location

Recaptcha

include/reCaptcha/

vendor/google/recaptcha

TinyMCE

include/javascript/mozaik/vendor/tinymce

vendor/tinymce/tinymce/

PhpMailer

include/phpmailer/

vendor/phpmailer/phpmailer


Release Stats

In total, we have merged a MASSIVE 69 PULL REQUESTS with 24 of these from Community contributions!

Special thanks to LEAP-nishit and the following members for their contributions and participation in this release (in order of most Pull Requests contributed).

Please visit the official website to find the appropriate upgrade.

To report any security issues please follow our Security Process and send them directly to us via email security@suitecrm.com.


7.11 RC 2

Release Notes

Enhancements

  • #1348 Added new 'Copy emails from WorkFlow Module' option to Workflow’s 'Cr…

  • #3008 Module vardefs definitions or custom data in the DOM

  • #6533 Fix/Individual Flat Subpanels

  • #6632 Set collapsed_subpanels preference

  • #6493 Definition of Favorites and Trackers Beans in Sugar View

  • #6590 Insert images links in Email Templates with tinyMCE

  • #6584 Adding inboundemail tests using FakeImapHandler

  • #6260 New testing email related functions

Bug Fixes

  • #6618 Push acceptance test output to new file host

  • #6585 Remove php_zip_utils error

  • #6454 Reverting back to PHPunit and only using codeception for API & acceptance tests

  • #6548 Elastic Search Code Clean Up

  • #6566 Update composer.json + composer.lock

  • #6588 Resolve merge conflict for Cases EditView - hide non new case fields

  • #6637 Vardefs definition in dom - Adding Tests

  • #6603 Added/Refactor: Clean MySql Queries in SugarFolders

  • #6592 Updated contributing.md

  • #6464 Codecov exclude - faster time hopefully.

  • #6368 Fix for issue #5477

  • #6609 Fixed #6594 - Calendar doesn’t update visually when NOT using "Shared Calendar Separate"

  • #2930 Fixed #707 - added conditional statement to check if action is not clone

  • #6304 Fixed #6303 - Administration / System Settings / ERROR in log: argument cache/themes/SuiteP/modules is not a file or a dir.

  • #6488 Fixed #6487 - opt-in: use the DB time for writing confirm_opt_in_*date

  • #2956 Fix #2219 - Description field not wrapping with SuiteP theme after in…

  • #6004 Fixed #6003 - round up for cases where there is an increase in integral part.

  • #6629 Fix issue where link is not deleted for documents

  • #6634 Fixed #5509 - [language] New label 'FOR_AMOUNT' in activity stream for opportunity

  • #6327 Fixed #6150 - SuiteCRM v7.10.7, bug Returns parent record data.

  • #6192 Fix #6190 - Change Log access from Document Detail View

  • #6378 Fixed #5948 - 7.8.18 Content Field on Campaign module can’t be edited…

  • #6600 Hotfix 4999 sent folder issue

  • #6612 Fixed #6611 - Email Template doesn’t display in List View correctly

  • #6460 Fixed #2741

  • #6302 Fixed installWizard styling - check writable module

  • #6411 Fixed #5783 - The table header with geocoded objects is not visible

  • #6530 Manage subscriptions: Fix unsubscribed users showing up as subscribed sometimes

  • #3846 partial fix for issue of logic for default value

  • #6597 Fixed: #6552 AOR Report Export CSV was giving incorrect data when using apostrophe (') into any field

  • #6550 FIX #6549 - Add missing surveys_campaigns relationship

  • #6497 Fixed #6472 - Fix wrong image sizes for email templates in the campaign wizard

  • #6599 Fixed #6511 - Document Attachment Subpanel link incorrect

  • #6466 Fixed #5771 - Salutation variable in campaigns displays item name instead of value 7.10.4

  • #4072 Fixed #4046 - 7.9.4 - imported emails are not auto related to related records when you reply to/reply to all/ forward them

  • #6474 Fixed #6351 - Triple email sending when i use activities subpanel in Contact Module

  • #6573 FIX #6568 - Change minimun and recommended PHP

  • #6565 Fixes google calender language formatting

  • #6571 FIX #6568 - Adjust SUITECRM_PHP_REC_VERSION to 7.1.0

Please visit the official website to find the pre-production appropriate upgrade.

Special thanks to LEAP-nishit and the following members for their contributions and participation in this release!

To report any security issues please follow our Security Process and send them directly to us via email security@suitecrm.com

Lastly a big thank you to the community for testing and confirming pull requests in our 17-18th December 2018 Pull Request Party. This release is the result of the hard work and effort everyone put into the project!

Content is available under GNU Free Documentation License 1.3 or later unless otherwise noted.