Sugar Community Edition 6.5.19 Release Notes
This document describes fixed and known issues, supported platforms, and acknowledgments for Sugar 6.5.19.
Sugar 6.5.19 is a security update released to address certain security vulnerabilities identified during our routine QA checks. A second security update has also been released, 6.5.20, which addresses an additional vulnerability.
We strongly recommend that you install version 6.5.20 at the earliest opportunity. While we have not experienced any reported incidents relating to these vulnerabilities to date, failure to install this update could leave you exposed to the following types of malicious third party attacks:
- Authenticated users may cause arbitrary code to be executed.
- Authenticated users may initiate a cross-site scripting attack.
- Authenticated admin users may install a package that overwrites restricted files.
- Instances with SAML authentication enabled were vulnerable to XML External Entity (XXE) attacks.
These vulnerabilities as well as an additional issue have been addressed in release 6.5.20 which is available for download from the Download Manager.
Administrators are strongly encouraged to upgrade their Sugar instances running 6.5.x or earlier to 6.5.20 to prevent potential exploitation of these weaknesses.
The following are known issues with Sugar 6.5.19:
- 71684 : When choosing to create new and update existing records during import, the confirmation dialog does not display the correct text. The text should read "You have selected to update records during the import process. Updates made to existing records cannot be undone. However, records created during the import process can be undone (deleted), if desired. Click Cancel to select to create new records only, or click OK to continue." Clicking "OK" allows the import to proceed.
For information on supported platform components, see Sugar 6.5.x Supported Platforms.
SugarCRM would like to thank the following community members for contributing to release 6.5:
- Aleš Pudil
- Alexei Avramenko, Letrium
- Antonio Musarra
- Aurélien Requiem, Loaded Technologies
- Björn Schotte, Mayflower GmbH
- Cedric Mourizard, Synolia
- Daniel Gadd, Aura Information Security
- Danil Sazonov, Richlode Solutions
- Dave Miller
- Egidio Romano
- Enrico Simonetti, InsightfulCRM, Australia
- Fabio Grande, Poker Spa
- Frank Saguma
- Jason Eggers
- Jeff Bickart, NEPO Systems, LLC
- Jeff Bickart, Ticomix, Inc.
- Jens Jahnke, Telematika
- João Morais, DRI - Consultoria Informatica, Lda.
- Johan Westin, Redpill-Linpro
- Jon Auer
- Jonathan Cutting, EnableIT SugarUK Technologies Ltd
- Kawai Cheung, OSSCRM, Inc.
- Masaki Fukumitsu
- Matthew Poer, Profiling Solutions
- Maxime Dauphin
- Rasmus Haglund
- Ray Gauss
- Tony Lin, Kratos Defense
- Yannick Biet, Captivea
- Yoann Hercouet, System in Motion
Last modified: 09/26/2015 06:25pm