The purpose of this document is to provide insight to Sugar Developers for upgrading custom Sugar code, extensions, and integrations to the Sugar 25.1 release. This guide focuses on changes in Sugar 25.1 that could cause an immediate impact on Sugar customizations and integrations built for earlier Sugar versions.
Please check out the Sugar 25.1 Developer Webinar recording for more developer highlights. For Admin and End User release notes, please visit the Sugar 25.1.0 Release Notes.
User Experience Updates
Introducing Package Builder and Deployer
We’re thrilled to introduce Package Builder and Deployer – a powerful new tool designed to help admins and developers seamlessly promote configurations and customizations across environments. This tool has been in the making for a while and now we fell it's time to release it as it has been proven to work in multiple scenarios across the board. This functionality is available through Admin -> Developer Tools -> Package Builder and Deployer
. and it will enable you to:
- Support Industry Verticalization: You will be able to create your own vertical template (let's say Manifacturing) and easily package it to be distributed easily.
- Targeted packaging: You are now able to select which configurations/customizations you want to distribute
- Fields
- Relationships
- Roles
- Layouts
- List View
- Record View
- Preview
- Preview View
- Popup Views
- List View
- Search View
- Search View
- Record View Dashlet
- Mobile Layouts
- Edit View
- List View
- Detail View
- Subpanel Layouts
- BPM Process Definition
- Legacy Workflows
- Reports
- Dashboards
- Drop-Downs
- Languages
- Timeline Settings
- Smart Guides
- Scheduled Jobs
- Deployable Unique Package: System needs to bundle the selected configurations/customizations into a single, deployable solution template package
- Converting Staging environments to production with a click of button.
- List of Deployed Packages: Admins will see the list of deployed (with the information it was deployed remotely or locally) solution template packages in any instance admins have access to.
- Solution Template Management: Solution template owner can manage i.e. create/update/delete any solution template for an instance they have access to.
Note: If a customer is using Oracle version earlier than 23.5 and attempts to:
- Pull a package using Package Builder and Deployer, or
- Download and install a package created by Package Builder and Deployer,
You must first add the following override before pulling or installing the package:
$sugar_config['pb_bulk_insert'] = false
This step ensures compatibility and prevents potential issues during the package installing operation.
Account last interaction
In this release, we’re introducing a new field called "Last Interaction" on Accounts, designed to enhance your CRM experience by offering a quick snapshot of the most recent customer engagement. An interaction is defined as a "held" call or meeting on the account providing a clear indicator of the last time you connected with the customer. With the "Last Interaction" field, you can effortlessly pinpoint which accounts require immediate attention, all without leaving your current view or generating a separate report.
- “Last Interaction” field is available out-of-the-box in these layouts
- Record View- under Tags for new instances and existing instances that have not been customized
- Append to the bottom of existing instances that have been customized
- Add filler next to “Last Interaction” so the field doesn’t go across the RV
- The field is displayed as a Date field with a link and an icon to the left of the link
- Record View Dashlet- under Tags for new instances and existing instances
- Append to the bottom of existing instances that have been customized
- Add filler next to “Last Interaction”
- Popup Listview, Popup Search, Search- in the Hidden column (by default they show up in hidden)
- List View- in the Default column, for new and existing instances, under Date Created
- Changes made to a Call or a Meeting update the related Account record
- E.g. a call was scheduled in the future and the status changes to “Held”
- User is able to report on this field and use in other OOTB sugar processes
- Including filtering in LV
- Field is auditable and reportable
- When a call or meeting triggers an update to the "Last Interaction" field on an account, the corresponding account record is moved to the top of the list view (if ordered by date modified).
- This is because the update activates the
date_modified
timestamp for that account
- This is because the update activates the
Note: On upgrade, a new job (SugarJobInitInteractions
) will be created to look at all Account Meeting and Call interactions and populate the field with the last activity that was marked “Held”. It will run only once during upgrade and will NOT update date_modified
field.
Ability to set variable path for record view for OneDrive
In this release, we have extended the functionality to configure "Paths for Record View" to support OneDrive and SharePoint, in addition to Dropbox and Google Drive.
This update enables greater flexibility in managing file paths for OneDrive and SharePoint, allowing users to dynamically configure paths for record views. Feature include:
- Users can configure variable paths for OneDrive and SharePoint through the "Default Starting Path" and "Variable Path" fields.
- The "Default Starting Path" is read-only and can only be set via the "Select Path" button, ensuring a valid folder ID is used.
- The "Variable Path" field allows users to define dynamic paths using variables (e.g., "$name", "$name-$industry").
- Users are limited to setting up one variable folder to be created.
Unique Report Results
In this release, we have updated our reporting functionality to allow users to get unique results on their reports by simply selecting a checkbox "Show distinct results". The columns used in the output of the report will be the ones being unique outputted, something like SELECT DISTINCT columnA,
columnB from table
in SQL terms.
When enabled, this option removes duplicate report results. Duplicates may occur when a record meets a report filter multiple times due to its related records, causing it to be listed more than once. Please note that enabling this option may result in the exclusion of valid records, depending on your report criteria
Migrate from sucrose to chart.js
In this release, we continue our transition from Sugar Sucrose (legacy) charting engine to the more modern and robust Chart.js library. As part of this effort, we've implemented a Bubble Chart along with its integrated tooltip engine as well as Sales Pipeline (Funnel) charts. This transition moves us closer to making more of our dashlets and reports fully independent from the outdated Sucrose engine.
In the Forecast Bar Chart, we're keeping the “Likely“ and “Quota“ legend visible as the dashlet is resized. For the bar part of the chart, use the existing legend behavior where the part of the legend is visible and what doesn’t fit gets collapsed under a dropdown.
Icon Improvements
In this release, we're making improvements to icons in Sugar, the newly improved features are:
- Adding module icons to list views. When a user is viewing a module in the List View, each module will display its respective icon (according to what's been selected in Module Names) to the left of the module name.
- Updating DocumentMerge icons based on file type. In case filetype isn't
doc, pdf, ppt, excel
we will default it todoc
.
New Submodule for Managing Meeting Recordings and Transcripts
In this release, a new submodule has been added to the meetings module in SugarCRM to manage multiple recording URLs and transcript attachments.
This update supports AI-driven analysis and seamless integration with Sugar Connect, while maintaining a clean user interface by preventing unnecessary menu clutter. The submodule will allow automatic population of meeting data and ensure that users can access recordings and transcripts without modification rights.
Key Features:
- Adding multiple recording URLs, associated access codes, and transcript files via Sugar Connect’s API
- Displaying this submodule only within the context of the meetings module, without adding it to the global navigation menu
- Including fields for start and end datetimes to define the recording’s duration
- Providing read-only access to users for viewing the recordings and transcripts
Artificial Intelligence
Standardizing AI Icons
In this release, we are replacing Predict icons with AI icons. The following changes where applied on DropdownStyles, vardefs definitions, language files, .less files, styleguide and HBS files where they were used.
- from
sicon-sugar-predict-lg
tosicon-ai-xl
- from
sicon-sugar-predict
tosicon-ai
Note: Even though it is not part of the styleguide in favor of AI, we have kept the sicon-sugar-predict*
in our Sicon library for now.
Sugar REST API updates
This Sugar release introduces REST v11_26
.
Connector Salesfusion
Gets info about Market organization integrated via salesfusion connector..
GET <sugar instance>/rest/v11_26/connector/salesfusion
Prospect Lists
Get Prospect Lists Prospects.
GET <sugar instance>/rest/v11_26/prospect_lists_prospects
Find the outbound emails
Find the outbound emails current user can use.
POST <sugar instance>/rest/v11_26/Mail/outboundEmails
Load packages data from remote instance
Package builder uses this endpoint to Load packages data from remote instance. This endpoint is only available to administrators.
POST <sugar instance>/rest/v11_26/Administration/package/getRemotePackages
Extract customizations
Package builder uses this endpoint to get customizations in one or multiple categories. This endpoint is only available to administrators.
POST <sugar instance>/rest/v11_26/Administration/package/customizations
Retrieve db data for customizations
Package builder uses this endpoint to get db data for customizations. This endpoint is only available to administrators.
POST <sugar instance>/rest/v11_26/Administration/package/data
Create a new package
Package builder uses this endpoint to create a new package. This endpoint is only available to administrators.
POST <sugar instance>/rest/v11_26/Administration/package
Upload a package to another instance
Package builder uses this endpoint to upload a package to another instance. This endpoint is only available to administrators.
POST <sugar instance>/rest/v11_26/Administration/package/remote
Get a package
Use this endpoint to get the content of a package. This endpoint is only available to administrators.
POST <sugar instance>/rest/v11_26/Administration/package/:id
Deprecated Endpoints
GET <sugar instance>/rest/v11_26/globalsearch?platform=portal
POST <sugar instance>/rest/v11_26/globalsearch?platform=portal
GET <sugar instance>/rest/v11_26/<module>/globalsearch?platform=portal
POST <sugar instance>/rest/v11_26/<module>/globalsearch?platform=portal
GET <sugar instance>/rest/v11_26/search
GET <sugar instance>/rest/v11_26/portalsearch
POST <sugar instance>/rest/v11_26/portalsearch
GET <sugar instance>/rest/v11_26/Dashboards/<module>
POST <sugar instance>/rest/v11_26/Dashboards/<module>
GET <sugar instance>/rest/v11_26/Dashboards
POST <sugar instance>/rest/v11_26/Dashboards
POST <sugar instance>/rest/v11_26/Dashboards/Activities
POST <sugar instance>/rest/v11_26/<module>/:id/link/related_activities
PHP Library Upgrades
PHP-Parser
Sugar utilizes a PHP library called PHP-Parser Its purpose is to simplify static code analysis and manipulation. In this release, we are upgrading its version to 4.16.
There are no known breaking changes in this upgrade, they are mostly bug fixes in this release.
nikic/php-parser → ^v4.16.0
Microsoft Graph SDK
Microsoft Graph SDK for PHP provides Sugar with a framework for retrieving data from a Microsoft account using the Microsoft Graph API via OAuth2 tokens. There are no known breaking changes in this upgrade, they are mostly newly generated modes and PHP version support.
microsoftgraph/msgraph-sdk-php → ^2.12.0
Upgrade PHP libs to the latest Minor versions without breaking changes
In this release, we've updated all minor and patch versions of our PHP libraries as declared in the composer. Since these are minor and patch updates, no breaking changes are expected. The updates primarily include newly generated models and improved PHP version compatibility.
aws/aws-sdk-php → ^3.336.13
doctrine/dbal → ^3.9.1
docusign/esign-client → ^v8.0.0
egulias/email-validator → ^4.0.2
google/apiclient → ^v2.18.2
guzzlehttp/guzzle → ^7.9.2
microsoft/microsoft-graph → ^v2.23.0
psr/log → ^3.0.2
psr/simple-cache → ^3.0.0
ramsey/uuid → ^4.7.6
rector/rector → ^1.2.5
rlanvin/php-rrule → ^v2.5.1
ruflin/elastica → ^7.3.1
smarty/smarty → ^5.4.3
symfony/cache → ^5.4.46
symfony/console → ^5.4.47
symfony/event-dispatcher → ^5.4.45
symfony/expression-language → ^5.4.45
symfony/intl → ^5.4.47
symfony/polyfill-intl-idn → ^1.31.0
symfony/process → ^5.4.47
symfony/security-core → ^5.4.48
symfony/security-csrf → ^5.4.45
symfony/validator → ^5.4.48
wikimedia/less.php → ^v5.1.1
JS Library Upgrades
Karma Components
Karma and its components karma-coverage, karma-sauce-launcher, karma-webpack, karma-firefox-launcher, karma-jasmin provide Sugar with tool that allows you to execute JavaScript code in multiple real browsers. There were breaking changes in this release, however, most of them are related to internal testing, if you use Karma for your testing, you'd need to revisit your code.
There are no known breaking changes in this upgrade, they are mostly bug fixes in this release.
karma-runner/karma → ^6.4.4
karma-runner/karma-coverage → ^2.2.1
karma-runner/karma-firefox-launcher → ^2.1.3
karma-runner/karma-jasmine → ^5.1.0
karma-runner/karma-sauce-launcher → ^4.3.6
Gulp Components
Gulp and its components gulp-cucumber, gulp-filter, gulp-stylelint, gulp-typescript, gulp-eslint provide Sugar a toolkit that helps you automate painful or time-consuming tasks in your development workflow.There are no known breaking changes in these upgrade, they are mostly bug fixes in their releases.
There are no known breaking changes in this upgrade, they are mostly bug fixes in this release.
gulp → ^5.0.0
gulp-cucumber → ^0.0.24
gulp-filter → ^7.0.0
gulp-stylelint → ^13.0.0
gulp-typescript → ^5.0.1
gulp-eslint → ^6.0.0
Low to Minimum Impact Upgrade on various JS libraries
We have patch upgraded the versions of the following components @babel/core, ajv, bootstrap, jquery, moment.js, @sugarcrm/ventana, babel-loader, @babel/eslint-parser, commander, eslint-plugin-import, script-loader., exports-loader, imports-loader There are no known breaking changes in these upgrade, they are mostly bug fixes in their releases.
@babel/core → ^7.26.0
@babel/eslint-parser → ^7.24.7
@babel/preset-env → ^7.24.7
@sugarcrm/ventana → ^1.1.16
ajv → ^8.17.1
babel-loader → ^9.2.1
commander → ^12.1.0
eslint-plugin-import → ^2.29.1
jquery → ^3.7.1
jsdoc → ^4.0.3
moment → ^2.30.1
sindresorhus/strip-json-comments → ^3.1.1
sinon → ^19.0.2
script-loader → ^0.7.2
webpack → ^5.92.0
exports-loader → ^5.0.0
imports-loader → ^5.0.0
Supported Platforms Update
In this release, we are updating Sugar’s Supported Platforms.
- We are dropping support for PHP 8.2 and adding support to PHP 8.4.
- PHP 8.0 to PHP 8.1 have breaking changes and incompatibilities
- Here is PHP’s official migration guide (https://www.php.net/manual/en/migration81.php)
- Backwards incompatibilities guide (https://www.php.net/manual/en/migration81.incompatible.php)
- PHP 8.1 to PHP 8.2 have breaking changes and incompatibilities
- Here is PHP’s official migration guide (https://www.php.net/manual/en/migration82.php)
- Backwards incompatibilities guide (https://www.php.net/manual/en/migration82.incompatible.php)
- PHP 8.2 to PHP 8.3 have breaking changes and incompatibilities
- Here is PHP’s official migration guide (https://www.php.net/manual/en/migration83.php)
- Backwards incompatibilities guide (https://www.php.net/manual/en/migration83.incompatible.php)
- PHP 8.3 to PHP 8.4 have breaking changes and incompatibilities
- Here is PHP’s official migration guide (https://www.php.net/manual/en/migration84.php)
- Backwards incompatibilities guide (https://www.php.net/manual/en/migration84.incompatible.php)
- PHP 8.0 to PHP 8.1 have breaking changes and incompatibilities
- There isn't an upgrade path from 8.0 to 8.4, you must ensure it follows the upgrade path 7.4 -> 8.0 -> 8.1 -> 8.2 -> 8.3 -> 8.4
- We are supporting IIS 10 and Apache 2.4
- MySQL Support
- Keep 8.0 with minimum version 8.0.40
- Add support for MySQL 8.4.3
- MSSQL Support
- We are dropping support for MSSQL 2019
- Keep support for MSSQL 2022
- Oracle Support
- We are dropping support for Oracle 19
- Adding support for Oracle 23
- DB2 Support
- We support for DB2 11.5.9
- We are dropping support for Windows Server 2019.
- Search
- Keep support for Elasticsearch 8.4.3
- Adding support for Elasticsearch 8.17.1
- Adding support for OpenSearch 2.7.0
Configurability updates
Sugar Config Settings
Setting Name |
Default |
Override Example |
Description |
security.preferIpv6 | false | $sugar_config['security']['preferIpv6'] = true; | Specifies whether Sugar should prefer iPv6 lookups instead of IPv4. |
max_external_request_time | 600 | $sugar_config['max_external_request_time'] = 600; | Set timeout value for HTTP requests ExternalResourceClient. 600 is amount of seconds. Examples: 10, 100, 200, 500, 1000, 123 |
Removed Functions / Libraries / Features
Remove Session and Dbal Scans from HealthCheck
In version 12.3, we added a Dbal scan health check to prevent issues caused by breaking changes introduced with the Dbal version upgrade, as well as some session checks. Since this task has been completed, we are now removing it from the health checks.
Remove previously deprecated Zend components
In 13.2 we deprecated Zend components, in this release we are removing them, those components are:
Zend_Service*
Zend_Gdata*
Zend_Version*
Platform Updates
Sell-Market integration moved into Sugar Core
In this release, we're seamlessly integrating Sell/Market functionality directly into Sugar Core, eliminating the need for customers to install the MLP separately. This integration ensures a consistent experience for both Sell/Market MLP users and Sugar 25.1 users, streamlining setup and reducing the potential for configuration errors.
Looking ahead, this foundational work will pave the way for a more efficient, user-friendly, and maintainable CRM experience, along with a smoother, more reliable Market/Sell sync process. As part of that, we've also updated the Market Connector Key field name to "Organization Name" and help text.
It is important to notice that the following API platforms were added in this release and are exclusively being used by SugarMarket:
- salesfusion_Data
- salesfusion_Email
- salesfusion_Frequent
- salesfusion_Data_Integration
- salesfusion_Email_Integration
- salesfusion_Frequent_Integration
- SugarMarket_Plaform1
- SugarMarket_Plaform2
- SugarMarket_Integration1
- SugarMarket_Integration2
Specifics on SugarMarket License
- If a customer has both Sell and Serve licenses then Serve users for that customer would be able to access the synced data but it's functionality would be limited to the access a Serve user has to modules in the instance. e.g. Serve user would be able see the synced market data for contacts and accounts. (Same behavior as today)
- Sugar will not enable the Sell/Market integration for customers who have Serve only licenses in 25.1.
- If an existing Sell customer purchases Market AFTER the upgrade to25.1 (where Market has been added to core), the customer will need to manually assign Market licenses to the users to grant access to those modules.
- If an existing Sell/Market customer cancels their Market subscription but keeps the Sell license, we will automatically remove the Market license from any users. Any Market data synced to the CRM would still be in their system, but we would block them from viewing the Market modules.
Add .json to the list of allowed extensions in ModuleScanner
Some legitimate MLPs use JSON to store data and have to use .php files to store the data to overcome the ModuleLoader restrictions. In this release, we're adding .json
files as a valid extension in the PackageScanner.
Support for OpenSearch
We’re excited to announce that in this release, we are officially supporting OpenSearch. The open-source search and analytics engine that was introduced by Amazon in January 2021 as an alternative to Elasticsearch.
OpenSearch can be used both locally (on-premise) and through Amazon’s managed services, offering flexibility in how you deploy and scale your search infrastructure.
Since OpenSearch is built on the same core as Elasticsearch, we’ve kept most of the configuration for full_text_engine
the same. The name “Elastic
” will be used for both Elasticsearch and OpenSearch, ensuring a seamless transition and consistent experience.
For a simple configuration using OpenSearch in a cloud environment, you can refer to the following example::
Note: Admins can also update these configurations in their UI when installing Sugar or after through Admin -> Search -> Full Text Search Settings
ExternalResourceClient now supports IPv6
We have implemented IPv6 support on ExternalResourceClient. Some clients would have their Sugar installations on networks where IPv4 interfaces weren't available causing ERC to fail with Failed to open stream: Network is unreachable
.
This occurred because the ERC was relying solely on the gethostbyname()
function in the file src/Security/Dns/NativeResolver.php
, which only returns IPv4 addresses.
We have introduced a new config that you can set to "prefer IPv6
" lookups instead of IPv4 (default is false).
Improvements
- We've made significant improvements to the performance of the Quoted Line Items Grid in the Quotes Record View, which previously became irresponsive when handling large volumes of QLIs.
- We're hiding "Collation" box in the Locale menu for Sugar Cloud instances, customers can accidentally initiate collation conversion and it can take hours to finish.
- In order to ensure the protection of sensitive information, the Connector configuration screen will only show password information to a user once when it is initially configured, and then obfuscate that information if viewed later.
- In this release, we've improved our Sugar Core and Sugarstyle guide to use SugarIcons from a single source of truth on SugarIcons by using our internal , before, it was spread across different folders in the application.
- We're updating Content-Security-Policy (CSP) defaults to include Discover UK region (
*.sugarapps.uk
) - Sugar was not sending a
User-Agent
header with any external request, some servers block requests with an emptyUser-Agent
. Since, sending User-Agent is a best practice on integrations for debugging purposes, we are setting it by default on our ExternalResourceClient.- New helper class
Sugarcrm\Sugarcrm\Security\HttpClient\UserAgent
- provides few methods such as
forGeneric(), forCurl(), forSoap(), forErc(), forGuzzle()
forErc()
for example, it would print/returnSugarCRM/15.0/ExternalResourceClient/1.0
- Default is:
'SugarCRM/' . $GLOBALS['sugar_version'].
- New helper class
Bug Fixes
- Fixed p
rospect_lists_prospects
endpoint whendate_modified
filter is used, the API would return a Database error with a 500 Error - Fixed Deadlocks when using outbound email extensively due to multiple Language refreshes, which has now been fixed
- We've aligned FAB icons with Tailwind colors and Modern UI border radius
- Fixed an issue with Chrome browsers and timezone that was causing the page to refresh multiple times for some timezones in
Asia
(The root cause is Chromium issue #40453385). - Fixed Inbound Email Scheduler breaks if setTransferEncoding does not match RFC1521 exactly ; "8bit" vs "8 bit"
- Fixed Geocoder Resolver Job Failing by implementing an efficient solution to consume the queue efficiently in a parallelized manner.
- Fixed Deletion of User Profile Pictures with Admin/Developer privileges to the Users module.
- Enforcing Authorized-Only Modification of Note Attachment in Notes Module (only users with 'edit' access can modify that)
- Fixed Campaign Email Templates would not show or insert correctly Tracker URL
Sugar Core Security Updates
As part of our ongoing efforts to keep Sugar clean, fast, reliable, and most importantly secure, we have updated Sugar Core code in different areas of the application such as Package Scanner, Studio, Module Installer, UI rendering, API endpoints, Legacy SOAP API, File Uploads, Legacy Workflows and BWC modules. Not only those changes but we've cleaned up and improve our logging messages around deprecations.
Deprecated functions
- get_decoded()
SugarUploadS3 is no longer deprecated
In this release, we are un-deprecating and removing HealthCheck (bucket E) to scan for the usage of the SugarUploadS3
. We have re-implemented this class in a more secure and safe way.
Denylist Updates
- openUri()
- unserialize()
- gzwrite()
- extractTo()
- class_alias()