The purpose of this document is to provide insight to Sugar Developers for upgrading custom Sugar code, extensions, and integrations to the Sugar 14.2 (Q4 2024) release. This guide focuses on changes in Sugar 14.2 (Q4 2024) that could cause an immediate impact on Sugar customizations and integrations built for earlier Sugar versions.
Please check out the Q3 2024 Developer Webinar recording for more developer highlights. For Admin and End User release notes, please visit the Sugar 14.2.0 Release Notes.
User Experience Updates
UI Modernization
We are very excited to announce that we’ve implemented a comprehensive UI redesign to modernize and enhance the platform's appearance. We replaced the previous color palette with Tailwind CSS colors, which are not only more vibrant but also designed to be easier on the eyes, including in dark mode. This new palette improves accessibility and visual appeal, making the interface more engaging and inclusive.
Several specific improvements were made: we added a distinct border to flyout menus to prevent them from blending into the background, replaced the blue sidebar background with a white one to enhance icon visibility, and rounded the corners of input fields, dashboards, and dashlets for a more polished look. Additionally, the main pane now floats from the sidebar navigation, achieved through minor CSS and class tweaks that ensure a seamless experience for users. We retained the top-down drawers to maintain ample real estate for tasks such as taking calls in SugarLive and converting leads.
We have compiled a throughout Technical Guide with everything you need to know about this change.
Sorting Columns Within "Drilling Through Report Charts"
In this release, we're introducing the sorting capability in the data table of the drill through experience.
For example, I’m analyzing data from Pipeline by Type by Team report. I see the likely sum of the opportunities for existing and new business, for one of the teams and decide to see what opps are in the “New business” section for West team. I click the respective chart element and visualize the list.
SugarLive for Enterprise
In this release, we will include the SugarLive feature for Enterprise customers. Main feature available for SugarLive are:
- Inbound routing and Contact lookup This integration provides browser-based contact control panel (CCP) within Sugar, where an agent will use for real-time communication with customers. When a customer dials in for support, the inbound call will be routed to an available agent. SugarLive matches the customer call against existing contact records and brings up the contact profile upon successful lookup. The agent can then quickly access relevant details (e.g., open cases, call history) about the customer.
- Outbound Dialing This integration also enables agents to initiate outbound dialing calls to customers. For example, a seller can look up contacts that are overdue for follow-ups and click on the phone number directly to start a call with the customer.
- Call Transcript and Recording When a call is completed, a new entry will be created automatically under the Calls tab where an agent can expand to review conversation history. Each line of communication between agent and customer is recorded with a sentiment score. The agent will also have access to the original recording for cross-validation.
- Embedded Chat in Sugar Portal Sugar Self-Service center offers an interface for end customers to log in and receive post-sale support. Here a customer can initiate a chat session for service through Sugar Self-Service center.
Predict Scores for Leads and Opportunities
In this release, we added a "Win Prediction Score" field to Opportunities and a "Conversion Prediction Score" field to Leads in version 14.2. This update stores the complete set of scoring details, including Prediction Bin, Decimal Score, accuracy, multiplier, and features used, directly within CRM records. This allows the full scoring information to be displayed on the dashlet (the CRM dashboard widget) without needing additional backend requests, streamlining data access and enhancing the efficiency of score display.
Additional License Information in SugarCloud Insights
In this release, SugarCloud Insights will show a breakdown of the number of active users independent of license assigned and includes information about any legacy add-on licenses (Automate, Hint, Maps).
Measures: Customers will now be able to see more detailed license information for the CRM and quickly determine how many active users are in a multi-license environment.
Artificial Intelligence
Case and Opportunity Summary Improvements
Since its release in 14.1, various improvements have been made in the contents of the summary. Participants are more segmented, and Suggested Actions clearly defined for the Opportunity summary. Case summary contains the Sentiment (positive/neutral/negative), context and reasoning for it. Both Case and Opportunity summary are available in all languages supported in SugarCRM, and they are displayed in the language the user logged in with, regardless of the language records are in.
Sugar REST API updates
Find the email by email address
Find email object by email address.
GET <sugar instance>/rest/v11_25/Mail/findByEmail?email=<email address>
PHP Library Upgrades
Guzzle (guzzlehttp/guzzle)
Sugar utilizes a PHP library called Guzzle. Guzzle is a PHP HTTP client that makes it easy to send HTTP requests and trivial to integrate with web services.
In this release, we are upgrading its version to ^7.8.1.
There are breaking changes that may affect your customizations documented on Guzzle's official upgrade notes.
guzzlehttp/guzzle → ^v7.8.1
Laminas Components (laminas/laminas-escaper)
Sugar utilizes a PHP library called Laminas Escaper. Laminas Escaper Securely and safely escape HTML, HTML attributes, JavaScript, CSS, and URLs
There are no known breaking changes in this upgrade.
laminas/laminas-escaper → ^v2.13.0
Monolog (monolog/monolog)
Sugar utilizes a PHP library called Monolog Monolog sends your logs to files, sockets, inboxes, databases, and various web services. In this release, we are upgrading its version to 2.8.
There are breaking changes that may affect your customizations documented on Monolog's official upgrade notes.
monolog/monolog → ^3.7.0
JS Library Upgrades
Backbone.JS (backbone)
Sugar utilizes a JS library called Backbone.js Backbone.js gives structure to web applications by providing models with key-value binding and custom events, collections with a rich API of enumerable functions, views with declarative event handling, and connects it all to your existing API over a RESTful JSON interface.
jashkenas/backbone → ^1.6.0
Sugar Sucrose (@sugarcrm/sucrose-sugar)
Sugar utilizes its own JS library called Sucrose. Sucrose is SugarCRM's Chart Library: based on D3 and derived from NVD3.
@sugarcrm/sucrose-sugar → 0.9.0
Handlebars (sugarcrm/handlebars.js)
Sugar utilizes a fork version of JS library called Handlebars.js. Handlebars provides the power necessary to let you build semantic templates effectively with no frustration.
sugarcrm/handlebars.js → ^4.7.8
Upgrade Yahoo! UI Library 3
In this release, we are upgrading some transient libs required by yui3 as part of its latest pull.
There are no known breaking changes in this upgrade, they are mostly bug fixes in this release.
Ventana (sugarcrm/ventana)
Ventana is a client to help connecting and making requests to a SugarCRM REST API on multiple versions. Currently this library provides a JavaScript connector.
sugarcrm/ventana → 1.1.15
Configurability updates
Process emails in parallel to ungzip (default)
In this release, we are providing a new command as part of Sugar CLI to decompress those emails and make them readable:
SugarCRM Console version <version>
Usage:
command [options] [arguments]
Options:
-h, --help Display this help message
-q, --quiet Do not output any message
-V, --version Display this application version
--ansi Force ANSI output
--no-ansi Disable ANSI output
-n, --no-interaction Do not ask any interactive question
--profile Display timing and memory usage information
-v|vv|vvv, --verbose Increase the verbosity of messages: 1 for normal output, 2 for more verbose output and 3 for debug
Available commands:
help Displays help for a command
list Lists commands
email
email:process Process emails in parallel
email:process-batch Process a single email batch
Platform Updates
Add rector scanner step into PackageScanner during MLP installation
We are enabling this feature, introduced in 14.1, by default in 14.2, as a reminder what it is, here's the announcement we did in the last quarter.
As part of our ongoing efforts to help our customers to install MLPs compatible with PHP 8.2+, we are introducing Rector (compatibility tool) checks to our installation process.
PackageScanner will execute a dry-run of rector looking for incompatibilities on the package being installed and will deny the install if incompatible, if denied, an option to download the Rector report will be available to download the diff file for further investigation.
Predict scores for Leads & Opportunities
In this release, we added two new JSON fields, one to Opportunities and one to Leads to store complex score attributes. These fields will only work with instances that have Predict enabled.
For Opportunities module:
- LBL_AI_OPP_WON_SCORE' => 'Win Prediction Score
For Leads module:
- LBL_AI_LEAD_CONV_SCORE' => 'Conversion Prediction Score
New default collation of MySQL 8 "utf8mb4_0900_ai_ci"
We are updating the default collation for MySQL 8 to utf8mb4_0900_ai_ci
in this release.
you can still override this config by updating sugar_config option dbconfigoption.collation
, here's an example for German Collation.
$sugar_config['dbconfigoption']['collation'] = 'utf8mb4_de_pb_0900_ai_ci';
Email Data Compression Issue After Migrating from Sugar Cloud to On-Premise
The Email data compression feature introduced in Sugar 13.3 and detailed in the Sugar 14.0.0 release notes, automatically compresses archived email data for instances on Sugar Cloud. However, the decompression functionality, governed by the `Email::supportsGzip` method in `modules/Emails/Email.php`, fails to decompress email data for on-premise instances post-migration from Sugar Cloud.
In this release, we are providing a new command as part of Sugar CLI to decompress those emails and make them readable in that particular scenario:
command: php bin/sugarcrm email:process
description: Process emails to ungzip (default) or gzip description
and decription_html
fields
Prune Old Record Lists scheduler improvements
In this release, we are updating the “Prune Old Record Lists” scheduler. This scheduler not only prunes records but also includes code to perform a table optimization. In order to ensure better performance, the optimize table component should only run if the number of affected rows is higher than a certain threshold, and the default frequency of the scheduler should be set to run once daily. We are updating that scheduler during upgrade.
Display plaintext version of an email in the recordview of the Emails module
In this release, we've enhanced the Emails module to display the plain-text version of an email in the record view. This improvement allows users to view the description field of multi-part replies, including those with both HTML and plain-text content.
Deleting and recreating a record removes the opt-out status of the email address
We’ve addressed an issue in this release regarding contact and email removal. Previously, when a contact was deleted, its associated email address, if marked as opted-out, remained in the database. As a result, the email address row remained undeleted with the opt-out flag set to 1. When a new contact is created with the same email address, the opt-out flag was incorrectly reset to 0. This release fixes the issue so that Sugar now correctly respects the opt-out flag when reusing email addresses.
Make Sugar_Smarty alternative autoloadable in patches
In this release, we are updating the Sugar_Smarty class by relocating it to better align with naming conventions for secure alternatives and to ensure it is autoloaded properly after patches. The class has been moved from sugarcrm/include/SugarSmarty/SecureSmarty.php
to sugarcrm/src/Security/MLP/Alternatives/Sugar_Smarty.php
. This change eliminates the need to manually dump the composer autoloader.
Sugar Core Security Updates
As part of our ongoing efforts to keep Sugar clean, fast, reliable, and most importantly secure, we have updated Sugar Core code in different areas of the application such as Package Scanner, Module Installer, UI rendering, API endpoints, File Uploads, BWC modules and CSP default domains. Not only those changes but we've cleaned up and improve our logging messages around deprecations.
An important update to the Module Loader was the introduction of a patching mechanism to ensure that unserialize()
function utilized Sugar's Alternative and more secure version.
The contents of MLP are patched at the upload stage if MLP contains calls to the unserialize() function. All the calls to unserialize()
will be replaced with the secure alternative \Sugarcrm\Sugarcrm\Security\MLP\Alternatives\unserialize().
//Given the original script <?php unserialize('a:1:{s:4:"test";s:4:"test";}', ['max_depth' => 42]); unserialize($_GET['cmd']); unserialize($_REQUEST['bar'], ['allowed_classes' => false]); unserialize($_REQUEST['bar'], ['allowed_classes' => 'Foobar']); ?> //It will be patched (replaced) with <?php \Sugarcrm\Sugarcrm\Security\MLP\Alternatives\unserialize('a:1:{s:4:"test";s:4:"test";}', ['max_depth' => 42]); \Sugarcrm\Sugarcrm\Security\MLP\Alternatives\unserialize($_GET['cmd']); \Sugarcrm\Sugarcrm\Security\MLP\Alternatives\unserialize($_REQUEST['bar'], ['allowed_classes' => false]); \Sugarcrm\Sugarcrm\Security\MLP\Alternatives\unserialize($_REQUEST['bar'], ['allowed_classes' => 'Foobar']); ?>
The alternative function acts as a wrapper to unserialize()
enforcing the usage of the second parameter with 'allowed_classes' option, by default it doesn't allow unserializing classes, the behavior is equal to calling \unserialize() with the "['allowed_classes' => false]" as a second param. You can allow specific classes in two ways:
- Add the target classes to config_override.php
$sugar_config['moduleInstaller']['unserialize']['allowed_classes'] = ['MyClass', 'MyOtherClass'];
- Pass the second parameter to unserialize() explicitly
unserialize($string, ['allowed_classes' => ['CustomClass']])
The second variant takes precedence, so in case you are explicitly passing a list of classes while you have a preconfigured list in config.php
your preconfigured list will be completely ignored - lists will not be merged.
The following classes are not allowed in the allowed_classes config, which means they will be ignored if you pass them as a parameter or specify them in config.php:
GuzzleHttp\Cookie\FileCookieJar
GuzzleHttp\Psr7\FnStream
GuzzleHttp\HandlerStack
Doctrine\Common\Cache\Psr6\CacheAdapter
Laminas\Http\Response\Stream
Laminas\Cache\Storage\Adapter\Filesystem
Laminas\Cache\Psr\CacheItemPool\CacheItem
Monolog\Handler\GroupHandler
Monolog\Handler\SyslogUdpHandler
Monolog\Handler\BufferHandler
Monolog\Handler\NativeMailerHandler
Monolog\Handler\RollbarHandler
Monolog\Handler\FingersCrossedHandler
Smarty_Internal_Template
Smarty_Internal_Templateparser
Smarty_Internal_Configfileparser
Denylist Updates
- Symfony\Component\Filesystem\Filesystem