Sugar Professional 10.0.4 Release Notes
This document describes the changes and functionality available in Sugar® Professional 10.0.4. Sugar 10.0.4 is only available for customers on the annual upgrade path. For customers upgrading from 9.0.6, please refer to the other Sugar 10.0.x release notes for additional features, fixed issues, and developer changes occurring between versions 9.0.6 and 10.0.4.
Note: This release is not available for SugarCloud customers.
Administrator and End User
Sugar 10.0.4 is a security update released to address certain security vulnerabilities identified during our routine QA checks.
We strongly recommend that you install this update at the earliest opportunity. While we have not experienced any reported incidents relating to these vulnerabilities to date, failure to install this update could leave you exposed to malicious third-party attacks. For more information regarding this, please refer to the following Security Advisory announcements:
- Security Advisory sugarcrm-sa-2021-001: Authenticated users may cause arbitrary code to be executed.
- Security Advisory sugarcrm-sa-2021-002: Any user may cause arbitrary code to be executed.
- Security Advisory sugarcrm-sa-2021-003: Any user may cause arbitrary code to be executed.
- Security Advisory sugarcrm-sa-2021-004: Any user may cause arbitrary code to be executed.
- Security Advisory sugarcrm-sa-2021-005: Authenticated users may cause arbitrary code to be executed.
- Security Advisory sugarcrm-sa-2021-006: Any user may cause arbitrary code to be executed.
- Security Advisory sugarcrm-sa-2021-007: Authenticated users may cause arbitrary code to be executed.
- Security Advisory sugarcrm-sa-2021-008: Authenticated users may cause arbitrary code to be executed.
- Security Advisory sugarcrm-sa-2021-009: Authenticated users may cause arbitrary code to be executed.
- Security Advisory sugarcrm-sa-2021-010: Authenticated users may cause arbitrary code to be executed.
- Security Advisory sugarcrm-sa-2021-011: Authenticated administrative users may cause arbitrary code to be executed.
- Security Advisory sugarcrm-sa-2021-012: Any user may cause arbitrary code to be executed.
- Security Advisory sugarcrm-sa-2021-013: Authenticated users may cause arbitrary code to be executed.
- Security Advisory sugarcrm-sa-2021-014: Any user may cause arbitrary code to be executed.
- Security Advisory sugarcrm-sa-2021-015: Authenticated users may cause arbitrary code to be executed.
- Security Advisory sugarcrm-sa-2021-016: Authenticated users may cause arbitrary code to be executed.
- Security Advisory sugarcrm-sa-2021-017: Authenticated users may cause arbitrary code to be executed.
- Security Advisory sugarcrm-sa-2021-018: Authenticated administrative users may cause arbitrary code to be executed.
- Security Advisory sugarcrm-sa-2021-019: Authenticated users may cause arbitrary code to be executed.
- Security Advisory sugarcrm-sa-2021-020: Authenticated users may cause arbitrary code to be executed.
- Security Advisory sugarcrm-sa-2021-021: Authenticated users may cause arbitrary code to be executed.
These vulnerabilities have been addressed in release 10.0.4 which is available for download from the Download Manager.
Administrators are strongly encouraged to upgrade their Sugar instances running 10.0.3 or lower to version 10.0.4 to prevent potential exploitation of these weaknesses.
The following known issues are present in this release. Case Portal users can use the following links for more details about each issue:
- 85795: When editing the existing inbound email account, the User Name field does not display a value and appears blank in the layout. As a workaround, you can copy the user name value from the inbound email account's detail view and paste it in the edit view when configuring the inbound email account.
- 85709: Elasticsearch fails to index records when a scheduler (e.g. Prune Database on 1st of Month) fails with an error.
- 85550: In certain circumstances, the funnel chart in reports may display incorrect values.
- 85458: The body of the email does not display as expected when accessing Sugar via Firefox 80. As a workaround, open the Developer Tools console and refresh the page to view the email body.
- 85435: The subpanel column widths may not behave as expected in certain circumstances to display all the columns without having to use the scrollbar.
- 85396: In certain circumstances, administrators are improperly allowed to edit read-only fields in the Users module for SugarIdentity-enabled instances resulting in unexpected behaviors and errors.
- 85368: In certain circumstances, users may run into unexpected errors when trying to access certain modules and/or notice modules missing from the navigation bar.
- 85323: The body of the Knowledge Base record may not display in full width as expected.
- 85234: The Prune Database on 1st of Month scheduler job may fail with an error when executed in Sugar 10.x.
- 85083: If the quote's worksheet column does not include the Account Name field, it may improperly cause a save action to trigger every time a user views a quote record resulting in undesired behaviors.
- 84692: Certain reports may not generate as expected if the last group-by field is a date (e.g. Opportunities > Week: Expected Close Date) and the report contains a chart (e.g. Horizontal Bar).
- 84684: In certain circumstances, saving the Preview View layout for modules (e.g. Accounts) via Admin > Studio may not work as expected and result in an error.
- 84677: In certain circumstances, the unsaved changes warning message may improperly display when users attempt to navigate away from the quote record.
- 84666: Upgrades may fail when a customization uses deprecated chart libraries.
- 84582: In certain circumstances, a blank space may appear in place of any dependent dropdown field(s) that are hidden in the record view layout if there is a filler next to the field(s). As a workaround, remove the filler next to the dependent dropdown field(s) in Admin > Studio.
- 84551: Legacy workflows created in Sugar Professional continue to remain active and trigger improperly after the customer migrates to Sugar Sell or Sugar Serve.
- 84522: IFrame fields may not render as expected in Sugar 10.0.
- 84426: The Meeting Type field in the Meetings module does not reflect new values added to the Meeting Type dropdown list in Admin > Dropdown Editor.
- 84370: Upgrades may fail for Sugar instances with a large number of active user records.
- 83997: Adding additional panels/tabs or removing the Show More panel in the Record View Layout in Studio may cause the record view layout to display incorrectly. As a workaround, restore the default layout in Admin > Studio.
- 83994: In certain circumstances, campaign emails sent by regular users may not send as expected and result in unexpected errors. As a workaround, send the campain as an Admin user or do not click the Delete Test Entries button when sending the campaign as a regular user.
- 83985: When the "Field Name Placement" user preference is set to "Beside Field Value", some labels will remain above the field value for the Calls and Meetings modules.
- 83774: In certain circumstances, users may experience unexpected errors while utilizing Sugar.
- 83535: When configuring the outbound email account via Emails > Email Settings, Sugar improperly requires the email password to meet the password requirements defined in Admin > Password Management.
- 83510: In certain circumstances, PHP warning errors may occur for certain SugarCloud instances.
- 83461: Sugar licenses that are not revalidated after purchasing additional seats or a renewal may result in unexpected behavior with list view filters. As a workaround, re-validate the license via Admin > License Management.
- 83433: The total record count in the list view may not respect the user's team membership and incorrectly display the total count of records in the module instead of the total count of records that the user can see.
- 83425: Custom Date fields in the PDF template may not respect the user's preferred date format.
- 83350: Saving a record containing tabs with required fields in the layout may result in unexpected behavior when a validation error occurs due to incomplete fields. As a workaround, change the display type for the record view layout in Admin > Studio to use panels instead.
- 83328: Generating reports may result in a database error for Sugar instances using MySQL 5.7 if the
ONLY_FULL_GROUP_BYsetting is enabled. As a workaround, disable
sql_mode=only_full_group_byin the MySQL server configuration.
- 83301: In certain circumstances, the tooltip (e.g. Create) may continue to persist improperly while navigating through Sugar. As a workaround, reloading the web browser will clear the tooltip from the screen.
- 83091: Report chart drill-through may not display the correct data for users in different timezones.
- 82914: Running reports in instances with a large number of team sets may fail to generate for non-admin users and result in performance issues.
- 82840: Date and datetime fields do not respect the user's preferred format when included on PDFs.
- 82813, 81877: Performing full-text search re-indexes from the command line or via Admin > Search may run out of memory when run on very large data sets.
- 82810: Fields based on non-existent or improperly defined custom field types may cause upgrades to fail.
- 82756: Upgrades fail when a filter exists for a module that has been removed.
- 82693: When importing contacts mapped to new accounts, users may experience unexpected behavior if the system detects an error on the file. As a workaround, import the new accounts into Sugar first then import the contacts.
- 82584: Custom user fields and stock fields which do not appear in SugarIdentity cannot be imported in Sugar instances using SugarIdentity as the Import Users option is not available.
- 82581: An unexpected error message may appear when attempting to import in a person-type module (e.g. Contacts, Leads) after upgrading to Sugar 9.0.0. Users can close the error message to proceed with the import.
- 82559: Certain customizations in Sugar may cause the upgrade to fail.
- 82495: Adding quoted line items to a quote incorrectly sends an assignment notification to the current user who created and is assigned to the record.
- 82493: Users may be unable to send outbound emails if the "Allow users to use this account for outgoing email" option is disabled via Admin > System Email Settings.
- 82486: Upgrades may fail when a custom field has conflicting field types defined.
- 82484: Attempting to undo an import may not work as expected and fail for modules containing custom fields.
- 82468: Custom decimal fields may prevent upgrades from completing and result in invalid alter queries being generated. As a workaround, use the queries described in the defect's description on the bug portal to convert the decimal fields.
- 82454: Entering duplicate email addresses with different capitalizations (e.g. firstname.lastname@example.org, Test@here.com) into a record (e.g. Contacts) may result in adverse behaviors.
- 82451: Removing the currency field from the Quotes record view layout may cause an unexpected error when viewing a quote and the Unit Price field to display blank for the quoted line items.
- 82437: Drilling through report charts from the Saved Reports Chart dashlet may not work as expected and return incorrect results if the report has a run-time filter applied.
- 82384: Deleting note records created from email attachments may not work as expected and continue to persist in the upload directory.
- 82230: Exporting a Summation report may fail with an error if the computed derivative (e.g. Count, SUM) is missing in the Choose Display Summaries step.
- 82050: Web logic hooks may not trigger as expected after save when new records are created.
- 82038: Clicking on a Home page tab (e.g. Sales) or attempting to sort by a field column on the Legacy dashboard may not work as expected and result in an error.
- 81999: Users may be unexpectedly logged out when requests with out-of-date user_hash data are sent to the server in close succession.
- 81929: Report chart drill-through may not work as expected and display an error message (No data available) for reports using the Product Catalog module.
- 81722: Sorting the fields by the column header (e.g. Name) in Admin > Studio or Module Builder may result in CSRF errors being written to the log file.
- 81382: Deleting a target list related to a large number of records may fail with an error.
- 81339: Generating a report (e.g. Summation with Details) grouped by "Fiscal Quarter" for a custom date field (e.g. Fiscal Quarter: Booking Date) may result in a database failure error.
- 81335: Importing records in Sugar may fail with a PHP error if the upload directory is not set to the default upload folder in
- 81328: Changes made to custom relate fields that are marked as "Audit" in Admin > Studio do not get recorded in the audit log as expected.
- 81297: If a web-to-lead form gets submitted using an existing email address in Sugar, the email address may not be marked as "Primary" for the generated lead record.
- 81276: When there are multiple group-by fields in a Summation With Details report, generating the report with a chart or trying to view a dashboard containing the saved report chart dashlet may result in performance issues.
- 81151: Report chart drill-through may not work as expected when the report is filtered by a checkbox field.
- 81121: In certain circumstances, the Gantt chart in the Projects module may display an incorrect year of "1907" for the date range if the date format in the user's profile or system locale settings is set to "MM/DD/YYYY". As a workaround, change the date format in the user's profile or system locale settings to "YYYY-MM-DD", "YYYY/MM/DD", or "YYYY.MM.DD".
- 81051: If a calculated Date field is set to null, the value is incorrectly displayed as an invalid date in reports.
- 80968: It may not be possible to disable SAML authentication via the user interface after certain actions have been performed on your Sugar instance.
- 80936: When importing records makes changes to an existing record, the Date Modified field is not updated.
- 80884: Viewing a shared dashboard containing the Forecast Bar Chart dashlet may display a "Loading..." message.
- 80759: In PDF templates that contain more than one
hreflink, only the first link works.
- 80730: Reports without charts are improperly available to select in the Saved Reports Chart dashlet.
- 80681: Making changes to a report's relationship-based filters may result in an error when running the report. As a workaround, re-create the report with the desired filter without making any changes to it.
- 80583: Attempting to erase fields (e.g. Description) marked as "Personal Information" from the Opportunities module do not work as expected and result in a 500 error.
- 80376: Uninstalling custom modules from Sugar may not delete the associated workflows as expected. As a workaround, remove the affected workflow via the database.
- 80091: Creating a dashboard may not work as expected and result in an error for users without private teams. Navigating to Admin > Repair and running "Repair Teams" will help resolve the issue.
- 80002: Generating PDFs using previously existing PDF templates may not display data as expected after upgrading to Sugar versions 7.9 or higher.
- 79715: The Follow button does not appear in the Contracts record view as expected.
- 79712: The "Sign" and "Get latest" links do not appear as expected in the Documents subpanel of the Contracts module.
- 79704: When logged into Sugar with certain languages (e.g. Russian), the list view's Record Actions menu may not appear as expected for some modules (e.g. Dashboards).
- 79698: When merging records, fields that are required under certain conditions are required even if the conditions have not been met.
- 79686: The List Order field in the Contract Types, Manufacturers, Tax Rates, and Shipping Providers modules does not control the order in which the options are listed in the corresponding fields (Type Name, Manufacturer Name, Shipping Provider, Tax Rate) for the Contracts, Quotes, and Product Catalog modules.
- 79640: The Home (Sugar cube) icon shifts position in the navigation bar when "Allow users to select modules to appear in the navigation bar" is enabled.
- 79510: Email addresses are not shown on the import summary screen even though they were properly imported.
- 79173: When attempting to navigate away from the module or save the record, the Unsaved changes warning message may unexpectedly appear for modules containing custom dependent fields.
- 79131: When the "Listview items per page" setting in Admin > System Settings contains a large value (e.g. 50 or greater), it may cause an issue with rendering the "Download PDF" and "Email PDF" options in the record view's actions menu. Changing the "Listview items per page" setting to "20" may help resolve the issue.
- 79108: When editing a record via the list view preview on the intelligence pane, the Resolve Conflict drawer may appear unexpectedly upon save.
- 78890: Updating composer in instances with custom modules deployed from module builder may cause unexpected errors.
- 78719: Users may encounter an unexpected behavior when accessing Sugar if the Date Modified field in the user account contains the same value as another user.
- 78709: Users assigned a role with Delete, Edit, or Export permission set to "Owner" may improperly be restricted from downloading and emailing PDFs.
- 78667: Attempting to scroll in Sidecar modules (e.g. Meetings) may not work as expected when logged into Sugar on iPad.
- 78600: Special characters are improperly allowed to be entered in dropdown lists' item names.
- 78580: Saving a record without completing the Salutation field which is marked as required in Admin > Studio may result in unexpected behavior.
- 78527: Inline editing a TextArea field via the subpanel may not work as expected. Reloading the web browser will resolve the issue and allow the user to inline edit the field properly.
- 78487: When renaming modules via Admin > Rename Modules, only the most recent changes will remain and any previous updates to module names will be incorrectly removed after save.
- 78334: Performing certain actions in records containing calculated fields with rollup functions (e.g. rollupSum) and a large number of related records may cause performance issues in Sugar.
- 78128: For dropdown list values, a value's Display Label will improperly revert to a blank value if its Item Name is 0 (zero).
- 77780: Instances using MS SQL may see unexpected behavior due to a lack of ORDER BY clause in the list view query.
- 77738: Attempting to merge two records (e.g. accounts) may fail with an error if the record that is being merged to the primary record contains a large number of related records (e.g. contacts).
- 77609: Generating reports with empty relate fields may not include the associated record in the report result as expected if the related record has been deleted.
- 77302: Upgrades may fail due to queries posted by the upgrade exceeding the
- 77287: Performing certain actions (e.g. import, mass update) in Sugar may result in performance issues if there are numerous calculated fields to be updated in related records. As a workaround, add the following line to the
config_override.phpfile to disable the related calculation field updates:
$sugar_config['disable_related_calc_fields'] = true;. But keep in mind that the affected calculated values will not be updated and running Recalculate Values on related records.
- 77249: Guests may not get imported to call or meeting records as expected.
- 77087: When a record is assigned to the user's default private team, changing the Teams field from the private team to another team (e.g. Global) may incorrectly display the team name with the user's last name appended to the end (e.g. Global Smith).
- 77055: Attempting to mass update the user's outbound email client via Admin > User Management may not work as expected.
- 76401: The data in the report chart may be inconsistent between the report chart dashlet and the Reports module.
- 75254: Printing reports (e.g. Summation With Details report) to PDF may not work as expected when logged into Sugar via a mobile browser.
- 74919: Performing certain actions (e.g. Quick Repair and Rebuild) in Sugar that rebuild the cache files may cause unexpected issues in the system if there are multiple users logged in and utilizing Sugar. As a workaround, perform such actions during off-hours where users are not utilizing the system.
- 74628: Certain workflows using a Relate-type field in the condition may fail to load as expected and result in errors after upgrading to 7.6.x.x. As a workaround, run the following query in the instance's expressions table:
UPDATE expressions SET exp_type = "id" WHERE exp_type = "relate" AND lhs_field = "assigned_user_id"
- 74382: The Case Summary dashlet may not work as expected and cause an internal server error if the account record has a large number of related cases.
- 74350: An unexpected error may occur when saving a record if there is an issue with the user's default team in the database. As a workaround, run the following query in the instance's team sets table. The affected users will then need to edit their profile to configure their default teams again.
UPDATE team_sets SET deleted = 1 WHERE id NOT IN ("select team_set_id from team_sets_teams where deleted = 0") AND deleted = 0
- 73689: When users adjust the list view or subpanel column widths, the user's preferred column size may not be preserved if the browser window is resized.
- 73566: Calculated or dependent fields containing a
related()function may not get calculated until after save for activity-type modules (e.g. Notes).
- 73468: Time-elapse workflow may not trigger as expected when a date field (e.g. Expected Close Date) in the condition is set to a date in the future.
- 72810: Filtering the list view search using custom checkbox fields may not work as expected.
- 72625, 71848: When a large number (e.g. 60) of PDF templates are available in a module, users may not be able to scroll through the full list of templates via the "Download PDF" or "Email PDF" options in the record view. As a workaround, changing the screen resolution or reducing the number of templates may help resolve the issue.
- 72581: Attempting to merge records in modules containing required dependent fields may not work as expected.
- 71950: Adding TinyMCE to a TextArea-type field (e.g. Description) may cause the field to not display properly in record view when accessing Sugar via certain browsers (e.g. Firefox).
- 71733: Printing archived emails via the browser's print option may not display correctly.
- 70940: Attempting to disable the SAML authentication via Admin > Password Management may not work as expected if the
config.phphas been set to
- 68985: Custom relationships created between a module and the Activities module via Admin > Studio cannot be deleted as expected.
- 68975: Changing the order of subpanels via Admin > Display Modules and Subpanels does not preserve the order upon save.
- 68461: Searching by non-primary email addresses in the module's list view (e.g. Accounts) does not pull up results as expected.
- 68112: Matrix-type reports display incorrectly when exported to PDF.
For information on supported platform components, see Sugar 10.0.x Supported Platforms.
Sugar Professional Upgrade Paths
|10.0.x-to-10.0.4||10.0.0 - 10.0.3||✓||✓|
Last modified: 2021-04-29 04:15:02