Sugar 14.2 (Q4 2024) Customization Guide

The purpose of this document is to provide insight to Sugar Developers for upgrading custom Sugar code, extensions, and integrations to the Sugar 14.2 (Q4 2024) release. This guide focuses on changes in Sugar 14.2 (Q4 2024) that could cause an immediate impact on Sugar customizations and integrations built for earlier Sugar versions.

Please check out the Q4 2024 Developer Webinar recording for more developer highlights. For Admin and End User release notes, please visit the Sugar 14.2.0 Release Notes.

User Experience Updates

UI Modernization

We are very excited to announce that we’ve implemented a comprehensive UI redesign to modernize and enhance the platform's appearance. We replaced the previous color palette with Tailwind CSS colors, which are not only more vibrant but also designed to be easier on the eyes, including in dark mode. This new palette improves accessibility and visual appeal, making the interface more engaging and inclusive.

Several specific improvements were made: we added a distinct border to flyout menus to prevent them from blending into the background, replaced the blue sidebar background with a white one to enhance icon visibility, and rounded the corners of input fields, dashboards, and dashlets for a more polished look. Additionally, the main pane now floats from the sidebar navigation, achieved through minor CSS and class tweaks that ensure a seamless experience for users. We retained the top-down drawers to maintain ample real estate for tasks such as taking calls in SugarLive and converting leads. 

We have compiled a throughout Technical Guide with everything you need to know about this change.

Sorting Columns Within "Drilling Through Report Charts"

In this release, we're introducing the sorting capability in the data table of the drill through experience.

For example, I’m analyzing data from Pipeline by Type by Team report. I see the likely sum of the opportunities for existing and new business, for one of the teams and decide to see what opps are in the “New business” section for West team. I click the respective chart element and visualize the list. 

SugarLive for Enterprise

In this release, we will include the SugarLive feature for Enterprise customers. Main feature available for SugarLive are: 

• Inbound routing and Contact lookup This integration provides browser-based contact control panel (CCP) within Sugar, where an agent will use for real-time communication with customers. When a customer dials in for support, the inbound call will be routed to an available agent. SugarLive matches the customer call against existing contact records and brings up the contact profile upon successful lookup. The agent can then quickly access relevant details (e.g., open cases, call history) about the customer. 
• Outbound Dialing This integration also enables agents to initiate outbound dialing calls to customers. For example, a seller can look up contacts that are overdue for follow-ups and click on the phone number directly to start a call with the customer. 
• Call Transcript and Recording  When a call is completed, a new entry will be created automatically under the Calls tab where an agent can expand to review conversation history. Each line of communication between agent and customer is recorded with a sentiment score. The agent will also have access to the original recording for cross-validation. 
• Embedded Chat in Sugar Portal Sugar Self-Service center offers an interface for end customers to log in and receive post-sale support. Here a customer can initiate a chat session for service through Sugar Self-Service center. 

Predict Scores for Leads and Opportunities

In this release, we added a "Win Prediction Score" field to Opportunities and a "Conversion Prediction Score" field to Leads in version 14.2. This update stores the complete set of scoring details, including Prediction Bin, Decimal Score, accuracy, multiplier, and features used, directly within CRM records. This allows the full scoring information to be displayed on the dashlet (the CRM dashboard widget) without needing additional backend requests, streamlining data access and enhancing the efficiency of score display.

Additional License Information in SugarCloud Insights

In this release, SugarCloud Insights will show a breakdown of the number of active users independent of license assigned and includes information about any legacy add-on licenses (Automate, Hint, Maps).

Measures: Customers will now be able to see more detailed license information for the CRM and quickly determine how many active users are in a multi-license environment.

Artificial Intelligence

Case and Opportunity Summary Improvements

Since its release in 14.1, various improvements have been made in the contents of the summary. Participants are more segmented, and Suggested Actions clearly defined for the Opportunity summary. Case summary contains the Sentiment (positive/neutral/negative), context and reasoning for it. Both Case and Opportunity summary are available in all languages supported in SugarCRM, and they are displayed in the language the user logged in with, regardless of the language records are in.

Sugar REST API updates

Find the email by email address

Find email object by email address.

GET <sugar instance>/rest/v11_25/Mail/findByEmail?email=<email address>

PHP Library Upgrades

Guzzle (guzzlehttp/guzzle)

Sugar utilizes a PHP library called Guzzle. Guzzle is a PHP HTTP client that makes it easy to send HTTP requests and trivial to integrate with web services. 

In this release, we are upgrading its version to ^7.8.1. 

There are breaking changes that may affect your customizations documented on Guzzle's official upgrade notes.

guzzlehttp/guzzle → ^v7.8.1

laminas/laminas-escaper → ^v2.13.0

monolog/monolog →  ^3.7.0

JS Library Upgrades

jashkenas/backbone →  ^1.6.0

@sugarcrm/sucrose-sugar →  0.9.0

sugarcrm/handlebars.js →  ^4.7.8

sugarcrm/ventana →  1.1.15

Configurability updates

Process emails in parallel to ungzip (default)

In this release, we are providing a new command as part of Sugar CLI to decompress those emails and make them readable:

  SugarCRM Console version <version>

Usage:
  command [options] [arguments]

Options:
  -h, --help            Display this help message
  -q, --quiet           Do not output any message
  -V, --version         Display this application version
      --ansi            Force ANSI output
      --no-ansi         Disable ANSI output
  -n, --no-interaction  Do not ask any interactive question
      --profile         Display timing and memory usage information
  -v|vv|vvv, --verbose  Increase the verbosity of messages: 1 for normal output, 2 for more verbose output and 3 for debug

Available commands:
  help             Displays help for a command
  list             Lists commands
 email
  email:process                Process emails in parallel
  email:process-batch          Process a single email batch

Platform Updates

Add rector scanner step into PackageScanner during MLP installation

We are enabling this feature, introduced in 14.1, by default in 14.2, as a reminder what it is, here's the announcement we did in the last quarter.

As part of our ongoing efforts to help our customers to install MLPs compatible with PHP 8.2+, we are introducing Rector (compatibility tool) checks to our installation process.

PackageScanner will execute a dry-run of rector looking for incompatibilities on the package being installed and will deny the install if incompatible, if denied, an option to download the Rector report will be available to download the diff file for further investigation.

Predict scores for Leads & Opportunities

In this release, we added two new JSON fields, one to Opportunities and one to Leads to store complex score attributes. These fields will only work with instances that have Predict enabled.

For Opportunities module:

• LBL_AI_OPP_WON_SCORE' => 'Win Prediction Score

For Leads module:

• LBL_AI_LEAD_CONV_SCORE' => 'Conversion Prediction Score 

New default collation of MySQL 8 "utf8mb4_0900_ai_ci"

We are updating the default collation for MySQL 8 to utf8mb4_0900_ai_ci in this release.

you can still override this config by updating sugar_config option dbconfigoption.collation, here's an example for German Collation.

$sugar_config['dbconfigoption']['collation'] = 'utf8mb4_de_pb_0900_ai_ci';

Email Data Compression Issue After Migrating from Sugar Cloud to On-Premise

The Email data compression feature introduced in Sugar 13.3 and detailed in the Sugar 14.0.0 release notes, automatically compresses archived email data for instances on Sugar Cloud. However, the decompression functionality, governed by the `Email::supportsGzip` method in `modules/Emails/Email.php`, fails to decompress email data for on-premise instances post-migration from Sugar Cloud. 

In this release, we are providing a new command as part of Sugar CLI to decompress those emails and make them readable in that particular scenario:

command: php bin/sugarcrm email:process

description: Process emails to ungzip (default) or gzip description and decription_html fields

Prune Old Record Lists scheduler improvements

In this release, we are updating the “Prune Old Record Lists” scheduler. This scheduler not only prunes records but also includes code to perform a table optimization. In order to ensure better performance, the optimize table component should only run if the number of affected rows is higher than a certain threshold, and the default frequency of the scheduler should be set to run once daily. We are updating that scheduler during upgrade.

Display plaintext version of an email in the recordview of the Emails module

In this release, we've enhanced the Emails module to display the plain-text version of an email in the record view. This improvement allows users to view the description field of multi-part replies, including those with both HTML and plain-text content.

Deleting and recreating a record removes the opt-out status of the email address

Sugar Core Security Updates

As part of our ongoing efforts to keep Sugar clean, fast, reliable, and most importantly secure, we have updated Sugar Core code in different areas of the application such as Package Scanner, Module Installer, UI rendering, API endpoints, File Uploads, BWC modules and CSP default domains. Not only those changes but we've cleaned up and improve our logging messages around deprecations.

An important update to the Module Loader was the introduction of a patching mechanism to ensure that unserialize() function utilized Sugar's Alternative and more secure version.

The contents of MLP are patched at the upload stage if MLP contains calls to the unserialize() function. All the calls to unserialize() will be replaced with the secure alternative \Sugarcrm\Sugarcrm\Security\MLP\Alternatives\unserialize().

//Given the original script
<?php
unserialize('a:1:{s:4:"test";s:4:"test";}', ['max_depth' => 42]);
unserialize($_GET['cmd']);
unserialize($_REQUEST['bar'], ['allowed_classes' => false]);
unserialize($_REQUEST['bar'], ['allowed_classes' => 'Foobar']);
?>

//It will be patched (replaced) with
<?php
\Sugarcrm\Sugarcrm\Security\MLP\Alternatives\unserialize('a:1:{s:4:"test";s:4:"test";}', ['max_depth' => 42]);
\Sugarcrm\Sugarcrm\Security\MLP\Alternatives\unserialize($_GET['cmd']);
\Sugarcrm\Sugarcrm\Security\MLP\Alternatives\unserialize($_REQUEST['bar'], ['allowed_classes' => false]);
\Sugarcrm\Sugarcrm\Security\MLP\Alternatives\unserialize($_REQUEST['bar'], ['allowed_classes' => 'Foobar']);
?>

The alternative function acts as a wrapper to unserialize() enforcing the usage of the second parameter with 'allowed_classes' option, by default it doesn't allow unserializing classes, the behavior is equal to calling \unserialize() with the "['allowed_classes' => false]" as a second param. You can allow specific classes in two ways:

1. Add the target classes to config_override.php
   $sugar_config['moduleInstaller']['unserialize']['allowed_classes'] = ['MyClass', 'MyOtherClass'];
2. Pass the second parameter to unserialize() explicitly
   unserialize($string, ['allowed_classes' => ['CustomClass']])

The second variant takes precedence, so in case you are explicitly passing a list of classes while you have a preconfigured list in config.php your preconfigured list will be completely ignored - lists will not be merged.

The following classes are not allowed in the allowed_classes config, which means they will be ignored if you pass them as a parameter or specify them in config.php:

• GuzzleHttp\Cookie\FileCookieJar
• GuzzleHttp\Psr7\FnStream
• GuzzleHttp\HandlerStack
• Doctrine\Common\Cache\Psr6\CacheAdapter
• Laminas\Http\Response\Stream
• Laminas\Cache\Storage\Adapter\Filesystem
• Laminas\Cache\Psr\CacheItemPool\CacheItem
• Monolog\Handler\GroupHandler
• Monolog\Handler\SyslogUdpHandler
• Monolog\Handler\BufferHandler
• Monolog\Handler\NativeMailerHandler
• Monolog\Handler\RollbarHandler
• Monolog\Handler\FingersCrossedHandler
• Smarty_Internal_Template
• Smarty_Internal_Templateparser
• Smarty_Internal_Configfileparser