8.6.2
(beveiligingsupdate)
25 September 2024 - 330MBSecurity
- CVE: CVE-2024-45392: Wrong deletion permission checks on API delete call | GitHub Advisory | Reporter: gunnicom
Bug Fixes
- Fix #530 - Fix long values on topwidget
- Fix #529 - survey module textarea overflow
- Fix #528 - cancel warning on edit mode
- Fix #527 - Truncate navbar dropdowns
- Fix #526 - http to https
- Fix #525 - display logic on create mode
- Fix #524 - Make active listview action
- Fix #523 - unlink issue on subpanel activities or history
- Fix #522 - Add url checker and trigger session status and clear cache
- Fix #39 - Add within one day on statistic widget
- Fix #358 - Fix radio fields showns as textfields
- Fix #490 - Fix MassUpdate field and button not displaying
- Fix #466 - Unable to Save custom module record through Subpanel interface
- Fix #452 - Insights and Bulk Actions disappear after Listview Layout Change
- Fix #467 - Textblock Field Does Not Render on Front End
- Fix #471 - accented characters not displayed correctly
- Fix #491 - Diagnostic Tool broken in latest version
- Fix #481 - Editing related quote from opportunity subpanel gives you are not authorized
- Fix #462 - Load More keeping index
- Fix #9177 - Cant use edit inline in UserType field
- Fix #6376 - Problem with date start and finish in project task filters
- Fix #10268 - Access token wil not refresh for Oauth2 password clients
- Fix #10443 - Incorrect lengths in emails_text vardefs
- Fix #10437 - Calendar - 'Today' left-hand side bar option loads the week
- Fix #10433 - Email Address ID being double quoted
- Fix #5653 - VAT Display in PDF Templates wrong when Currency Significant Digits set to 0
- Fix #10404 - Compare parentenum_value more precisely
- Fix #2175 - No gif and shifted text after saving task in gants view
- Fix #2828 - Not translatable messages in Dashlet parameters
- Fix #10390 - URL is not clickable
- Fix #7150 - Show subpanels correctly
- Fix #10372 - Product import fails with fatal error
- Fix #9078 - Favorites adds record twice to the sidebar and to the db
- Fix #10339 - Inconsistent application of trim function on name & varchar fields
- Fix #10335 - Incorrect codification in the names of events displayed in the Calendar
- Fix #10319 - Json API SQL error when filtering by custom fields
- Fix #9829 - Fatal error during upgrade to 7.12.8
- Fix #10467 - Date range not working
- Fix #10441 - VAT Values display incorrectly on Quotes→Service Line Items, if Significant Figures = 0
- Fix #9855 - Using a "Personal"-type Oauth Connection causes issues with "Group"-type Inbound Accounts
- Truncate saved filter names
- Fix Quick Filter Styling
- Show titleKey on Filter dropdown
- Improve Administration navigation for mobile
- Improve date field styling
- Improve dropdown styling
- Improve recently viewed for mobile
- Fix delete of legacy record on recently viewed
Lees meer:
https://docs.suitecrm.com/8.x/admin/releases/8.6/#_8_6_28.6.1
(beveiligingsupdate)
12 Juni 2024 - 330MBSecurity
- CVE-2024-36416: Excessive log data DOS Vulnerability | GitHub Advisory | Reporter: Elysee Franchuk
- CVE-2024-36415: Improper Access Control Vulnerability | GitHub Advisory | Reporter: Anael MURAT (Fidens) - Sicarius
- CVE-2024-36414: SSRF Vulnerability | GitHub Advisory | Reporter: Anael MURAT (Fidens) - Sicarius
- CVE-2024-36413: XSS Vulnerability | GitHub Advisory | Reporter: Anael MURAT (Fidens) - Sicarius
- CVE-2024-36412: SQL Injection Vulnerability | GitHub Advisory | Reporter: Anael MURAT (Fidens) - Sicarius
- CVE-2024-36411: SQL Injection Vulnerability | GitHub Advisory | Reporter: Anael MURAT (Fidens) - Sicarius
- CVE-2024-36410: SQL Injection Vulnerability | GitHub Advisory | Reporter: Anael MURAT (Fidens) - Sicarius
- CVE-2024-36409: SQL Injection Vulnerability | GitHub Advisory | Reporter: Anael MURAT (Fidens) - Sicarius
- CVE-2024-36408: SQL Injection Vulnerability | GitHub Advisory | Reporter: Anael MURAT (Fidens) - Sicarius
- CVE-2024-36407: Improper Access Vulnerability | GitHub Advisory | Reporter: Anael MURAT (Fidens) - Sicarius
- CVE-2024-36406: Open Redirect Vulnerability | GitHub Advisory | Reporter: Anael MURAT (Fidens) - Sicarius
- CVE-2024-36417: Stored XSS Vulnerability | GitHub Advisory | Reporter: Atul RV
- CVE-2024-36418: RCE Vulnerability | GitHub Advisory | Reporter: Andrius Oželis
- CVE-2023-6388: RCE Vulnerability | GitHub Advisory | Reporter: Carlos Bello
- CVE-2023-6537: SSRF Vulnerability | GitHub Advisory | Reporter: Carlos Bello
- CVE-2024-36419: Host Injection Vulnerability | GitHub Advisory | Reporter: Tanish Mahajan
Bug Fixes
- Add support for multi-module definitions
- Improve Cache Clear Speed
- Fix custom relate
- Fix Some Search Styling
- Overlapping Names on Relate Fields
- Fix hard coded labels
- Tasks Contact Relate Field Filtering by last name
- Export not working
- Email Opening new tab in Legacy View
- new issue menu templates
- Check report has been loaded before setting user params
- Workflow - Copying Formatted values of a multienum to another field
- Date end not stored correctly in Calls
- Graphic Issue search view after 7.14 upgrade
- Workflow - Add filters to quick and advanced search view in AOW Processed module
- Creation of Project with Template Causes 500 Error
- Survey Responses doesn’t get assigned_user after sending Survey
- Upgradewizard double commit
- PDF rendering issues
- skip to last page if disable_count_query=true
- Emails don’t show subject MIME headers
- Admin - Install Module - "Back to Module Loader" shows page with header only
- $discount_amount corrupted
- new issue menu templates
- Fix Default value not setting correctly on some fields.
- Fix z-index on the useful bar.
Lees meer:
https://docs.suitecrm.com/8.x/admin/releases/8.6/#_8_6_18.6.0
(grote versie)
29 April 2024 - 330MBThere has been a number of enhancements added to this release to improve the user’s experience, including a new List View Back Button to help simplify navigation. Styling improvements for List view on Desktop and Mobile as well as updates for Relate, Drop Down and Multi Select fields to make them more user friendly. There has also been a number of Bug Fixes included fixes for the Mobile Module Menu and Password Expiration.
Lees meer:
https://docs.suitecrm.com/8.x/admin/releases/8.6/#_8_6_08.5.1
(grote versie) (beveiligingsupdate)
25 Februari 2024 - 330MB8.5.1
Bug Fixes
- PR: 389 - Fix #343 - Panels Collapsible
- PR: 395 - Fix #395 - Include all not displayed fields in Record
- PR: 383 - Fix #337 - Update commas to show on crowdin interface
- PR: 387 - Fix #386 - Action buttons show/hide by Logic
- PR: 391 - Fix #390 - Show message labelKey if not translation
- PR: 393 - Fix #393 - Update http links - About page
- PR: 402 - Fix #401 - ACL Check recordModule instead of Module, if available
- PR: 10265 - Fix #5392 - My Filters doesn`t show up on Project Tasks
- PR: 10266 - Fix #9563 - HTML Type field doesn’t populate
- PR: 10271 - Fix #373 - Google API Token not working
- PR: 10295 - Fix #10242 - Mass Security Group Assignment fails when multiple items from the same page are chosen
- PR: 10296 - Fix #10296 - Add duplication logic check on run_when Always
- PR: 10297 - Fix #9453 - User 'delete' option missing from menu
- PR: 10306 - Fix 5906 - Currency symbol for currency field in popup is always default
- PR: 10301 - Fix 10234 - Enum-type fields may have their values reset to their defaults, if they have non-blank defaults
- PR: 10300 - Fix #10302 - IMAP INBOUND EMAIL error
- PR: 10299 - Fix #9853 - The "Case Macro" field now appears empty by Default
- PR: 10312 - Fix #10312 - Group External Connection Changing type on edit
- PR: 10313 - Fix #10313 - Remove unused line in repair
- PR: 10294 - Fix #9144 - Popup error messages
- PR: 10293 - Fix 9858 - "Distribution Method" is not retained on Editview Load
- PR: 10292 - Fix #2833 - Process Audit Advanced Search
- PR: 10281 - Fix #10093 - Results are not filtered in the Targets Module popup
- PR: 10278 - Fix #6397 - Studio: Reset Module: Remove Custom Fields
- PR: 10314 - Fix #10314 - disabling active languages
- PR: 10283 - Fix #10283 - When selecting an Outbound Email Account, From/Reply Information should autopopulate for user convenience
- PR: 10308 - Fix #10307 - Retrieve object name via beanfactory
- PR: 10311 - Fix #10310 - Survey reports ui improvements
- PR: 10275 - Fix #10207, #10209 - Multiple Elasticsearch indexing issues
8.5.0
Backward Incompatible Changes
- Frontend Extension Updates: With the upgrade to angular v16 the version of the @angular-architects/module-federation lib has also been updated. Previously built extensions will need to be updated. Please read the Frontend extension - Migrate to SuiteCRM 8.5+ guide for information on how to upgrade.
Enhancements
- Cache Upgrade: We have added Symfony caching to backend metadata calls. On average this reduces the app metadata graphql calls from 429ms to 323ms.
- Quick Filters: Quick Filters are new option on list view saved filters. They allow easy access to filters and easy switching between frequently used filters (as depicted on the following gif).
- Mobile Adjustments: We have made some minor adjustments to the mobile view, where Insights are now disabled by default.
8.4.2
Backward Incompatible Changes
- The 'extensions/default' package has been renamed to 'extensions/defaultExt'
- DisplayType logic moved to displayLogic
Security
- CVE: CVE-2023-6130 - LFI to RCE Vulnerability
- CVE: CVE-2023-6128 - Reflected XSS Vulnerability
- CVE: CVE-2023-6131 - Arbitrary File Upload to RCE
- CVE: CVE-2023-6127 - Import XSS Vulnerability
- CVE: CVE-2023-6126 - Dashlet HTML Injection Vulnerability
- CVE: CVE-2023-6125 - PDF XSS Vulnerability
- CVE: CVE-2023-6124 - SSRF Vulnerability
- CVE: Pending - API Introspection Vulnerability
Bug Fixes
- PR: 367 - Fix #184 - Bulk Action buttons not functioning
- PR: 359 - Fix #301 - Contact not showing in Activities & history subpanel
- PR: 357 - Fix #347 - Validation on empty date fields
- PR: 356 - Fix #305 - Issue with dropdowns not displaying correctly in listviews/dashlets
- PR: 337 - Fix #336 - Lines fix for Crowdin
- PR: 360 - Fix #360 - admin panel when grouping modules
- PR: 10253 - Fix #10252 - Google Maps Geocoded Counts not displaying properly
- PR: 10248 - Fix #9537 - Activity subpanel isn’t working in a module with a parent_type / flex relate field
- PR: 10241 - Fix #9898 - Invalid cookie domain when using non-standard HTTP Port
- PR: 9522 - Fix #9435 - Dropdown doesn’t return empty selected value
- PR: 10246 - Fix #10246 - non-admin’s outbound email link not showing
- PR: 10220 - Fix #10220 - Add Email Body Filtering Selection
- PR: 10212 - Fix #10199 - PHP Fatal error: Uncaught Error: Non-static method SugarWidgetReportField::_get_column_select()
- PR: 10206 - Fix #10205 - Compatibility hotfix for PHP 8 in ActivitiesRelationship.php
- PR: 10201 - Fix #9950 editing Email settings drops TLS SSL selection
- PR: 10160 - Fix #10159 - Accounts - Not able to search by fax on 'Any Phone' search field
- PR: 10143 - Fix #10143 - Update ready.php change checking of upload max filesize from > to >=
- PR: 10142 - Fix #10141 - Orphaned Case Attachments bug
- PR: 10122 - Fix #10115 - Wokflow Calculate Action broken under PHP8
- PR: 10114 - Fix #10114 - parameter userTime method in class TimeDate
- PR: 10049 - Fix #10049 - Relationship::delete expects a string
- PR: 10028 - Fix #10028 - Allow workflow to send plain text emails
- PR: 10027 - Fix #10027 - Respect wildcard in front when searching a full name in basic search
- PR: 9964 - Fix #8980 - Check beanFiles for class path
- PR: 9881 - Fix #9880 - Error when importing currency fields with a decimal separator
- PR: 9524 - Fix #9440 - Forcing default null value for numeric core fields
- PR: 9459 - Fix #9456 - choose email provider does not populate SMTP settings
- PR: 9413 - Fix #9412 - Wrong email value displayed when aborting an inline edition
- Unify jquery versions
8.4.1
Security
- CVE: CVE-2023-5351: Stored XSS Vulnerability
- CVE: CVE-2023-5353: Improper Access Control
- CVE: CVE-2023-5350: SQL Injection Vulnerability
Bug Fixes
- PR: 303 - Fix #214 - Fix issue with my tasks dashlet causing display issues on the homepage
- PR: 346 - Fix #230 - Not able to access native auth with saml
- PR: 345 - Fix #344 - Fix admin metadata call not being cached
- PR: 9864 - Fix #9807 - Email import fix
- PR: 9806 - Fix #9805 - Use timezone offset for datetime only
- PR: 9726 - Fix #9725 - Date field value isn’t saved in a Workflow action related module
- PR: 10185 - Fix #10184 - Timezone not set on silent install
- PR: 10140 - Fix #10139 - HTML Text Field tinyMCE version
- PR: 10132 - Fix #10131 - Fix issue with file mode changes not being applied on cache rebuild
- PR: 10110 - Fix #10109 - Add displayParams.initial_filter to Parent
- PR: 9996 - Fix #8939 - Fix Static call to non-static method in AOW_WorkFlow
- PR: 9999 - Fix #9021 - User Preferences Wrong Label
- PR: 10005 - Fix #9574 - Avoid calling method in a static way
- PR: 10058 - Fix #5390 - Redundant message when duplicating a survey
- PR: 10130 - Fix #10129 - Fix issue with step 2 & 3 on the importer failing
- PR: 10092 - Fix #9062 - Studio layout changes not being reflected
- PR: 10008 - Fix #10007 - Text area cannot span two fields
- PR: 10016 - Fix #5712 - Alerts in the menu bar are not displayed with Night theme
- PR: 10102 - Fix #5385 - Fix Closed survey issues
- PR: 10063 - Fix #2111 - Hover over favorites item, shows module name, not label
- PR: 10079 - Fix #3050 - AOW: dropdown lists is not updating (calclulate field & modified record action)
- PR: 9997 - Fix #8359 - Fix Contract renewal reminder title is hardcoded
- PR: 9994 - Fix #9148 - Fix missing sorting labels
- PR: 10020 - Fix #10020 - Issue with missing label on Contact Module
- PR: 10195 - Fix #10195 - dropdown keys are not the same type
- PR: 10060 - Fix #10060 - User preferences detail-view template issues
- PR: 10120 - Fix #10120 - Inbound Email Issues
- PR: 9941 - Fix #9941 - Remove sugar pro flavor
8.4.0
Highlights
- Nav Bar Redesign
- Floating Save
- Developer improvements
- Smarty Upgrade
- PHP 8.2 Support added (minimum supported PHP version increased to 8.1)
Bug Fixes
- PR: 299 - Fix #215 - Cant Create records from custom modules
- PR: 286 - Fix #286 - Field Layout
- PR: 285 - Fix #285 - Readonly Field on Field Logic
- PR: 269 - Fix #296 - Fix case update notes
- PR: 10116 - Fix #10053 - Issue when creating new tabs on Dashlets
- PR: 10106 - Fix #10105 - Fix 500 error when saving audited numeric field
- PR: 10108 - Fix #10107 - Function getRelatedId is unable to return NULL values
Documentation
- We have updated the Field Logic page. This is now split into different pages.
- We have added a new page explaining operators with examples here also.
- We have added documentation about the Process Api.
Lees meer:
https://docs.suitecrm.com/8.x/admin/releases/8.5/#_8_5_18.3.1
(grote versie) (beveiligingsupdate)
15 Juli 2023 - 330MB8.3.1
Security
- CVE: CVE-2023-3627 - CSRF Vulnerability
Bug Fixes
- Show activities dropdown labels with regular user
- MySQL Error 1054: missing config.deleted columns
- Fix parent_type relate
- Update WebToPersonCapture.php
- Fix query limit check for queries without limit on ListView record list
- Adds extending option for the api bean mapper
- Codeception testing compatibility changes
- Fix AOP Config not saving
- Wrong decimal precision returned in a Modify Record workflow action
- Resolve high memory usage when performing bulk relationship changes
- Email Listview doesn’t render, so no Emails are visible
- Workflow fails with relationship condition
- Tasks due date not saving
- login parameter failing
- Monitered Folders are not selectable for Basic Auth Accounts
- Add better description of what is being removed during module installation for ACLs
- Add missing language definitions for the module loader
- Item element getting called incorrectly
- Fix bug where report conditions parenthesis pairs would not save correctly
- Issues changing dashlets name
- getRelatedId returns null instead of a string
- different date formats being compared for change log
- PHP Fatal error Uncaught TypeError PHP8
8.3.0
Security
- CVE: Pending - Stored XSS Vulnerability
- CVE: Pending - Improper Access Control
- CVE: Pending - Improper Access Control
Highlights
- Notifications are now available in SuiteCRM 8, for the following activities: Meetings, Calls
- When viewing Subpanels, you are now able to filter the results to locate the records you are interested in.
- You can now choose to 'Load More' meaning the records all display on the one page, making it easier to scroll up and down the list of records, rather than paging back and forth.
- SuiteCRM 8.3 now has a new administration page.
- SuiteCRM 8 now has the ability to see selected columns that do not appear on listview.
- Legacy styling fixes and other styling changes.
Bug Fixes
- enum required field validation
- Initialize bean in app controller
- [Legacy] Sugar_html onclick action issues
- Filtering null values
- PHP8 null values
- Decimal number calculations
- A typo in Campaign Trackers
- $mod_strings was not initiated
- Email OAuth Saving with no type
- allowed_preview is defined twice
- Upgrade league/oauth2-server to latest version
- ProspectLists save function has a duplication issue
- Double Compose button in subpanels
- Cannot configure Module Menu Filters on PHP8+
- Adding dynamicenum case option for export
- Adding missing relationship for SurveyResponses module
- Set fdow in Calendar popup date selector for range search and MassUpdate
- Adding decimal and float case option for export
- Mass assign security groups only assigns selected on current page
- Workflows Calculate Field Actions don’t translate dynamicenum fields
- Add extra To addresses to CC field
- Do not convert link URLs in TinyMCE
- Compose view quick search for email templates
- New User Group Popup. Popup does not show after creating a user
- SugarFeed shows 0 seconds ago and negative interval for certain datetime formats
- Workflow - Some Date calculations fail with certain formats
8.2.4
Security
- CVE: Pending - RCE Vulnerability
- CVE: Pending - Stored XSS Vulnerability
- CVE: Pending - Stored XSS Vulnerability
- CVE: Pending - SSRF Vulnerability
Bug Fixes
- CSRFCookieListener: remove RouteMatcherInterface type property to $routeMatcher
- Email Subject Line
- Set unique id for "Reset module" button in studio
- Fix Closing count bracket before relational operator PHP 8.0 count throwing TypeError
- Receive related parameters of type dynamicenum in workflow formulas
- Hard coded messages in Surveys module
- Case Updates save bug
- Javascript message error when bulk updating all user records
- Plesk php.ini disable_functions = opcache_get_status
- Fix OPCache install module copy action
- Security Groups do not work with modules whose name exceeds 36 characters.
- Default empty item when creating a new Dropdown field
- Update dashboard.scss for dashlet options overflow
- Add missing check on product image upload
- Conditions doesn’t recognize some of the characters set
- Fix Campaign Parenthesis
- Error in Browsers console after adding tabs to Quickcreate: function selectTabOnError
8.2.3
Security
- CVE: 2022-45185 - Improper Access Control
- CVE: Pending - SQL Injection
- CVE: Pending - Improper Access Control
- CVE: Pending - Improper Access Control
- CVE: Pending - Improper Access Control
- CVE: Pending - Bypass Vulnerability
- CVE: Pending - Vulnerability: Cross Site Scripting
Bug Fixes
- Fix invalid token
- Fix log level in ImapHandlerFactory
- Update email compose from dropdown
- Fix inbound email errors on php 8
Lees meer:
https://docs.suitecrm.com/8.x/admin/releases/8.3/#_8_3_18.2.2
(beveiligingsupdate)
23 Januari 2023 - 300MBEnhancements
- PR: 9839 - Close #9839 - Add OAuth connection to Inbound emails
- PR: 9848 - Close #9848 - Add OAuth external providers module
- PR: 9846 - Close #9846 - Add ACL Access Logic Hook
Bug Fixes
- PR: 9802 - Close #9802 - Diagnostic Checkbox
- PR: 9718 - Fix #9717 - Security Suite Group Selector doesn’t appear when duplicating records
- PR: 9648 - Fix #9646 - Display TinyMCE in Campaigns Form Wizard
- PR: 9643 - Fix #9574 - Update method to static for module renaming
- PR: 9500 - Fix 9499 - Add View Survey Responses Menu item
- PR: 9638 - Close #9683 - Elasticsearch indexing and searching using accented characters
- PR: 9474 - Fix #9473 - Missing item "Survey" in campainglog_activity_type_dom
- PR: 9844 - Close #9844 - ElasticSearch Indexing batch error handling
- PR: 9770 - Fix #9568 - Ignore int len when comparing vardefs in newer MySQL versions
- PR: 9786 - Close #9786 - Clear caches used by Inline Edition
- PR: 9671 - Fix #9670 - Disabling the user profile option about notification of assignments does not work
Lees meer:
https://docs.suitecrm.com/8.x/admin/releases/8.2/#_8_2_28.2.1
(grote versie)
17 November 2022 - 300MBBug Fixes
- PR: 160 - Fix #61 and #81 - Allow user to see dates in their time and format
- PR: 164 - Fix #59 - "Bad data passed in;" When trying to forward reply to emails
- PR: 159 - Fix #117 - Disappearing Main Menu for Users With Multiple Inboxes
- PR: 158 - Fix #155 - Dynamic Dropdown in Suitecrm 8 using parent enum Labels instead of values
- PR: 140 - Fix #140 - Resolve MySQL error
- PR: 132 - Fix #131 - Cannot login if username is associated with deleted user
- PR: 9795 - Fix #6756 - Add Label to Dynamic Fields
- PR: 9803 - Fix #9803 - Workflow test returns boolean
- PR: 9804 - Update jquery-ui to 1.13.2
- PR: 9566 - Turn privates to protecteds to fix Emailtemplate overrides
- PR: 9567 - Turn private to protected to fix SendMail AOW_Action overrides
- PR: 9557 - fix escapeField where $cell string is empty
- PR: 9801 - Fix #9800 Fix issue with send as system being hidden
- PR: 9614 - Fix #7030 - Errors in Workflow operators Contains, Starts with and Ends with
- PR: 9651 - Fix #9650 - Deprecated constructor method is being called in Calendar
- PR: 9659 - Fix #9658 - SuiteCRM add duplicate dashlet when filter is used
- PR: 9669 - Fix #9668 - It is not possible to use a custom template for password change
- PR: 9673 - Fix #9672 - Bug in CSS class causes bad button display
- PR: 9675 - Fix #9674 - Error when importing (creating and updating) a record with ID already deleted in the database
- PR: 9689 - Fix #9688: Use the same browser title for the regular views
- PR: 9699 - Fix #9698 - Do not delete the subject when editing a tracking url from the campaign assistant
- PR: 9705 - Fix #9704 - Missing relationship definition in SurveysQuestionResponses
- PR: 9707 - Fix #9706 - ModuleBuilder doesn’t save language files in the correct
- PR: 9712 - Fix #9711 - Update date_modified field when deleting a Target List
- PR: 9722 - Fix #9721 - Adding Years option to aow_date_type_list in Workflow conditions
- PR: 9729 - Fix #9728 - cron.php fails with "must be compatible" error
- PR: 9731 - Fix #9730 - cron.php fails with fatal TypeError using PHP 8
- PR: 9754 - Fix #9753 - Do not save white spaces in SMTP data
- PR: 9785 - Fix #9781 Fetch existing Call/Meeting Reminder data in quickeditview
- PR: 9791 - Fix #9588 - search were ignored if searchQuery was not set in user’s preference
- PR: 9790 - Fix #7827 - Error resetting modules
Lees meer:
https://docs.suitecrm.com/8.x/admin/releases/8.2/#_8_2_18.1.3
(beveiligingsupdate)
16 Augustus 2022 - 300MBSecurity
- CVE: Pending - Improper Authorization
- CVE: Pending - Improper Authorization
Bug Fixes
- PR: 141 - Fix #94 - Enable debounce for action buttons by default
- PR: 135 - Fix #112 - Change validation check to improve performance
- PR: 134 - Fix #56 - Redirect to last URL after login
- PR: 9736 - Fix #9736 - ElasticSearch still running repair if not enabled
- PR: 9735 - Fix #9735 - Add Elastic Search Repair option to Admin→Repair Menu
- PR: 9512 - Fix #9512 - Case Updates Thread now displays updates from 'Unknown' sources
- PR: 9686 - Fix #9686 - Draft Email Opens in Draft View From History Subpanel
- PR: 9314 - Fix #9314 - Respect the subpanel flat flag
- PR: 9608 - Fix #9421 - Elastic search logic hooks fail to index properly
- PR: 9539 - Fix #9539 - Fix Elasticsearch indexing unnecessarily during QR+R
- PR: 9599 - Fix #9599 - Fix missing pagination on Elasticsearch Results
- PR: 9628 - Fix #9627 - Studio changes not picked up by CRM when opcache.validate_timestamps=0
- PR: 9662 - Fix #9660 - Copy only select files to custom/working directory
- PR: 9664 - Fix #9663 - Smaller screens automatically collapse non-subpanel panels
- PR: 9591 - Fix #9547 - Workflow actions not saving correctly for certain field types
- PR: 9163 - Fix #9163 - listviewdefs.php for Outbound Email Accounts module to use correct by default
- PR: 9561 - Fix #9561 - with search where fail state was not handled when missing listviewdefs.php file
- PR: 9609 - Fix #9609 - Change the logger level in setStream and getStream functions to prevent excessive log errors
- PR: 9570 - Fix #9569 - Fix issue with missing dropdown image
- PR: 9546 - Fix #9545 - Quote potential reserved name
- PR: 9552 - Fix #9551 - Update date period to include the users TZ
- PR: 9597 - Fix #9594 - Don’t convert nl to BR for contact updates
- PR: 9635 - Fix #9634 - Add check on cron to show the basic view on first load
- PR: 9637 - Fix #9639 - Add styling of email recipient button
- PR: 9604 - Fix #9258 - Fix for Notes module advanced date-modified search
- PR: 9603 - Fix #9267 - Fix for popup &email reminder options
Lees meer:
https://docs.suitecrm.com/8.x/admin/releases/8.1/#_8_1_38.1.2
13 Juni 2022 - 300MBBug Fixes and Changes
- PR: 110 - Fix #109 - Add force exit to upgrade process
- PR: 108 - Fix #98 - Fix install error
- PR: 107 - Fix #106 - Add session_dir init check
- PR: 102 - Fix #101 - Parsing Error in UserHandler
Lees meer:
https://docs.suitecrm.com/8.x/admin/releases/8.1/#_8_1_28.1.0
(grote versie)
11 April 2022 - 300MBSuiteCRM 8 marks our biggest SuiteCRM upgrade to date and we are very excited to be sharing it with you. In the coming months, we will continue to enhance SuiteCRM 8 with new features and issue fixes.
Lees meer:
https://docs.suitecrm.com/8.x/admin/releases/8.1/#_8_1_08.0.4
(grote versie)
3 Maart 2022 - 300MBSuiteCRM 8 marks our biggest SuiteCRM upgrade to date and we are very excited to be sharing it with you. In the coming months, we will continue to enhance SuiteCRM 8 with new features and issue fixes.
Lees meer:
https://docs.suitecrm.com/8.x/admin/releases/8.0/#_8_0_07.14.4
(beveiligingsupdate)
12 Juni 2024 - 300MBSecurity
- CVE-2024-36416: Excessive log data DOS Vulnerability | GitHub Advisory | Reporter: Elysee Franchuk
- CVE-2024-36415: Improper Access Control Vulnerability | GitHub Advisory | Reporter: Anael MURAT (Fidens) - Sicarius
- CVE-2024-36414: SSRF Vulnerability | GitHub Advisory | Reporter: Anael MURAT (Fidens) - Sicarius
- CVE-2024-36413: XSS Vulnerability | GitHub Advisory | Reporter: Anael MURAT (Fidens) - Sicarius
- CVE-2024-36412: SQL Injection Vulnerability | GitHub Advisory | Reporter: Anael MURAT (Fidens) - Sicarius
- CVE-2024-36411: SQL Injection Vulnerability | GitHub Advisory | Reporter: Anael MURAT (Fidens) - Sicarius
- CVE-2024-36410: SQL Injection Vulnerability | GitHub Advisory | Reporter: Anael MURAT (Fidens) - Sicarius
- CVE-2024-36409: SQL Injection Vulnerability | GitHub Advisory | Reporter: Anael MURAT (Fidens) - Sicarius
- CVE-2024-36408: SQL Injection Vulnerability | GitHub Advisory | Reporter: Anael MURAT (Fidens) - Sicarius
- CVE-2024-36407: Improper Access Vulnerability | GitHub Advisory | Reporter: Anael MURAT (Fidens) - Sicarius
- CVE-2024-36406: Open Redirect Vulnerability | GitHub Advisory | Reporter: Anael MURAT (Fidens) - Sicarius
- CVE-2024-36418: RCE Vulnerability | GitHub Advisory | Reporter: Andrius Oželis
- CVE-2023-6537: SSRF Vulnerability | GitHub Advisory | Reporter: Carlos Bello
- CVE-2024-36419: Host Injection Vulnerability | GitHub Advisory | Reporter: Tanish Mahajan
Bug Fixes
- Check report has been loaded before setting user params
- Workflow - Copying Formatted values of a multienum to another field
- Date end not stored correctly in Calls
- Graphic Issue search view after 7.14 upgrade
- Workflow - Add filters to quick and advanced search view in AOW Processed module
- Creation of Project with Template Causes 500 Error
- Survey Responses doesn’t get assigned_user after sending Survey
- Upgradewizard double commit
- PDF rendering issues
- skip to last page if disable_count_query=true
- Emails don’t show subject MIME headers
- Admin - Install Module - "Back to Module Loader" shows page with header only
- $discount_amount corrupted
- new issue menu templates
Lees meer:
https://docs.suitecrm.com/admin/releases/7.14.x/7.14.3
(grote versie) (beveiligingsupdate)
29 April 2024 - 300MB7.14.3
Bug Fixes
- PR: 10265 - Fix #5392 - My Filters doesn`t show up on Project Tasks
- PR: 10266 - Fix #9563 - HTML Type field doesn’t populate
- PR: 10271 - Fix #373 - Google API Token not working
- PR: 10295 - Fix #10242 - Mass Security Group Assignment fails when multiple items from the same page are chosen
- PR: 10296 - Fix #10296 - Add duplication logic check on run_when Always
- PR: 10297 - Fix #9453 - User 'delete' option missing from menu
- PR: 10306 - Fix 5906 - Currency symbol for currency field in popup is always default
- PR: 10301 - Fix 10234 - Enum-type fields may have their values reset to their defaults, if they have non-blank defaults
- PR: 10300 - Fix #10302 - IMAP INBOUND EMAIL error
- PR: 10299 - Fix #9853 - The "Case Macro" field now appears empty by Default
- PR: 10312 - Fix #10312 - Group External Connection Changing type on edit
- PR: 10313 - Fix #10313 - Remove unused line in repair
- PR: 10294 - Fix #9144 - Popup error messages
- PR: 10293 - Fix 9858 - "Distribution Method" is not retained on Editview Load
- PR: 10292 - Fix #2833 - Process Audit Advanced Search
- PR: 10281 - Fix #10093 - Results are not filtered in the Targets Module popup
- PR: 10278 - Fix #6397 - Studio: Reset Module: Remove Custom Fields
- PR: 10314 - Fix #10314 - disabling active languages
- PR: 10283 - Fix #10283 - When selecting an Outbound Email Account, From/Reply Information should autopopulate for user convenience
- PR: 10308 - Fix #10307 - Retrieve object name via beanfactory
- PR: 10311 - Fix #10310 - Survey reports ui improvements
- PR: 10275 - Fix #10207, #10209 - Multiple Elasticsearch indexing issues
7.14.2
Security
- CVE: CVE-2023-6130 - LFI to RCE Vulnerability
- CVE: CVE-2023-6128 - Reflected XSS Vulnerability
- CVE: CVE-2023-6131 - Arbitrary File Upload to RCE
- CVE: CVE-2023-6127 - Import XSS Vulnerability
- CVE: CVE-2023-6126 - Dashlet HTML Injection Vulnerability
- CVE: CVE-2023-6125 - PDF XSS Vulnerability
- CVE: CVE-2023-6124 - SSRF Vulnerability
Bug Fixes
- PR: 10253 - Fix #10252 - Google Maps Geocoded Counts not displaying properly
- PR: 10248 - Fix #9537 - Activity subpanel isn’t working in a module with a parent_type / flex relate field
- PR: 10241 - Fix #9898 - Invalid cookie domain when using non-standard HTTP Port
- PR: 9522 - Fix #9435 - Dropdown doesn’t return empty selected value
- PR: 10246 - Fix #10246 - non-admin’s outbound email link not showing
- PR: 10220 - Fix #10220 - Add Email Body Filtering Selection
- PR: 10212 - Fix #10199 - PHP Fatal error: Uncaught Error: Non-static method SugarWidgetReportField::_get_column_select()
- PR: 10206 - Fix #10205 - Compatibility hotfix for PHP 8 in ActivitiesRelationship.php
- PR: 10201 - Fix #9950 editing Email settings drops TLS SSL selection
- PR: 10160 - Fix #10159 - Accounts - Not able to search by fax on 'Any Phone' search field
- PR: 10143 - Fix #10143 - Update ready.php change checking of upload max filesize from > to >=
- PR: 10142 - Fix #10141 - Orphaned Case Attachments bug
- PR: 10122 - Fix #10115 - Wokflow Calculate Action broken under PHP8
- PR: 10114 - Fix #10114 - parameter userTime method in class TimeDate
- PR: 10049 - Fix #10049 - Relationship::delete expects a string
- PR: 10028 - Fix #10028 - Allow workflow to send plain text emails
- PR: 10027 - Fix #10027 - Respect wildcard in front when searching a full name in basic search
- PR: 9964 - Fix #8980 - Check beanFiles for class path
- PR: 9881 - Fix #9880 - Error when importing currency fields with a decimal separator
- PR: 9524 - Fix #9440 - Forcing default null value for numeric core fields
- PR: 9459 - Fix #9456 - choose email provider does not populate SMTP settings
- PR: 9413 - Fix #9412 - Wrong email value displayed when aborting an inline edition
- Unify jquery versions
7.14.1
Security
- CVE: CVE-2023-5351: Stored XSS Vulnerability
- CVE: CVE-2023-5353: Improper Access Control
- CVE: CVE-2023-5350: SQL Injection Vulnerability
Bug Fixes
- PR: 9864 - Fix #9807 - Email import fix
- PR: 9806 - Fix #9805 - Use timezone offset for datetime only
- PR: 9726 - Fix #9725 - Date field value isn’t saved in a Workflow action related module
- PR: 10185 - Fix #10184 - Timezone not set on silent install
- PR: 10140 - Fix #10139 - HTML Text Field tinyMCE version
- PR: 10132 - Fix #10131 - Fix issue with file mode changes not being applied on cache rebuild
- PR: 10110 - Fix #10109 - Add displayParams.initial_filter to Parent
- PR: 9996 - Fix #8939 - Fix Static call to non-static method in AOW_WorkFlow
- PR: 9999 - Fix #9021 - User Preferences Wrong Label
- PR: 10005 - Fix #9574 - Avoid calling method in a static way
- PR: 10058 - Fix #5390 - Redundant message when duplicating a survey
- PR: 10130 - Fix #10129 - Fix issue with step 2 & 3 on the importer failing
- PR: 10092 - Fix #9062 - Studio layout changes not being reflected
- PR: 10008 - Fix #10007 - Text area cannot span two fields
- PR: 10016 - Fix #5712 - Alerts in the menu bar are not displayed with Night theme
- PR: 10158 - Fix #10157 - Numbering display issue on subpanels
- PR: 10064 - Fix #3842 - Vertical Scroll bar missing in Studio Layouts
- PR: 10102 - Fix #5385 - Fix Closed survey issues
- PR: 10063 - Fix #2111 - Hover over favorites item, shows module name, not label
- PR: 10079 - Fix #3050 - AOW: dropdown lists is not updating (calclulate field & modified record action)
- PR: 9997 - Fix #8359 - Fix Contract renewal reminder title is hardcoded
- PR: 9994 - Fix #9148 - Fix missing sorting labels
- PR: 10020 - Fix #10020 - Issue with missing label on Contact Module
- PR: 10195 - Fix #10195 - dropdown keys are not the same type
- PR: 10060 - Fix #10060 - User preferences detail-view template issues
- PR: 10120 - Fix #10120 - Inbound Email Issues
- PR: 9941 - Fix #9941 - Remove sugar pro flavor
7.14.0
Enhancement: Smarty Upgrade
- Smarty, the templating engine used in SuiteCRM 7.x, has been upgraded to v4 which brings some minor performance improvements and better compatibility going forward.
Enhancement: PHP 8.2 Support
- This release brings a number of adjustments and updates in order to support PHP 8.2.
- Removal of deprecated functions/ features
- Updated missing labels
- Update functions to PHP 8.2 standard
- Fixed Unit & Acceptance Tests
- Executed Rector to clean up code
- Fixed code to eliminate warnings from logs
Bug Fixes
- PR: 10116 - Fix #10053 - Issue when creating new tabs on Dashlets
- PR: 10106 - Fix #10105 - Fix 500 error when saving audited numeric field
- PR: 10108 - Fix #10107 - Function getRelatedId is unable to return NULL values
Lees meer:
https://docs.suitecrm.com/admin/releases/7.14.x/7.13.2
(grote versie) (beveiligingsupdate)
17 April 2023 - 300MBKnown Issues
- The application will show a lot of warnings on PHP 8.x if PHP's display_errors = On.
7.13.2
Security
- CVE: Pending - RCE Vulnerability
- CVE: Pending - Stored XSS Vulnerability
- CVE: Pending - Stored XSS Vulnerability
- CVE: Pending - SSRF Vulnerability
Bug Fixes
- Fix #9665 - Set unique id for "Reset module" button in studio
- Fix Closing count bracket before relational operator PHP 8.0 count throwing TypeError
- Fix #9750 - Receive related parameters of type dynamicenum in workflow formulas
- Fix #4646 - Hard coded messages in Surveys module
- Fix #9835 - Case Updates save bug
- Fix #9871 - Javascript message error when bulk updating all user records
- Fix #9873 - Plesk php.ini disable_functions = opcache_get_status
- Fix OPCache install module copy action
- Fix #9883 - Security Groups do not work with modules whose name exceeds 36 characters.
- Fix #9909 - Default empty item when creating a new Dropdown field
- Close #9914 - Update dashboard.scss for dashlet options overflow
- Fix #9926 - Add missing check on product image upload
- Fix #9900 - Conditions doesn’t recognize some of the characters set
- Fix Campaign Parenthesis
- Fix #9344 - Error in Browsers console after adding tabs to Quickcreate: function selectTabOnError
7.13.1
Security
- CVE: 2022-45185 - Improper Access Control
- CVE: Pending - SQL Injection
- CVE: Pending - Improper Access Control
- CVE: Pending - Improper Access Control
- CVE: Pending - Improper Access Control
- CVE: Pending - Bypass Vulnerability
- CVE: Pending - Vulnerability: Cross Site Scripting
Bug Fixes
- Fix #9870 - Fix log level in ImapHandlerFactory
- Close #9905 - Update email compose from dropdown
- Fix 9879 - Fix inbound email errors on php 8
Documentation
- SuiteCRM 7.13.1 now has an updated Email Compose From dropdown. This includes some styling and functionality changes. For more information see here.
7.13.0
Enhancements
- Close #9839 - Add OAuth connection to Inbound emails
- Close #9848 - Add OAuth external providers module
- Close #9846 - Add ACL Access Logic Hook
Bug Fixes
- Close #9802 - Diagnostic Checkbox
- Fix #9717 - Security Suite Group Selector doesn’t appear when duplicating records
- Fix #9646 - Display TinyMCE in Campaigns Form Wizard
- Fix #9574 - Update method to static for module renaming
- Fix 9499 - Add View Survey Responses Menu item
- Close #9683 - Elasticsearch indexing and searching using accented characters
- Fix #9473 - Missing item "Survey" in campainglog_activity_type_dom
- Close #9844 - ElasticSearch Indexing batch error handling
- Fix #9568 - Ignore int len when comparing vardefs in newer MySQL versions
- Close #9786 - Clear caches used by Inline Edition
- Fix #9670 - Disabling the user profile option about notification of assignments does not work
Documentation
- Configure Security Groups for Inbound Email here.
- Setup a Microsoft OAuth Provider here.
- Configure Inbound Email with OAuth here.
- External OAuth Provider Overview here.
Known Issues
- New "Move to trash" toggle causing Case Updates to not import
- Case Macro not populated on Upgrade
- When a personal oauth connection is used for a group inbound email, the emails break
- Email listview filtering shows blank result if a criteria with multiple words and spaces is added
- Email listview filtering shows blank result for IMAP keywords criteria
- Test settings issue after switching between OAuth and Basic Auth
- Group Inbound Emails distribution_method field is reset when Editing the record again
- Inbound Email’s "SSL" checkbox does not retain Checked status after Upgrade
Lees meer:
https://docs.suitecrm.com/admin/releases/7.13.x/7.12.8
(beveiligingsupdate)
17 November 2022 - 300MBBug Fixes
- PR: 9795 - Fix #6756 - Add Label to Dynamic Fields
- PR: 9803 - Fix #9803 - Workflow test returns boolean
- PR: 9804 - Update jquery-ui to 1.13.2
- PR: 9566 - Turn privates to protecteds to fix Emailtemplate overrides
- PR: 9567 - Turn private to protected to fix SendMail AOW_Action overrides
- PR: 9557 - fix escapeField where $cell string is empty
- PR: 9801 - Fix #9800 Fix issue with send as system being hidden
- PR: 9614 - Fix #7030 - Errors in Workflow operators Contains, Starts with and Ends with
- PR: 9651 - Fix #9650 - Deprecated constructor method is being called in Calendar
- PR: 9659 - Fix #9658 - SuiteCRM add duplicate dashlet when filter is used
- PR: 9669 - Fix #9668 - It is not possible to use a custom template for password change
- PR: 9673 - Fix #9672 - Bug in CSS class causes bad button display
- PR: 9675 - Fix #9674 - Error when importing (creating and updating) a record with ID already deleted in the database
- PR: 9689 - Fix #9688: Use the same browser title for the regular views
- PR: 9699 - Fix #9698 - Do not delete the subject when editing a tracking url from the campaign assistant
- PR: 9705 - Fix #9704 - Missing relationship definition in SurveysQuestionResponses
- PR: 9707 - Fix #9706 - ModuleBuilder doesn’t save language files in the correct
- PR: 9712 - Fix #9711 - Update date_modified field when deleting a Target List
- PR: 9722 - Fix #9721 - Adding Years option to aow_date_type_list in Workflow conditions
- PR: 9729 - Fix #9728 - cron.php fails with "must be compatible" error
- PR: 9731 - Fix #9730 - cron.php fails with fatal TypeError using PHP 8
- PR: 9754 - Fix #9753 - Do not save white spaces in SMTP data
- PR: 9785 - Fix #9781 Fetch existing Call/Meeting Reminder data in quickeditview
- PR: 9791 - Fix #9588 - search were ignored if searchQuery was not set in user’s preference
- PR: 9790 - Fix #7827 - Error resetting modules
Lees meer:
https://docs.suitecrm.com/admin/releases/7.12.x/#_7_12_87.12.6
(beveiligingsupdate)
24 Mei 2022 - 300MBSecurity
- CVE: Pending - SQL Injection Vulnerability
- CVE: Pending - SQL Injection Vulnerability
- CVE: Pending - SQL Injection Vulnerability
- CVE: Pending - Improper Access Control
- CVE: Pending - RCE and CSRF Vulnerability
- CVE: Pending - Authenticated Bypass Vulnerability
Bug Fixes
- PR: 9416 - Fix #9191 - Update antixss lib dependency
- PR: 9434 - Fix #9434 - Cron notion unit tests fails
- PR: 9420 - Fix #8525, #8309 Bulk Action button missing and delete button showing for users with no delete access
- PR: 9398 - Fix #9398 - Consistently store dropdowns in $app_list_strings
- PR: 9407 - Fix #9406 - Validation displayed static message isn’t correct
- PR: 9353 - Fix #9271 - Primary Email property is kept after adding an Email address field
- PR: 9410 - Fix #9378 - Filter by Email1 Field Through the API
- PR: 9312 - Fix #9312 - Declaring object within StudioClass to remove Strict Warnings
- PR: 9387 - Fix #9387 - Clean Historic and Failed Schedulers
- PR: 9401 - Fix #9380 - Date action in workflow fails to save
- PR: 9409 - Fix #9408 - Emails can’t be deleted from inline edit
- PR: 9418 - Fix #8948 - Make Project Tasks Importable.
- PR: 8428 - Fix #8155 - Remove Unused PDF Settings
- PR: 9455 - Fix #9455 - Popup metadata override removed when filtered
Lees meer:
https://docs.suitecrm.com/admin/releases/7.12.x/#_7_12_67.12.5
(grote versie)
3 Maart 2022 - 300MBEnhancements
- PR: 9244 - PDF Engine Selection
- MPDF License has be found to no longer be compliant with AGPL3 and due to this the MPDF will not be included in new installs. MPDF will not be removed on upgrade, but the system will default to a new engine, with an option to revert back to the MDPF if required.
- PR: 9185 - Noon Theme
- PR: 9298 - Implement TCPDFEngine
- PR: 9208 - Implement standard PDF Engines
- PR: 9187 - Composer 2.0
- PR: 9291 - Allow configuring the Calendar name for the Google Sync via config
- PR: 9171 - Upgrade ElasticSearch to 7.x - This is the new minimum ElasticSearch version that is required for update.
- PR: 9170 - PHPUnit/Codeception Upgrade
- PR: 9159 - Implement standard SearchEngines
- PR: 9172 - Malicious File Scanning
- PR: 9095 - Consolidate global search settings (AOD, Basic)
Lees meer:
https://docs.suitecrm.com/admin/releases/7.12.x/#_7_12_57.11.22
(beveiligingsupdate)
27 September 2021 - 300MB7.11.22
Security
- CVE: Pending - Privilege Escalation vulnerability
- CVE: Pending - Local File Inclusion
Bug Fixes
- edit view jumps to tab with validation error upon save,if hidden
- Adjusting references and tests to reflect updated GoogleAPIalias
- Add the Overview label to Security Groups detailview
- EmailsComposeView.js Formatting
- Error on audit save
- V8 API Auth issues on windows
7.11.21
Security
- CWE-1236: Improper Neutralization of Formula Elements in a CSV File
- CWE-284: : Improper Access Control
Bug Fixes
- Correct Layout of date fields
- Link Fix - Upgrade Documentation
- Notes for translators on abbreviations
- Indentation Fix
- Space Typo Fix
- Moving comment next to the string
- https url fix
- SuiteP template translators notes
- AOR_Charts getShortenedLabel fails on utf8 characters
- Make Projects Importable
- Email Address - "invalid" and "opt_out" options are lost
- Duplicate audit records
- Fix Archive Folder Query
- Add cases to email object_arr
- Only init Currency when saving
- AOR_Reports generating php notices due to undef
- Change pdfheader/pdffooter data type to longtext
- Set default perms on new log file
- Update CaseUpdatesHook.php
- Fix function declaration of TabController::get_key_array()
- Wrong spelling of ProspectLists module
- Filter form label styling
- Where dates in aow actions & conditions are not saved or displayed correctly
- User profile password auto-fill
- Allow filtering Survey campaigns
- Small bit of duplicate code
- Wrong spelling of AOR_Reports module
- Inline Edit: Help text containing quotes is not correctly displayed
- Improve Contacts Duplicate List
- Retrieve SuiteCRM version in get_server_info
Lees meer:
https://docs.suitecrm.com/admin/releases/7.11.x/#_7_11_227.11.20
(beveiligingsupdate)
21 Juni 2021 - 300MB7.11.20
Security
- CVE: CVE-2018-19296 - Object Injection in PHPMailer
Bug Fixes
- Database failure when filter custom fields by V8 API
- Multiple IMAP Inboxes
- JSON Error in related field’s popup
- Fix Missing locale in FullCalender 3.10
- Fix Users index incompatible with MSSQL
- Fix Php compatibility within Admin ConfigureTabs
- Fix Email Address loading performance
- Fix theme - dashletclose.png loading error in console
- Fix theme - Footer text colour inconsistency
- Fix theme - Menu overflow top module alignment
- Fix theme - Admin settings empty error displays line
- Change populateDefaultValues fatal log on empty field_defs to warning
7.11.19
Security
- CVE: Pending - XSS Vulnerability
- CVE: Pending - XSS Vulnerability
- CVE: Pending - XSS Vulnerability
- CVE: Pending - XSS Vulnerability
- CVE: Pending - XSS Vulnerability
- CVE: Pending - Fixed Dependency
- CVE: Pending - Fixed stored XSS vulnerability
- CVE: Pending - Fixed stored XSS vulnerability
- CVE: Pending - Fixed file check bypass
- CVE: Pending - Improved file upload checks
Bug Fixes
- Fix Inline edit date/datetime issue
- Prevent securitygroups mass assign damage
- Remove duplicate code in users detailviewdefs
- Implement effective opcache file clearing
- Various problems in PHPDocs throughout the codebase.
- Fix the drop down width
- Add Additional api filter option like
- User menu alignment
- Modulebuilder labels edit fixes
- Update JQuery JS Library to v3.6.0
- Hardcoded 'by' label in calls
- Business Hours does not work in non-english languages
- Update the V8 Api to allow for upload of documents similar to notes
- Add missing 'view task' label on calendar
- Add missing label for calendar dashlet
- Prevent Notice Error During Import
- Update updateTimeDateFields to handle undefined dates
- Removing deleted related beans via link
- Improve upon solution which doesn’t cache incomplete beans
- Elasticsearch: Elastic index name is hardcoded
- Project Form action should not be changed if delete is not confirmed
- New Scheduled Reports does not run
- Calendar quick create ignores required fields
- Add missing scheduler label for trimSugarFeeds
- Fix php compatibility issues
- Email compose body not shown in detail view
- Only index ElasticSearch when enabled
- Fix LangText exception breaking ElasticSearch
- No or not complete Searchresults using elasticsearch engine
- Misspelled elasticsearch labels
- Update config for google/apiclient at composer.json
Lees meer:
https://docs.suitecrm.com/admin/releases/7.11.x/#_7_11_207.11.18
(beveiligingsupdate)
6 November 2020 - 300MB7.11.18
Bug Fixes
- Issue: 8936 - +/- get removed from start of text
- Issue: 8934 - Report main group issues
- Issue: 8391 - Yesterday period option in reports show correct time
- Issue: 8863 - Cannot report on Employee Status
- Issue: 8918 - Regression with download.php image fields
- Issue: 8941 - Cannot delete reports fields
- Issue: 8826 - PDF Report contains blank space when using a Main Group and Total
7.11.17
Bug Fixes
- Issue: 8913 - Email compose body field missing after upgrade to 7.11.16
7.11.16
Security
- Important Security Issue - Full disclosure of the security issues addressed in this release will be made at a later date
- Important Security Issue - Full disclosure of the security issues addressed in this release will be made at a later date
- Important Security Issue - Full disclosure of the security issues addressed in this release will be made at a later date
- Important Security Issue - Full disclosure of the security issues addressed in this release will be made at a later date
- Important Security Issue - Full disclosure of the security issues addressed in this release will be made at a later date
- Important Security Issue - Full disclosure of the security issues addressed in this release will be made at a later date
- Important Security Issue - Full disclosure of the security issues addressed in this release will be made at a later date
Enhancements
- PR: 8818 - Add 'Contains' as valid opp for multienum
- PR: 8814 - Allow custom SugarFieldBase class
- Move TinyMCE Editor to composer
Bug Fixes
- Issue: 7972 - IMAP import fails with Office 365
- Issue: 8688 - Fatal error on install with MySQL 8
- Issue: 6046 - DBMS reserved words fail in MySQL8
- Issue: 8830 - File names with underscores in download.php
- Issue: 8610 - Uninitialised variables in ModuleInstaller.php
- Issue: 4435 - TinyMCE pagebreaks work correctly
- Issue: 8771 - Silent failure when no PHP-json module installed
- Issue: 8905 - Report joins fail on one to one relationships
- Issue: 8904 - Optimistic Locking is not compatible with all field types
- Issue: 8904 - Optimistic locking module definition incorrectly set on some modules
- Issue: 8903 - Campaign Bounce email import - better mine type recognition
- Issue: 8882 - Delegates subpanel select all / select page doesn’t work
- Issue: 7306 - API v8 not working on php-fcgid - Missing /api/.htaccess
- Issue: 8486 - Rewriting of '.htaccess' file
- Issue: 8535 - Email To field being deleted on save
- Issue: 8730 - duplicate Compose Email Modal from Activities subpanel
- Issue: 8641 - Compose button / Related ID not set when no email
- Issue: 8812 - Add to target list in Campaign results
- Issue: 8824 - Too few arguments on SugarWebServiceImpl set_relationship
- Issue: 8677 - Subpanel end navigation
- Issue: 8888 - Fixes DynamicField reference
- Issue: 8785 - Incorrect Syntax in install.php
- Issue: 8795 - Change log level to warn loading non existing Bean
- Issue: 8819 - Update OutboundEmail.php to handle deleted rows
- Issue: 6427 - Stacked Bar chart totals incorrect
- Issue: 8348 - V8 API CORS prevents DELETE HTTP call
- Issue: 8816 - module name on logic_hook install
- Issue: 3468 - Email template retrieving cached beans
- Issue: 8841 - Change private to protected to fix EmailMan overrides
- Issue: 8490 - Fix php Notices
- Issue - Calender fails to display event the last over 3 weeks
- Issue - Theme display issues - Header & Footer clean up, Action and List view view buttons
Lees meer:
https://docs.suitecrm.com/admin/releases/7.11.x/#_7_11_187.11.15
(beveiligingsupdate)
12 Juni 2020 - 300MBSecurity
- Moderate Security Issue - Full disclosure of the security issues addressed in this release will be made at a later date
- Moderate Security Issue - Full disclosure of the security issues addressed in this release will be made at a later date
- Moderate Security Issue - Full disclosure of the security issues addressed in this release will be made at a later date
- Moderate Security Issue - Full disclosure of the security issues addressed in this release will be made at a later date
- Moderate Security Issue - Full disclosure of the security issues addressed in this release will be made at a later date
Enhancements
- PR: 7795 - PR: 7806 Custom Extend Core Modules
- PR: 8405 - Remove deprecated sudo from .travis.yml
- PR: 8506 - Increase driver timeouts to be a little more lenient
- PR: 8523 - Update the index on the target list - targets middle table
- PR: 8618 - Move OAuth2 Encryption Key into config.php
- PR: 8639 - Display Data table under maps in any language
- PR: 8638 - Check permissions only on required directories on upgrade system checks
Bug Fixes
- PR: 6669 - Issue: 5526 - Fix Inline edit date/datetime issue
- PR: 7056 - Issue: 3911 - LDAPAutheticate warnings in log
- PR: 7863 - Issue: 7723 - Fix missing campaign analysis graphs
- PR: 8208 - Issue: 6676 - Add editview check to stop cacheing issues for dates on aow conditions
- PR: 8257 - Issue: 8261 - Handling of temp files during Upgrades
- PR: 8481 - Issue: 8450 - Minor bug in GridLayoutMetaDataParser::addField()
- PR: 8483 - Fix function declaration of SugarFieldTime::save()
- PR: 8504 - Issue: 8499 - API V8 issues for password grants SuiteCRM 7.10.22
- PR: 8511 - Issue: 5012 - Remove maxLength from user name in DB config
- PR: 8550 - Issue: 8549 - Added CSS to make case updates textfield re-sizeable
- PR: 8559 - Fix issue for non based on Emails Campaigns
- PR: 8594 - Fix db convert directly calling abstract function
- PR: 8596 - Add missing business hours calculation to reports
- PR: 8597 - Issue: 5836 - Fix/5836 two factor authentication redirect
- PR: 8598 - Fix usage of deprecated Redis::delete() function
- PR: 8601 - Fix PHP notices Fix missing query offset in SugarBean::get_linked_beans() warnings
- PR: 8607 - Fix missing query offset in SugarBean::get_linked_beans()
- PR: 8629 - Fix string within sub query
- PR: 8635 - Download link displayed twice. No Delete link in Diagnostic
- PR: 8636 - Issue: 8489 - No validation when using header save button in AOS_Products
- PR: 8638 - Issue: 8637 - Upgrade Wizard fatal error after upgrade on windows
- PR: 8646 - Fix Report navigation display
- PR: 8647 - Issue: 5487 - Report groups repeat for each record
- PR: 8648 - Issue: 7821 - Fix Username alignment in all screen widths
- PR: 8651 - Fix warnings when running upgrade via cli
- PR: 8652 - Issue: 8643 - Reports do not work related module custom fields
- PR: 8654 - Fix naming from SugarCRM Reports to AOR_Reports
- PR: 8655 - Reports: Remove useless recalculation
- PR: 8659 - Issue: 7766 - Invalid depreciated log in SugarBean fixUpFormatting
- PR: 8661 - Task Status key is displayed in View Summary
- PR: 8754 - Remove unused google service from the vendor directory
- PR: 8755 - Issue: 7152 - Fix cases Update text not saving when using html field
- PR: 8758 - Issue: 8757 - Time format preference typo
Lees meer:
https://docs.suitecrm.com/admin/releases/7.11.x/#_7_11_157.11.13
(beveiligingsupdate)
27 Maart 2020 - 300MBSecurity
Full disclosure of the security issues addressed in this release will be made at a later date
- Critical Security Vulnerability
- Important Security Issue
- Important Security Issue
Bug Fixes
- Two Factor Authentication redirect to User profile
- DBManager::convert calls abstract function
- Multiple datetime value condition issues in Workflow / Reports
- Intial User Login Duplicate Timezone Request / Blank screen
- Upgrade Issues - Handling of temp files during Upgrades
- Fix function declaration of SugarFieldTime::save()
Lees meer:
https://docs.suitecrm.com/admin/releases/7.11.x/#_7_11_137.11.12
(beveiligingsupdate)
18 Februari 2020 - 300MBSecurity
- CVE: 2020-8803 - Local File Inclusion
- CVE: 2020-8801 - PHP Object Injections
- CVE: 2020-8800 - Second-Order PHP Object Injections
- CVE: 2020-8802 - Bean Manipulation
Bug Fixes
- Issue: 8541 - MySQL Database breaking on special characters
- Backward incompatible config changes
Lees meer:
https://docs.suitecrm.com/admin/releases/7.11.x/#_7_11_127.11.11
(beveiligingsupdate)
12 Februari 2020 - 320MBSecurity
- CVE: CVE-2020-8787 - Bean ID validation strictness
- CVE: CVE-2020-8783 - Neutralization of potential vulnerability with use of Special Elements within SQL
- CVE: CVE-2020-8784 - Neutralization of potential vulnerability with use of Special Elements within SQL
- CVE: CVE-2020-8785 - Neutralization of potential vulnerability with use of Special Elements within SQL
- CVE: CVE-2020-8786 - Neutralization of potential vulnerability with use of Special Elements within SQL
Enhancements
- PR: 8100 - Issue: 8099 - Add a way to hide/show columnChooser in ListViews
- PR: 7879 - Issue: 7876 - Render phone fields as links
- PR: 8215 - Scroll QRFont colour is the same as the search bar bgR to see the 'sync with vardefs' part
- PR: 8164 - More inclusive language
- PR: 8160 - Updated CONTRIBUTING.md
- PR: 7798 - Database character set configuration
Bug Fixes
- PR: 8422 - Issue: 8421 - Fix issue with validation on aos settings
- PR: 8395 - Issue: 6000 - Notifications not working when using mssql
- PR: 8353 - Issue: 8351 - Datepicker missing in massupdate for custom datetime field type
- PR: 8298 - Issue: 8295 - Fix sorting icons showing counterwise
- PR: 8285 - Issue: 6990 - Run Email Notification not working
- PR: 8274 - Issue: 8273 - Check the selected e-mail client
- PR: 8233 - Issue: 8057 - Backport various PHP 7.4 fixes
- PR: 8205 - Issue: 8180 - Font colour is the same as the search bar bg
- PR: 8053 - Issue: 7874 - Unable to use custom _head.tpl file (alternative fix)
- PR: 8139 - Issue: 8134 - Logo not in left-hand corner anymore
- PR: 8158 - Issue: 8151 - Updating FPEvent unit test to use correct array
- PR: 8181 - Issue: 7305 - Scheduled reports execute in the timezone specified
- PR: 8188 - Issue: 8183 - Non-group records show on list view if group only access
- PR: 8190 - Issue: 8173 - Workflow actions missing in edit and detail view
- PR: 8424 - Remove 'buggy version check' from php version checker
- PR: 8363 - Adding fix to silent upgrade’s upgrade history save
- PR: 8346 - Update links
- PR: 8344 - Email1 field now gets populated through API
- PR: 8340 - API returns the emailAddress Relationship link
- PR: 8322 - Remove Schedulers cron instructions from filter pop-up
- PR: 8258 - Fix "!" in pQuery and add tests
- PR: 8243 - Clear PHP notice on Home page and improve suitecrm.log message
- PR: 8198 - Unit test fixes for 7.10.x
- PR: 7832 - V8 API swagger.json
- PR: 6709 - Avoid printing js content in CLI commands
- PR: 8458 - Fix install layout db options
- PR: 8468 - Fix slim api
- PR: 8193 - Fixed employees module not appearing in ACL role list
- PR: 8326 - Logo upload
Development
- PR: 8231 - Issue: 7891 - Clean up include/ tests
- PR: 8218 - Issue: 7744 - Remove deprecated functions from utils.php
- PR: 8217 - Issue: 7744 - Remove the deprecated load_menu() function in utils.php
- PR: 7807 - Issue: 7740 - Replacing the StateChecker with database truncation in tests
- PR: 8379 - Deprecate _pp functions
- PR: 8378 - Misc code formatting improvements
- PR: 8350 - Add tests for splitTime() on TimeDate
- PR: 8314 - Fix parameter order for asserts in unit tests
- PR: 8300 - Add tests for TimeDate class
- PR: 8313 - Add more TimeDate tests
- PR: 8299 - Add tests and PHPDocs for return_bytes function
- PR: 8296 - A few more little fixes for the formatting in the test suite.
- PR: 8283 - Unit test cleanup
- PR: 8253 - Remove some old code referencing PHP 5.3
- PR: 8252 - Deprecate various utils functions that are unused
- PR: 8249 - Add unit tests for is_admin() function
- PR: 8236 - Update the Travis Code Coverage job
- PR: 8235 - Clean up misc unit tests
- PR: 8234 - Add tests for check_php_version
- PR: 8216 - Add a PHPDoc comment and test to unencodeMultienum()
- PR: 8156 - tests: throw an error in case exit() is called during testing
- PR: 8477 - Fix/Avoid WebDriver Timeouts in Travis createModule Tests
- PR: 8509 - Fixing typo in seperator/separator change
- PR: 8518 - Fix backwards compatibility with seperator/separator css
- PR: 7580 - Update export_excel_compatible to work with all Excel versions
- PR: 8297 - Add PHPDoc and deprecate unTranslateNum
- PR: 8310 - Backport more PHP 7.4 fixes
- PR: 8152 - Update html-purifier to 4.12
- PR: 8161 - Fix a PHP warning in Meeting.php
Lees meer:
https://docs.suitecrm.com/admin/releases/7.11.x/#_7_11_117.11.10
(beveiligingsupdate)
15 November 2019 - 300MBSecurity
- CVE: Unassigned - SQL Injection
Bug Fixes
- Removed unnecessary JSSource files
- Non-group records show on list view if group only access
- Email Template
- Workflow actions missing in edit and detail view
- Fixed employees module not appearing in ACL role list
- Repair Administration section ISSUENAME Google Calendar settings menu option
Lees meer:
https://docs.suitecrm.com/admin/releases/7.11.x/#_7_11_107.11.9
(beveiligingsupdate)
6 November 2019 - 300MBSecurity
- CVE: Unassigned - .htaccess Improvements
- CVE: Unassigned - API Access Token and Credential fix
- CVE: Unassigned - SQL Injections
Enhancements
- Add Robo API commands
- Filter email templates on Events
- Robo tasks for common actions that are performed in Repair Administration module
- Added option to filter WorkFlows by module name
- Robo: Add a --filter option to tests:unit for filtering tests
- Add support for config_override.test.php
- SuiteP: Add html data tags to allow module and field identification
- Robo task to compile css in a custom theme
- Workflow: Properly delete records which are marked as deleted
- Add a SECURITY.md to the repository
Bug Fixes
- SQL query in the ACLAction code
- Resolve issue with email templates
- Icons not rendering properly in Alerts
- Case Module: Description field not showing after Save and continue
- 'customMetadate' typo in DashletGeneric.php
- Make the code:coverage Robo command work outside of CI
- Update button clears DateTime parameter in Reports Module
- Adding parameter date field in Reports module causes error in Browser console
- Update sugar_3.js to fix a MassUpdate undefined error
- Unnecessary include in UserService
- Codacy
- API Create Relationship via Link
- Scheduled Reports: Fix report name relation and popup search
- Show logs lines that was made by anonymous
- Inspections compatibility
- Remove Unused Import
- Type casting
- Issue: 321 - Hitting enter in the password input saves the user but not the password
- Add a SAML2 metadata endpoint
- Do not clear existing attachments when loading a template
- Update DeleteRelationship.php
- search_by_module REST API
- Now we translate the title tag for recently viewed links
- User name is not aligned in 1200px to 1600px screens
- InboundEmailTest: Make tests independent to make them work with the state checker
- Removing an item from subpanel should only require the item edit access right
- Save email addresses before saving company/person
- SQL query bug for quote purchase subpanel
- Pencil present in Top Menu for users with non editing permission
- Code coverage as a separate stage in CI
- PHP Fatal error in modules/Connectors
- Bad css format in Date and Date Range Inputs in search forms
- Now we can compile SuiteP only one color_scheme
- Grouping by with xxx_usdollar currency fields
- EmailMarketing: Add security groups support
- Make robo test commands fail if tests fail
- Add dotenv support for the test environment
- htaccess issue
- SugarEmail: Fix 'to' field not being filled when the last record doesn’t have an email
- Add a function to compare properly indices definitions
- Clean up a bunch of unit tests
- Clear Zend OPcache when writing files
- Composerify Zend Lucene
- Update Gitattributes + codeception.dist.yml
- Verify if $bean is_subclass_of SugarBean so we can check access
- Protect against illegal string offset warnings in aow_utils
- 'Undefined index: leads_id' notices in AOR_Report.php
- AOR Reports - Mysqli_query failed when execute Report as normal User
- Ending spaces in language strings
- Wrong render in DateRangeInput using 'Between' Option
- Improvements in css for date_input and labels in EditView
- Refixed #7393 without breaking headers for non-pulldown fields
- Replace contact_xxx in templates also for leads/prospects/users
- Replace Title with Job Title
- Fix Issue when importing non UTF-8 CSV file
- Temporarily revert PHP 5.5 from the Travis build
- Status/State usage causing translation errors
- Move the PHP 5.6 job to xenial
- Emails being sent from 'Root User'
- Update issue 'Undefined index: docType' PHP notice PR templates to comment on how to include code
- 'Undefined index: docType' PHP notice
- SugarFeed: Various fixes for 7.10.19/20 regressions
- Report Total Field formatting is inconsistent
- Sending emails with apostrophe in email address
- Fix typo in InboundEmail.php
- Silent upgrade
- Admin blank screen post upgrade to 7.11.8
- Update the .gitattributes export-ignore list
- Typo in key - LBL_ORIGINAL_MESSAGE_SEPERATOR
- Do not divide by adjustment if it equals 0
- Use correct Business Hours field name for opening hours check
- Add bool to eligible fields for merging
- Typos in audit template metadata
- Upgrade wizard recommends composer update instead of composer install
- Enable Delete button in Actions menu
- Verify the variable is an array
- InboundEmail mime parser
- Issue with french translation
- Avoid PHP Notices in getVardefs() method
- htaccess
- Misc improvements to the acceptance tests
- Retain date properly when saving a stored query
- Disable Action menu has no effect on menus in subpanel
- Email Template selection in email module is not working in Edge/IE11
- Updated mkdir calls to throw RuntimeExceptions
- Unable to use custom _head.tpl file
- No 'Server response time' in SuiteP
- OAuth2 ClieOAuth Keys Fixed a grammatical error in include/templates/Template.phpnts and Tokens icons are missing
- Fixed a grammatical error in include/templates/Template.php
- Move RebuildConfig.php from using XTemplate to using Smarty
- Make the pagination buttons on DetailView pages links.
- Skip cache building if custom class exists for dashlets
- Update contributing.md
- Datetime field caching issue
- Typos and made it grammatically better
- Update config.yml to include 7.10.x branch
- AOW_WorkFlow: Delete all related beans when deleting a workflow
- BeanFactory: Don’t return deleted beans from the cache
- Updated LoggerManager to use @method + code cleanup
- Paths to milestone image
- Textarea in EditView overlaps other fields
- Replace deprecated array index accessors
- Cannot call logger
- Email css error
- Link contributors badge to contributors insights
- Deprecated usage of join
- Misc PHP 7.4 deprecations
- Remove all uses of get_magic_quotes_gpc
- Undefined index: server_unique_key
- Added the deprecated lowercase v8 API to codecov ignore list
- Change isset() to !empty()
- Unused language strings in ver. 7.10.8
- Apache log
- Added a check for SUGARCRM restrictions in htaccess
- Deprecated usages of implode
- Remove scheme to avoid mixed content error
- Improve footer styling for new stats item
- Implement Refresh Token Grant
- Non-distinct person entries for each meeting/call invited to
- Header cleanup
- Remove BusinessCard-related code
- Update composer.lock + Rebuild SASS/JS
- Complete previous fix when ElasticSearch disabled
- Google Calendar data is cleared if SuiteCRM cal is deleted
- Elasticsearch default size setting
- Elasticsearch Indexing memory usage
Development
- More PHP 7.4 array accessor deprecations
- Remove PHP4 style constructors
- Deprecated string concatenation
- Replaced alias functions
Lees meer:
https://docs.suitecrm.com/admin/releases/7.11.x/#_7_11_97.11.8
(beveiligingsupdate)
25 Augustus 2019 - 250MB7.11.8
Security
- Reflected XSS
- Unintended public exposure of files
- Employee module does not implement ACL
Highlights
- Update README
- SuiteBot config.yml
- Composerify Zend
- Optimize images
Bug Fixes
- Fix/backwards compatiblity
- New user password not being generated
- Case insensitive detection of header X-CampTrackID
- Cannot import Email if plain-text plus attachment
- Folder include/SugarCharts/Jit missing in 7.11.7 installation
- Add a proper return type to getUserRoleNames()
- Format InlineEditing.js with prettier
- Bug when inbound email Leave Messages On Server set to No
- Image Field Does Not Display Uploaded Image
- EmailMan sendEmail missing restricted_addresses check
- Fixed error message css + email warning config option
7.11.7
Security
- Fixed SSRF
- Fixed privilege escalation
Highlights
- Robo test-running commands
- SecuritySuite 3.1.16
- Scheduled Reports: Enable security groups support and add the subpanel
Bug Fixes
- Calendar pop-ups now auto close after 500ms
- SAML2: Use php-saml from composer
- Fixes SugarPHPMailer encountered an error: Could not access file
- Error with custom fields on getQuery from One2Many relationships
- Get ChromeDriver’s latest release in Robo task
- Unable to set Minimum Password Length in Password Management
- Clean up codeception environments
- Inbound Email Auto-reply send email without Attachments
- Group Email Inbox accounts doesn’t respect reply as option in admin
- Remove unused webDriverHelper variables
- Popup Studio and Calendar don’t auto-close
- Managing Delegates Removes main windows Scrolling
- Use of ampersand (&) in email subject sends email subject misformatted
- Remove unnecessary test files
- Replace the createAccount method
- Using prefix index to not hit Key threshold in MySQL5.6/UTF-8
- Silent installer tries to do unknown things on completion
- Survey entry-point broken in 7.11.5
- Database Failure after upgrading to Version 7.11.4
- "Users may send as themselves" broken - Invalid address: (punyEncode)
- PSR-2
- Cookie path is not respected if globally set
- Email module: Inline image not shown in received/sent email
- Fix missing function getAssignedEmailsCountForUsers
- Misc automated testing improvements
- Cleanup files created by acceptance tests between test runs
- ListView: Fix selection count for the "Select All" case
- ListView: Fix the selection count when executing an action without any selection
- ListView: Fix selection when switch from "select all" to "select page"
- SugarWidgetSubPanelEmailLink: Fix missing opt-in ticks after inline editing
- sugar_3.js: Remove unused send_form_for_emails()
- Fixed email attachment icon
- Top of dashlets being cut off by nav bar nd positioning of dashlet pop-up
- Add a get_current_language() helper function
- Fix/silent upgrade
- use correct login image on install.php
- Attachment in detail view of non imported email doesn’t show
- Add wait to HomeCest so it won’t flake
- Missing Contracts from selection of Related to: field
- Detail view of no imported email is different as imported + missing time unit + attachments
- Logo upload function is not working
- Remove sugar references
- Fix codecov path
- Inline Edit alert Even if I dont make a change
- Fix pagination button class
- Emails 'Bulk Action' is disabled after upgrade to 7.10.16
- Remove include/timezone/timezones.php
- Remove lastView variables from tests
- Unwanted email generated in case creation & update
- A non-numeric value encountered at ListViewSubPanel.php
- Fixed email settings "data error"
- Escaped strings issue, breaks "My favorites" filters and perhaps other things
- Fixed DB failure with activities subpanel
Lees meer:
https://docs.suitecrm.com/admin/releases/7.11.x/#_7_11_87.11.6
(beveiligingsupdate)
8 Juli 2019 - 160MBSecurity
- #7439 - Update password hash to use php password_hash by default.
Bug Fixes
- #7455 Fixed #7455 - Keep Lead photo when converting to Contact.
- #7249 Fixed #7249 - Admin user cannot edit another user's Mail Accounts.
- #7156 Fixed #7156 - Slow SQL query in include/SugarFolders/SugarFolders.php causing slow emails interface in 7.10.x (and 7.11.x).
- #7402 Fixed #7402 - Popup selects are broken.
- #6866 Fixed #6866 - 7.10.12 Auto Import of Emails not working.
- #3727 Fixed #3727 - IMAP server delete button on DetailView.
- #7319 Fixed #7319 - Activity Stream dashlet "reply" function doesn't appear to do anything.
- #4116 Fixed #4116 - Wrong error_1.csv with multiple imports.
- #7393 Fixed #7393 - Displaying dropdown db value instead of dropdown label in group header in Reports module.
- #7344 Fixed #7344 - Automated Testing improvements.
- #7391 Fixed #7391 - DB Error on audit logging large multi select fields.
- #7107 Fixed #7107 - SQL errors with sql_mode=STRICT_TRANS_TABLES
- #7238 Fixed #7238 - Incorrect user_id saved in users_signatures table when admin updates a signature.
- #7351 Fixed #7351 - Fields last_name and first_name in Users too short.
- #7357 Fixed #7357 - Home module index page loading bad MySugar file location.
- #6379 Fixed #6379 - Unable to GET deleted records through API.
- #6343 Fixed #6343 - installer fails, if posix is not installed on linux systems.
- #7234 Fixed #7234 - Get subpaneldefs.php from custom/modules/MODULE_NAME/metadata.
- #6872 Fixed #6872 - Installation and upgrades files checksums not provided.
- #5173 Fixed #5173 - Email inline editing does not work properly (ver. 7.10-RC-2).
- #2049 Fixed #2049 - 7.7.2 - Calendar Activities are off by 1 day.
- #6140 Fixed #6140 - Switch from league/url to league/uri due to deprecation.
- #6445 Fixed #6445 - Campaigns Wizard - EMail Template "Assigned to" issue.
- #7241 Fixed #7241 - Some files still use the DB global variable.
- #6420 Fixed #6420 - Campaigns: Test-Emails sent out twice.
- #5652 Fixed #5652 - Ending spaces in language strings.
- #6915 Fixed #6915 - File OAuth2Tokens/metadata/editviewdefs.php is Missing.
- #7183 Fixed #7183 - My Cases dashlet searchFields status default values are incorrect.
- #7369 Fixed #7369 - Reports module doesn't have all all formats for displaying date.
- #7370 Fixed #7370 - Reports module timezone date issue.
- #7308 Fixed #7308 - Sub-Theme changes don't always update.
- #6851 Fixed #6851 - The query fails while managing event delegates in MSSQL.
- #6882 Fixed #6882 - Email Address Removed if email is forwarded using outlook.
- #7206 - Add php-cs-fixer to composer.json as a dev dependency.
- #7356 - Configurable elasticsearch host in acceptance test.
- #4198 - fixing a recursion issue on reminders.
- #7297 - Fixed the support forum link.
- #7240 - EmailTemplates: Improve image url replacement.
- #7341 - Fix zero padding issue with openssl decryption.
- #7329 - StateChecker: Don't save hash debug traces.
- #7253 - Fixed issue with undecoded subjects coming from Emails DetailView.
- #7381 - tests: change the test config default date format to match the unit tests.
- #7410 - StateChecker: disable save_traces by default.
- #7418 - Remove repetitive instance URL visits from tests.
- #7389 - Avoid caching incomplete beans in during SugarBean→fill_in_relationship_fields.
- #7436 - Simplify the acceptance and install suite configs.
- #7444 - IMAP StateSaver test fix
- #7453 - Cache Composer files in Travis. (hotfix-7.10.x PR).
- #7451 - Add composer validate job in Travis.
- #7449 - Remove some incomplete tests and miscellaneous formatting fixes for the unit test suite
- #7442 - Replace most instances of $I→wait(n) with waitForX.
- #7437 - Remove wait from Codeception Travis env
- #7452 - Disable stopOnFailure and stopOnError in PHPUnit config.
Lees meer:
https://suitecrm.com/wiki/index.php/Release_notes_7.11.67.11.5
(beveiligingsupdate)
4 Juni 2019 - 160MBSecurity
- #CVE-2019-12601Security Issue - Fix possible SQL Injection: InboundEmail.php
- #CVE-2019-12600 Security Issue - Fix possible SQL Injection: reassignUserRecords.php
- #CVE-2019-12598 Security Issue - Fix possible SQL injection
- #CVE-2019-12599 Security Issue - Survey module: Inputs are not sanitized (security issue)
Bug Fixes
- #6882 Fixed #6882 - Email Address Removed if email is forwarded using outlook.
- #6869 Fixed #6869 - Saving user resets preferences.
- #6851 Fixed #6851 - The query fails while managing event delegates in MSSQL.
- #7133 Fixed #7133 - Changes in Studio do not make an override file.
- #6445 Fixed #6445 - Campaigns Wizard - EMail Template "Assigned to" issue.
- #7241 Fixed #7241 - Some files still use the DB global variable.
- #7310 Fixed #7310 - 7.10.x-hotfix CI is failing.
- #7174 Fixed #7174 - /Api/V8 needs the ability to return a list of modules.
- #7175 Fixed #7175 - /Api/V8 needs the ability to a list of module’s fields.
- #6420 Fixed #6420 - Campaigns: Test-Emails sent out twice.
- #5652 Fixed #5652 - Ending spaces in language strings.
- #6915 Fixed #6915 - File OAuth2Tokens/metadata/editviewdefs.php is Missing.
- #7250 Fixed #7250 - Notices in ListViews.
- #7183 Fixed #7183 - My Cases dashlet searchFields status default values are incorrect.
- #7288 Fixed #7288 - Field name in Campaigns is too short.
- #7271 Fixed #7271 - Email Template selection in email module is not working for 7.10.16.
- #7291 Fixed #7291 - Field name in ProspectLists is too short.
- #7268 Fixed #7268 - Fatal Error with PHP7.3 with LoggerManager.php.
- #6504 Fixed #6504 - Multiple bounce handling problems.
- #7107 Fixed #7107 - SQL errors with sql_mode=STRICT_TRANS_TABLES.
- #7173 - Fix V8 API authorization header passing with apache+php-fpm.
- #7263 - Travis due date fix.
- #7273 - install.php: Syntax error upload logo.
- #7290 - RFC: travis-ci: add a job for PHP 7.3.
- #7297 - Fix support forum link.
- #7240 - EmailTemplates: Improve image url replacement.
- #4198 - fixing a recursion issue on reminders.
Lees meer:
https://suitecrm.com/wiki/index.php/Release_notes_7.11.57.11.4
(grote versie)
3 Mei 2019 - 160MBSecurity
- Security Issue - Fixed SQL injection
- Security Issue - Fixed XSS vulnerability
- Security Issue - Fixed Oauth2 access control issue
Bug Fixes
- #7188 Fixed #7188 - ACL doesn’t work on JSON API V8.
- #6829 Fixed #6829 - Cache composer packages on Travis CI.
- #6540 Fixed #6540 - [language] Hard coded messages in Elasticsearch.
- #6126 Fixed #6126 - If field value contains single quote, on each save CRM will treat this field as a changed.
- #5724 Fixed #5724 - Map Area - Import Option Fails : An Error has occurred.
- #7221 Fixed #7221 - stdClass::$message_id undefinded for IMAP.
- #7220 Fixed #7220 - Description/note fields in the contract line items formats the numeric values as currency.
- #6480 Fixed #6480 - REST API - Prevent "Too few arguments to function SugarWebServiceImplv4" after API call.
- #7080 Fixed #7080 - API returns wrong module string address for email addresses.
- #7221 Fixed #7221 - stdClass::$message_id undefinded for IMAP.
- #4661 Fixed #4661 - Ability to create / edit object’s "Created By" "Date Created" using API.
- #6483 Fixed #6483 - V8 API Doesn’t popuplate created_by and modified_user_id.
- #7188 Fixed #7188 - ACL doesn’t work on JSON API V8.
- #6480 Fixed #6480 - REST API - Prevent "Too few arguments to function SugarWebServiceImplv4" after API call.
- #6483 Fixed #6483 - V8 API Doesn’t popuplate created_by and modified_user_id.
- #6864 Fixed #6864 - API - overzealous method visibility.
- #6037 Fixed #6037 - AOR Reports - Issue with related records in reports.
- #7162 Fixed #7162 - Popup select All records btn hidden in SuiteCRM 7.11.x.
- #7166 Fixed #7166 - Upgrad to 7.11.3 version email body is empty.
- #5746 Fixed #5746 - Unable to order results descending on get_relationships API method .
- #6455 Fixed #6455 - The V8 API does not allow filtering by custom fields.
- #7189 Fixed #7189 - Fatal error when loading custom views.
- #7207 Fixed #7207 - Get Menu.php from custom/modules/MODULE_NAME/.
- #7095 Fixed #7095 - Api relationship links are missing the /Api and start with /V8 .
- #6950 Fixed #6950 - We should have a way to add composer dependencies safe-upgrade.
- #49 Fixed #49 - Support pthreads.
- #6761 Fixed #6761 - Api/V8 - Unable to Delete (unlink) relationships.
- #48 - Browser title not correct for custom modules.
- #46 - Spanish reminders added to notify template.
- #7147 - Api - fix relate fields not populating on get_list.
- #6744 - Fix emails losing confirmed opt-in when converting a lead to a contact.
- #6680 - Change default view on template to avoid date created/modified issues.
- #7214 - Fixed DeleteRelationshipParams typo.
- #7213 - Fixed relationship links url.
- #7229 - Remove hardcoded encryption key.
- #7176 - Remove codecov patch status.
- #7217 - Fix AOS_Product_Categories test name.
Lees meer:
https://suitecrm.com/wiki/index.php/Release_notes_7.11.47.10.16
(grote versie)
3 Mei 2019 - 160MBSecurity
- Security Issue - Fixed SQL injection
- Security Issue - Fixed XSS vulnerability
Bug Fixes
- #7121 Fixed #7121 - API module relationship link on custom module points to module name not field name in vardefs.php.
- #6452 Fixed #6452 - Api/V8 create record does not support unicode and space in attributes.
- #6608 Fixed #6608 - Pagination not working in SuiteCRM REST API v8.
- #6761 Fixed #6761 - Api/V8 - Unable to Delete (unlink) relationships.
- #6844 Fixed #6844 - Reduce test suite noise.
- #6689 Fixed #6689 - Task Due Date not showing in Opporunities subpanel .
- #4297 Fixed #4297 - Error in Listview with previously selected rows and changing to next page (pagination).
- #3598 Fixed #3598 - Web to lead multiselect fields not working.
- #7127 Fixed #7127 - Add href mailto for email links even when using internal email client.
- #6742 Fixed #6742 - Also set opt-in send/fail dates when sending emails through the action menu.
- #7139 Fixed #7139 - Fix EmailManTest::testget_list_view_data.
- #7102 Fixed #7102 - Don't delete the composer.lock when running tests on travis.
- #7113 Fixed #7113 - phpunit: Various fixes for running with StateCheckerConfig::RUN_PER_TESTS.
- #7126 Fixed #7126 - Campaigns: escape subscribe()/unsubscribe() IDs and add tests.
- #7129 Fixed #7129 - Update composer.json.
Lees meer:
https://suitecrm.com/wiki/index.php/Release_notes_7.10.167.9.4
(grote versie)
12 September 2017 - 130MBLees meer:
https://suitecrm.com/wiki/index.php/Release_notes_7.9.47.4
(grote versie)
1 November 2015 - 130MBLees meer:
http://suitecrm.com/wiki/index.php/Release_notes_7.47.3.2
(grote versie)
26 Oktober 2015 - 130MBSuiteCRM 7.3 is the new production release of SuiteCRM. Packed with new features, functionality and bug-fixes.
New Additions
- Inline Editing: Edit fields directly on the List and Detail View by double clicking the field.
- Inline Editing: To turn inline editing off for a particular field view the field in studio and uncheck "Inline Editing"
- Desktop Notifications: Get Meeting/Calls Notifications direct to your desktop (enable per compatible browser in user preferences)
- Desktop Notifications: View missed Notifications in the top bar
Enhancements
- Improved Mobile Navigation: New improved mobile menu layout, designed to give you full control, using less screen space.
- Update cases from detail view.
- Numerous workflow enhancements e.g is null, contains etc.
- Numerous reports enhancements e.g date periods, dashlet improvements.
There have also been various bug-fixes in the 7.3 release.
Lees meer:
http://suitecrm.com/wiki/index.php/Release_notes_7.3.27.2.2
26 Mei 2015 - 130MBThis is a bug fix release which addresses bugs in the SuiteCRM 7.2.1 release and also Post-Auth RCE vulnerabilities in SuiteCRM.
Lees meer:
http://suitecrm.com/wiki/index.php/Release_notes_7.2.27.2.1
16 Maart 2015 - 130MB- Fixed - GitHub issue #159 workflow number formatting issues
- Fixed - GitHub issue #158 - Currency Formatting Issue when Creating Opportunities from Quotes
- Fixed - GitHub issue #157 MsSQL compatibility issues
- Fixed - GitHub issue #156 invalid 'email' column when searching
- Fixed - GitHub issue #155 missing Project Task dropdown definition
- Fixed - GitHub issue #154 Product Category - Parent Category on list view
- Fixed - GitHub issue #153 - Forgotten Password Link
- Fixed - GitHub issue #149 - Collapsing Studio sidepanels
- Fixed - GitHub issue #147 Fatal Error when AOP function redeclared
- Fixed - GitHub issue #142 - Issues with colour picker
- Fixed - GitHub issue #141 Next/Previous navigation on Calendar Broken
- Fixed - GitHub issue #140 Issue with custom currency field in reports
- Fixed - GitHub issue #138 Theme colour changes only save pressing 'Enter'
- Fixed - GitHub issue #135 disabled themes can still be used if users current theme
- Fixed - GitHub issue #133 Calendar Shared view Items not showing correctly
- Merged currency fix
- Updated PHP version check to check for php 5.3+
- Fix for search placeholder language and value default.
- Removed old colour selector from install
- Fix for detail view on mobile to make it more optimal.*Fix for colour picker default values in SuiteR theme, as some values were incorrect.
- Removing un-required bootstrap-theme.css, bootstrap-theme.css.map, bootstrap-theme.min.css, bootstrap.css, bootstrap.css.map and Cal.css files from themes/Su$
- Reverting Calendar change as is it causes a bug when navigating to calendar from another module.
- Icons now output directly to the page so they can pickup on the page styles and do not need to load the css for each icon.
- Moved calendar screensize check to cal.js so it only loads on the calendar module.
Lees meer:
http://suitecrm.com/wiki/index.php/Release_notes_7.2.17.2.0
(grote versie)
6 Maart 2015 - 130MBNew Additions
- Responsive theme.
- Image Field - New image field type, allowing adding of image fields via Studio.
Major Enhancement: AOP 2.0
- Add attachments to the case update thread within SuiteCRM.
- Better HTML Support.
- More Configuration Options.
- Re-open Cases from client email update (Configurable).
- Multiple inbound email box set up, allowing assignment of created cases to multiple users.
- Further enhancements to cases.
- Bug fixes.
Major Enhancement: AOR
- Multiple module relationships.
- In-module and dashlet charts.
- Page/column totals.
- UI improvements.
Bug fixes
- Projects
- Gantt Charts added to Projects.
- Resource Management added to Projects.
- Project Templates added to Projects.
Lees meer:
http://suitecrm.com/wiki/index.php/Release_notes_7.2.07.1.5
(beveiligingsupdate)
20 Januari 2015 - 130MBThis is a security update released to address certain security vulnerabilities identified during routine QA checks.
We strongly recommend that you install this update at the earliest opportunity. While we have not experienced any reported incidents relating to these vulnerabilities to date, failure to install this update could leave you exposed to the following types of malicious third party attacks:
- Unauthenticated users may retrieve contents from system-generated files.
Bugs fixed:
- Dynamic Dropdown doesn't load correctly when using Ajax
- Blank password issue when sending test outbound email
- JotPad issue with & symbol
- Free/Busy cal showing tasks in error
- db_port configuration option is ignored
- JavaScript conflict with connectors and the SuiteCRM 7 theme
- Regex issue with jsCharts.js when using php 5.5.
- Fix for reply to all on email not picking up CC addresses.
- AOP: Trigger user email update even if contact is unknown.
- AOP: Fixed Localisation issue in case updates.
- AOD: Fix multienums not being indexed correctly.
- AOR: Added missing .pdf extension on reports.
- AOW: FIXED trying to send email to empty email address.
- AOS: Fixed bug saving line items save incorrectly, when pressing return on the line.
Lees meer:
http://suitecrm.com/wiki/index.php/Release_notes_7.1.57.1.4
(beveiligingsupdate)
25 September 2014 - 130MBThis is a security update released to address certain security vulnerabilities identified during routine QA checks.
We strongly recommend that you install this update at the earliest opportunity. While we have not experienced any reported incidents relating to these vulnerabilities to date, failure to install this update could leave you exposed to the following types of malicious third party attacks:
- Authenticated admin users may cause arbitrary code to be executed.
- Authenticated admin users may initiate a cross-site scripting attack.
Bugs fixed:
- FIXED Number separators causing incorrect tax calculations
- FIXED Line items not automatically calculating on list price change
- FIXED Function name conflict between AOS and Opportunities
- FIXED Permission issues in AOS Quotes Actions e.g convert to invoice
- FIXED Various import issue in AOS
- FIXED Missing AOS Language entries
- FIXED Filtering on Multi-select fields in dashlets not working correctly with blank values
- FIXED Missing silent upgrade files
Lees meer:
http://suitecrm.com/wiki/index.php/Release_notes_7.1.47.1.3
14 Augustus 2014 - 130MB- Fixed "main menu (Tab All) not with 2 column layout" (Courtesy of pcaesar)
- Fixed Russian language file in Security Suite
- Fix bug in AOD which could cause errors when trying to load certain modules.
- Prevent AOD creating multiple indexes caused by security suite preventing access to the index.
- Shortcut return when attemping to index on the save of AOD_Index
- AOD now respects security groups when displaying results
- Fix undefined index in AOD.
- Add Print PDF option to contracts
- Set quote/invoice numbers when records are created with an existing id.
- Ensure that the contact in a contract is populated when converting.
- Fix Workflow not sending emails on initial save.
- Use UTC dates in Workflow to prevent incorrect date calculations
- Fixed parsing relationships for email templates in workflow
- Fixed "one of" not working with multiselect fields in workflow.
- Prevent duplicate sugar feed entries being created by the portal
- Fixed checks in FP_Events which would cause code to unnecessarily run.
- Fix bug where using the select this page button for delegates would only appear to do so.
Lees meer:
http://suitecrm.com/wiki/index.php/Release_notes_7.1.37.1.2
5 Augustus 2014 - 130MB
