SuiteCRM 8.6.1
12 June 2024
SuiteCRM version 8.6.1 is now available (security release).
Upgrading to SuiteCRM 8.6.1
SuiteCRM 8.6.1 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply SuiteCRM updates as new versions are released, or use Installatron's Clone feature to duplicate an existing SuiteCRM install to test the 8.6.1 upgrade prior to applying it live. Get started managing your SuiteCRM installations with Installatron
What's New in SuiteCRM 8.6.1
Security
- CVE-2024-36416: Excessive log data DOS Vulnerability | GitHub Advisory | Reporter: Elysee Franchuk
- CVE-2024-36415: Improper Access Control Vulnerability | GitHub Advisory | Reporter: Anael MURAT (Fidens) - Sicarius
- CVE-2024-36414: SSRF Vulnerability | GitHub Advisory | Reporter: Anael MURAT (Fidens) - Sicarius
- CVE-2024-36413: XSS Vulnerability | GitHub Advisory | Reporter: Anael MURAT (Fidens) - Sicarius
- CVE-2024-36412: SQL Injection Vulnerability | GitHub Advisory | Reporter: Anael MURAT (Fidens) - Sicarius
- CVE-2024-36411: SQL Injection Vulnerability | GitHub Advisory | Reporter: Anael MURAT (Fidens) - Sicarius
- CVE-2024-36410: SQL Injection Vulnerability | GitHub Advisory | Reporter: Anael MURAT (Fidens) - Sicarius
- CVE-2024-36409: SQL Injection Vulnerability | GitHub Advisory | Reporter: Anael MURAT (Fidens) - Sicarius
- CVE-2024-36408: SQL Injection Vulnerability | GitHub Advisory | Reporter: Anael MURAT (Fidens) - Sicarius
- CVE-2024-36407: Improper Access Vulnerability | GitHub Advisory | Reporter: Anael MURAT (Fidens) - Sicarius
- CVE-2024-36406: Open Redirect Vulnerability | GitHub Advisory | Reporter: Anael MURAT (Fidens) - Sicarius
- CVE-2024-36417: Stored XSS Vulnerability | GitHub Advisory | Reporter: Atul RV
- CVE-2024-36418: RCE Vulnerability | GitHub Advisory | Reporter: Andrius Oželis
- CVE-2023-6388: RCE Vulnerability | GitHub Advisory | Reporter: Carlos Bello
- CVE-2023-6537: SSRF Vulnerability | GitHub Advisory | Reporter: Carlos Bello
- CVE-2024-36419: Host Injection Vulnerability | GitHub Advisory | Reporter: Tanish Mahajan
Bug Fixes
- Add support for multi-module definitions
- Improve Cache Clear Speed
- Fix custom relate
- Fix Some Search Styling
- Overlapping Names on Relate Fields
- Fix hard coded labels
- Tasks Contact Relate Field Filtering by last name
- Export not working
- Email Opening new tab in Legacy View
- new issue menu templates
- Check report has been loaded before setting user params
- Workflow - Copying Formatted values of a multienum to another field
- Date end not stored correctly in Calls
- Graphic Issue search view after 7.14 upgrade
- Workflow - Add filters to quick and advanced search view in AOW Processed module
- Creation of Project with Template Causes 500 Error
- Survey Responses doesn’t get assigned_user after sending Survey
- Upgradewizard double commit
- PDF rendering issues
- skip to last page if disable_count_query=true
- Emails don’t show subject MIME headers
- Admin - Install Module - "Back to Module Loader" shows page with header only
- $discount_amount corrupted
- new issue menu templates
- Fix Default value not setting correctly on some fields.
- Fix z-index on the useful bar.