use Interop\Container\ContainerInterface;
Released 25/03/2020
Critical Security Vulnerability
Important Security Issue
Important Security Issue
Full disclosure of the security issues addressed in this release will be made at a later date
Issue: 5836 - Two Factor Authentication redirect to User profile
Issue: 8582 - DBManager::convert calls abstract function
Issue: 6676 - Multiple datetime value condition issues in Workflow / Reports
Issue: 7011 - Intial User Login Duplicate Timezone Request / Blank screen
Issue: 8261 - Upgrade Issues - Handling of temp files during Upgrades
Issue: 8483 - Fix function declaration of SugarFieldTime::save()
Special thanks to all who contributed to this release!
Please visit the official website to find the appropriate upgrade package.
To report any security issues please follow our Security Process and send them directly to us via email security@suitecrm.com
Released 14/02/2020
CVE: 2020-8803 - Local File Inclusion
CVE: 2020-8801 - PHP Object Injections
CVE: 2020-8800 - Second-Order PHP Object Injections
CVE: 2020-8802 - Bean Manipulation
Issue: 8541 - MySQL Database breaking on special characters
Backward incompatible config changes
Special thanks to Egidio Romano for reporting the security issues addressed in this release!
Please visit the official website to find the appropriate upgrade package.
To report any security issues please follow our Security Process and send them directly to us via email security@suitecrm.com
Released 10/02/2020
You may notice when installing SuiteCRM a new panel which allows for the configuration of different collations and type-sets. This is part of our progression towards resolving issues with special characters and emojis. Currently available sets include utf8 and utf8mb4.
Within this release, we have also resolved a few known issues with the upgrade process; however, they will unfortunately not take effect until the next upgrade cycle. Therefore it is vital that if you encounter any problems while installing that you review and follow the recommended process within the SuiteDocs upgrade debugging page which can be found here
If you maintain a CRM utilising container-interop for API extension, you should note that this release may require some small changes to routing as seen below:
Instead of Interop
use Interop\Container\ContainerInterface;
Make use of Psr
use Psr\Container\ContainerInterface;
CVE: CVE-2020-8787 - Bean ID validation strictness
CVE: CVE-2020-8783 - Neutralization of potential vulnerability with use of Special Elements within SQL
CVE: CVE-2020-8784 - Neutralization of potential vulnerability with use of Special Elements within SQL
CVE: CVE-2020-8785 - Neutralization of potential vulnerability with use of Special Elements within SQL
CVE: CVE-2020-8786 - Neutralization of potential vulnerability with use of Special Elements within SQL
PR: 8422 - Issue: 8421 - Fix issue with validation on aos settings
PR: 8395 - Issue: 6000 - Notifications not working when using mssql
PR: 8353 - Issue: 8351 - Datepicker missing in massupdate for custom datetime field type
PR: 8298 - Issue: 8295 - Fix sorting icons showing counterwise
PR: 8205 - Issue: 8180 - Font colour is the same as the search bar bg
PR: 8053 - Issue: 7874 - Unable to use custom _head.tpl file (alternative fix)
PR: 8139 - Issue: 8134 - Logo not in left-hand corner anymore
PR: 8158 - Issue: 8151 - Updating FPEvent unit test to use correct array
PR: 8181 - Issue: 7305 - Scheduled reports execute in the timezone specified
PR: 8188 - Issue: 8183 - Non-group records show on list view if group only access
PR: 8190 - Issue: 8173 - Workflow actions missing in edit and detail view
PR: 8424 - Remove 'buggy version check' from php version checker
PR: 8363 - Adding fix to silent upgrade’s upgrade history save
PR: 8346 - Update links
PR: 8344 - Email1 field now gets populated through API
PR: 8340 - API returns the emailAddress Relationship link
PR: 8322 - Remove Schedulers cron instructions from filter pop-up
PR: 8258 - Fix "!" in pQuery and add tests
PR: 8243 - Clear PHP notice on Home page and improve suitecrm.log message
PR: 8198 - Unit test fixes for 7.10.x
PR: 7832 - V8 API swagger.json
PR: 6709 - Avoid printing js content in CLI commands
PR: 8458 - Fix install layout db options
PR: 8468 - Fix slim api
PR: 8193 - Fixed employees module not appearing in ACL role list
PR: 8326 - Logo upload
PR: 8218 - Issue: 7744 - Remove deprecated functions from utils.php
PR: 8217 - Issue: 7744 - Remove the deprecated load_menu() function in utils.php
PR: 7807 - Issue: 7740 - Replacing the StateChecker with database truncation in tests
PR: 8379 - Deprecate _pp functions
PR: 8378 - Misc code formatting improvements
PR: 8350 - Add tests for splitTime() on TimeDate
PR: 8314 - Fix parameter order for asserts in unit tests
PR: 8300 - Add tests for TimeDate class
PR: 8313 - Add more TimeDate tests
PR: 8299 - Add tests and PHPDocs for return_bytes function
PR: 8296 - A few more little fixes for the formatting in the test suite.
PR: 8283 - Unit test cleanup
PR: 8253 - Remove some old code referencing PHP 5.3
PR: 8252 - Deprecate various utils functions that are unused
PR: 8249 - Add unit tests for is_admin() function
PR: 8236 - Update the Travis Code Coverage job
PR: 8235 - Clean up misc unit tests
PR: 8234 - Add tests for check_php_version
PR: 8216 - Add a PHPDoc comment and test to unencodeMultienum()
PR: 8156 - tests: throw an error in case exit() is called during testing
PR: 8477 - Fix/Avoid WebDriver Timeouts in Travis createModule Tests
PR: 8509 - Fixing typo in seperator/separator change
PR: 8518 - Fix backwards compatibility with seperator/separator css
PR: 7580 - Update export_excel_compatible to work with all Excel versions
PR: 8297 - Add PHPDoc and deprecate unTranslateNum
PR: 8310 - Backport more PHP 7.4 fixes
PR: 8152 - Update html-purifier to 4.12
PR: 8161 - Fix a PHP warning in Meeting.php
Special thanks to Egidio Romano for reporting the security issues addressed in this release!
Special thanks to the following members for their contributions and participation in this release!
Please visit the official website to find the appropriate upgrade package.
To report any security issues please follow our Security Process and send them directly to us via email security@suitecrm.com
Released 11/11/2019
CVE: Unassigned - SQL Injection
PR: 8187 - Issue: 8183 - Non-group records show on list view if group only access
PR: 8190 - Issue: 8173 - Workflow actions missing in edit and detail view
PR: 8192 - Fixed employees module not appearing in ACL role list
PR: 8207 - Issue: 8203 - Repair Administration section ISSUENAME Google Calendar settings menu option
Please visit the official website to find the appropriate upgrade package.
To report any security issues please follow our Security Process and send them directly to us via email security@suitecrm.com
Released 04/11/2019
CVE: CVE-2019-18782 - .htaccess Improvements
CVE: CVE-2019-18785 - API Access Token and Credential fix
CVE: CVE-2019-18784 - Neutralization of potential vulnerability with use of Special Elements within SQL
PR: 7198 - Add Robo API commands
PR: 5464 - Filter email templates on Events
PR: 7829 - Issue: 7828 - Robo tasks for common actions that are performed in Repair Administration module
PR: 7819 - Issue: 7817 - Added option to filter WorkFlows by module name
PR: 7809 - Robo: Add a --filter option to tests:unit for filtering tests
PR: 7808 - Issue: 7621 - Add support for config_override.test.php
PR: 7844 - SuiteP: Add html data tags to allow module and field identification
PR: 7837 - Issue: 7836 - Robo task to compile css in a custom theme
PR: 7834 - Workflow: Properly delete records which are marked as deleted
PR: 7910 - Issue: 7885 - Add a SECURITY.md to the repository
PR: 8151 - Resolve issue with email templates
PR: 7659 - Icons not rendering properly in Alerts
PR: 7655 - Issue: 7648 - Case Module: Description field not showing after Save and continue
PR: 7650 - 'customMetadate' typo in DashletGeneric.php
PR: 7643 - Issue: 7622 - Make the code:coverage Robo command work outside of CI
PR: 7641 - Issue: 7396 - Update button clears DateTime parameter in Reports Module
PR: 7638 - Issue: 7315 - Adding parameter date field in Reports module causes error in Browser console
PR: 7627 - Update sugar_3.js to fix a MassUpdate undefined error
PR: 7529 - Codacy
PR: 7525 - API Create Relationship via Link
PR: 7515 - Scheduled Reports: Fix report name relation and popup search
PR: 7428 - Issue: 7427 - Show logs lines that was made by anonymous
PR: 7195 - Inspections compatibility
PR: 7193 - Remove Unused Import
PR: 7141 - Type casting
PR: 6765 - Issue: 321 - Hitting enter in the password input saves the user but not the password
PR: 6503 - Add a SAML2 metadata endpoint
PR: 5537 - Issue: 5520 - Do not clear existing attachments when loading a template
PR: 4471 - Update DeleteRelationship.php
PR: 3820 - search_by_module REST API
PR: 7826 - Issue: 2825 - Now we translate the title tag for recently viewed links
PR: 7822 - Issue: 7821 - User name is not aligned in 1200px to 1600px screens
PR: 7818 - InboundEmailTest: Make tests independent to make them work with the state checker
PR: 7816 - Removing an item from subpanel should only require the item edit access right
PR: 7815 - Save email addresses before saving company/person
PR: 7814 - SQL query bug for quote purchase subpanel
PR: 7813 - Issue: 7810 - Pencil present in Top Menu for users with non editing permission
PR: 7802 - Issue: 6830 - Code coverage as a separate stage in CI
PR: 7797 - Issue: 7779 - PHP Fatal error in modules/Connectors
PR: 7783 - Issue: 7780 - Bad css format in Date and Date Range Inputs in search forms
PR: 7782 - Issue: 7781 - Now we can compile SuiteP only one color_scheme
PR: 7777 - Issue: 7784 - Grouping by with xxx_usdollar currency fields
PR: 7774 - EmailMarketing: Add security groups support
PR: 7773 - Make robo test commands fail if tests fail
PR: 7771 - Issue: 7620 - Add dotenv support for the test environment
PR: 7760 - SugarEmail: Fix 'to' field not being filled when the last record doesn’t have an email
PR: 7746 - Issue: 7675 - Add a function to compare properly indices definitions
PR: 7741 - Clean up a bunch of unit tests
PR: 7711 - Issue: 2928 - Clear Zend OPcache when writing files
PR: 7690 - Composerify Zend Lucene
PR: 7906 - Update Gitattributes + codeception.dist.yml
PR: 7904 - Issue: 7903 - Verify if $bean is_subclass_of SugarBean so we can check access
PR: 7900 - Issue: 7869 - Protect against illegal string offset warnings in aow_utils
PR: 7899 - Issue: 7868 - 'Undefined index: leads_id' notices in AOR_Report.php
PR: 7898 - Issue: 7552 - AOR Reports - Mysqli_query failed when execute Report as normal User
PR: 7877 - Issue: 7875 - Wrong render in DateRangeInput using 'Between' Option
PR: 7871 - Issue: 7870 - Improvements in css for date_input and labels in EditView
PR: 7865 - Refixed #7393 without breaking headers for non-pulldown fields
PR: 7866 - Issue: 6535 - Replace contact_xxx in templates also for leads/prospects/users
PR: 7858 - Issue: 6442 - Fix Issue when importing non UTF-8 CSV file
PR: 7857 - Issue: 7848 - Temporarily revert PHP 5.5 from the Travis build
PR: 7855 - Issue: 7613 - Status/State usage causing translation errors
PR: 7841 - Update issue 'Undefined index: docType' PHP notice PR templates to comment on how to include code
PR: 7839 - Issue: 7838 - 'Undefined index: docType' PHP notice
PR: 7833 - SugarFeed: Various fixes for 7.10.19/20 regressions
PR: 7965 - Issue: 7964 - Report Total Field formatting is inconsistent
PR: 7963 - Issue: 7962 - Sending emails with apostrophe in email address
PR: 7957 - Silent upgrade
PR: 7956 - Issue: 7955 - Admin blank screen post upgrade to 7.11.8
PR: 7952 - Update the .gitattributes export-ignore list
PR: 7951 - Issue: 6691 - Typo in key - LBL_ORIGINAL_MESSAGE_SEPERATOR
PR: 7950 - Issue: 7926 - Do not divide by adjustment if it equals 0
PR: 7944 - Issue: 3129 - Use correct Business Hours field name for opening hours check
PR: 7943 - Issue: 7942 - Add bool to eligible fields for merging
PR: 7930 - Typos in audit template metadata
PR: 7929 - Issue: 7928 - Upgrade wizard recommends composer update instead of composer install
PR: 7925 - Enable Delete button in Actions menu
PR: 7913 - Issue: 7912 - Avoid PHP Notices in getVardefs() method
PR: 7909 - htaccess
PR: 8039 - Misc improvements to the acceptance tests
PR: 8032 - Issue: 3857 - Retain date properly when saving a stored query
PR: 8031 - Issue: 7758 - Disable Action menu has no effect on menus in subpanel
PR: 8030 - Issue: 7738 - Email Template selection in email module is not working in Edge/IE11
PR: 8029 - Updated mkdir calls to throw RuntimeExceptions
PR: 8028 - Issue: 7874 - Unable to use custom _head.tpl file
PR: 8027 - Issue: 7882 - No 'Server response time' in SuiteP
PR: 8026 - Issue: 8025 - OAuth2 ClieOAuth Keys Fixed a grammatical error in include/templates/Template.phpnts and Tokens icons are missing
PR: 8020 - Fixed a grammatical error in include/templates/Template.php
PR: 8018 - Move RebuildConfig.php from using XTemplate to using Smarty
PR: 8015 - Make the pagination buttons on DetailView pages links.
PR: 8010 - Skip cache building if custom class exists for dashlets
PR: 8009 - Update contributing.md
PR: 7995 - Typos and made it grammatically better
PR: 7994 - Update config.yml to include 7.10.x branch
PR: 7990 - AOW_WorkFlow: Delete all related beans when deleting a workflow
PR: 7989 - BeanFactory: Don’t return deleted beans from the cache
PR: 7986 - Updated LoggerManager to use @method + code cleanup
PR: 7978 - Issue: 7971 - Textarea in EditView overlaps other fields
PR: 7976 - Replace deprecated array index accessors
PR: 7966 - Email css error
PR: 8086 - Link contributors badge to contributors insights
PR: 8073 - Issue: 8057 - Remove all uses of get_magic_quotes_gpc
PR: 8067 - Added the deprecated lowercase v8 API to codecov ignore list
PR: 8061 - Issue: 6314 - Unused language strings in ver. 7.10.8
PR: 8059 - Added a check for SUGARCRM restrictions in htaccess
PR: 8056 - Issue: 7128 - Remove scheme to avoid mixed content error
PR: 8054 - Improve footer styling for new stats item
PR: 8050 - Issue: 8001 - Non-distinct person entries for each meeting/call invited to
PR: 8049 - Header cleanup
PR: 8041 - Remove BusinessCard-related code
PR: 7908 - Update composer.lock + Rebuild SASS/JS
PR: 7921 - Complete previous fix when ElasticSearch disabled
PR: 7945 - Issue: 7312 - Google Calendar data is cleared if SuiteCRM cal is deleted
PR: 7901 - Issue: 7886 - Elasticsearch Indexing memory usage
Special thanks to the following members for their contributions and participation in this release!
Please visit the official website to find the appropriate upgrade package.
To report any security issues please follow our Security Process and send them directly to us via email security@suitecrm.com
Released 23/08/2019
CVE: CVE-2019-14752 - Reflected XSS
CVE: CVE-2019-18783 - Unintended public exposure of files
CVE: CVE-2019-14454 - Employee module does not implement ACL
If you maintain a custom SuiteCRM theme, you should note that this release may require some small changes to your .tpl
Smarty files. This is because of a legacy customization to Smarty that was removed when it was moved to inclusion via Composer.
The only breaking change will be if you’ve used the theme_template
attribute for any Smarty include
s. You’ll need to remove the theme_template
attribute and change the file attribute to use the full path:
{* before *}
{ include file="_head.tpl" theme_template=true }
{* after *}
{ include file="themes/SuiteP/tpls/_head.tpl" }
Plugin files are still usable in the same way as before – at ./include/Smarty/plugins/
– and can be require
d explicitly. Custom plugins should still go in ./custom/include/Smarty/plugins/
. It should be noted that all other files in ./include/Smarty
have been replaced by empty files to prevent errors in case users were `require`ing the files. They’re deprecated, and requires referencing them can be safely removed. Smarty’s internal files will be autoloaded by Composer by default.
PR: 7719 - Fix/backwards compatibility
PR: 7718 - Issue: 6982 - New user password not being generated
PR: 7713 - Issue: 7712 - Case insensitive detection of header X-CampTrackID
PR: 7699 - Issue: 7667 - Cannot import Email if plain-text plus attachment
PR: 7697 - Folder include/SugarCharts/Jit missing in 7.11.7 installation
PR: 7695 - Add a proper return type to getUserRoleNames()
PR: 7689 - Format InlineEditing.js with prettier
PR: 7683 - Issue: 6415 - Bug when inbound email Leave Messages On Server set to No
PR: 7682 - Documents - Image Field Does Not Display Uploaded Image
PR: 7681 - Issue: 7138 - EmailMan sendEmail missing restricted_addresses check
PR: 7610 - Fixed error message css + email warning config option
Special thanks to the following members for their contributions and participation in this release!
Please visit the official website to find the appropriate upgrade package.
To report any security issues please follow our Security Process and send them directly to us via email security@suitecrm.com
Released 31st July 2019
#CVE-2019-13335 - Security Issue - Fixed SSRF
Security Issue - Fixed privilege escalation
#3756 Fixed #3756 - Calendar pop-ups now auto close after 500ms
#6850 SAML2: Use php-saml from composer
#7154 Fixes SugarPHPMailer encountered an error: Could not access file
#5754 Fixed #5754 - Error with custom fields on getQuery from One2Many relationships
#7345 Get ChromeDriver’s latest release in Robo task
#7390 Fixed #7390 - Unable to set Minimum Password Length in Password Management
#7433 Clean up codeception environments
#5552 Fixed #5552 - Inbound Email Auto-reply send email without Attachments
#6992 Fixed #6992 - Group Email Inbox accounts doesn’t respect reply as option in admin
#7477 Remove unused webDriverHelper variables
#3756 Fixed #3756 - Popup Studio and Calendar don’t auto-close
#7409 Fixed #7409 - Managing Delegates Removes main windows Scrolling
#7421 Fixed #7421 - Use of ampersand (&) in email subject sends email subject misformatted
#7491 Remove unnecessary test files
#7492 Replace the createAccount method
#7509 Fixed #7509 - Using prefix index to not hit Key threshold in MySQL5.6/UTF-8
#7511 Fixed #7511 - Silent installer tries to do unknown things on completion
#7467 Fixed #7467 - Survey entry-point broken in 7.11.5
#7267 Fixed #7267 - Database Failure after upgrading to Version 7.11.4
#7407 Fixed #7407 - "Users may send as themselves" broken - Invalid address: (punyEncode)
#7520 PSR-2
#6935 Fixed #6935 - Cookie path is not respected if globally set
#6470 Fixed #6470 - Email module: Inline image not shown in received/sent email
#7530 Fix missing function getAssignedEmailsCountForUsers
#7535 Misc automated testing improvements
#7536 Cleanup files created by acceptance tests between test runs
#7304 Fixed #7304 - ListView: Fix selection count for the "Select All" case
#7541 ListView: Fix the selection count when executing an action without any selection
#7542 ListView: Fix selection when switch from "select all" to "select page"
#7550 SugarWidgetSubPanelEmailLink: Fix missing opt-in ticks after inline editing
#7553 sugar_3.js: Remove unused send_form_for_emails()
#7554 Fixed email attachment icon
#7284 Fixed #7284 - Top of dashlets being cut off by nav bar nd positioning of dashlet pop-up
#7561 Add a get_current_language() helper function
#7562 Fix/silent upgrade
#7547 Fixed #7547 - use correct login image on install.php
#5190 Fixed #5190 - Attachment in detail view of non imported email doesn’t show
#7565 Add wait to HomeCest so it won’t flake
#7567 Fixed #7567 - Missing Contracts from selection of Related to: field
#4881 Fixed #4881 - Detail view of no imported email is different as imported + missing time unit + attachments
#2464 Fixed #2464 - Logo upload function is not working
#7573 Remove sugar references
#7582 Fix codecov path
#7209 Fixed #7209 - Inline Edit alert Even if I dont make a change
#7588 Fix pagination button class
#7298 Fixed #7298 - Emails 'Bulk Action' is disabled after upgrade to 7.10.16
#7594 Fixed #7594 - Remove include/timezone/timezones.php
#7607 Remove lastView variables from tests
#7599 Fixed #7599 - Unwanted email generated in case creation & update
#7608 Fixed #7608 - A non-numeric value encountered at ListViewSubPanel.php
#7624 Fixed email settings "data error"
#6996 Escaped strings issue, breaks "My favorites" filters and perhaps other things
#7639 Fixed DB failure with activities subpanel
Special thanks to all members for their contributions and participation in this release!
Please visit the official website to find the appropriate upgrade.
To report any security issues please follow our Security Process and send them directly to us via email security@suitecrm.com
Released 1st July 2019
#7439 - Update password hash to use php password_hash by default.
#7455 Fixed #7455 - Keep Lead photo when converting to Contact.
#7249 Fixed #7249 - Admin user cannot edit another user’s Mail Accounts.
#7156 Fixed #7156 - Slow SQL query in include/SugarFolders/SugarFolders.php causing slow emails interface in 7.10.x (and 7.11.x).
#7402 Fixed #7402 - Popup selects are broken.
#6866 Fixed #6866 - 7.10.12 Auto Import of Emails not working.
#3727 Fixed #3727 - IMAP server delete button on DetailView.
#7319 Fixed #7319 - Activity Stream dashlet "reply" function doesn’t appear to do anything.
#4116 Fixed #4116 - Wrong error_1.csv with multiple imports.
#7393 Fixed #7393 - Displaying dropdown db value instead of dropdown label in group header in Reports module.
#7344 Fixed #7344 - Automated Testing improvements.
#7391 Fixed #7391 - DB Error on audit logging large multi select fields.
#7107 Fixed #7107 - SQL errors with sql_mode=STRICT_TRANS_TABLES
#7238 Fixed #7238 - Incorrect user_id saved in users_signatures table when admin updates a signature.
#7351 Fixed #7351 - Fields last_name and first_name in Users too short.
#7357 Fixed #7357 - Home module index page loading bad MySugar file location.
#6379 Fixed #6379 - Unable to GET deleted records through API.
#6343 Fixed #6343 - installer fails, if posix is not installed on linux systems.
#7234 Fixed #7234 - Get subpaneldefs.php from custom/modules/MODULE_NAME/metadata.
#6872 Fixed #6872 - Installation and upgrades files checksums not provided.
#5173 Fixed #5173 - Email inline editing does not work properly (ver. 7.10-RC-2).
#2049 Fixed #2049 - 7.7.2 - Calendar Activities are off by 1 day.
#6140 Fixed #6140 - Switch from league/url to league/uri due to deprecation.
#6445 Fixed #6445 - Campaigns Wizard - EMail Template "Assigned to" issue.
#7241 Fixed #7241 - Some files still use the DB global variable.
#6420 Fixed #6420 - Campaigns: Test-Emails sent out twice.
#5652 Fixed #5652 - Ending spaces in language strings.
#6915 Fixed #6915 - File OAuth2Tokens/metadata/editviewdefs.php is Missing.
#7183 Fixed #7183 - My Cases dashlet searchFields status default values are incorrect.
#7369 Fixed #7369 - Reports module doesn’t have all all formats for displaying date.
#7370 Fixed #7370 - Reports module timezone date issue.
#7308 Fixed #7308 - Sub-Theme changes don’t always update.
#6851 Fixed #6851 - The query fails while managing event delegates in MSSQL.
#6882 Fixed #6882 - Email Address Removed if email is forwarded using outlook.
#7206 - Add php-cs-fixer to composer.json as a dev dependency.
#7356 - Configurable elasticsearch host in acceptance test.
#4198 - fixing a recursion issue on reminders.
#7297 - Fixed the support forum link.
#7240 - EmailTemplates: Improve image url replacement.
#7341 - Fix zero padding issue with openssl decryption.
#7329 - StateChecker: Don’t save hash debug traces.
#7253 - Fixed issue with undecoded subjects coming from Emails DetailView.
#7381 - tests: change the test config default date format to match the unit tests.
#7410 - StateChecker: disable save_traces by default.
#7418 - Remove repetitive instance URL visits from tests.
#7389 - Avoid caching incomplete beans in during SugarBean→fill_in_relationship_fields.
#7436 - Simplify the acceptance and install suite configs.
#7444 - IMAP StateSaver test fix
#7453 - Cache Composer files in Travis. (hotfix-7.10.x PR).
#7451 - Add composer validate job in Travis.
#7449 - Remove some incomplete tests and miscellaneous formatting fixes for the unit test suite
#7442 - Replace most instances of $I→wait(n) with waitForX.
#7437 - Remove wait from Codeception Travis env
#7452 - Disable stopOnFailure and stopOnError in PHPUnit config.
Please visit the official website to find the appropriate upgrade.
To report any security issues please follow our Security Process and send them directly to us via email security@suitecrm.com
Released 3rd June 2019
#CVE-2019-12601 - Security Issue - Fix possible SQL Injection: InboundEmail.php
#CVE-2019-12600 - Security Issue - Fix possible SQL Injection: reassignUserRecords.php
#CVE-2019-12598 - Security Issue - Fix possible SQL injection
#CVE-2019-12599 - Security Issue - Survey module: Inputs are not sanitized (security issue)
#6882 Fixed #6882 - Email Address Removed if email is forwarded using outlook.
#6851 Fixed #6851 - The query fails while managing event delegates in MSSQL.
#7133 Fixed #7133 - Changes in Studio do not make an override file.
#6445 Fixed #6445 - Campaigns Wizard - EMail Template "Assigned to" issue.
#7241 Fixed #7241 - Some files still use the DB global variable.
#7310 Fixed #7310 - 7.10.x-hotfix CI is failing.
#7174 Fixed #7174 - /Api/V8 needs the ability to return a list of modules.
#7175 Fixed #7175 - /Api/V8 needs the ability to a list of module’s fields.
#6420 Fixed #6420 - Campaigns: Test-Emails sent out twice.
#5652 Fixed #5652 - Ending spaces in language strings.
#6915 Fixed #6915 - File OAuth2Tokens/metadata/editviewdefs.php is Missing.
#7250 Fixed #7250 - Notices in ListViews.
#7183 Fixed #7183 - My Cases dashlet searchFields status default values are incorrect.
#7288 Fixed #7288 - Field name in Campaigns is too short.
#7271 Fixed #7271 - Email Template selection in email module is not working for 7.10.16.
#7291 Fixed #7291 - Field name in ProspectLists is too short.
#7268 Fixed #7268 - Fatal Error with PHP7.3 with LoggerManager.php.
#6504 Fixed #6504 - Multiple bounce handling problems.
#7173 - Fix V8 API authorization header passing with apache+php-fpm.
#7263 - Travis due date fix.
#7273 - install.php: Syntax error upload logo.
#7290 - RFC: travis-ci: add a job for PHP 7.3.
#7297 - Fix support forum link.
#7240 - EmailTemplates: Improve image url replacement.
#4198 - fixing a recursion issue on reminders.
Please visit the official website to find the appropriate upgrade.
To report any security issues please follow our Security Process and send them directly to us via email security@suitecrm.com
Released 30th April 2019
Security Issue - Fixed SQL injection
Security Issue - Fixed XSS vulnerability
Security Issue - Fixed Oauth2 access control issue
#7188 Fixed #7188 - ACL doesn’t work on JSON API V8.
#6829 Fixed #6829 - Cache composer packages on Travis CI.
#6540 Fixed #6540 - [language] Hard coded messages in Elasticsearch.
#6126 Fixed #6126 - If field value contains single quote, on each save CRM will treat this field as a changed.
#5724 Fixed #5724 - Map Area - Import Option Fails : An Error has occurred.
#7221 Fixed #7221 - stdClass::$message_id undefinded for IMAP.
#7220 Fixed #7220 - Description/note fields in the contract line items formats the numeric values as currency.
#6480 Fixed #6480 - REST API - Prevent "Too few arguments to function SugarWebServiceImplv4" after API call.
#7080 Fixed #7080 - API returns wrong module string address for email addresses.
#7221 Fixed #7221 - stdClass::$message_id undefinded for IMAP.
#4661 Fixed #4661 - Ability to create / edit object’s "Created By" "Date Created" using API.
#6483 Fixed #6483 - V8 API Doesn’t popuplate created_by and modified_user_id.
#7188 Fixed #7188 - ACL doesn’t work on JSON API V8.
#6480 Fixed #6480 - REST API - Prevent "Too few arguments to function SugarWebServiceImplv4" after API call.
#6483 Fixed #6483 - V8 API Doesn’t popuplate created_by and modified_user_id.
#6864 Fixed #6864 - API - overzealous method visibility.
#6037 Fixed #6037 - AOR Reports - Issue with related records in reports.
#7162 Fixed #7162 - Popup select All records btn hidden in SuiteCRM 7.11.x.
#7166 Fixed #7166 - Upgrad to 7.11.3 version email body is empty.
#5746 Fixed #5746 - Unable to order results descending on get_relationships API method .
#6455 Fixed #6455 - The V8 API does not allow filtering by custom fields.
#7189 Fixed #7189 - Fatal error when loading custom views.
#7207 Fixed #7207 - Get Menu.php from custom/modules/MODULE_NAME/.
#7095 Fixed #7095 - Api relationship links are missing the /Api and start with /V8 .
#6950 Fixed #6950 - We should have a way to add composer dependencies safe-upgrade.
#49 Fixed #49 - Support pthreads.
#6761 Fixed #6761 - Api/V8 - Unable to Delete (unlink) relationships.
#48 - Browser title not correct for custom modules.
#46 - Spanish reminders added to notify template.
#7147 - Api - fix relate fields not populating on get_list.
#6744 - Fix emails losing confirmed opt-in when converting a lead to a contact.
#6680 - Change default view on template to avoid date created/modified issues.
#7214 - Fixed DeleteRelationshipParams typo.
#7213 - Fixed relationship links url.
#7229 - Remove hardcoded encryption key.
#7176 - Remove codecov patch status.
#7217 - Fix AOS_Product_Categories test name.
Users of ALL previous 7.11.x releases are advised to Upgrade to 7.11.4 as soon as possible.
Please visit the official website to find the appropriate upgrade. To report any security issues please follow our Security Process and send them directly to us via email security@suitecrm.com
Released 28th Mar 2019
#CVE-2019-6506 Security Issue - Fixed SQL injection
#7101 Fix (little) v8 API for v7.10.10+
#7099 Fix/mssql folder support
#7091 Fix obscured milestone radio buttons in Project Templates
#7075 Fixed missing curly brace in SoapPortalUser.php.
#6921 Fixed #6921 - Verbose logs for popErrorLevel
#7049 Give cookie a default value to stop from throwing notices.
#6978 Fixed #6998 - cron.php fails because there is no check whether ElasticSearch is enabled
#6978 Fixed #6978 - Hosting company is blocking ports because of YamlRunnerTest.php
#6985 Fixed #6985 - Exception on Repair/Quick Repair and Rebuild
#6755 Fixed #6755 - Adding setFooter('{PAGENO}') to the PDF
#7044 Fixed Content-Type header missing in some cases for the getImage entry point.
#6733 Fixed - AOR Reports: Add a security groups subpanel.
#7034 Fixed - Removed sugar reference.
#6729 Fixed #6729 - Email Style Issue - Black screen.
#6822 Fixed - Now using secure cookies when appropriate.
#7084 Fixed #7084 - Fix Error in SearchForm2.php when having a function in field definition.
#7045 Fixed - EmailTemplates: Only show subpanels in the DetailView.
#7060 Fixed - warnings in log.
#7067 Fixed #7067 - InLine Date Edit bug - Call to a member function format() on boolean.
#7064 Fixed - Use the provided method to make sure the index exists.
#551 Fixed #551 - add functionality to save new labels for relationships.
#6942 Fixed - issue with tab panel and quick create form.
#5497 Fixed #5497 - Reports: Hide inaccessible modules in the reports editor.
#7082 Fixed - EmailTemplates: Fix undefined property error when creating a new template.
#7035 Fixed - Increase minimum recommended memory to 64Mb (for 7.10.x).
#3592 Fixed #3592 - Problems with quotations.
#675 Fixed #675 - Suitecrm 7.3.2 Calendar entries are not displayed.
#7012 Fixed - Codecov threshold.
#6844 Fixed #6844 - Reduce travis output - DotReporter.
#6185 Fixed #6185 - Top menu mouse out does not close sub.
#5662 Fixed #5662 - EmailTemplate: Fix images URLs not being converted with mozaik.
#7043 Fixed - Random unittest error in SugarControllerTest.
#7041 Fixed - Any Phone search on Contacts module added missing field phone_home on SearchFields.
#7032 Fixed #7032 - Add setLevelMapping method.
#7004 Fixed - PDF templates from setting no value when 0.00 is entered.
#7008 Fixed - Remove Robofile.php + Update composer.lock.
#7021 Fixed - link to testing documentation. [ci-skip].
#5706 Fixed #5706 - 7.10.4 - Checkboxes are missing in downloaded PDF from Reports.
#2531 Fixed #2531 - 7.10.4 - Report Writer - Boolean Field will not export to CSV
#6936 Fixed #6936 - Global link Employees always reset list query.
#5985 Fixed - unified search "no results" page.
#6815 Fixed - unittests: Fixes for PHP 7.3.
#7051 Fixed #7051 - Changed a limit of 2.147.483 seconds for autoRefresh.
#7054 Fixed #7054 - Email body blank when sent as plaintext only.
#7025 Fixed #7025 - Sent date for emails in History View Summary is incorrect.
#6860 Fixed - Reports: Hides inaccessible modules in the reports editor.
#5967 Fixed #5967 - AOR Reports - incorrect calculation for date quarter periods.
Users of ALL previous 7.11.x releases are advised to Upgrade to 7.11.3 as soon as possible.
Please visit the official website to find the appropriate upgrade.
To report any security issues please follow our Security Process and send them directly to us via email security@suitecrm.com
Released 19th Feb 2019
#6186 Feature/robo coding standards
#4361 Fixed #4361 Use Parameter $imageJSONEncode if returning sprites
#6832 Fixed #6832 - Project Coding Standards being ignored
#6867 Confirm opt-in fix
#6870 Fixed #6870 - Composer deprecation warning
#6796 Fixed #6796 duplicated code and broken braces introduced in a previous merge
#6886 Fix/php lint
#6894 Duplicate: Reports: Fix "One of" operator for multi select fields
#6904 Fixed #6904 - In Campaign view status page, row is out of box
#6916 Fixed #6916 - 7.11.1 Fatal: Object of class EmailAddress could not be converted to string
#6036 Fixed #6036 - Reports entering a date parameter with Period operator
#6298 Fixed #6298 - Pagination not working on list views
#6932 Fixed #6932 - 7.11.1: Newer version of PHPMailer is not compatible with Email:email2Send method
#6778 Fixed #6778 - Role Management - Header change doesn’t update entire colum
#2117 Fixed #2117 - Redundant More Button in SuiteP
#6865 Fixed #6865 - Move consolidation/robo to "require" in composer
#6865 Fixed #6419 - Reserved mssql keyword in query, crash business hours module
#6966 Fixed #6966 - Email to field wrong UFT-8 encoding
#6955 Fix missing quotes typo
Please visit the official website to find the appropriate upgrade.
To report any security issues please follow our Security Process and send them directly to us via email security@suitecrm.com
Released 31st Jan 2019
#6810 Resolved issue with email config within campaign wizard.
#6785 Resolved issue with system not sending attahcments.
#6767 Resolved Email view when using non default folders.
#6766 The SMTP Port saved as a string instead of int.
#6484 Inseting images from local disk rendered and saved within email templates.
#5961 Resolved saving attachments in the Email template editor.
#6787 Resolves critial issue when a new user being created the password wasn’t being saved.
#6786 No longer display "%20" instead of a space when in dropdown editor
#6468 Fixed possibility of NULL value breaking module builder templates
#6758 Removed duplication language strings.
#6140 Replaced league/url league/uri
#6516 Fillers now stay as saved in Gridlayout
#532 here is now an edit/remove in the projects subpanel
#6453 LDAP fix.
#6743 Add email account name to the inbox button '''
Please visit the official website to find the appropriate upgrade.
To report any security issues please follow our Security Process and send them directly to us via email security@suitecrm.com.
In total, we have merged 12 Pull Requests with 3 of these from Community contributions!
Please visit the official website to find the appropriate upgrade.
To report any security issues please follow our Security Process and send them directly to us via email security@suitecrm.com.
Released 14th Jan 2019
Users can authenticate using their Google login and synchronise their Meetings between a Google calendar – these include updates, reminders, and invitees.
#6146 Synchronise SuiteCRM with Google Calendar
Elasticsearch is an open-source, broadly-distributable, readily-scalable, enterprise-grade RESTful search engine. It provides a highly flexible solution to centrally store and index your data that can be accessed extremely quickly via its API. By including Elasticsearch as a core search engine integration SuiteCRM can now provide users a faster and better scalable way to perform full text searches via Global Search on larger data volumes than before.
This allows the user to copy a record’s email addresses using the workflow module actions to the newly created record if the option is checked.
#6533 Adding the ability to set subpanels to display as flat buttons via layoutdefs
$layout_defs['Leads']['subpanel_setup']['history']['flat'] = 1
$data = $this->getVardefsData('Accounts');
$this->addDomJS($data, 'vardefs');
#6734 Resolved the bug where users were unable to navigate using the tab order
#6590 Insert images in Email Templates with tinyMCE
#4046 Fixed #4046 - 7.9.4 - imported emails are not auto related to related records when you reply to/reply to all/ forward them
#6402 Fixed #6402 - Resolved mass update of Users for Email Client.
#6351 Fixed #6351 - Now only sends one email when using activities subpanel as intended
#6485 Fixed #6485 - Resolves opt-in tick for external email clients
#6487 Fixed #6487 - Resolves the DB time shown for related email addresses in reports module
#6472 Fixed #6472 - Resolved wrong sized image for email templates in the campaign wizard
#5420 Date_sent filled correctly, Drafts will send and Layout fixed.
#4999 Fixed #4999 - Resolved sent emails now appear in the sent folder.
#6611 Fixed #6611 - Resolved Email Template now displays in List View correctly
#6713 Fix email related to when importing an email
#3763 Fixed #3763 - Resolved the bug that stopped users to navigate using tab order
#717 Fixed #717 - Corrects Field Indention on Detailview when by itself on panel
#707 Fixed #707 - Resolves the issue of users unable to clone a field in studio
#583 Fixed #583 - Adds the visual cue that a module is highlighted on main navigation
#3083 Fixed #3083 - Calendar pop up windows are incorrectly displayed under MENU bar index
#6004 Fixed #6004 - Fix round up for quotes/invoices where there is an increase in integral part
#6302 Fixed #6302 - installWizard styling
#6150 Fixed #6150 - This shows all the records of Parent Type in listview
#5477 Fixed #5477 - Resolves issue of Fillers Cause Spacing Issues on the DetailView when they are left of a Field
#6340 Fixed #6340 - Email Compose Dropdown now recognises specialised characters
#5948 Fixed #5948 - Resolved inline editing on the "content" field on the Campaign Module
#6647 Generate chart colours based on labels
#5783 Fixed #5783 - Resolved so that the geocoded table header is now visible
#2741 Fixed #2741 - Custom search field subquery now checks all values
#5771 Fixed #5771 - Resolves the Salutation variable missing in campaigns when used.
#6530 Fixed #6530 - unsubscribed users no longer showing up as subscribed
#6190 Fixed #6190 - You can now access Change Log from Document Detail View
#6549 Fixed #6549 - No longer a missing surveys_campaigns relationship
#6565 fixes google calender language formatting
#6579 Fixed #6579 - Resolved Calendar creating an extra meeting after Repeat End by
#6552 Fixed #6552 - Resolved AOR_Report exporting apostrophies to CSV.
#6599 Fixed #6511 - Resolved the Document Attachment Subpanel is now correct
#6594 Fixed #6594 - Resolved Calendar now updates visually when not using "Shared Calendar Separate"
#6629 Resolved link now gets deleted in documents
#6653 Resolved campaing wizard no longer shows the template editor in all steps
#6651 Fixed #6651 - Added LBL_CHECKMARK to SecurityGruop language
#4872 Fixed #4872 - Fixed so subpanel actions are no longer failing if refresh_page=1
#6738 Resolves the issue of when creating a row the delete collumn will now display correctly.
#6687 Minor grammar fixes to log entry
#532 Fixed #532 - Add the edit/remove button to Project Tasks subpanel
#6260 New Tests for Inbound Email functionality
#2400 Fixed #2400 - Language manifest is duplicated and overwritten on each install
#6464 Codecov exclude
#6548 code cleanup
#6585 php_zip_utils.php
#6586 Fixed #6586 - Fix an erroneously-commented return statement.
#6592 Updated contributing.md
#6568 Fixed #6568 - Change minimun and recommended PHP
#5508 Fixed #5508 - Upgrade phpMailer to 6.x
#6566 Update composer.json + composer.lock
#6603 Added/Refactor: Clean MySql Queries in SugarFolders
#5509 Fixed #5509 - [language] Now has the correct label for 'FOR_AMOUNT' in activity stream
#6637 Vardefs definition in dom
#6648 Fixed #6648 - We add a task in RoboFile.php for cleaning cache directory
#6678 Resolved blank screen on PasswordManager
#6698 Copyright revision
#6539 Cleanup, Refactoring and bugfix for Google Sync
#6303 Fixed #6303 - Administration / System Settings / ERROR in log: argument cache/themes/SuiteP/modules is not a file or a dir
Library | Old Location | New Location |
---|---|---|
Recaptcha |
include/reCaptcha/ |
vendor/google/recaptcha |
TinyMCE |
include/javascript/mozaik/vendor/tinymce |
vendor/tinymce/tinymce/ |
PhpMailer |
include/phpmailer/ |
vendor/phpmailer/phpmailer |
In total, we have merged a MASSIVE 69 PULL REQUESTS with 24 of these from Community contributions!
Special thanks to LEAP-nishit and the following members for their contributions and participation in this release
(in order of most Pull Requests contributed).
Please visit the official website to find the appropriate upgrade.
To report any security issues please follow our Security Process and send them directly to us via email security@suitecrm.com.
#1348 Added new 'Copy emails from WorkFlow Module' option to Workflow’s 'Cr…
#3008 Module vardefs definitions or custom data in the DOM
#6533 Fix/Individual Flat Subpanels
#6632 Set collapsed_subpanels preference
#6493 Definition of Favorites and Trackers Beans in Sugar View
#6590 Insert images links in Email Templates with tinyMCE
#6584 Adding inboundemail tests using FakeImapHandler
#6260 New testing email related functions
#6618 Push acceptance test output to new file host
#6585 Remove php_zip_utils error
#6454 Reverting back to PHPunit and only using codeception for API & acceptance tests
#6548 Elastic Search Code Clean Up
#6566 Update composer.json + composer.lock
#6588 Resolve merge conflict for Cases EditView - hide non new case fields
#6637 Vardefs definition in dom - Adding Tests
#6603 Added/Refactor: Clean MySql Queries in SugarFolders
#6592 Updated contributing.md
#6464 Codecov exclude - faster time hopefully.
#6368 Fix for issue #5477
#6609 Fixed #6594 - Calendar doesn’t update visually when NOT using "Shared Calendar Separate"
#2930 Fixed #707 - added conditional statement to check if action is not clone
#6304 Fixed #6303 - Administration / System Settings / ERROR in log: argument cache/themes/SuiteP/modules is not a file or a dir.
#6488 Fixed #6487 - opt-in: use the DB time for writing confirm_opt_in_*date
#2956 Fix #2219 - Description field not wrapping with SuiteP theme after in…
#6004 Fixed #6003 - round up for cases where there is an increase in integral part.
#6629 Fix issue where link is not deleted for documents
#6634 Fixed #5509 - [language] New label 'FOR_AMOUNT' in activity stream for opportunity
#6327 Fixed #6150 - SuiteCRM v7.10.7, bug Returns parent record data.
#6192 Fix #6190 - Change Log access from Document Detail View
#6378 Fixed #5948 - 7.8.18 Content Field on Campaign module can’t be edited…
#6600 Hotfix 4999 sent folder issue
#6612 Fixed #6611 - Email Template doesn’t display in List View correctly
#6460 Fixed #2741
#6302 Fixed installWizard styling - check writable module
#6411 Fixed #5783 - The table header with geocoded objects is not visible
#6530 Manage subscriptions: Fix unsubscribed users showing up as subscribed sometimes
#3846 partial fix for issue of logic for default value
#6597 Fixed: #6552 AOR Report Export CSV was giving incorrect data when using apostrophe (') into any field
#6550 FIX #6549 - Add missing surveys_campaigns relationship
#6497 Fixed #6472 - Fix wrong image sizes for email templates in the campaign wizard
#6599 Fixed #6511 - Document Attachment Subpanel link incorrect
#6466 Fixed #5771 - Salutation variable in campaigns displays item name instead of value 7.10.4
#4072 Fixed #4046 - 7.9.4 - imported emails are not auto related to related records when you reply to/reply to all/ forward them
#6474 Fixed #6351 - Triple email sending when i use activities subpanel in Contact Module
#6573 FIX #6568 - Change minimun and recommended PHP
#6565 Fixes google calender language formatting
#6571 FIX #6568 - Adjust SUITECRM_PHP_REC_VERSION to 7.1.0
Please visit the official website to find the pre-production appropriate upgrade.
Special thanks to LEAP-nishit and the following members for their contributions and participation in this release!
To report any security issues please follow our Security Process and send them directly to us via email security@suitecrm.com
Lastly a big thank you to the community for testing and confirming pull requests in our 17-18th December 2018 Pull Request Party. This release is the result of the hard work and effort everyone put into the project!
Content is available under GNU Free Documentation License 1.3 or later unless otherwise noted.