7.11.x Releases

7.11.23

Released 19/11/2021

Assets

Security

CVE: Pending - Fixed file check bypass
CVE: Pending - Local File Inclusion

Bug Fixes

Fix 8432 - Remove index limit from mssql index names upon create and repair.
PR: 8957 - Fix typo in word administrator
PR: 9368 - Fix 9217 - Revert "Fix Users index incompatible with MSSQL".
PR: 9360 - Fix 9358 - Meeting invite notification emails are not sending to all invitees.
PR: 9361 - Fix 9192: Fix duplication of folders_rel table entries.
PR: 9246 - Fix 6994: Update pollMonitoredInboxesAOP to double check that SugarFolder has been retrieved correctly.
PR: 9367 - Update PDF template warning

Community

Special thanks to everyone who reporting the security issues addressed in this release!

Victor Garcia

Special thanks to the following members for their contributions and participation in this release!

Please visit the official website to find the appropriate upgrade package.

To report any security issues please follow our Security Process and send them directly to us via email security@suitecrm.com

7.11.22

Released 24/09/2021

Assets

Security

CVE: Pending - Privilege Escalation vulnerability
CVE: Pending - Local File Inclusion

Bug Fixes

PR: 9277 - Issue - 9269 - Fix #9269 - edit view jumps to tab with validation error upon save,if hidden
PR: 9259 - Issue: 9269 - Fix #9257 Adjusting references and tests to reflect updated GoogleAPIalias
PR: 9262 - Fix #9262 - Add the Overview label to Security Groups detailview
PR: 9286 - Fix #9286 - EmailsComposeView.js Formatting
PR: 9293 - Fix #9293 - Error on audit save
PR: 9297 - Fix #9297 - V8 API Auth issues on windows

Community

Special thanks to everyone who reporting the security issues addressed in this release!

Konstantin Damotsev

Special thanks to the following members for their contributions and participation in this release!

schapsl

tsmgeek

Please visit the official website to find the appropriate upgrade package.

To report any security issues please follow our Security Process and send them directly to us via email security@suitecrm.com

7.11.21

Released 20/08/2021

Assets

Security

CWE-1236: Improper Neutralization of Formula Elements in a CSV File
CWE-284: : Improper Access Control

Bug Fixes

PR: 8716 - Correct Layout of date fields
PR: 8921 - Link Fix - Upgrade Documentation
PR: 8922 - Notes for translators on abbreviations
PR: 8923 - Indentation Fix
PR: 8925 - Space Typo Fix
PR: 8929 - Moving comment next to the string
PR: 8930 - https url fix
PR: 8931 - SuiteP template translators notes
PR: 9180 - Issue: 9179 - Fix for: #9179 AOR_Charts getShortenedLabel fails on utf8 characters
PR: 9072 - Make Projects Importable
PR: 9102 - Issue: 4145 - Fix for: Email Address - "invalid" and "opt_out" options are lost
PR: 9206 - Issue: 9205 - Fix #9205 - Duplicate audit records
PR: 8534 - Fix Archive Folder Query
PR: 8587 - Add cases to email object_arr
PR: 8685 - Only init Currency when saving
PR: 8732 - AOR_Reports generating php notices due to undef
PR: 9044 - Change pdfheader/pdffooter data type to longtext
PR: 9084 - Set default perms on new log file
PR: 9195 - Update CaseUpdatesHook.php
PR: 8485 - Fix function declaration of TabController::get_key_array()
PR: 9008 - Wrong spelling of ProspectLists module
PR: 9202 - Issue: 9201 - Filter form label styling
PR: 9238 - Issue: 9237 - Fix #9237 where dates in aow actions & conditions are not saved or displayed correctly
PR: 9223 - Issue: 6997 - User profile password auto-fill
PR: 9182 - Allow filtering Survey campaigns
PR: 8992 - Issue: 8991 - Small bit of duplicate code
PR: 9007 - Wrong spelling of AOR_Reports module
PR: 9069 - Inline Edit: Help text containing quotes is not correctly displayed
PR: 8613 - Improve Contacts Duplicate List
PR: 8898 - Retrieve SuiteCRM version in get_server_info

Community

Special thanks to everyone who reporting the security issues addressed in this release!

Hagai Wechsler

Special thanks to the following members for their contributions and participation in this release!

Please visit the official website to find the appropriate upgrade package.

To report any security issues please follow our Security Process and send them directly to us via email security@suitecrm.com

7.11.20

Released 02/06/2021

Assets

Security

CVE: CVE-2018-19296 - Object Injection in PHPMailer

Bug Fixes

PR: 8731 Issue: 7285 - Database failure when filter custom fields by V8 API
PR: 9149 Issue: 8319 - Multiple IMAP Inboxes
Issue: 9106 - JSON Error in related field’s popup
Issue: 9166 - Fix Missing locale in FullCalender 3.10
Fix Users index incompatible with MSSQL
Fix Php compatibility within Admin ConfigureTabs
Fix Email Address loading performance
Fix theme - dashletclose.png loading error in console
Fix theme - Footer text colour inconsistency
Fix theme - Menu overflow top module alignment
Fix theme - Admin settings empty error displays line
Change populateDefaultValues fatal log on empty field_defs to warning

Community

Special thanks to everyone who reporting the security issues addressed in this release!

Daniel Sundbeck

Special thanks to the following members for their contributions and participation in this release!

Please visit the official website to find the appropriate upgrade package.

To report any security issues please follow our Security Process and send them directly to us via email security@suitecrm.com

7.11.19

Released 28/04/2021

Assets

Security

CVE: Pending - XSS Vulnerability
CVE: Pending - XSS Vulnerability
CVE: Pending - XSS Vulnerability
CVE: Pending - XSS Vulnerability
CVE: Pending - XSS Vulnerability
CVE: Pending - Fixed Dependency
CVE: Pending - Fixed stored XSS vulnerability
CVE: Pending - Fixed stored XSS vulnerability
CVE: Pending - Fixed file check bypass
CVE: Pending - Improved file upload checks

Bug Fixes

PR: 8642 - Issue: 5107 - Fix Inline edit date/datetime issue
PR: 7999 - Prevent securitygroups mass assign damage
PR: 8571 - Remove duplicate code in users detailviewdefs
PR: 8514 - Implement effective opcache file clearing
PR: 8700 - Various problems in PHPDocs throughout the codebase.
PR: 9068 - Issue: 9067 - Fix the drop down width
PR: 9093 - Add Additional api filter option like
PR: 9090 - User menu alignment
PR: 8570 - Issue: 6051 - Modulebuilder labels edit fixes
PR: 9088 - Update JQuery JS Library to v3.6.0
PR: 9000 - Issue: 8999 - Hardcoded 'by' label in calls
PR: 9035 - Issue: 9034 - Business Hours does not work in non-english languages
PR: 8910 - Update the V8 Api to allow for upload of documents similar to notes
PR: 9010 - Add missing 'view task' label on calendar
PR: 9003 - Issue: 8894 - Add missing label for calendar dashlet
PR: 9032 - Prevent Notice Error During Import
PR: 8206 - Issue: 8182 - Update updateTimeDateFields to handle undefined dates
PR: 9076 - Issue: 9075 - Removing deleted related beans via link
PR: 8988 - Improve upon solution which doesn’t cache incomplete beans
PR: 7884 - Issue: 6800 - Elasticsearch: Elastic index name is hardcoded
PR: 9060 - Project Form action should not be changed if delete is not confirmed
PR: 9059 - Issue: 8676 - New Scheduled Reports does not run
PR: 9079 - Issue: 2645 - Calendar quick create ignores required fields
PR: 9054 - Add missing scheduler label for trimSugarFeeds
PR: 9070 - Fix php compatibility issues
PR: 8974 - Issue: 8956 - Email compose body not shown in detail view
PR: 9096 - Issue: 7772 - Only index ElasticSearch when enabled
PR: 9101 - Fix LangText exception breaking ElasticSearch
PR: 8513 - Issue: 8472 - No or not complete Searchresults using elasticsearch engine
PR: 8981 - Issue: 8916 - Misspelled elasticsearch labels
PR: 9080 - Update config for google/apiclient at composer.json

Community

_Special thanks to everyone who reporting the security issues addressed in this release!

Cory Billington, Thanhlocpanda of VinCSS (Member of Vingroup), Hao Wang, Sam Sanoop, Chris Forbes, James Addison

Special thanks to the following members for their contributions and participation in this release!

Please visit the official website to find the appropriate upgrade package.

To report any security issues please follow our Security Process and send them directly to us via email security@suitecrm.com

7.11.18

Released 05/11/2020

Assets

Release Notes

Important - This release resolves an important issue in 7.11.16 and 7.11.17 that can cause issues in many areas of the crm, including in reports, roles and currency. We recommend all users of 7.11.16 and 7.11.17 to upgrade to this release asap. see issues 8936 and 8934 for more details

Important - Update 17 March 2021 - The upgrade patch has been updated to version 1.0.1. This update addresses an issue in which the upgrade patch may have prevented the option to select "Next" after a successful system check when upgrading. Special thanks to JanSiero for highlighting this issue and fix.

Bug Fixes

Issue: 8936 - +/- get removed from start of text
Issue: 8934 - Report main group issues
Issue: 8391 - Yesterday period option in reports show correct time
Issue: 8863 - Cannot report on Employee Status
Issue: 8918 - Regression with download.php image fields
Issue: 8941 - Cannot delete reports fields
Issue: 8826 - PDF Report contains blank space when using a Main Group and Total

Community

Special thanks to the following members for their contributions and participation in this release!

Tuckan

pgorod

QuickCRM

Please visit the official website to find the appropriate upgrade package.

To report any security issues please follow our Security Process and send them directly to us via email security@suitecrm.com

7.11.17

Released 29/10/2020

Assets

Release Notes

7.11.17 addresses an issue in 7.11.16 where Email compose body field was missing after upgrade to 7.11.16, please refer to the 7.11.16 release note for the further details and changes

Bug Fixes

Issue: 8913 - Email compose body field missing after upgrade to 7.11.16

7.11.16

Released 28/10/2020

Assets

Release Notes

Important - This release removes the YUI3 JavaScript Library from the codebase due to security concerns for the discontinued project. If you have code within your instance that still specifically requires or makes use of YUI3 you made need to update your code or include YUI3 manually, prior to updating to this release.

Security

Important Security Issue
Important Security Issue
Important Security Issue
Moderate Security Issue
Moderate Security Issue
Moderate Security Issue
Moderate Security Issue
Moderate Security Issue

Security issues information will be added shortly

Enhancements

PR: 8818 - Add 'Contains' as valid opp for multienum
PR: 8814 - Allow custom SugarFieldBase class
Move TinyMCE Editor to composer

Bug Fixes

Issue: 7972 - IMAP import fails with Office 365
Issue: 8688 - Fatal error on install with MySQL 8
Issue: 6046 - DBMS reserved words fail in MySQL8
Issue: 8830 - File names with underscores in download.php
Issue: 8610 - Uninitialised variables in ModuleInstaller.php
Issue: 4435 - TinyMCE pagebreaks work correctly
Issue: 8771 - Silent failure when no PHP-json module installed
Issue: 8905 - Report joins fail on one to one relationships
Issue: 8904 - Optimistic Locking is not compatible with all field types
Issue: 8904 - Optimistic locking module definition incorrectly set on some modules
Issue: 8903 - Campaign Bounce email import - better mine type recognition
Issue: 8882 - Delegates subpanel select all / select page doesn’t work
Issue: 7306 - API v8 not working on php-fcgid - Missing /api/.htaccess
Issue: 8486 - Rewriting of '.htaccess' file
Issue: 8535 - Email To field being deleted on save
Issue: 8730 - duplicate Compose Email Modal from Activities subpanel
Issue: 8641 - Compose button / Related ID not set when no email
Issue: 8812 - Add to target list in Campaign results
Issue: 8824 - Too few arguments on SugarWebServiceImpl set_relationship
Issue: 8677 - Subpanel end navigation
Issue: 8888 - Fixes DynamicField reference
Issue: 8785 - Incorrect Syntax in install.php
Issue: 8795 - Change log level to warn loading non existing Bean
Issue: 8819 - Update OutboundEmail.php to handle deleted rows
Issue: 6427 - Stacked Bar chart totals incorrect
Issue: 8348 - V8 API CORS prevents DELETE HTTP call
Issue: 8816 - module name on logic_hook install
Issue: 3468 - Email template retrieving cached beans
Issue: 8841 - Change private to protected to fix EmailMan overrides
Issue: 8490 - Fix php Notices
Issue - Calender fails to display event the last over 3 weeks
Issue - Theme display issues - Header & Footer clean up, Action and List view view buttons

Community

_Special thanks to everyone who reporting the security issues addressed in this release!

Luis Noriega wizlynx group, M. Cory Billington (@_th3y), Hao Wang, QuickCRM, pgorod & Apple Information Security

Special thanks to the following members for their contributions and participation in this release!

Please visit the official website to find the appropriate upgrade package.

To report any security issues please follow our Security Process and send them directly to us via email security@suitecrm.com

7.11.15

Released 10/06/2020

Assets

Release Notes

7.11.15 addresses an issue in 7.11.14 where the change log would fail to display, please refer to the 7.11.14 release note for the further details and changes

7.11.14

Released 09/06/2020

Assets

Release Notes

This release includes an additional patch that you can install if you are having issue upgrading. This allows you apply the enhancements and fixes we have brought in recent release to the upgrade wizard, prior to you upgrading to hopefully resolve many issue we have seen in the community. To apply the patch download it from the here and install via module loader, not via the upgrade wizard. Then proceed to upgrade as normal.

Security

Moderate Security Issue
Moderate Security Issue
Moderate Security Issue
Moderate Security Issue
Moderate Security Issue

Full disclosure of the security issues addressed in this release will be made at a later date

Enhancements

PR: 7795 - PR: 7806 Custom Extend Core Modules
PR: 8405 - Remove deprecated sudo from .travis.yml
PR: 8506 - Increase driver timeouts to be a little more lenient
PR: 8523 - Update the index on the target list - targets middle table
PR: 8618 - Move OAuth2 Encryption Key into config.php
PR: 8639 - Display Data table under maps in any language
PR: 8638 - Check permissions only on required directories on upgrade system checks

Bug Fixes

PR: 6669 - Issue: 5526 - Fix Inline edit date/datetime issue
PR: 7056 - Issue: 3911 - LDAPAutheticate warnings in log
PR: 7863 - Issue: 7723 - Fix missing campaign analysis graphs
PR: 8208 - Issue: 6676 - Add editview check to stop cacheing issues for dates on aow conditions
PR: 8257 - Issue: 8261 - Handling of temp files during Upgrades
PR: 8481 - Issue: 8450 - Minor bug in GridLayoutMetaDataParser::addField()
PR: 8483 - Fix function declaration of SugarFieldTime::save()
PR: 8504 - Issue: 8499 - API V8 issues for password grants SuiteCRM 7.10.22
PR: 8511 - Issue: 5012 - Remove maxLength from user name in DB config
PR: 8550 - Issue: 8549 - Added CSS to make case updates textfield re-sizeable
PR: 8559 - Fix issue for non based on Emails Campaigns
PR: 8594 - Fix db convert directly calling abstract function
PR: 8596 - Add missing business hours calculation to reports
PR: 8597 - Issue: 5836 - Fix/5836 two factor authentication redirect
PR: 8598 - Fix usage of deprecated Redis::delete() function
PR: 8601 - Fix PHP notices Fix missing query offset in SugarBean::get_linked_beans() warnings
PR: 8607 - Fix missing query offset in SugarBean::get_linked_beans()
PR: 8629 - Fix string within sub query
PR: 8635 - Download link displayed twice. No Delete link in Diagnostic
PR: 8636 - Issue: 8489 - No validation when using header save button in AOS_Products
PR: 8638 - Issue: 8637 - Upgrade Wizard fatal error after upgrade on windows
PR: 8646 - Fix Report navigation display
PR: 8647 - Issue: 5487 - Report groups repeat for each record
PR: 8648 - Issue: 7821 - Fix Username alignment in all screen widths
PR: 8651 - Fix warnings when running upgrade via cli
PR: 8652 - Issue: 8643 - Reports do not work related module custom fields
PR: 8654 - Fix naming from SugarCRM Reports to AOR_Reports
PR: 8655 - Reports: Remove useless recalculation
PR: 8659 - Issue: 7766 - Invalid depreciated log in SugarBean fixUpFormatting
PR: 8661 - Task Status key is displayed in View Summary
PR: 8754 - Remove unused google service from the vendor directory
PR: 8755 - Issue: 7152 - Fix cases Update text not saving when using html field
PR: 8758 - Issue: 8757 - Time format preference typo

Community

_Special thanks to everyone who reporting the security issues addressed in this release!

Đào Quốc Vương, Global Ip Action & Connor Shea

Special thanks to the following members for their contributions and participation in this release!

Please visit the official website to find the appropriate upgrade package.

To report any security issues please follow our Security Process and send them directly to us via email security@suitecrm.com

7.11.13

Released 25/03/2020

Assets

Release Notes

Security

Critical Security Vulnerability
Important Security Issue
Important Security Issue

Full disclosure of the security issues addressed in this release will be made at a later date

Bug Fixes

Issue: 5836 - Two Factor Authentication redirect to User profile
Issue: 8582 - DBManager::convert calls abstract function
Issue: 6676 - Multiple datetime value condition issues in Workflow / Reports
Issue: 7011 - Intial User Login Duplicate Timezone Request / Blank screen
Issue: 8261 - Upgrade Issues - Handling of temp files during Upgrades
Issue: 8483 - Fix function declaration of SugarFieldTime::save()

Community

Special thanks to all who contributed to this release!

Please visit the official website to find the appropriate upgrade package.

To report any security issues please follow our Security Process and send them directly to us via email security@suitecrm.com

7.11.12

Released 14/02/2020

Assets

Release Notes

Security

CVE: 2020-8803 - Local File Inclusion
CVE: 2020-8801 - PHP Object Injections
CVE: 2020-8800 - Second-Order PHP Object Injections
CVE: 2020-8802 - Bean Manipulation

Bug Fixes

Issue: 8541 - MySQL Database breaking on special characters
Backward incompatible config changes

Community

Special thanks to Egidio Romano for reporting the security issues addressed in this release!

Please visit the official website to find the appropriate upgrade package.

To report any security issues please follow our Security Process and send them directly to us via email security@suitecrm.com

7.11.11

Released 10/02/2020

Assets

Administrators Note 1/2

You may notice when installing SuiteCRM a new panel which allows for the configuration of different collations and type-sets. This is part of our progression towards resolving issues with special characters and emojis. Currently available sets include utf8 and utf8mb4.

Administrators Note 2/2

Within this release, we have also resolved a few known issues with the upgrade process; however, they will unfortunately not take effect until the next upgrade cycle. Therefore it is vital that if you encounter any problems while installing that you review and follow the recommended process within the SuiteDocs upgrade debugging page which can be found here

Potential breaking change with package container-interop

If you maintain a CRM utilising container-interop for API extension, you should note that this release may require some small changes to routing as seen below:

Instead of Interop

use Interop\Container\ContainerInterface;

Make use of Psr

use Psr\Container\ContainerInterface;

Release Notes

Security

CVE: CVE-2020-8787 - Bean ID validation strictness
CVE: CVE-2020-8783 - Neutralization of potential vulnerability with use of Special Elements within SQL
CVE: CVE-2020-8784 - Neutralization of potential vulnerability with use of Special Elements within SQL
CVE: CVE-2020-8785 - Neutralization of potential vulnerability with use of Special Elements within SQL
CVE: CVE-2020-8786 - Neutralization of potential vulnerability with use of Special Elements within SQL

Enhancements

PR: 8100 - Issue: 8099 - Add a way to hide/show columnChooser in ListViews
PR: 7879 - Issue: 7876 - Render phone fields as links
PR: 8215 - Scroll QR&R to see the 'sync with vardefs' part
PR: 8164 - More inclusive language
PR: 8160 - Updated CONTRIBUTING.md
PR: 7798 - Database character set configuration

Bug Fixes

PR: 8422 - Issue: 8421 - Fix issue with validation on aos settings
PR: 8395 - Issue: 6000 - Notifications not working when using mssql
PR: 8353 - Issue: 8351 - Datepicker missing in massupdate for custom datetime field type
PR: 8298 - Issue: 8295 - Fix sorting icons showing counterwise
PR: 8285 - Issue: 6990 - Run Email Notification not working
PR: 8274 - Issue: 8273 - Check the selected e-mail client
PR: 8233 - Issue: 8057 - Backport various PHP 7.4 fixes
PR: 8205 - Issue: 8180 - Font colour is the same as the search bar bg
PR: 8053 - Issue: 7874 - Unable to use custom _head.tpl file (alternative fix)
PR: 8139 - Issue: 8134 - Logo not in left-hand corner anymore
PR: 8158 - Issue: 8151 - Updating FPEvent unit test to use correct array
PR: 8181 - Issue: 7305 - Scheduled reports execute in the timezone specified
PR: 8188 - Issue: 8183 - Non-group records show on list view if group only access
PR: 8190 - Issue: 8173 - Workflow actions missing in edit and detail view
PR: 8424 - Remove 'buggy version check' from php version checker
PR: 8363 - Adding fix to silent upgrade’s upgrade history save
PR: 8346 - Update links
PR: 8344 - Email1 field now gets populated through API
PR: 8340 - API returns the emailAddress Relationship link
PR: 8322 - Remove Schedulers cron instructions from filter pop-up
PR: 8258 - Fix "!" in pQuery and add tests
PR: 8243 - Clear PHP notice on Home page and improve suitecrm.log message
PR: 8198 - Unit test fixes for 7.10.x
PR: 7832 - V8 API swagger.json
PR: 6709 - Avoid printing js content in CLI commands
PR: 8458 - Fix install layout db options
PR: 8468 - Fix slim api
PR: 8193 - Fixed employees module not appearing in ACL role list
PR: 8326 - Logo upload

Development

PR: 8231 - Issue: 7891 - Clean up include/ tests
PR: 8218 - Issue: 7744 - Remove deprecated functions from utils.php
PR: 8217 - Issue: 7744 - Remove the deprecated load_menu() function in utils.php
PR: 7807 - Issue: 7740 - Replacing the StateChecker with database truncation in tests
PR: 8379 - Deprecate _pp functions
PR: 8378 - Misc code formatting improvements
PR: 8350 - Add tests for splitTime() on TimeDate
PR: 8314 - Fix parameter order for asserts in unit tests
PR: 8300 - Add tests for TimeDate class
PR: 8313 - Add more TimeDate tests
PR: 8299 - Add tests and PHPDocs for return_bytes function
PR: 8296 - A few more little fixes for the formatting in the test suite.
PR: 8283 - Unit test cleanup
PR: 8253 - Remove some old code referencing PHP 5.3
PR: 8252 - Deprecate various utils functions that are unused
PR: 8249 - Add unit tests for is_admin() function
PR: 8236 - Update the Travis Code Coverage job
PR: 8235 - Clean up misc unit tests
PR: 8234 - Add tests for check_php_version
PR: 8216 - Add a PHPDoc comment and test to unencodeMultienum()
PR: 8156 - tests: throw an error in case exit() is called during testing
PR: 8477 - Fix/Avoid WebDriver Timeouts in Travis createModule Tests
PR: 8509 - Fixing typo in seperator/separator change
PR: 8518 - Fix backwards compatibility with seperator/separator css
PR: 7580 - Update export_excel_compatible to work with all Excel versions
PR: 8297 - Add PHPDoc and deprecate unTranslateNum
PR: 8310 - Backport more PHP 7.4 fixes
PR: 8152 - Update html-purifier to 4.12
PR: 8161 - Fix a PHP warning in Meeting.php

Community

Special thanks to Egidio Romano for reporting the security issues addressed in this release!

Special thanks to the following members for their contributions and participation in this release!

Please visit the official website to find the appropriate upgrade package.

To report any security issues please follow our Security Process and send them directly to us via email security@suitecrm.com

7.11.10

Released 11/11/2019

Assets

Release Notes

Security

CVE: Unassigned - SQL Injection

Bug Fixes

PR: 8185 - Issue: 7946 - Removed unnecessary JSSource files
PR: 8187 - Issue: 8183 - Non-group records show on list view if group only access
PR: 8189 - Issue: 8151 - Email Template
PR: 8190 - Issue: 8173 - Workflow actions missing in edit and detail view
PR: 8192 - Fixed employees module not appearing in ACL role list
PR: 8207 - Issue: 8203 - Repair Administration section ISSUENAME Google Calendar settings menu option

Please visit the official website to find the appropriate upgrade package.

To report any security issues please follow our Security Process and send them directly to us via email security@suitecrm.com

7.11.9

Released 04/11/2019

Assets

Release Notes

Security

CVE: CVE-2019-18782 - .htaccess Improvements
CVE: CVE-2019-18785 - API Access Token and Credential fix
CVE: CVE-2019-18784 - Neutralization of potential vulnerability with use of Special Elements within SQL

Enhancements

PR: 7198 - Add Robo API commands
PR: 5464 - Filter email templates on Events
PR: 7829 - Issue: 7828 - Robo tasks for common actions that are performed in Repair Administration module
PR: 7819 - Issue: 7817 - Added option to filter WorkFlows by module name
PR: 7809 - Robo: Add a --filter option to tests:unit for filtering tests
PR: 7808 - Issue: 7621 - Add support for config_override.test.php
PR: 7844 - SuiteP: Add html data tags to allow module and field identification
PR: 7837 - Issue: 7836 - Robo task to compile css in a custom theme
PR: 7834 - Workflow: Properly delete records which are marked as deleted
PR: 7910 - Issue: 7885 - Add a SECURITY.md to the repository

Bug Fixes

PR: 8154 - Issue: 8153 - SQL query in the ACLAction code
PR: 8151 - Resolve issue with email templates
PR: 7659 - Icons not rendering properly in Alerts
PR: 7655 - Issue: 7648 - Case Module: Description field not showing after Save and continue
PR: 7650 - 'customMetadate' typo in DashletGeneric.php
PR: 7643 - Issue: 7622 - Make the code:coverage Robo command work outside of CI
PR: 7641 - Issue: 7396 - Update button clears DateTime parameter in Reports Module
PR: 7638 - Issue: 7315 - Adding parameter date field in Reports module causes error in Browser console
PR: 7627 - Update sugar_3.js to fix a MassUpdate undefined error
PR: 7587 - Issue: 7586 - Unnecessary include in UserService
PR: 7529 - Codacy
PR: 7525 - API Create Relationship via Link
PR: 7515 - Scheduled Reports: Fix report name relation and popup search
PR: 7428 - Issue: 7427 - Show logs lines that was made by anonymous
PR: 7195 - Inspections compatibility
PR: 7193 - Remove Unused Import
PR: 7141 - Type casting
PR: 6765 - Issue: 321 - Hitting enter in the password input saves the user but not the password
PR: 6503 - Add a SAML2 metadata endpoint
PR: 5537 - Issue: 5520 - Do not clear existing attachments when loading a template
PR: 4471 - Update DeleteRelationship.php
PR: 3820 - search_by_module REST API
PR: 7826 - Issue: 2825 - Now we translate the title tag for recently viewed links
PR: 7822 - Issue: 7821 - User name is not aligned in 1200px to 1600px screens
PR: 7818 - InboundEmailTest: Make tests independent to make them work with the state checker
PR: 7816 - Removing an item from subpanel should only require the item edit access right
PR: 7815 - Save email addresses before saving company/person
PR: 7814 - SQL query bug for quote purchase subpanel
PR: 7813 - Issue: 7810 - Pencil present in Top Menu for users with non editing permission
PR: 7802 - Issue: 6830 - Code coverage as a separate stage in CI
PR: 7797 - Issue: 7779 - PHP Fatal error in modules/Connectors
PR: 7783 - Issue: 7780 - Bad css format in Date and Date Range Inputs in search forms
PR: 7782 - Issue: 7781 - Now we can compile SuiteP only one color_scheme
PR: 7777 - Issue: 7784 - Grouping by with xxx_usdollar currency fields
PR: 7774 - EmailMarketing: Add security groups support
PR: 7773 - Make robo test commands fail if tests fail
PR: 7771 - Issue: 7620 - Add dotenv support for the test environment
PR: 7762 - Issue: 7761 - htaccess issue
PR: 7760 - SugarEmail: Fix 'to' field not being filled when the last record doesn’t have an email
PR: 7746 - Issue: 7675 - Add a function to compare properly indices definitions
PR: 7741 - Clean up a bunch of unit tests
PR: 7711 - Issue: 2928 - Clear Zend OPcache when writing files
PR: 7690 - Composerify Zend Lucene
PR: 7906 - Update Gitattributes + codeception.dist.yml
PR: 7904 - Issue: 7903 - Verify if $bean is_subclass_of SugarBean so we can check access
PR: 7900 - Issue: 7869 - Protect against illegal string offset warnings in aow_utils
PR: 7899 - Issue: 7868 - 'Undefined index: leads_id' notices in AOR_Report.php
PR: 7898 - Issue: 7552 - AOR Reports - Mysqli_query failed when execute Report as normal User
PR: 7892 - Issue: 5652 - Ending spaces in language strings
PR: 7877 - Issue: 7875 - Wrong render in DateRangeInput using 'Between' Option
PR: 7871 - Issue: 7870 - Improvements in css for date_input and labels in EditView
PR: 7865 - Refixed #7393 without breaking headers for non-pulldown fields
PR: 7866 - Issue: 6535 - Replace contact_xxx in templates also for leads/prospects/users
PR: 7864 - Issue: 7642 - Replace Title with Job Title
PR: 7858 - Issue: 6442 - Fix Issue when importing non UTF-8 CSV file
PR: 7857 - Issue: 7848 - Temporarily revert PHP 5.5 from the Travis build
PR: 7855 - Issue: 7613 - Status/State usage causing translation errors
PR: 7853 - Issue: 7848 - Move the PHP 5.6 job to xenial
PR: 7847 - Issue: 6012 - Emails being sent from 'Root User'
PR: 7841 - Update issue 'Undefined index: docType' PHP notice PR templates to comment on how to include code
PR: 7839 - Issue: 7838 - 'Undefined index: docType' PHP notice
PR: 7833 - SugarFeed: Various fixes for 7.10.19/20 regressions
PR: 7965 - Issue: 7964 - Report Total Field formatting is inconsistent
PR: 7963 - Issue: 7962 - Sending emails with apostrophe in email address
PR: 7959 - Issue: 3860 - Fix typo in InboundEmail.php
PR: 7957 - Silent upgrade
PR: 7956 - Issue: 7955 - Admin blank screen post upgrade to 7.11.8
PR: 7952 - Update the .gitattributes export-ignore list
PR: 7951 - Issue: 6691 - Typo in key - LBL_ORIGINAL_MESSAGE_SEPERATOR
PR: 7950 - Issue: 7926 - Do not divide by adjustment if it equals 0
PR: 7944 - Issue: 3129 - Use correct Business Hours field name for opening hours check
PR: 7943 - Issue: 7942 - Add bool to eligible fields for merging
PR: 7930 - Typos in audit template metadata
PR: 7929 - Issue: 7928 - Upgrade wizard recommends composer update instead of composer install
PR: 7925 - Enable Delete button in Actions menu
PR: 7924 - Issue: 7923 - Verify the variable is an array
PR: 7922 - Issue: 7880 - InboundEmail mime parser
PR: 7918 - Issue: 7917 - Issue with french translation
PR: 7913 - Issue: 7912 - Avoid PHP Notices in getVardefs() method
PR: 7909 - htaccess
PR: 8039 - Misc improvements to the acceptance tests
PR: 8032 - Issue: 3857 - Retain date properly when saving a stored query
PR: 8031 - Issue: 7758 - Disable Action menu has no effect on menus in subpanel
PR: 8030 - Issue: 7738 - Email Template selection in email module is not working in Edge/IE11
PR: 8029 - Updated mkdir calls to throw RuntimeExceptions
PR: 8028 - Issue: 7874 - Unable to use custom _head.tpl file
PR: 8027 - Issue: 7882 - No 'Server response time' in SuiteP
PR: 8026 - Issue: 8025 - OAuth2 ClieOAuth Keys Fixed a grammatical error in include/templates/Template.phpnts and Tokens icons are missing
PR: 8020 - Fixed a grammatical error in include/templates/Template.php
PR: 8018 - Move RebuildConfig.php from using XTemplate to using Smarty
PR: 8015 - Make the pagination buttons on DetailView pages links.
PR: 8010 - Skip cache building if custom class exists for dashlets
PR: 8009 - Update contributing.md
PR: 7998 - Issue: 7997 - Datetime field caching issue
PR: 7995 - Typos and made it grammatically better
PR: 7994 - Update config.yml to include 7.10.x branch
PR: 7990 - AOW_WorkFlow: Delete all related beans when deleting a workflow
PR: 7989 - BeanFactory: Don’t return deleted beans from the cache
PR: 7986 - Updated LoggerManager to use @method + code cleanup
PR: 7981 - Issue: 5709 - Paths to milestone image
PR: 7978 - Issue: 7971 - Textarea in EditView overlaps other fields
PR: 7976 - Replace deprecated array index accessors
PR: 7970 - Issue: 7969 - Cannot call logger
PR: 7966 - Email css error
PR: 8086 - Link contributors badge to contributors insights
PR: 8076 - Issue: 8057 - Deprecated usage of join
PR: 8075 - Issue: 8057 - Misc PHP 7.4 deprecations
PR: 8073 - Issue: 8057 - Remove all uses of get_magic_quotes_gpc
PR: 8068 - Issue: 7764 - Undefined index: server_unique_key
PR: 8067 - Added the deprecated lowercase v8 API to codecov ignore list
PR: 8064 - Issue: 8063 - Change isset() to !empty()
PR: 8061 - Issue: 6314 - Unused language strings in ver. 7.10.8
PR: 8060 - Issue: 7987 - Apache log
PR: 8059 - Added a check for SUGARCRM restrictions in htaccess
PR: 8058 - Issue: 8057 - Deprecated usages of implode
PR: 8056 - Issue: 7128 - Remove scheme to avoid mixed content error
PR: 8054 - Improve footer styling for new stats item
PR: 8051 - Issue: 7397 - Implement Refresh Token Grant
PR: 8050 - Issue: 8001 - Non-distinct person entries for each meeting/call invited to
PR: 8049 - Header cleanup
PR: 8041 - Remove BusinessCard-related code
PR: 7908 - Update composer.lock + Rebuild SASS/JS
PR: 7921 - Complete previous fix when ElasticSearch disabled
PR: 7945 - Issue: 7312 - Google Calendar data is cleared if SuiteCRM cal is deleted
PR: 7954 - Issue: 7953 - Elasticsearch default size setting
PR: 7901 - Issue: 7886 - Elasticsearch Indexing memory usage

Development

PR: 8000 - More PHP 7.4 array accessor deprecations
PR: 6750 - Issue: 4754 - Remove PHP4 style constructors
PR: 8085 - Deprecated string concatenation
PR: 8080 - Replaced alias functions

Community

Special thanks to the following members for their contributions and participation in this release!

Please visit the official website to find the appropriate upgrade package.

To report any security issues please follow our Security Process and send them directly to us via email security@suitecrm.com

7.11.8

Released 23/08/2019

Assets

Release Notes

Security

CVE: CVE-2019-14752 - Reflected XSS
CVE: CVE-2019-18783 - Unintended public exposure of files
CVE: CVE-2019-14454 - Employee module does not implement ACL

Enhancements

PR: 7702 - Issue: 7696 - Update README
PR: 7698 - Issue: 7581 - SuiteBot config.yml
PR: 7672 - Composerify Zend
PR: 7636 - Optimize images
PR: 7591 - Composerify Smarty

Potential breaking change with Smarty

If you maintain a custom SuiteCRM theme, you should note that this release may require some small changes to your .tpl Smarty files. This is because of a legacy customization to Smarty that was removed when it was moved to inclusion via Composer.

The only breaking change will be if you’ve used the theme_template attribute for any Smarty includes. You’ll need to remove the theme_template attribute and change the file attribute to use the full path:

{* before *}
{ include file="_head.tpl" theme_template=true }

{* after *}
{ include file="themes/SuiteP/tpls/_head.tpl" }

Plugin files are still usable in the same way as before – at ./include/Smarty/plugins/ – and can be required explicitly. Custom plugins should still go in ./custom/include/Smarty/plugins/. It should be noted that all other files in ./include/Smarty have been replaced by empty files to prevent errors in case users were `require`ing the files. They’re deprecated, and requires referencing them can be safely removed. Smarty’s internal files will be autoloaded by Composer by default.

Bug Fixes

PR: 7719 - Fix/backwards compatibility
PR: 7718 - Issue: 6982 - New user password not being generated
PR: 7713 - Issue: 7712 - Case insensitive detection of header X-CampTrackID
PR: 7699 - Issue: 7667 - Cannot import Email if plain-text plus attachment
PR: 7697 - Folder include/SugarCharts/Jit missing in 7.11.7 installation
PR: 7695 - Add a proper return type to getUserRoleNames()
PR: 7689 - Format InlineEditing.js with prettier
PR: 7683 - Issue: 6415 - Bug when inbound email Leave Messages On Server set to No
PR: 7682 - Documents - Image Field Does Not Display Uploaded Image
PR: 7681 - Issue: 7138 - EmailMan sendEmail missing restricted_addresses check
PR: 7610 - Fixed error message css + email warning config option

Community

Special thanks to the following members for their contributions and participation in this release!

JanSiero

604media

connorshea

Please visit the official website to find the appropriate upgrade package.

To report any security issues please follow our Security Process and send them directly to us via email security@suitecrm.com

7.11.7

Released 31st July 2019

Assets

Release Notes

Security

#CVE-2019-13335 - Security Issue - Fixed SSRF
Security Issue - Fixed privilege escalation

Enhancements

#7374 Robo test-running commands
#7474 SecuritySuite 3.1.16
#7503 Scheduled Reports: Enable security groups support and add the subpanel

Bug Fixes

#3756 Fixed #3756 - Calendar pop-ups now auto close after 500ms
#6850 SAML2: Use php-saml from composer
#7154 Fixes SugarPHPMailer encountered an error: Could not access file
#5754 Fixed #5754 - Error with custom fields on getQuery from One2Many relationships
#7345 Get ChromeDriver’s latest release in Robo task
#7390 Fixed #7390 - Unable to set Minimum Password Length in Password Management
#7433 Clean up codeception environments
#5552 Fixed #5552 - Inbound Email Auto-reply send email without Attachments
#6992 Fixed #6992 - Group Email Inbox accounts doesn’t respect reply as option in admin
#7477 Remove unused webDriverHelper variables
#3756 Fixed #3756 - Popup Studio and Calendar don’t auto-close
#7409 Fixed #7409 - Managing Delegates Removes main windows Scrolling
#7421 Fixed #7421 - Use of ampersand (&) in email subject sends email subject misformatted
#7491 Remove unnecessary test files
#7492 Replace the createAccount method
#7509 Fixed #7509 - Using prefix index to not hit Key threshold in MySQL5.6/UTF-8
#7511 Fixed #7511 - Silent installer tries to do unknown things on completion
#7467 Fixed #7467 - Survey entry-point broken in 7.11.5
#7267 Fixed #7267 - Database Failure after upgrading to Version 7.11.4
#7407 Fixed #7407 - "Users may send as themselves" broken - Invalid address: (punyEncode)
#7520 PSR-2
#6935 Fixed #6935 - Cookie path is not respected if globally set
#6470 Fixed #6470 - Email module: Inline image not shown in received/sent email
#7530 Fix missing function getAssignedEmailsCountForUsers
#7535 Misc automated testing improvements
#7536 Cleanup files created by acceptance tests between test runs
#7304 Fixed #7304 - ListView: Fix selection count for the "Select All" case
#7541 ListView: Fix the selection count when executing an action without any selection
#7542 ListView: Fix selection when switch from "select all" to "select page"
#7550 SugarWidgetSubPanelEmailLink: Fix missing opt-in ticks after inline editing
#7553 sugar_3.js: Remove unused send_form_for_emails()
#7554 Fixed email attachment icon
#7284 Fixed #7284 - Top of dashlets being cut off by nav bar nd positioning of dashlet pop-up
#7561 Add a get_current_language() helper function
#7562 Fix/silent upgrade
#7547 Fixed #7547 - use correct login image on install.php
#5190 Fixed #5190 - Attachment in detail view of non imported email doesn’t show
#7565 Add wait to HomeCest so it won’t flake
#7567 Fixed #7567 - Missing Contracts from selection of Related to: field
#4881 Fixed #4881 - Detail view of no imported email is different as imported + missing time unit + attachments
#2464 Fixed #2464 - Logo upload function is not working
#7573 Remove sugar references
#7582 Fix codecov path
#7209 Fixed #7209 - Inline Edit alert Even if I dont make a change
#7588 Fix pagination button class
#7298 Fixed #7298 - Emails 'Bulk Action' is disabled after upgrade to 7.10.16
#7594 Fixed #7594 - Remove include/timezone/timezones.php
#7607 Remove lastView variables from tests
#7599 Fixed #7599 - Unwanted email generated in case creation & update
#7608 Fixed #7608 - A non-numeric value encountered at ListViewSubPanel.php
#7624 Fixed email settings "data error"
#6996 Escaped strings issue, breaks "My favorites" filters and perhaps other things
#7639 Fixed DB failure with activities subpanel

Community

Special thanks to all members for their contributions and participation in this release!

Please visit the official website to find the appropriate upgrade.

To report any security issues please follow our Security Process and send them directly to us via email security@suitecrm.com

7.11.6

Released 1st July 2019

Assets

Release Notes

Security

#7439 - Update password hash to use php password_hash by default.

Bug Fixes

#7455 Fixed #7455 - Keep Lead photo when converting to Contact.
#7249 Fixed #7249 - Admin user cannot edit another user’s Mail Accounts.
#7156 Fixed #7156 - Slow SQL query in include/SugarFolders/SugarFolders.php causing slow emails interface in 7.10.x (and 7.11.x).
#7402 Fixed #7402 - Popup selects are broken.
#6866 Fixed #6866 - 7.10.12 Auto Import of Emails not working.
#3727 Fixed #3727 - IMAP server delete button on DetailView.
#7319 Fixed #7319 - Activity Stream dashlet "reply" function doesn’t appear to do anything.
#4116 Fixed #4116 - Wrong error_1.csv with multiple imports.
#7393 Fixed #7393 - Displaying dropdown db value instead of dropdown label in group header in Reports module.
#7344 Fixed #7344 - Automated Testing improvements.
#7391 Fixed #7391 - DB Error on audit logging large multi select fields.
#7107 Fixed #7107 - SQL errors with sql_mode=STRICT_TRANS_TABLES
#7238 Fixed #7238 - Incorrect user_id saved in users_signatures table when admin updates a signature.
#7351 Fixed #7351 - Fields last_name and first_name in Users too short.
#7357 Fixed #7357 - Home module index page loading bad MySugar file location.
#6379 Fixed #6379 - Unable to GET deleted records through API.
#6343 Fixed #6343 - installer fails, if posix is not installed on linux systems.
#7234 Fixed #7234 - Get subpaneldefs.php from custom/modules/MODULE_NAME/metadata.
#6872 Fixed #6872 - Installation and upgrades files checksums not provided.
#5173 Fixed #5173 - Email inline editing does not work properly (ver. 7.10-RC-2).
#2049 Fixed #2049 - 7.7.2 - Calendar Activities are off by 1 day.
#6140 Fixed #6140 - Switch from league/url to league/uri due to deprecation.
#6445 Fixed #6445 - Campaigns Wizard - EMail Template "Assigned to" issue.
#7241 Fixed #7241 - Some files still use the DB global variable.
#6420 Fixed #6420 - Campaigns: Test-Emails sent out twice.
#5652 Fixed #5652 - Ending spaces in language strings.
#6915 Fixed #6915 - File OAuth2Tokens/metadata/editviewdefs.php is Missing.
#7183 Fixed #7183 - My Cases dashlet searchFields status default values are incorrect.
#7369 Fixed #7369 - Reports module doesn’t have all all formats for displaying date.
#7370 Fixed #7370 - Reports module timezone date issue.
#7308 Fixed #7308 - Sub-Theme changes don’t always update.
#6851 Fixed #6851 - The query fails while managing event delegates in MSSQL.
#6882 Fixed #6882 - Email Address Removed if email is forwarded using outlook.
#7206 - Add php-cs-fixer to composer.json as a dev dependency.
#7356 - Configurable elasticsearch host in acceptance test.
#4198 - fixing a recursion issue on reminders.
#7297 - Fixed the support forum link.
#7240 - EmailTemplates: Improve image url replacement.
#7341 - Fix zero padding issue with openssl decryption.
#7329 - StateChecker: Don’t save hash debug traces.
#7253 - Fixed issue with undecoded subjects coming from Emails DetailView.
#7381 - tests: change the test config default date format to match the unit tests.
#7410 - StateChecker: disable save_traces by default.
#7418 - Remove repetitive instance URL visits from tests.
#7389 - Avoid caching incomplete beans in during SugarBean→fill_in_relationship_fields.
#7436 - Simplify the acceptance and install suite configs.
#7444 - IMAP StateSaver test fix
#7453 - Cache Composer files in Travis. (hotfix-7.10.x PR).
#7451 - Add composer validate job in Travis.
#7449 - Remove some incomplete tests and miscellaneous formatting fixes for the unit test suite
#7442 - Replace most instances of $I→wait(n) with waitForX.
#7437 - Remove wait from Codeception Travis env
#7452 - Disable stopOnFailure and stopOnError in PHPUnit config.

Please visit the official website to find the appropriate upgrade.

To report any security issues please follow our Security Process and send them directly to us via email security@suitecrm.com

7.11.5

Released 3rd June 2019

Assets

Release Notes

Security

#CVE-2019-12601 - Security Issue - Fix possible SQL Injection: InboundEmail.php
#CVE-2019-12600 - Security Issue - Fix possible SQL Injection: reassignUserRecords.php
#CVE-2019-12598 - Security Issue - Fix possible SQL injection
#CVE-2019-12599 - Security Issue - Survey module: Inputs are not sanitized (security issue)

Bug Fixes

#6882 Fixed #6882 - Email Address Removed if email is forwarded using outlook.
#6851 Fixed #6851 - The query fails while managing event delegates in MSSQL.
#7133 Fixed #7133 - Changes in Studio do not make an override file.
#6445 Fixed #6445 - Campaigns Wizard - EMail Template "Assigned to" issue.
#7241 Fixed #7241 - Some files still use the DB global variable.
#7310 Fixed #7310 - 7.10.x-hotfix CI is failing.
#7174 Fixed #7174 - /Api/V8 needs the ability to return a list of modules.
#7175 Fixed #7175 - /Api/V8 needs the ability to a list of module’s fields.
#6420 Fixed #6420 - Campaigns: Test-Emails sent out twice.
#5652 Fixed #5652 - Ending spaces in language strings.
#6915 Fixed #6915 - File OAuth2Tokens/metadata/editviewdefs.php is Missing.
#7250 Fixed #7250 - Notices in ListViews.
#7183 Fixed #7183 - My Cases dashlet searchFields status default values are incorrect.
#7288 Fixed #7288 - Field name in Campaigns is too short.
#7271 Fixed #7271 - Email Template selection in email module is not working for 7.10.16.
#7291 Fixed #7291 - Field name in ProspectLists is too short.
#7268 Fixed #7268 - Fatal Error with PHP7.3 with LoggerManager.php.
#6504 Fixed #6504 - Multiple bounce handling problems.
#7173 - Fix V8 API authorization header passing with apache+php-fpm.
#7263 - Travis due date fix.
#7273 - install.php: Syntax error upload logo.
#7290 - RFC: travis-ci: add a job for PHP 7.3.
#7297 - Fix support forum link.
#7240 - EmailTemplates: Improve image url replacement.
#4198 - fixing a recursion issue on reminders.

Please visit the official website to find the appropriate upgrade.

To report any security issues please follow our Security Process and send them directly to us via email security@suitecrm.com

7.11.4

Released 30th April 2019

Assets

Release Notes

Security

Security Issue - Fixed SQL injection
Security Issue - Fixed XSS vulnerability
Security Issue - Fixed Oauth2 access control issue

Bug Fixes

#7188 Fixed #7188 - ACL doesn’t work on JSON API V8.
#6829 Fixed #6829 - Cache composer packages on Travis CI.
#6540 Fixed #6540 - [language] Hard coded messages in Elasticsearch.
#6126 Fixed #6126 - If field value contains single quote, on each save CRM will treat this field as a changed.
#5724 Fixed #5724 - Map Area - Import Option Fails : An Error has occurred.
#7221 Fixed #7221 - stdClass::$message_id undefinded for IMAP.
#7220 Fixed #7220 - Description/note fields in the contract line items formats the numeric values as currency.
#6480 Fixed #6480 - REST API - Prevent "Too few arguments to function SugarWebServiceImplv4" after API call.
#7080 Fixed #7080 - API returns wrong module string address for email addresses.
#7221 Fixed #7221 - stdClass::$message_id undefinded for IMAP.
#4661 Fixed #4661 - Ability to create / edit object’s "Created By" "Date Created" using API.
#6483 Fixed #6483 - V8 API Doesn’t popuplate created_by and modified_user_id.
#7188 Fixed #7188 - ACL doesn’t work on JSON API V8.
#6480 Fixed #6480 - REST API - Prevent "Too few arguments to function SugarWebServiceImplv4" after API call.
#6483 Fixed #6483 - V8 API Doesn’t popuplate created_by and modified_user_id.
#6864 Fixed #6864 - API - overzealous method visibility.
#6037 Fixed #6037 - AOR Reports - Issue with related records in reports.
#7162 Fixed #7162 - Popup select All records btn hidden in SuiteCRM 7.11.x.
#7166 Fixed #7166 - Upgrad to 7.11.3 version email body is empty.
#5746 Fixed #5746 - Unable to order results descending on get_relationships API method .
#6455 Fixed #6455 - The V8 API does not allow filtering by custom fields.
#7189 Fixed #7189 - Fatal error when loading custom views.
#7207 Fixed #7207 - Get Menu.php from custom/modules/MODULE_NAME/.
#7095 Fixed #7095 - Api relationship links are missing the /Api and start with /V8 .
#6950 Fixed #6950 - We should have a way to add composer dependencies safe-upgrade.
#49 Fixed #49 - Support pthreads.
#6761 Fixed #6761 - Api/V8 - Unable to Delete (unlink) relationships.
#48 - Browser title not correct for custom modules.
#46 - Spanish reminders added to notify template.
#7147 - Api - fix relate fields not populating on get_list.
#6744 - Fix emails losing confirmed opt-in when converting a lead to a contact.
#6680 - Change default view on template to avoid date created/modified issues.
#7214 - Fixed DeleteRelationshipParams typo.
#7213 - Fixed relationship links url.
#7229 - Remove hardcoded encryption key.
#7176 - Remove codecov patch status.
#7217 - Fix AOS_Product_Categories test name.

Users of ALL previous 7.11.x releases are advised to Upgrade to 7.11.4 as soon as possible.

Please visit the official website to find the appropriate upgrade. To report any security issues please follow our Security Process and send them directly to us via email security@suitecrm.com

7.11.3

Released 28th Mar 2019

Assets

Release Notes

Security

#CVE-2019-6506 Security Issue - Fixed SQL injection

Enhancements

#6806 WYSIWYG Field type core contribution.
#6710 Performing an upgrade from the CLI.
#6823 UI change: Displaying proper popup of list of PDF Templates

Bug Fixes

#7101 Fix (little) v8 API for v7.10.10+
#7099 Fix/mssql folder support
#7091 Fix obscured milestone radio buttons in Project Templates
#7075 Fixed missing curly brace in SoapPortalUser.php.
#6921 Fixed #6921 - Verbose logs for popErrorLevel
#7049 Give cookie a default value to stop from throwing notices.
#6978 Fixed #6998 - cron.php fails because there is no check whether ElasticSearch is enabled
#6978 Fixed #6978 - Hosting company is blocking ports because of YamlRunnerTest.php
#6985 Fixed #6985 - Exception on Repair/Quick Repair and Rebuild
#6755 Fixed #6755 - Adding setFooter('{PAGENO}') to the PDF
#7044 Fixed Content-Type header missing in some cases for the getImage entry point.
#6733 Fixed - AOR Reports: Add a security groups subpanel.
#7034 Fixed - Removed sugar reference.
#6729 Fixed #6729 - Email Style Issue - Black screen.
#6822 Fixed - Now using secure cookies when appropriate.
#7084 Fixed #7084 - Fix Error in SearchForm2.php when having a function in field definition.
#7045 Fixed - EmailTemplates: Only show subpanels in the DetailView.
#7060 Fixed - warnings in log.
#7067 Fixed #7067 - InLine Date Edit bug - Call to a member function format() on boolean.
#7064 Fixed - Use the provided method to make sure the index exists.
#551 Fixed #551 - add functionality to save new labels for relationships.
#6942 Fixed - issue with tab panel and quick create form.
#5497 Fixed #5497 - Reports: Hide inaccessible modules in the reports editor.
#7082 Fixed - EmailTemplates: Fix undefined property error when creating a new template.
#7035 Fixed - Increase minimum recommended memory to 64Mb (for 7.10.x).
#3592 Fixed #3592 - Problems with quotations.
#675 Fixed #675 - Suitecrm 7.3.2 Calendar entries are not displayed.
#7012 Fixed - Codecov threshold.
#6844 Fixed #6844 - Reduce travis output - DotReporter.
#6185 Fixed #6185 - Top menu mouse out does not close sub.
#5662 Fixed #5662 - EmailTemplate: Fix images URLs not being converted with mozaik.
#7043 Fixed - Random unittest error in SugarControllerTest.
#7041 Fixed - Any Phone search on Contacts module added missing field phone_home on SearchFields.
#7032 Fixed #7032 - Add setLevelMapping method.
#7004 Fixed - PDF templates from setting no value when 0.00 is entered.
#7008 Fixed - Remove Robofile.php + Update composer.lock.
#7021 Fixed - link to testing documentation. [ci-skip].
#5706 Fixed #5706 - 7.10.4 - Checkboxes are missing in downloaded PDF from Reports.
#2531 Fixed #2531 - 7.10.4 - Report Writer - Boolean Field will not export to CSV
#6936 Fixed #6936 - Global link Employees always reset list query.
#5985 Fixed - unified search "no results" page.
#6815 Fixed - unittests: Fixes for PHP 7.3.
#7051 Fixed #7051 - Changed a limit of 2.147.483 seconds for autoRefresh.
#7054 Fixed #7054 - Email body blank when sent as plaintext only.
#7025 Fixed #7025 - Sent date for emails in History View Summary is incorrect.
#6860 Fixed - Reports: Hides inaccessible modules in the reports editor.
#5967 Fixed #5967 - AOR Reports - incorrect calculation for date quarter periods.

Users of ALL previous 7.11.x releases are advised to Upgrade to 7.11.3 as soon as possible.

Please visit the official website to find the appropriate upgrade.

To report any security issues please follow our Security Process and send them directly to us via email security@suitecrm.com

7.11.2

Released 19th Feb 2019

Assets

Release Notes

Enhancements

#6186 Feature/robo coding standards

Bug Fixes

#4361 Fixed #4361 Use Parameter $imageJSONEncode if returning sprites
#6832 Fixed #6832 - Project Coding Standards being ignored
#6867 Confirm opt-in fix
#6870 Fixed #6870 - Composer deprecation warning
#6796 Fixed #6796 duplicated code and broken braces introduced in a previous merge
#6886 Fix/php lint
#6894 Duplicate: Reports: Fix "One of" operator for multi select fields
#6904 Fixed #6904 - In Campaign view status page, row is out of box
#6916 Fixed #6916 - 7.11.1 Fatal: Object of class EmailAddress could not be converted to string
#6036 Fixed #6036 - Reports entering a date parameter with Period operator
#6298 Fixed #6298 - Pagination not working on list views
#6932 Fixed #6932 - 7.11.1: Newer version of PHPMailer is not compatible with Email:email2Send method
#6778 Fixed #6778 - Role Management - Header change doesn’t update entire colum
#2117 Fixed #2117 - Redundant More Button in SuiteP
#6865 Fixed #6865 - Move consolidation/robo to "require" in composer
#6865 Fixed #6419 - Reserved mssql keyword in query, crash business hours module
#6966 Fixed #6966 - Email to field wrong UFT-8 encoding
#6955 Fix missing quotes typo

Please visit the official website to find the appropriate upgrade.

To report any security issues please follow our Security Process and send them directly to us via email security@suitecrm.com

7.11.1

Released 31st Jan 2019

Assets

Release Notes

Bug Fixes

Emails

#6810 Resolved issue with email config within campaign wizard.
#6785 Resolved issue with system not sending attahcments.
#6767 Resolved Email view when using non default folders.
#6766 The SMTP Port saved as a string instead of int.
#6484 Inseting images from local disk rendered and saved within email templates.
#5961 Resolved saving attachments in the Email template editor.

Miscellaneous

#6787 Resolves critial issue when a new user being created the password wasn’t being saved.
#6786 No longer display "%20" instead of a space when in dropdown editor
#6468 Fixed possibility of NULL value breaking module builder templates
#6758 Removed duplication language strings.
#6140 Replaced league/url league/uri
#6516 Fillers now stay as saved in Gridlayout
#532 here is now an edit/remove in the projects subpanel
#6453 LDAP fix.
#6743 Add email account name to the inbox button '''

Developer

#6759 No longer deletes composer.lock on travis.
#6764 Travis Fix.

Please visit the official website to find the appropriate upgrade.

To report any security issues please follow our Security Process and send them directly to us via email security@suitecrm.com.

Release Stats

In total, we have merged 12 Pull Requests with 3 of these from Community contributions!

Please visit the official website to find the appropriate upgrade.

To report any security issues please follow our Security Process and send them directly to us via email security@suitecrm.com.

7.11.0

Released 14th Jan 2019

Assets

Release Notes

Enhancements

Google Calendar Synchronisation

Users can authenticate using their Google login and synchronise their Meetings between a Google calendar – these include updates, reminders, and invitees.

#6146 Synchronise SuiteCRM with Google Calendar

Elasticsearch

Elasticsearch is an open-source, broadly-distributable, readily-scalable, enterprise-grade RESTful search engine. It provides a highly flexible solution to centrally store and index your data that can be accessed extremely quickly via its API. By including Elasticsearch as a core search engine integration SuiteCRM can now provide users a faster and better scalable way to perform full text searches via Global Search on larger data volumes than before.

#6222 Global search with Elasticsearch integration
#1348 Added new 'Copy emails from WorkFlow Module' option to Workflow’s 'Create Record' action

This allows the user to copy a record’s email addresses using the workflow module actions to the newly created record if the option is checked.

#6533 Adding the ability to set subpanels to display as flat buttons via layoutdefs

$layout_defs['Leads']['subpanel_setup']['history']['flat'] = 1

#6493 Developers have the ability to extend the Favourites and Tracker functionality in SugarView
#3008 Developers have the ability to inject module vardefs or custom data into the DOM to utilise in complex JS functionality.

$data = $this->getVardefsData('Accounts');
$this->addDomJS($data, 'vardefs');

Bug Fixes

Emails

#6734 Resolved the bug where users were unable to navigate using the tab order
#6590 Insert images in Email Templates with tinyMCE
#4046 Fixed #4046 - 7.9.4 - imported emails are not auto related to related records when you reply to/reply to all/ forward them
#6402 Fixed #6402 - Resolved mass update of Users for Email Client.
#6351 Fixed #6351 - Now only sends one email when using activities subpanel as intended
#6485 Fixed #6485 - Resolves opt-in tick for external email clients
#6487 Fixed #6487 - Resolves the DB time shown for related email addresses in reports module
#6472 Fixed #6472 - Resolved wrong sized image for email templates in the campaign wizard
#5420 Date_sent filled correctly, Drafts will send and Layout fixed.
#4999 Fixed #4999 - Resolved sent emails now appear in the sent folder.
#6611 Fixed #6611 - Resolved Email Template now displays in List View correctly
#6713 Fix email related to when importing an email

Miscellaneous

#3763 Fixed #3763 - Resolved the bug that stopped users to navigate using tab order
#717 Fixed #717 - Corrects Field Indention on Detailview when by itself on panel
#707 Fixed #707 - Resolves the issue of users unable to clone a field in studio
#583 Fixed #583 - Adds the visual cue that a module is highlighted on main navigation
#3083 Fixed #3083 - Calendar pop up windows are incorrectly displayed under MENU bar index
#6004 Fixed #6004 - Fix round up for quotes/invoices where there is an increase in integral part
#6302 Fixed #6302 - installWizard styling
#6150 Fixed #6150 - This shows all the records of Parent Type in listview
#5477 Fixed #5477 - Resolves issue of Fillers Cause Spacing Issues on the DetailView when they are left of a Field
#6340 Fixed #6340 - Email Compose Dropdown now recognises specialised characters
#5948 Fixed #5948 - Resolved inline editing on the "content" field on the Campaign Module
#6647 Generate chart colours based on labels
#5783 Fixed #5783 - Resolved so that the geocoded table header is now visible
#2741 Fixed #2741 - Custom search field subquery now checks all values
#5771 Fixed #5771 - Resolves the Salutation variable missing in campaigns when used.
#6530 Fixed #6530 - unsubscribed users no longer showing up as subscribed
#6190 Fixed #6190 - You can now access Change Log from Document Detail View
#6549 Fixed #6549 - No longer a missing surveys_campaigns relationship
#6565 fixes google calender language formatting
#6579 Fixed #6579 - Resolved Calendar creating an extra meeting after Repeat End by
#6552 Fixed #6552 - Resolved AOR_Report exporting apostrophies to CSV.
#6599 Fixed #6511 - Resolved the Document Attachment Subpanel is now correct
#6594 Fixed #6594 - Resolved Calendar now updates visually when not using "Shared Calendar Separate"
#6629 Resolved link now gets deleted in documents
#6653 Resolved campaing wizard no longer shows the template editor in all steps
#6651 Fixed #6651 - Added LBL_CHECKMARK to SecurityGruop language
#4872 Fixed #4872 - Fixed so subpanel actions are no longer failing if refresh_page=1
#6738 Resolves the issue of when creating a row the delete collumn will now display correctly.
#6687 Minor grammar fixes to log entry
#532 Fixed #532 - Add the edit/remove button to Project Tasks subpanel

Developer

#6260 New Tests for Inbound Email functionality
#2400 Fixed #2400 - Language manifest is duplicated and overwritten on each install
#6464 Codecov exclude
#6548 code cleanup
#6585 php_zip_utils.php
#6586 Fixed #6586 - Fix an erroneously-commented return statement.
#6592 Updated contributing.md
#6568 Fixed #6568 - Change minimun and recommended PHP
#5508 Fixed #5508 - Upgrade phpMailer to 6.x
#6566 Update composer.json + composer.lock
#6603 Added/Refactor: Clean MySql Queries in SugarFolders
#5509 Fixed #5509 - [language] Now has the correct label for 'FOR_AMOUNT' in activity stream
#6637 Vardefs definition in dom
#6648 Fixed #6648 - We add a task in RoboFile.php for cleaning cache directory
#6678 Resolved blank screen on PasswordManager
#6698 Copyright revision
#6539 Cleanup, Refactoring and bugfix for Google Sync
#6303 Fixed #6303 - Administration / System Settings / ERROR in log: argument cache/themes/SuiteP/modules is not a file or a dir

Developer Note

Change in file location:

Library	Old Location	New Location
Recaptcha	include/reCaptcha/	vendor/google/recaptcha
TinyMCE	include/javascript/mozaik/vendor/tinymce	vendor/tinymce/tinymce/
PhpMailer	include/phpmailer/	vendor/phpmailer/phpmailer

Library

Old Location

New Location

Recaptcha

include/reCaptcha/

vendor/google/recaptcha

TinyMCE

include/javascript/mozaik/vendor/tinymce

vendor/tinymce/tinymce/

PhpMailer

include/phpmailer/

vendor/phpmailer/phpmailer

Release Stats

In total, we have merged a MASSIVE 69 PULL REQUESTS with 24 of these from Community contributions!

Special thanks to LEAP-nishit,jsamelko and the following members for their contributions and participation in this release (in order of most Pull Requests contributed).

Please visit the official website to find the appropriate upgrade.

To report any security issues please follow our Security Process and send them directly to us via email security@suitecrm.com.

7.11 RC 2

Release Notes

Enhancements

#1348 Added new 'Copy emails from WorkFlow Module' option to Workflow’s 'Cr…
#3008 Module vardefs definitions or custom data in the DOM
#6533 Fix/Individual Flat Subpanels
#6632 Set collapsed_subpanels preference
#6493 Definition of Favorites and Trackers Beans in Sugar View
#6590 Insert images links in Email Templates with tinyMCE
#6584 Adding inboundemail tests using FakeImapHandler
#6260 New testing email related functions

Bug Fixes

#6618 Push acceptance test output to new file host
#6585 Remove php_zip_utils error
#6454 Reverting back to PHPunit and only using codeception for API & acceptance tests
#6548 Elastic Search Code Clean Up
#6566 Update composer.json + composer.lock
#6588 Resolve merge conflict for Cases EditView - hide non new case fields
#6637 Vardefs definition in dom - Adding Tests
#6603 Added/Refactor: Clean MySql Queries in SugarFolders
#6592 Updated contributing.md
#6464 Codecov exclude - faster time hopefully.
#6368 Fix for issue #5477
#6609 Fixed #6594 - Calendar doesn’t update visually when NOT using "Shared Calendar Separate"
#2930 Fixed #707 - added conditional statement to check if action is not clone
#6304 Fixed #6303 - Administration / System Settings / ERROR in log: argument cache/themes/SuiteP/modules is not a file or a dir.
#6488 Fixed #6487 - opt-in: use the DB time for writing confirm_opt_in_*date
#2956 Fix #2219 - Description field not wrapping with SuiteP theme after in…
#6004 Fixed #6003 - round up for cases where there is an increase in integral part.
#6629 Fix issue where link is not deleted for documents
#6634 Fixed #5509 - [language] New label 'FOR_AMOUNT' in activity stream for opportunity
#6327 Fixed #6150 - SuiteCRM v7.10.7, bug Returns parent record data.
#6192 Fix #6190 - Change Log access from Document Detail View
#6378 Fixed #5948 - 7.8.18 Content Field on Campaign module can’t be edited…
#6600 Hotfix 4999 sent folder issue
#6612 Fixed #6611 - Email Template doesn’t display in List View correctly
#6460 Fixed #2741
#6302 Fixed installWizard styling - check writable module
#6411 Fixed #5783 - The table header with geocoded objects is not visible
#6530 Manage subscriptions: Fix unsubscribed users showing up as subscribed sometimes
#3846 partial fix for issue of logic for default value
#6597 Fixed: #6552 AOR Report Export CSV was giving incorrect data when using apostrophe (') into any field
#6550 FIX #6549 - Add missing surveys_campaigns relationship
#6497 Fixed #6472 - Fix wrong image sizes for email templates in the campaign wizard
#6599 Fixed #6511 - Document Attachment Subpanel link incorrect
#6466 Fixed #5771 - Salutation variable in campaigns displays item name instead of value 7.10.4
#4072 Fixed #4046 - 7.9.4 - imported emails are not auto related to related records when you reply to/reply to all/ forward them
#6474 Fixed #6351 - Triple email sending when i use activities subpanel in Contact Module
#6573 FIX #6568 - Change minimun and recommended PHP
#6565 Fixes google calender language formatting
#6571 FIX #6568 - Adjust SUITECRM_PHP_REC_VERSION to 7.1.0

Please visit the official website to find the pre-production appropriate upgrade.

Special thanks to LEAP-nishit, jsamelko and the following members for their contributions and participation in this release!

To report any security issues please follow our Security Process and send them directly to us via email security@suitecrm.com

Lastly a big thank you to the community for testing and confirming pull requests in our 17-18th December 2018 Pull Request Party. This release is the result of the hard work and effort everyone put into the project!