The purpose of this document is to provide insight to Sugar Developers for upgrading custom Sugar code, extensions, and integrations to the Sugar 12.1 (Q3 2022) release. This guide focuses on changes in Sugar 12.1 (Q3 2022) that could cause an immediate impact on Sugar customizations and integrations built for earlier Sugar versions.

Please check out the Q3 2022 Developer Webinar recording for more developer highlights. For Admin and End User release notes, please visit the Sugar 12.1.0 Release Notes.

User Experience Updates

Reports Viewer Facelift

This release brings a long waited facelift in Sugar's Report Viewer. This is our first step on moving away from BWC to a much more modern UI built with Sidecar by using commonly available components.

We created a new collapsable/minimizeable layout that contains:

• Datatable for Rows and columns
• Datatable for "Summation" with and without details
• Datatable for Matrix reports
• Filter Container View
• Runtime filtering
• Report Chart Container

In order to improve speed, quality and compatibility, a few updates were added to the SugarWidgetFields. All the changes are the backward compatible. We've also replaced all links that were previously pointing to BWC Report record to a sidecar route. 

Forecast Worksheet Improvements

This release brings our continued efforts improving our Forecast Worksheet. It contains lots of UX and usability enhancements as well as new features as described below:

• Opps LV filtering: ilters created and saved in regular Opps List View show up in the Forecast module Opps List View and vice versa
• Opp Review Tab- Show current Opps not old RLIs: The Forecasting worksheet now displays Opportunities instead of RLIs for both, managers and sellers.
• Moved "Settings" to Forecast Megamenu
• Removed Worksheet Columns from Forecast Settings in Studio
• Forecast Worksheet is sticky: person/team picker, time picker, each of the tabs (Opps vs Commitment), Opp review filter, and metric boxes.
• Quick filter boxes will display a loader until all data has been fetched
• Separating Opps from Commitments:Opportunities and Commitments into two tabs called "Opportunity Review" and "Commitment"
• Implement frontend forecast metrics boxes: We added 7 metric boxes: Forecast, Included Pipeline, Upside Pipeline, Excluded Pipeline, Won, Lost, and All.
• Display Commitment and Quota at the top of the Forecasting Worksheet
• Predicted Period-end Revenue (For Sell Premier only)

Update how datapoint values are loaded for seller worksheets

1. The seller worksheet (ForecastWorksheets list layout) is no longer a component of the commitment tab

2. Each datapoint in the Commitment tab (Likely/Best/Worst) should have its Opportunity Forecast value loaded as:

   1. The sum of the Opportunities Forecasted Likely , Best, or Worst field where:

      1. Opportunities Forecast Stage is classified as Include

      2. Opportunities Expected Close Date is within the current Forecast time period being viewed

      3. Opportunities Assigned User is the current Forecast user being viewed

3. If Revenue Line Items are enabled, each datapoint in the Commitment tab (Likely/Best/Worst) should have its Revenue Line Item Forecast value loaded as:

   1. The sum of the Revenue Line Items Likely, Best, or Worst field where:

      1. Revenue Line Items Forecast Stage is classified as Include

      2. Revenue Line Items Expected Close Date is within the current Forecast time period being viewed

      3. Revenue Line Items Assigned User is the current Forecast user being viewed

4. The Commitment value of the datapoint should be loaded in the following way:

   • If there is a previous commitment, initialize Commitment to the previously committed value for the datapoint

   • If there is no previous commitment, initialize Commitment to the result for Opportunity Forecast

[UI] Replace 'Hint' with 'Sugar Hint' throughout the UI

We have also replaced all mentions of "Hint" throughout the entire Sugar application with "Sugar Hint". Previous "Hint" logos will also be replaced by the new string "Sugar Hint".

Improve view panel for long emails in sidecar interface

The emails Record View dashlet will now show the entire email content instead of truncating it and users having to manually expand the dashlet to view long emails.

Prior to 12.1, when viewing a long Email Record from a Focus drawer, users had to either resize the Record View dashlet or scroll in order to see the entire content.  We have expanded the Record View dashlet so users are able to see the entire email as seen below. 

Advanced Forecasting in Dark Mode (For Sell Premier only)

Sell Premier users will now be able to see their “Discover” Dashlets in Dark Mode. .

Sugar REST API updates

This Sugar release introduces REST v11_17.

Supported Platforms Update

DocMerge Deployed on Supported Regions

DocMerge services have been deployed on EU, APAC and CAC regions for better performance and compliance.

Configurability updates

Sugar Config Settings

Setting Name	Default	Override Example	Description
email_recipient_chunk_size	10	$sugar_config['email_recipient_chunk_size'] = 10	Defines maximum number of addresses in email's To: field.
uninstallOnError	true	$sugar_config['uninstallOnError'] = false	​Disable MLP uninstall when an error happens.
cache.disable_gz	false	$sugar_config['cache']['disable_gz'] = true;	This will modify Sugar's caching behavior to disable compression of the cached data.
cache.gz_level	9	$sugar_config['cache']['gz_level'] = 2;	Defines the SugarCache compression level, which is not applicable without cache.multi_tenant.
moduleInstaller.enableEnhancedModuleChecks	false	$sugar_config['moduleInstaller']['enableEnhancedModuleChecks'] = false	Defines whether the curl_*, socket_*, and stream_* functions should be allowed in MLPs.
security.private_ips	[ '10.0.0.0|10.255.255.255', '172.16.0.0|172.31.255.255', '192.168.0.0|192.168.255.255', '169.254.0.0|169.254.255.255', '127.0.0.0|127.255.255.255', ]	$sugar_config['security']['private_ips'] = [ '127.0.0.0|127.255.255.255', '8.8.8.0|8.8.8.8', ];	Defines a range of IPs considered to be private. Such IPs and corresponding domains are not reachable via ExternalResourceClient

Removed Features

Removed Roles module from Sugar

We have removed Roles module from Sugar in this release. As per our research this is an old module and is no longer in use.

Removed Assignment notification email template

Before 10.1 users were able to use different templates for each module after changes from 10.1 went into effect, all modules started using a one-size-fits-all template, which made it hard to pull relevant information for each module. This works for most modules, but not for the Assignment template. In this ticket, we are undoing the work done in 10.1 for the Assignment template only. Users are going to be able to pull relevant info from Assignment template now.

Removed Inline Edit in reports

We have removed inline edit in reports that has been deprecated in previous releases.

Data Changes

Add new "Lost" calculated field to Opportunities

Created a "Lost" read-only calculated field in Opps only (not RLIs) that adds the Likely amount of RLIs that have a Sales Stage = Closed Lost. Users will be able to filter and report on the new field. Field will be available on instances using Opps+ RLIs only.

Lost field was added by default in different sugar layouts. Worst and Best will no longer be displayed be default.

Platform Updates

Introduce safe replacement for curl in MLPs

As part of our ongoing efforts to improve the reliability and security of Sugar, we are introducing a replacement for CURL in MLPs. Sugar now provides a safe way to communicate to external APIs, it should prevent SSRF (Server-side request forgery) attacks on local endpoints and be not vulnerable to DNS rebinding attacks.

This new client has been design to be as secure and simple to use as possible, see below:

<?php
require vendor/autoload.php;
use Sugarcrm\Sugarcrm\Security\HttpClient\ExternalResourceClient;

// Set timeout to 3 seconds and 4 max redirects
$client = new ExternalResourceClient(3, 4);

// Send GET request
echo $client->get('https://httpbin.org/get');

// Send POST
echo $client->post('https://httpbin.org/post', http_build_query(['foo' => 'bar']));

When creating a new instance of this client you can specify the timeout as well as the max redirects it show follow.

It's highly recommended to use HTTPS for all requests when using this client, however, HTTP (non-secure) will be allowed, even though is not recommended.

This client does not support requests to IP addresses. It only supports URL domains/hostnames.

To prevent SSRF in local networks, it reads IP ranges from the Sugar Config ($sugar_config['security']['private_ips’]).

If you have proxy enabled, this client recognizes it and will use it before making the call.

It is important to notice that all CURL/Stream/Socket functions have been added to the "Blocked/Restricted" list and will prevent upgrades and/or installs of MLPs (Module Loadable Package) in future releases (see deprecation section).

// curl
'curl_copy_handle',
'curl_exec',
'curl_file_create',
'curl_init',
'curl_multi_add_handle',
'curl_multi_exec',
'curl_multi_getcontent',
'curl_multi_info_read',
'curl_multi_init',
'curl_multi_remove_handle',
'curl_multi_select',
'curl_multi_setopt',
'curl_setopt_array',
'curl_setopt',
'curl_share_init',
'curl_share_setopt',
'curl_share_strerror',

//sockets
'socket_accept',
'socket_addrinfo_bind',
'socket_addrinfo_connect',
'socket_addrinfo_explain',
'socket_addrinfo_lookup',
'socket_bind',
'socket_clear_error',
'socket_close',
'socket_cmsg_space',
'socket_connect',
'socket_create_listen',
'socket_create_pair',
'socket_create',
'socket_export_stream',
'socket_get_option',
'socket_getopt',
'socket_getpeername',
'socket_getsockname',
'socket_import_stream',
'socket_last_error',
'socket_listen',
'socket_read',
'socket_recv',
'socket_recvfrom',
'socket_recvmsg',
'socket_select',
'socket_send',
'socket_sendmsg',
'socket_sendto',
'socket_set_block',
'socket_set_nonblock',
'socket_set_option',
'socket_setopt',
'socket_shutdown',
'socket_write',
'fsockopen',

// streams
'stream_bucket_append',
'stream_bucket_make_writeable',
'stream_bucket_new',
'stream_bucket_prepend',
'stream_context_create',
'stream_context_get_default',
'stream_context_get_options',
'stream_context_get_params',
'stream_context_set_default',
'stream_context_set_option',
'stream_context_set_params',
'stream_copy_to_stream',
'stream_filter_append',
'stream_filter_prepend',
'stream_filter_register',
'stream_filter_remove',
'stream_get_contents',
'stream_get_filters',
'stream_get_line',
'stream_get_meta_data',
'stream_get_transports',
'stream_get_wrappers',
'stream_is_local',
'stream_isatty',
'stream_notification_callback',
'stream_register_wrapper',
'stream_resolve_include_path',
'stream_select',
'stream_set_blocking',
'stream_set_chunk_size',
'stream_set_read_buffer',
'stream_set_timeout',
'stream_set_write_buffer',
'stream_socket_accept',
'stream_socket_client',
'stream_socket_enable_crypto',
'stream_socket_get_name',
'stream_socket_pair',
'stream_socket_recvfrom',
'stream_socket_sendto',
'stream_socket_server',
'stream_socket_shutdown',
'stream_supports_lock',
'stream_wrapper_register',
'stream_wrapper_restore',
'stream_wrapper_unregister',

Any MLP/Customization that contains any of the blocked/restricted functions will continue to work unless it requires updates.

New installs, updates or upgrades that go through Package Scanner will be enforced.

Improved SugarIcons

We have added few more icons  based on feedback we received from previous versions. New Icons are:

1. Sign-in

2. Social Media: Linkedin, Twitter, Facebook, Instagram, Snapchat, TickTock

3. Travel

4. Legal

5. Laptop

Cloud Drive now supports Dropbox

We have created an external API and a dropbox client for handling requests to dropbox. The standard functionalities found on the other drive integrations were added as well and the sync options for dropbox were added on the subpanel.

With the DropBox integration users are allowed to work directly with the files stored in their space:  

• Navigate through the file directory and easily find data related to their customers.  
• Avoid manual uploading of the files necessary in Sugar.  
• Upload files to the DropBox directly from the Dashlet. 
• Share files among other Sugar users. 
• Visualize Shared files from other users DropBox.  
   

Web Logic Hooks no longer providing standard logic hook event arguments

We have fixed the after_save event in the WebLogic Hook that wasn't providing all of it's arguments, so now you can expect: isUpdate, dataChanges, stateChanges.

Same is true for the after_relationship_add and after_relationship_delete that are now returning: id, related_id, name, related_name, module, related_module, link, relationship

Add sugar_config option to disable automatic rollback of MLP

If a Sugar developer is trying to debug a failure within a MLP then they may try to install it on a local development instance. If the install triggers an error as expected then Sugar will now promptly uninstall the package which complicates the debugging effort, as well as if a developer is working on a local dev instance and makes a customization that causes a 500 error then it's possible that a recently installed MLP unrelated to the actual error will be uninstalled.

For that reason, we've added the following sugar_config [uninstallOnError] to disable rollback to make the Sugar developer life easier for debug (use with caution, it's a development utility only)

Compose Email for multiple recipients

If you try to send an email to multiple recipients that exceeds the "to" emailer capacity/limitation you'd receive an internal server error. We've implemented a new setting [email_recipient_chunk_size] that defines the maxium number of addresses in the email's "To" field.

If an email is to be sent to more than email_recipient_chunk_size addresses, the list will be split and multiple identical emails will be sent, each one with at most email_recipient_chunk_size recipients in the To: field.

Redis is sometimes slowed down and even causes a failover under the high load

We've improved performance on Redis cache server that was caused by very high traffic from Redis to PHP (outgoing traffic from the Redis perspective).

As Sugar Admin I would like to have the ability to enable compression for Redis data to decrease the traffic. It should be enabled by default, and it should be able to disable it with a config option.

We've added the config cache.disable_gz (true or false) and cache.gz_level (0, 1, 2, 3, 4, 5, 6, 7, 8, 9) (see description in the config section).

Impossible to authorize the default outgoing email account per user when "Allow users to use this account for outgoing email" is disabled

When the admin has configured the system email account to use OAuth2 by unchecking the “Allow users to use this account for outgoing email” checkbox, we'll replace the existing username/password input in the user profile and email settings with an Authorize button and the authorized email account will be displayed under Email Provider upon authorization validation.

Enable Modules by Default in Sugar Mobile

In this release we are enabling modules like Document Templates, Documents, Escalations, Messages, and Purchases to be available by default in Sugar Mobile so users no longer have to go to studio to enable them.

Create new "External Users" object

As we are creating a new platform for Kiosk, we are also designing the user management for Kiosk users separately in the Kiosk platform and there is a need to link the users in Kiosk with different components/objects in CRM e.g. Contact, Lead, Cases etc. In order to achieve this we need to create a new external users object in CRM so that this CRM external user can be mapped to an external user in an external system like Kiosk. This external user in CRM can then be related to any of the objects in CRM.

CRM Endpoint for SugarLive for Kiosk

In this release we have created an endpoint for SugarLive so that Amazon Connect chat can be integrated with Kiosk. We need an endpoint that exposes all of the configs associated with SugarLive and the Portal Chat. We need to be able to connect to the Amazon Connect instance from Kiosk and we need all the configurations for the customers chat window for Kiosk.

Update Forecasting calculations when the refresh button is clicked

The refresh button in the Opps review tab updates changes made to the metric boxes, and Commitment and Quota in the Commitment tab. When inline editing, this one refreshes the metric boxes calculations but not the list view.

Rest Service failures to be logged as fatal

In this release we've updated the RestService (./include/api/RestService.php) that handles exceptions, specifically for the handleException function, we output exceptions to sugarcrm.log at error level. Failures at API level will now be logged at the fatal level to enable troubleshooting and capturing failures.

$GLOBALS['log']->fatal('An exception happened: ( '.$httpError.': '.$errorLabel.')'.$message);

Deprecated functions