7.12.x Releases

7.12.6

Released 24/05/2022

Assets

Release Notes

Important: This release includes critical security fixes, we strongly recommend users of older versions to update as soon as possible

Important Upgrade Notes

  • New entries were added to the config. Please make sure to run Rebuild Config File located in the Administration > Repair menu

  • Php session_gc is now force enabled by default.

    • This option can be disabled by setting enable within the session_gc array to false in config.php

    • The values for session.gc_probability and session.gc_divisor can be changed in the following config.php entries within the session_gc array

      • gc_probability

      • gc_divisor

    • Check php documentation for more information on these settings https://www.php.net/manual/en/session.configuration.php

    • If you are using a session_dir other than the default, please make sure to have session_gc enabled. Otherwise session files won’t be cleaned.

    • If you are using debian or ubuntu based systems, and you have the default session_dir (which fallsback to the system default), You may want to set enable within session_gc array to false, as that is the default value for these systems. They have replacements for the php session_gc. Please review your system’s defaults before making any changes.

Security

  • CVE: Pending - SQL Injection Vulnerability

  • CVE: Pending - SQL Injection Vulnerability

  • CVE: Pending - SQL Injection Vulnerability

  • CVE: Pending - Improper Access Control

  • CVE: Pending - RCE and CSRF Vulnerability

  • CVE: Pending - Authenticated Bypass Vulnerability

Bug Fixes

  • PR: 9577 - Update TinyMCE

  • PR: 9583 - Fix AOR_Report Unit Tests

  • PR: 9578 - Update Jquery JS Libraries

  • PR: 8599 - Auto-close success message boxes in ModuleBuilder

  • PR: 9584 - Fix SCRM-Core#87 - Prevent disabling the default language

  • PR: 9523 - Fix #9438 - Adding Action keyword to fieldname exception

  • PR: 9495 - Fix #9494 - Force displaying line breaks to textarea fields

  • PR: 9580 - Fix #9435 - Dropdown doesn’t return empty selected value

  • PR: 9522 - Fix #9435 - Dropdown doesn’t return empty selected value

  • PR: 9589 - Fix #9530 - Fallback to allowed_preview defaults

  • PR: 9581 - Fix #3157 - Add default option to enable session_gc

  • PR: 9582 - Fix #9437 - Default cookie path

Community

Special thanks to everyone who reporting the security issues addressed in this release!

mounta1n, Exodus Intelligence, Lekhang123lc

Special thanks to the following members for their contributions and participation in this release!

Please visit the official website to find the appropriate upgrade package.

To report any security issues please follow our Security Process and send them directly to us via email security@suitecrm.com

7.12.5

Released 02/03/2022

Assets

Release Notes

Important Upgrade Notes

  • This release adds a new index to help improve performance in emails, instances with significantly large volume of emails may wish to run ALTER TABLE emails ADD INDEX idx_email_uid (uid); directly on their database prior to the upgrade to help avoid a potential timeout / long upgrade.

Security

Bug Fixes

  • PR: 9478 - Update Github Templates

  • PR: 9507 - Add getters to SearchResultsController

  • PR: 9479 - Fix 2857 - No Dynamic Refreshing in Dashboards

  • PR: 9509 - Fix 9508 - Legacy Search Fields are incorrect size.

  • PR: 9481 - Fix 9480 - Slow to get Imap Mailbox with Mass Record Amounts

  • PR: 9518 - Fix 4075 - No way to add Email Signature after adding Email Template

  • PR: 9521 - Fix 9427 - Adding missing help popup help strings in Studio

  • PR: 9525 - Fix 9468 - Adding Security Suite subpanels to new custom modules

  • PR: 9452 - Fix 9451 - Missing duplicate merge filter options in Studio

  • PR: 9446 - Fix 9445 - More than 10 tabs in a views enters in a loop

  • PR: 8492 - Fix 8366 - V8 API Filtering W/ OR Operator Chained Conditions

Community

Special thanks to everyone who reporting the security issues addressed in this release!

NetbyteSEC www.netbytesec.com, Manuel Zametter

Special thanks to the following members for their contributions and participation in this release!

Please visit the official website to find the appropriate upgrade package.

To report any security issues please follow our Security Process and send them directly to us via email security@suitecrm.com

7.12.4

Released 10/02/2022

Assets

Release Notes

Important: We have now updated UTF-8 repair tool to fix a critical issue where it would mark valid email addresses as deleted in 7.12.3. We would recommend updating to 7.12.4+ to access the fix for this functionality. We would again like to thank the community for their assistance in identifying and highlighting this issue.

Please note that the UTF-8 Repair will not function for user passwords. Therefore, we would advise any users who could be experiencing issues logging in to reset their password accordingly.

Bug Fixes

  • PR: 9483 - Fix 9482 - Only save update fields on utf encoding repair

  • PR: 9391 - Fix 7842 - Do not reset email addresses list upon saving

  • PR: 9496 - Fix 9496 - Cannot save dropdown values

  • PR: 9495 - Fix 9495 - Fix duplicate results in basic search

  • PR: 8476 - Statically Compile EXT Files & Studio Override Precedence

Community

Special thanks to the following members for their contributions and participation in this release!

Please visit the official website to find the appropriate upgrade package.

To report any security issues please follow our Security Process and send them directly to us via email security@suitecrm.com

7.12.3

Released 27/01/2022

Assets

Release Notes

Important - This release resolves an important issue with UTF-8 encoding. Data created from 7.10.30 and 7.11.19 onwards may be wrongly encoded on your database and could therefore result in search issues. To resolve these issues please run the new 'Repair utf encoding' option on the Repair actions via the Admin Tools menu or through Robo CLI.

Repairing utf8 data

Important: We have verified an issue with the UTF-8 repair tool marking valid email addresses as deleted. As such, we would discourage users from using the 'Repair utf encoding' option on the Repair actions via the Admin Tools menu or related Robo CLI commands on this version. Please note this is resolved from 7.12.4, please upgrade to this version or above to make use of this feature.

Intro

Before running the utf8 data repair command, please have the following into account:

  • Please make sure to backup your database before you run this action

  • The data on your tables is going to be updated

Execution modes

The data repair can be executed in two modes: asynchronous and synchronous

Asynchronous

  • Default execution mode

  • It adds a job to the job queue.

  • It will normalize records in batches.

  • It requires cron to be configured.

Synchronous

  • Optional. Can be used in Robo CLI and in the Repair administration menu

  • It will repair data on all records in one pass.

  • Both Robo CLI and UI page will only end after all records are repaired

Running using Robo CLI

To run using robo, use the following command:

./vendor/bin/robo repair:normalize-record-encoding

To run run using robo in synchronous run the command with the --sync-run

./vendor/bin/robo repair:normalize-record-encoding --sync-run

For information on more options run:

./vendor/bin/robo repair:normalize-record-encoding --help

Running using the UI

  • Login as admin user

  • Go to Administration page

  • Go to Repair

  • Go to Repair utf encoding

  • Please read the warning messages

  • Optional: Change the settings on the page

  • Click Submit

  • You’ll see different output depending on the execution mode you’ve selected

Security

  • CVE: Pending - SQL Injection

  • CVE: Pending - Improper Access Control

  • CVE: CVE-2021-45898 - Local File Inclusion

  • CVE: CVE-2021-45899 - PHAR Deserialization Vulnerability / RCE

  • CVE: CVE-2021-45897 - RCE Vulnerability

Bug Fixes

  • PR: 9416 - Fix #9191 - Update antixss lib dependency

  • PR: 9434 - Fix #9434 - Cron notion unit tests fails

  • PR: 9420 - Fix #8525, #8309 Bulk Action button missing and delete button showing for users with no delete access

  • PR: 9398 - Fix #9398 - Consistently store dropdowns in $app_list_strings

  • PR: 9407 - Fix #9406 - Validation displayed static message isn’t correct

  • PR: 9353 - Fix #9271 - Primary Email property is kept after adding an Email address field

  • PR: 9410 - Fix #9378 - Filter by Email1 Field Through the API

  • PR: 9312 - Fix #9312 - Declaring object within StudioClass to remove Strict Warnings

  • PR: 9387 - Fix #9387 - Clean Historic and Failed Schedulers

  • PR: 9401 - Fix #9380 - Date action in workflow fails to save

  • PR: 9409 - Fix #9408 - Emails can’t be deleted from inline edit

  • PR: 9418 - Fix #8948 - Make Project Tasks Importable.

  • PR: 8428 - Fix #8155 - Remove Unused PDF Settings

  • PR: 9455 - Fix #9455 - Popup metadata override removed when filtered

Community

Special thanks to everyone who reporting the security issues addressed in this release!

Ihor Bliumental, Manuel Zametter, Cristóbal Leiva

Special thanks to the following members for their contributions and participation in this release!

Please visit the official website to find the appropriate upgrade package.

To report any security issues please follow our Security Process and send them directly to us via email security@suitecrm.com

7.12.2

Released 17/12/2021

Assets

Security

Bug Fixes

  • PR: 9348 - Fix #9382 - Outbound Emails editview Unsupported operand types fatal in php 8

  • PR: 9379 - Fix #9374 - OAuth password creation Unsupported operand types fatal in php8

  • PR: 9087 - Fix #9078 - Allow changing text colors when composing an email

  • PR: 9377 - Fix #9376 - Allow Workflows to run on imported records

  • PR: 9030 - Fix #9030 - Campaign Email settings removes Email Settings

  • PR: 9359 - Fix 9383 - Unsupported each function in php8.

  • PR: 9393 - Fix email message modal buttons

Community

Special thanks to everyone who reporting the security issues addressed in this release!

Konstantin Damotsev, Victor Garcia, Manuel Zametter

Special thanks to the following members for their contributions and participation in this release!

Please visit the official website to find the appropriate upgrade package.

To report any security issues please follow our Security Process and send them directly to us via email security@suitecrm.com

7.12.1

Released 19/11/2021

Assets

Security

  • CVE: Pending - Fixed file check bypass

  • CVE: Pending - Local File Inclusion

Enhancements

  • PR: 9369 - Prevent Email Reminders for Disabled User

Bug Fixes

  • Fix 8432 - Remove index limit from mssql index names upon create and repair.

  • PR: 9334 - Implement PDF extension

  • PR: 9347 - Fix rebuild scss Robo command

  • PR: 9357 - Use wildcard rather than the defunct "_all" field

  • PR: 9351 - Fix 9119 - Rebuild theme cache after custom property changed in Studio

  • PR: 9368 - Fix 9217 - Revert "Fix Users index incompatible with MSSQL".

  • PR: 9360 - Fix 9358 - Meeting invite notification emails are not sending to all invitees.

  • PR: 9361 - Fix 9192: Fix duplication of folders_rel table entries.

  • PR: 9246 - Fix 6994: Update pollMonitoredInboxesAOP to double check that SugarFolder has been retrieved correctly.

  • PR: 9367 - Update PDF template warning

Community

Special thanks to the following members for their contributions and participation in this release!

Please visit the official website to find the appropriate upgrade package.

To report any security issues please follow our Security Process and send them directly to us via email security@suitecrm.com

7.12

Released 28/10/2021

Update 04/11/2021

Upgrade Packages have been revised to address an issue #9340 where upgrades could only be performed on php 7.3.x. The revised upgrade packages have been posted to the release section on the main website here.

Assets

Enhancements

  • PR: 9244 - PDF Engine Selection

    • MPDF License has be found to no longer be compliant with AGPL3 and due to this the MPDF will not be included in new installs. MPDF will not be removed on upgrade, but the system will default to a new engine, with an option to revert back to the MDPF if required.

  • PR: 9185 - Noon Theme

  • PR: 9298 - Implement TCPDFEngine

  • PR: 9208 - Implement standard PDF Engines

  • PR: 9187 - Composer 2.0

  • PR: 9291 - Allow configuring the Calendar name for the Google Sync via config

  • PR: 9171 - Upgrade ElasticSearch to 7.x

    • This is the new minimum ElasticSearch version that is required for update.

  • PR: 9170 - PHPUnit/Codeception Upgrade

  • PR: 9159 - Implement standard SearchEngines

  • PR: 9172 - Malicious File Scanning

  • PR: 9095 - Consolidate global search settings (AOD, Basic)

Other Notable Changes

  • PR: 9094 - AOD (Lucene) has been Deprecated to be removed in SuiteCRM 8.0

  • PR: 9321 - Fix TCPDF Scale

  • PR: 9333 - Deprecate TCPDF

  • PR: 9335 - Fix PDF Engine Comparability issues

  • PR: 9186 - Fix missing default config values

  • PR: 9188 - Fix PDF_Lib constructors

  • PR: 9324 - Fix search result hits

  • PR: 9318 - Fix TCPDF Name

  • PR: 9310 - Fix SearchFormView visible options

  • PR: 9309 - Update workflow acceptance test

  • PR: 9296 - Fix CleanCSVTest return types

  • PR: 9306 - Fix filepath for mPDF class

  • PR: 9294 - Fix/noon styling issues

  • PR: 9083 - Update minimum required PHP to v7.3.0

  • All default config value now set on install

  • utf8mb4 charset and utf8mb4_general_ci collation now the default on MySQL Databases on new installs

Community

Please visit the official website to find the appropriate upgrade package.

To report any security issues please follow our Security Process and send them directly to us via email security@suitecrm.com

7.12-rc

Released 05/10/2021

Assets

Enhancements

  • PR: 9244 - PDF Engine Selection

    • MPDF License has be found to no longer be compliant with AGPL3 and due to this the MPDF will not be included in new installs. MPDF will not be removed on upgrade, but the system will default to a new engine, with an option to revert back to the MDPF if required.

  • PR: 9185 - Noon Theme

  • PR: 9298 - Implement TCPDFEngine

  • PR: 9208 - Implement standard PDF Engines

  • PR: 9187 - Composer 2.0

  • PR: 9171 - Upgrade ElasticSearch to 7.x

    • This is the new minimum ElasticSearch version that is required for update.

  • PR: 9170 - PHPUnit/Codeception Upgrade

  • PR: 9159 - Implement standard SearchEngines

  • PR: 9095 - Consolidate global search settings (AOD, Basic)

Other Notable Changes

  • PR: 9094 - AOD (Lucene) has been Deprecated to removed in SuiteCRM 8.0

  • PR: 9083 - Update minimum required PHP to v7.3.0

  • All default config value now set on install

  • utf8mb4 charset and utf8mb4_general_ci collation now the default on MySQL Databases on new installs

Community

Please visit the official website to find the appropriate upgrade package.

To report any security issues please follow our Security Process and send them directly to us via email security@suitecrm.com

Content is available under GNU Free Documentation License 1.3 or later unless otherwise noted.