SugarClub
SugarClub
  • User
  • Site
  • Search
  • User
  • Groups & Discussions
    Groups & Discussions
    • Product Forums
      Product-focused Q&A, discussions, best practices, fixes, and help
      Product Forums
      • Sugar Market
      • Sugar Sell & Enterprise
      • Sugar Serve
      • sales-i
    • User Groups
      Professional, Industry, Language
    • Get Involved
      Learn how to become a Raving Fan
    • Social Club
      Live, interactive, virtual meetups with other Sugar customers and Sugar’s Subject Matter experts!
    • Leadership Lounge
      Network with fellow organizational leaders, ask questions, and share insights
    • Developers
      Visit DevClub, the SugarClub group for Sugar Developers
      Developers
      • DevClub
      • Mobile Developers
      • Developer Builds
        Supplemental access level required. Inquiries: developers@sugarcrm.com
    • Additional Groups (Access Required)
      Groups that require special access will be displayed here. Contact sugarclub@sugarcrm.com for assistance. Click here to see all groups
      Additional Groups (Access Required)
      • SugarCloud Platform
  • Product Information
    Product Information
    • Release Central
      Find release-specific content to prepare for your next Sugar update
    • Documentation & Resources
      Looking to expand your Sugar knowledge? Explore our in-depth documentation and other helpful resources!
    • Product Update Blogs
      Updates about each Sugar product
    • Customer Stories »
      Case Studies by SugarCRM
  • Training & Certification
    Training & Certification
    • Training & Certification Home
      Live & On-Demand classes, Quick Videos, Sugar Certifications, and more!
    • Quick Videos
      Short videos about using Sugar
    • My SugarU Dashboard »
    • SugarU News & Updates
  • Adoption
    Adoption
    • Grow Adoption Framework
      Get started on your adoption journey and review the adoption resources from SugarCRM
  • Calendar
  • News
    News
    • Sugar News
    • SugarCRM.com News »
    • Dev Blog
    • SugarCRM Marketplace Blog
  • Help
    Help
    • Welcome to Sugar!
      New to Sugar? Get started here!
    • SugarClub Help & Instructions
      Learn more about SugarClub and find answers to questions about this site
    • New to SugarClub?
      Start your community journey here
    • Technical Support
      Sugar's support resources
      Technical Support
      • Case Portal »
        Access the SugarCRM Case Portal
      • Working with Sugar Support »
        Find out more about engaging with the SugarCRM Support team
      • SugarCloud Information
        Find information about SugarCloud service updates and site status. Contact sugarclub@sugarcrm.com to request access
  • More from Sugar
    More from Sugar
    • DevClub
    • PartnerClub
    • Support
    • SugarOutfitters Marketplace
    • sugarcrm.com
  • DevClub
  • PartnerClub
  • Support
  • Marketplace
  • sugarcrm.com
DevClub
DevClub
Dev Tutorials Sugar 14.2 (Q4 2024) Customization Guide
  • Dev Blog
  • Answers & Best Practices
  • Developer On-boarding
  • Dev Tutorials
  • Developer Events
  • Event Recaps
  • Members
  • Developer Suggestions
  • Sub-Groups
  • More
  • Cancel
  • New
Click here to join this group and curate your SugarClub experience.
  • +On-Boarding Framework
  • -Customization Guides
    • Sugar 25.1 Customization Guide
    • Sugar 14.2 (Q4 2024) Customization Guide
    • Sugar 14.1 (Q3 2024) Customization Guide
    • Sugar 14.0 (Q2 2024) Customization Guide
    • Sugar 13.3 (Q1 2024) Customization Guide
    • Sugar 13.2 (Q4 2023) Customization Guide
    • Sugar 13.1 (Q3 2023) Customization Guide
    • Sugar 13.0 (Q2 2023) Customization Guide
  • +Modern UI Technical Guide
  • +Automated PHP Compatibility Tool
  • Did you know? Copying related records is a breeze!
  • How to write code for SugarCloud webinar Q&A
  • HOW TO: enforce ACL on Tags
  • Programatically manage Dropdown List
  • Remove custom fields created via package installation
  • Sugar Developer Tools
  • Tutorial:  How to register custom platforms in Sugar instances via Platform extension
  • Adding a google reCAPTCHA in a Web-to-Lead form
  • Sugar Developer Blog Style Guide

Sugar 14.2 (Q4 2024) Customization Guide

The purpose of this document is to provide insight to Sugar Developers for upgrading custom Sugar code, extensions, and integrations to the Sugar 14.2 (Q4 2024) release. This guide focuses on changes in Sugar 14.2 (Q4 2024) that could cause an immediate impact on Sugar customizations and integrations built for earlier Sugar versions.

Please check out the Q4 2024 Developer Webinar recording for more developer highlights. For Admin and End User release notes, please visit the Sugar 14.2.0 Release Notes.

User Experience Updates

UI Modernization

We are very excited to announce that we’ve implemented a comprehensive UI redesign to modernize and enhance the platform's appearance. We replaced the previous color palette with Tailwind CSS colors, which are not only more vibrant but also designed to be easier on the eyes, including in dark mode. This new palette improves accessibility and visual appeal, making the interface more engaging and inclusive.

Several specific improvements were made: we added a distinct border to flyout menus to prevent them from blending into the background, replaced the blue sidebar background with a white one to enhance icon visibility, and rounded the corners of input fields, dashboards, and dashlets for a more polished look. Additionally, the main pane now floats from the sidebar navigation, achieved through minor CSS and class tweaks that ensure a seamless experience for users. We retained the top-down drawers to maintain ample real estate for tasks such as taking calls in SugarLive and converting leads. 

We have compiled a throughout Technical Guide with everything you need to know about this change.

Sorting Columns Within "Drilling Through Report Charts"

In this release, we're introducing the sorting capability in the data table of the drill through experience.

For example, I’m analyzing data from Pipeline by Type by Team report. I see the likely sum of the opportunities for existing and new business, for one of the teams and decide to see what opps are in the “New business” section for West team. I click the respective chart element and visualize the list. 

SugarLive for Enterprise

In this release, we will include the SugarLive feature for Enterprise customers. Main feature available for SugarLive are: 

  • Inbound routing and Contact lookup This integration provides browser-based contact control panel (CCP) within Sugar, where an agent will use for real-time communication with customers. When a customer dials in for support, the inbound call will be routed to an available agent. SugarLive matches the customer call against existing contact records and brings up the contact profile upon successful lookup. The agent can then quickly access relevant details (e.g., open cases, call history) about the customer. 
  • Outbound Dialing This integration also enables agents to initiate outbound dialing calls to customers. For example, a seller can look up contacts that are overdue for follow-ups and click on the phone number directly to start a call with the customer. 
  • Call Transcript and Recording  When a call is completed, a new entry will be created automatically under the Calls tab where an agent can expand to review conversation history. Each line of communication between agent and customer is recorded with a sentiment score. The agent will also have access to the original recording for cross-validation. 
  • Embedded Chat in Sugar Portal Sugar Self-Service center offers an interface for end customers to log in and receive post-sale support. Here a customer can initiate a chat session for service through Sugar Self-Service center. 

Predict Scores for Leads and Opportunities

In this release, we added a "Win Prediction Score" field to Opportunities and a "Conversion Prediction Score" field to Leads in version 14.2. This update stores the complete set of scoring details, including Prediction Bin, Decimal Score, accuracy, multiplier, and features used, directly within CRM records. This allows the full scoring information to be displayed on the dashlet (the CRM dashboard widget) without needing additional backend requests, streamlining data access and enhancing the efficiency of score display.

Additional License Information in SugarCloud Insights

In this release, SugarCloud Insights will show a breakdown of the number of active users independent of license assigned and includes information about any legacy add-on licenses (Automate, Hint, Maps).

Measures: Customers will now be able to see more detailed license information for the CRM and quickly determine how many active users are in a multi-license environment.

Artificial Intelligence

Case and Opportunity Summary Improvements

Since its release in 14.1, various improvements have been made in the contents of the summary. Participants are more segmented, and Suggested Actions clearly defined for the Opportunity summary. Case summary contains the Sentiment (positive/neutral/negative), context and reasoning for it. Both Case and Opportunity summary are available in all languages supported in SugarCRM, and they are displayed in the language the user logged in with, regardless of the language records are in.

Sugar REST API updates

Find the email by email address

Find email object by email address.

GET <sugar instance>/rest/v11_25/Mail/findByEmail?email=<email address>

PHP Library Upgrades

Guzzle (guzzlehttp/guzzle)

Sugar utilizes a PHP library called Guzzle. Guzzle is a PHP HTTP client that makes it easy to send HTTP requests and trivial to integrate with web services. 

In this release, we are upgrading its version to ^7.8.1. 

There are breaking changes that may affect your customizations documented on Guzzle's official upgrade notes.

guzzlehttp/guzzle → ^v7.8.1

Laminas Components (laminas/laminas-escaper)

Sugar utilizes a PHP library called Laminas Escaper. Laminas Escaper Securely and safely escape HTML, HTML attributes, JavaScript, CSS, and URLs 

There are no known breaking changes in this upgrade.

laminas/laminas-escaper → ^v2.13.0

Monolog (monolog/monolog)

Sugar utilizes a PHP library called Monolog Monolog sends your logs to files, sockets, inboxes, databases, and various web services. In this release, we are upgrading its version to 2.8. 

There are breaking changes that may affect your customizations documented on Monolog's official upgrade notes.

monolog/monolog →  ^3.7.0

JS Library Upgrades

Backbone.JS (backbone)

Sugar utilizes a JS library called Backbone.js Backbone.js gives structure to web applications by providing models with key-value binding and custom events, collections with a rich API of enumerable functions, views with declarative event handling, and connects it all to your existing API over a RESTful JSON interface. 

jashkenas/backbone →  ^1.6.0

Sugar Sucrose (@sugarcrm/sucrose-sugar)

Sugar utilizes its own JS library called Sucrose. Sucrose is SugarCRM's Chart Library: based on D3 and derived from NVD3. 

@sugarcrm/sucrose-sugar →  0.9.0

Handlebars (sugarcrm/handlebars.js)

Sugar utilizes a fork version of JS library called Handlebars.js. Handlebars provides the power necessary to let you build semantic templates effectively with no frustration. 

sugarcrm/handlebars.js →  ^4.7.8

Upgrade Yahoo! UI Library 3

In this release, we are upgrading some transient libs required by yui3 as part of its latest pull.

There are no known breaking changes in this upgrade, they are mostly bug fixes in this release.

Ventana (sugarcrm/ventana)

Ventana is a client to help connecting and making requests to a SugarCRM REST API on multiple versions. Currently this library provides a JavaScript connector.

sugarcrm/ventana →  1.1.15

Configurability updates

Process emails in parallel to ungzip (default)

In this release, we are providing a new command as part of Sugar CLI to decompress those emails and make them readable:

  SugarCRM Console version <version>

Usage:
  command [options] [arguments]

Options:
  -h, --help            Display this help message
  -q, --quiet           Do not output any message
  -V, --version         Display this application version
      --ansi            Force ANSI output
      --no-ansi         Disable ANSI output
  -n, --no-interaction  Do not ask any interactive question
      --profile         Display timing and memory usage information
  -v|vv|vvv, --verbose  Increase the verbosity of messages: 1 for normal output, 2 for more verbose output and 3 for debug

Available commands:
  help             Displays help for a command
  list             Lists commands
 email
  email:process                Process emails in parallel
  email:process-batch          Process a single email batch

Platform Updates

Add rector scanner step into PackageScanner during MLP installation

We are enabling this feature, introduced in 14.1, by default in 14.2, as a reminder what it is, here's the announcement we did in the last quarter.

As part of our ongoing efforts to help our customers to install MLPs compatible with PHP 8.2+, we are introducing Rector (compatibility tool) checks to our installation process.

PackageScanner will execute a dry-run of rector looking for incompatibilities on the package being installed and will deny the install if incompatible, if denied, an option to download the Rector report will be available to download the diff file for further investigation.

Predict scores for Leads & Opportunities

In this release, we added two new JSON fields, one to Opportunities and one to Leads to store complex score attributes. These fields will only work with instances that have Predict enabled.

For Opportunities module:

  • LBL_AI_OPP_WON_SCORE' => 'Win Prediction Score

For Leads module:

  • LBL_AI_LEAD_CONV_SCORE' => 'Conversion Prediction Score 

New default collation of MySQL 8 "utf8mb4_0900_ai_ci"

We are updating the default collation for MySQL 8 to utf8mb4_0900_ai_ci in this release.

you can still override this config by updating sugar_config option dbconfigoption.collation, here's an example for German Collation.

$sugar_config['dbconfigoption']['collation'] = 'utf8mb4_de_pb_0900_ai_ci';

Email Data Compression Issue After Migrating from Sugar Cloud to On-Premise

The Email data compression feature introduced in Sugar 13.3 and detailed in the Sugar 14.0.0 release notes, automatically compresses archived email data for instances on Sugar Cloud. However, the decompression functionality, governed by the `Email::supportsGzip` method in `modules/Emails/Email.php`, fails to decompress email data for on-premise instances post-migration from Sugar Cloud. 

In this release, we are providing a new command as part of Sugar CLI to decompress those emails and make them readable in that particular scenario:

command: php bin/sugarcrm email:process

description: Process emails to ungzip (default) or gzip description and decription_html fields

Prune Old Record Lists scheduler improvements

In this release, we are updating the “Prune Old Record Lists” scheduler. This scheduler not only prunes records but also includes code to perform a table optimization. In order to ensure better performance, the optimize table component should only run if the number of affected rows is higher than a certain threshold, and the default frequency of the scheduler should be set to run once daily. We are updating that scheduler during upgrade.

Display plaintext version of an email in the recordview of the Emails module

In this release, we've enhanced the Emails module to display the plain-text version of an email in the record view. This improvement allows users to view the description field of multi-part replies, including those with both HTML and plain-text content.

Deleting and recreating a record removes the opt-out status of the email address

We’ve addressed an issue in this release regarding contact and email removal. Previously, when a contact was deleted, its associated email address, if marked as opted-out, remained in the database. As a result, the email address row remained undeleted with the opt-out flag set to 1. When a new contact is created with the same email address, the opt-out flag was incorrectly reset to 0. This release fixes the issue so that Sugar now correctly respects the opt-out flag when reusing email addresses.

Make Sugar_Smarty alternative autoloadable in patches

In this release, we are updating the Sugar_Smarty class by relocating it to better align with naming conventions for secure alternatives and to ensure it is autoloaded properly after patches. The class has been moved from sugarcrm/include/SugarSmarty/SecureSmarty.php to sugarcrm/src/Security/MLP/Alternatives/Sugar_Smarty.php. This change eliminates the need to manually dump the composer autoloader.

Sugar Core Security Updates

As part of our ongoing efforts to keep Sugar clean, fast, reliable, and most importantly secure, we have updated Sugar Core code in different areas of the application such as Package Scanner, Module Installer, UI rendering, API endpoints, File Uploads, BWC modules and CSP default domains. Not only those changes but we've cleaned up and improve our logging messages around deprecations.

An important update to the Module Loader was the introduction of a patching mechanism to ensure that unserialize() function utilized Sugar's Alternative and more secure version.

The contents of MLP are patched at the upload stage if MLP contains calls to the unserialize() function. All the calls to unserialize() will be replaced with the secure alternative \Sugarcrm\Sugarcrm\Security\MLP\Alternatives\unserialize().

//Given the original script
<?php
unserialize('a:1:{s:4:"test";s:4:"test";}', ['max_depth' => 42]);
unserialize($_GET['cmd']);
unserialize($_REQUEST['bar'], ['allowed_classes' => false]);
unserialize($_REQUEST['bar'], ['allowed_classes' => 'Foobar']);
?>

//It will be patched (replaced) with
<?php
\Sugarcrm\Sugarcrm\Security\MLP\Alternatives\unserialize('a:1:{s:4:"test";s:4:"test";}', ['max_depth' => 42]);
\Sugarcrm\Sugarcrm\Security\MLP\Alternatives\unserialize($_GET['cmd']);
\Sugarcrm\Sugarcrm\Security\MLP\Alternatives\unserialize($_REQUEST['bar'], ['allowed_classes' => false]);
\Sugarcrm\Sugarcrm\Security\MLP\Alternatives\unserialize($_REQUEST['bar'], ['allowed_classes' => 'Foobar']);
?>

The alternative function acts as a wrapper to unserialize() enforcing the usage of the second parameter with 'allowed_classes' option, by default it doesn't allow unserializing classes, the behavior is equal to calling \unserialize() with the "['allowed_classes' => false]" as a second param. You can allow specific classes in two ways:

  1. Add the target classes to config_override.php
    $sugar_config['moduleInstaller']['unserialize']['allowed_classes'] = ['MyClass', 'MyOtherClass'];
  2. Pass the second parameter to unserialize() explicitly
    unserialize($string, ['allowed_classes' => ['CustomClass']])

The second variant takes precedence, so in case you are explicitly passing a list of classes while you have a preconfigured list in config.php your preconfigured list will be completely ignored - lists will not be merged.

The following classes are not allowed in the allowed_classes config, which means they will be ignored if you pass them as a parameter or specify them in config.php:

  • GuzzleHttp\Cookie\FileCookieJar
  • GuzzleHttp\Psr7\FnStream
  • GuzzleHttp\HandlerStack
  • Doctrine\Common\Cache\Psr6\CacheAdapter
  • Laminas\Http\Response\Stream
  • Laminas\Cache\Storage\Adapter\Filesystem
  • Laminas\Cache\Psr\CacheItemPool\CacheItem
  • Monolog\Handler\GroupHandler
  • Monolog\Handler\SyslogUdpHandler
  • Monolog\Handler\BufferHandler
  • Monolog\Handler\NativeMailerHandler
  • Monolog\Handler\RollbarHandler
  • Monolog\Handler\FingersCrossedHandler
  • Smarty_Internal_Template
  • Smarty_Internal_Templateparser
  • Smarty_Internal_Configfileparser

Denylist Updates

In this release, we are adding the following classes to the PackageScanner's denylist:
  • Symfony\Component\Filesystem\Filesystem
  • Sugar 14.2
  • Sugar Q4 2024
  • Share
  • History
  • More
  • Cancel
  • Sign in to reply
Related
Recommended