Update Feed

SuiteCRM 7.14.4

12 June 2024

SuiteCRM version 7.14.4 is now available (security release).

Upgrading to SuiteCRM 7.14.4

SuiteCRM 7.14.4 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply SuiteCRM updates as new versions are released, or use Installatron's Clone feature to duplicate an existing SuiteCRM install to test the 7.14.4 upgrade prior to applying it live. Get started managing your SuiteCRM installations with Installatron

What's New in SuiteCRM 7.14.4

Security

CVE-2024-36416: Excessive log data DOS Vulnerability | GitHub Advisory | Reporter: Elysee Franchuk
CVE-2024-36415: Improper Access Control Vulnerability | GitHub Advisory | Reporter: Anael MURAT (Fidens) - Sicarius
CVE-2024-36414: SSRF Vulnerability | GitHub Advisory | Reporter: Anael MURAT (Fidens) - Sicarius
CVE-2024-36413: XSS Vulnerability | GitHub Advisory | Reporter: Anael MURAT (Fidens) - Sicarius
CVE-2024-36412: SQL Injection Vulnerability | GitHub Advisory | Reporter: Anael MURAT (Fidens) - Sicarius
CVE-2024-36411: SQL Injection Vulnerability | GitHub Advisory | Reporter: Anael MURAT (Fidens) - Sicarius
CVE-2024-36410: SQL Injection Vulnerability | GitHub Advisory | Reporter: Anael MURAT (Fidens) - Sicarius
CVE-2024-36409: SQL Injection Vulnerability | GitHub Advisory | Reporter: Anael MURAT (Fidens) - Sicarius
CVE-2024-36408: SQL Injection Vulnerability | GitHub Advisory | Reporter: Anael MURAT (Fidens) - Sicarius
CVE-2024-36407: Improper Access Vulnerability | GitHub Advisory | Reporter: Anael MURAT (Fidens) - Sicarius
CVE-2024-36406: Open Redirect Vulnerability | GitHub Advisory | Reporter: Anael MURAT (Fidens) - Sicarius
CVE-2024-36418: RCE Vulnerability | GitHub Advisory | Reporter: Andrius Oželis
CVE-2023-6537: SSRF Vulnerability | GitHub Advisory | Reporter: Carlos Bello
CVE-2024-36419: Host Injection Vulnerability | GitHub Advisory | Reporter: Tanish Mahajan

Bug Fixes

Check report has been loaded before setting user params
Workflow - Copying Formatted values of a multienum to another field
Date end not stored correctly in Calls
Graphic Issue search view after 7.14 upgrade
Workflow - Add filters to quick and advanced search view in AOW Processed module
Creation of Project with Template Causes 500 Error
Survey Responses doesn’t get assigned_user after sending Survey
Upgradewizard double commit
PDF rendering issues
skip to last page if disable_count_query=true
Emails don’t show subject MIME headers
Admin - Install Module - "Back to Module Loader" shows page with header only
$discount_amount corrupted
new issue menu templates