SugarClub
SugarClub
  • User
  • Site
  • Search
  • User
  • Groups & Discussions
    Groups & Discussions
    • Product Forums
      Product-focused Q&A, discussions, best practices, fixes, and help
      Product Forums
      • Sugar Market
      • Sugar Sell & Enterprise
      • Sugar Serve
      • sales-i
    • User Groups
      Professional, Industry, Language
    • Get Involved
      Learn how to become a Raving Fan
    • Social Club
      Live, interactive, virtual meetups with other Sugar customers and Sugar’s Subject Matter experts!
    • Leadership Lounge
      Network with fellow organizational leaders, ask questions, and share insights
    • Developers
      Visit DevClub, the SugarClub group for Sugar Developers
      Developers
      • DevClub
      • Mobile Developers
      • Developer Builds
        Supplemental access level required. Inquiries: developers@sugarcrm.com
    • Additional Groups (Access Required)
      Groups that require special access will be displayed here. Contact sugarclub@sugarcrm.com for assistance. Click here to see all groups
      Additional Groups (Access Required)
      • SugarCloud Platform
  • Product Information
    Product Information
    • Release Central
      Find release-specific content to prepare for your next Sugar update
    • Documentation & Resources
      Looking to expand your Sugar knowledge? Explore our in-depth documentation and other helpful resources!
    • Product Update Blogs
      Updates about each Sugar product
    • Customer Stories »
      Case Studies by SugarCRM
  • Training & Certification
    Training & Certification
    • Training & Certification Home
      Live & On-Demand classes, Quick Videos, Sugar Certifications, and more!
    • Quick Videos
      Short videos about using Sugar
    • My SugarU Dashboard »
    • SugarU News & Updates
  • Adoption
    Adoption
    • Grow Adoption Framework
      Get started on your adoption journey and review the adoption resources from SugarCRM
  • Calendar
  • News
    News
    • Sugar News
    • SugarCRM.com News »
    • Dev Blog
    • SugarCRM Marketplace Blog
  • Help
    Help
    • Welcome to Sugar!
      New to Sugar? Get started here!
    • SugarClub Help & Instructions
      Learn more about SugarClub and find answers to questions about this site
    • New to SugarClub?
      Start your community journey here
    • Technical Support
      Sugar's support resources
      Technical Support
      • Case Portal »
        Access the SugarCRM Case Portal
      • Working with Sugar Support »
        Find out more about engaging with the SugarCRM Support team
      • SugarCloud Information
        Find information about SugarCloud service updates and site status. Contact sugarclub@sugarcrm.com to request access
  • More from Sugar
    More from Sugar
    • DevClub
    • PartnerClub
    • Support
    • SugarOutfitters Marketplace
    • sugarcrm.com
  • DevClub
  • PartnerClub
  • Support
  • Marketplace
  • sugarcrm.com
DevClub
DevClub
Dev Tutorials Sugar 25.1 Customization Guide
  • Dev Blog
  • Answers & Best Practices
  • Developer On-boarding
  • Dev Tutorials
  • Developer Events
  • Event Recaps
  • Members
  • Developer Suggestions
  • Sub-Groups
  • More
  • Cancel
  • New
Click here to join this group and curate your SugarClub experience.
  • +On-Boarding Framework
  • -Customization Guides
    • Sugar 25.1 Customization Guide
    • Sugar 14.2 (Q4 2024) Customization Guide
    • Sugar 14.1 (Q3 2024) Customization Guide
    • Sugar 14.0 (Q2 2024) Customization Guide
    • Sugar 13.3 (Q1 2024) Customization Guide
    • Sugar 13.2 (Q4 2023) Customization Guide
    • Sugar 13.1 (Q3 2023) Customization Guide
    • Sugar 13.0 (Q2 2023) Customization Guide
  • +Modern UI Technical Guide
  • +Automated PHP Compatibility Tool
  • Did you know? Copying related records is a breeze!
  • How to write code for SugarCloud webinar Q&A
  • HOW TO: enforce ACL on Tags
  • Programatically manage Dropdown List
  • Remove custom fields created via package installation
  • Sugar Developer Tools
  • Tutorial:  How to register custom platforms in Sugar instances via Platform extension
  • Adding a google reCAPTCHA in a Web-to-Lead form
  • Sugar Developer Blog Style Guide

Sugar 25.1 Customization Guide

The purpose of this document is to provide insight to Sugar Developers for upgrading custom Sugar code, extensions, and integrations to the Sugar 25.1 release. This guide focuses on changes in Sugar 25.1 that could cause an immediate impact on Sugar customizations and integrations built for earlier Sugar versions.

Please check out the Sugar 25.1 Developer Webinar recording for more developer highlights. For Admin and End User release notes, please visit the Sugar 25.1.0 Release Notes.

User Experience Updates

Introducing Package Builder and Deployer

We’re thrilled to introduce Package Builder and Deployer – a powerful new tool designed to help admins and developers seamlessly promote configurations and customizations across environments. This tool has been in the making for a while and now we fell it's time to release it as it has been proven to work in multiple scenarios across the board. This functionality is available through Admin -> Developer Tools -> Package Builder and Deployer. and it will enable you to:

  • Support Industry Verticalization:  You will be able to create your own vertical template (let's say Manifacturing) and easily package it to be distributed easily.
  • Targeted packaging: You are now able to select which configurations/customizations you want to distribute
    • Fields
    • Relationships
    • Roles
    • Layouts
      • List View
      • Record View
      • Preview
      • Preview View
      • Popup Views
        • List View
        • Search View
      • Search View
      • Record View Dashlet
      • Mobile Layouts
        • Edit View
        • List View
        • Detail View
      • Subpanel Layouts
    • BPM Process Definition
    • Legacy Workflows
    • Reports
    • Dashboards
    • Drop-Downs
    • Languages
    • Timeline Settings
    • Smart Guides
    • Scheduled Jobs
  • Deployable Unique Package: System needs to bundle the selected configurations/customizations into a single, deployable solution template package
  • Converting Staging environments to production with a click of button.
  • List of Deployed Packages: Admins will see the list of deployed (with the information it was deployed remotely or locally) solution template packages in any instance admins have access to. 
  • Solution Template Management: Solution template owner can manage i.e. create/update/delete any solution template for an instance they have access to.

Note: If a customer is using Oracle version earlier than 23.5 and attempts to:

  • Pull a package using Package Builder and Deployer, or
  • Download and install a package created by Package Builder and Deployer,

You must first add the following override before pulling or installing the package:

$sugar_config['pb_bulk_insert'] = false

This step ensures compatibility and prevents potential issues during the package installing operation.

Account last interaction

In this release, we’re introducing a new field called "Last Interaction" on Accounts, designed to enhance your CRM experience by offering a quick snapshot of the most recent customer engagement. An interaction is defined as a "held" call or meeting on the account providing a clear indicator of the last time you connected with the customer. With the "Last Interaction" field, you can effortlessly pinpoint which accounts require immediate attention, all without leaving your current view or generating a separate report.

  1. “Last Interaction” field is available out-of-the-box in these layouts
    1. Record View- under Tags for new instances and existing instances that have not been customized
    2. Append to the bottom of existing instances that have been customized
    3. Add filler next to “Last Interaction” so the field doesn’t go across the RV
    4. The field is displayed as a Date field with a link and an icon to the left of the link
    5. Record View Dashlet- under Tags for new instances and existing instances
      1. Append to the bottom of existing instances that have been customized
      2. Add filler next to “Last Interaction”
    6. Popup Listview, Popup Search, Search- in the Hidden column (by default they show up in hidden)
    7. List View- in the Default column, for new and existing instances, under Date Created
  2. Changes made to a Call or a Meeting update the related Account record
    1. E.g. a call was scheduled in the future and the status changes to “Held”
  3. User is able to report on this field and use in other OOTB sugar processes
    1. Including filtering in LV
  4. Field is auditable and reportable
  5. When a call or meeting triggers an update to the "Last Interaction" field on an account, the corresponding account record is moved to the top of the list view (if ordered by date modified).
    1. This is because the update activates the date_modified timestamp for that account

Note: On upgrade, a new job (SugarJobInitInteractions) will be created to look at all Account Meeting and Call interactions and populate the field with the last activity that was marked “Held”. It will run only once during upgrade and will NOT update date_modified field.

Ability to set variable path for record view for OneDrive

In this release, we have extended the functionality to configure "Paths for Record View" to support OneDrive and SharePoint, in addition to Dropbox and Google Drive.

This update enables greater flexibility in managing file paths for OneDrive and SharePoint, allowing users to dynamically configure paths for record views. Feature include:

  • Users can configure variable paths for OneDrive and SharePoint through the "Default Starting Path" and "Variable Path" fields.
  • The "Default Starting Path" is read-only and can only be set via the "Select Path" button, ensuring a valid folder ID is used.
  • The "Variable Path" field allows users to define dynamic paths using variables (e.g., "$name", "$name-$industry").
  • Users are limited to setting up one variable folder to be created.

Unique Report Results

In this release, we have updated our reporting functionality to allow users to get unique results on their reports by simply selecting a checkbox "Show distinct results". The columns used in the output of the report will be the ones being unique outputted, something like SELECT DISTINCT columnA, columnB from table in SQL terms. 

When enabled, this option removes duplicate report results. Duplicates may occur when a record meets a report filter multiple times due to its related records, causing it to be listed more than once. Please note that enabling this option may result in the exclusion of valid records, depending on your report criteria

Migrate from sucrose to chart.js

In this release, we continue our transition from Sugar Sucrose (legacy) charting engine to the more modern and robust Chart.js library. As part of this effort, we've implemented a Bubble Chart along with its integrated tooltip engine as well as Sales Pipeline (Funnel) charts. This transition moves us closer to making more of our dashlets and reports fully independent from the outdated Sucrose engine.

In the Forecast Bar Chart, we're keeping the “Likely“ and “Quota“ legend visible as the dashlet is resized. For the bar part of the chart, use the existing legend behavior where the part of the legend is visible and what doesn’t fit gets collapsed under a dropdown.

Icon Improvements

In this release, we're making improvements to icons in Sugar, the newly improved features are:

  • Adding module icons to list views. When a user is viewing a module in the List View, each module will display its respective icon (according to what's been selected in Module Names) to the left of the module name.
  • Updating DocumentMerge icons based on file type. In case filetype isn't doc, pdf, ppt, excel we will default it to doc.

New Submodule for Managing Meeting Recordings and Transcripts

In this release, a new submodule has been added to the meetings module in SugarCRM to manage multiple recording URLs and transcript attachments.

This update supports AI-driven analysis and seamless integration with Sugar Connect, while maintaining a clean user interface by preventing unnecessary menu clutter. The submodule will allow automatic population of meeting data and ensure that users can access recordings and transcripts without modification rights.

Key Features:

  • Adding multiple recording URLs, associated access codes, and transcript files via Sugar Connect’s API
  • Displaying this submodule only within the context of the meetings module, without adding it to the global navigation menu
  • Including fields for start and end datetimes to define the recording’s duration
  • Providing read-only access to users for viewing the recordings and transcripts

Artificial Intelligence

Standardizing AI Icons

In this release, we are replacing Predict icons with AI icons. The following changes where applied on DropdownStyles, vardefs definitions, language files, .less files, styleguide and HBS files where they were used.

  • from sicon-sugar-predict-lg to sicon-ai-xl
  • from sicon-sugar-predict to sicon-ai

Note: Even though it is not part of the styleguide in favor of AI, we have kept the sicon-sugar-predict* in our Sicon library for now.

Sugar REST API updates

This Sugar release introduces REST v11_26.

Connector Salesfusion

Gets info about Market organization integrated via salesfusion connector..

GET <sugar instance>/rest/v11_26/connector/salesfusion

Prospect Lists

Get Prospect Lists Prospects.

GET <sugar instance>/rest/v11_26/prospect_lists_prospects

Find the outbound emails

Find the outbound emails current user can use.

POST <sugar instance>/rest/v11_26/Mail/outboundEmails

Load packages data from remote instance

Package builder uses this endpoint to Load packages data from remote instance. This endpoint is only available to administrators.

POST <sugar instance>/rest/v11_26/Administration/package/getRemotePackages

Extract customizations

Package builder uses this endpoint to get customizations in one or multiple categories. This endpoint is only available to administrators.

POST <sugar instance>/rest/v11_26/Administration/package/customizations

Retrieve db data for customizations

Package builder uses this endpoint to get db data for customizations. This endpoint is only available to administrators.

POST <sugar instance>/rest/v11_26/Administration/package/data

Create a new package

Package builder uses this endpoint to create a new package. This endpoint is only available to administrators.

POST <sugar instance>/rest/v11_26/Administration/package

Upload a package to another instance

Package builder uses this endpoint to upload a package to another instance. This endpoint is only available to administrators.

POST <sugar instance>/rest/v11_26/Administration/package/remote

Get a package

Use this endpoint to get the content of a package. This endpoint is only available to administrators.

POST <sugar instance>/rest/v11_26/Administration/package/:id

Deprecated Endpoints

GET <sugar instance>/rest/v11_26/globalsearch?platform=portal

POST <sugar instance>/rest/v11_26/globalsearch?platform=portal

GET <sugar instance>/rest/v11_26/<module>/globalsearch?platform=portal

POST <sugar instance>/rest/v11_26/<module>/globalsearch?platform=portal

GET <sugar instance>/rest/v11_26/search

GET <sugar instance>/rest/v11_26/portalsearch

POST <sugar instance>/rest/v11_26/portalsearch

GET <sugar instance>/rest/v11_26/Dashboards/<module>

POST <sugar instance>/rest/v11_26/Dashboards/<module>

GET <sugar instance>/rest/v11_26/Dashboards

POST <sugar instance>/rest/v11_26/Dashboards

POST <sugar instance>/rest/v11_26/Dashboards/Activities

POST <sugar instance>/rest/v11_26/<module>/:id/link/related_activities

PHP Library Upgrades

PHP-Parser

Sugar utilizes a PHP library called PHP-Parser Its purpose is to simplify static code analysis and manipulation. In this release, we are upgrading its version to 4.16. 

There are no known breaking changes in this upgrade, they are mostly bug fixes in this release.

nikic/php-parser → ^v4.16.0

Microsoft Graph SDK

Microsoft Graph SDK for PHP provides Sugar with a framework for retrieving data from a Microsoft account using the Microsoft Graph API via OAuth2 tokens. There are no known breaking changes in this upgrade, they are mostly newly generated modes and PHP version support.

microsoftgraph/msgraph-sdk-php → ^2.12.0

Upgrade PHP libs to the latest Minor versions without breaking changes

In this release, we've updated all minor and patch versions of our PHP libraries as declared in the composer. Since these are minor and patch updates, no breaking changes are expected. The updates primarily include newly generated models and improved PHP version compatibility.

aws/aws-sdk-php → ^3.336.13

doctrine/dbal → ^3.9.1

docusign/esign-client → ^v8.0.0

egulias/email-validator → ^4.0.2

google/apiclient → ^v2.18.2

guzzlehttp/guzzle → ^7.9.2

microsoft/microsoft-graph → ^v2.23.0

psr/log → ^3.0.2

psr/simple-cache → ^3.0.0

ramsey/uuid → ^4.7.6

rector/rector → ^1.2.5

rlanvin/php-rrule → ^v2.5.1

ruflin/elastica → ^7.3.1

smarty/smarty → ^5.4.3

symfony/cache → ^5.4.46

symfony/console → ^5.4.47

symfony/event-dispatcher → ^5.4.45

symfony/expression-language → ^5.4.45

symfony/intl → ^5.4.47

symfony/polyfill-intl-idn → ^1.31.0

symfony/process → ^5.4.47

symfony/security-core → ^5.4.48

symfony/security-csrf → ^5.4.45

symfony/validator → ^5.4.48

wikimedia/less.php → ^v5.1.1

JS Library Upgrades

Karma Components

Karma and its components karma-coverage, karma-sauce-launcher, karma-webpack, karma-firefox-launcher, karma-jasmin  provide Sugar with  tool that allows you to execute JavaScript code in multiple real browsers. There were breaking changes in this release, however, most of them are related to internal testing, if you use Karma for your testing, you'd need to revisit your code. 

There are no known breaking changes in this upgrade, they are mostly bug fixes in this release.

karma-runner/karma →  ^6.4.4
karma-runner/karma-coverage → ^2.2.1
karma-runner/karma-firefox-launcher → ^2.1.3
karma-runner/karma-jasmine → ^5.1.0
karma-runner/karma-sauce-launcher → ^4.3.6

Gulp Components

Gulp and its components gulp-cucumber, gulp-filter, gulp-stylelint, gulp-typescript, gulp-eslint  provide Sugar a toolkit that helps you automate painful or time-consuming tasks in your development workflow.There are no known breaking changes in these upgrade, they are mostly bug fixes in their releases. 

There are no known breaking changes in this upgrade, they are mostly bug fixes in this release.

gulp →  ^5.0.0
gulp-cucumber → ^0.0.24
gulp-filter → ^7.0.0
gulp-stylelint → ^13.0.0
gulp-typescript → ^5.0.1
gulp-eslint → ^6.0.0

Low to Minimum Impact Upgrade on various JS libraries

We have patch upgraded the versions of the following components @babel/core, ajv, bootstrap, jquery, moment.js, @sugarcrm/ventana, babel-loader, @babel/eslint-parser, commander, eslint-plugin-import, script-loader., exports-loader, imports-loader There are no known breaking changes in these upgrade, they are mostly bug fixes in their releases.

@babel/core →  ^7.26.0
@babel/eslint-parser → ^7.24.7
@babel/preset-env → ^7.24.7
@sugarcrm/ventana → ^1.1.16
ajv → ^8.17.1
babel-loader → ^9.2.1
commander → ^12.1.0
eslint-plugin-import → ^2.29.1
jquery → ^3.7.1
jsdoc → ^4.0.3
moment → ^2.30.1
sindresorhus/strip-json-comments → ^3.1.1
sinon → ^19.0.2
script-loader → ^0.7.2
webpack → ^5.92.0
exports-loader → ^5.0.0
imports-loader → ^5.0.0

Supported Platforms Update

In this release, we are updating Sugar’s Supported Platforms.

  • We are dropping support for PHP 8.2 and adding support to PHP 8.4.
    • PHP 8.0 to PHP 8.1 have breaking changes and incompatibilities
      • Here is PHP’s official migration guide (https://www.php.net/manual/en/migration81.php)
      • Backwards incompatibilities guide (https://www.php.net/manual/en/migration81.incompatible.php)
    • PHP 8.1 to PHP 8.2 have breaking changes and incompatibilities
      • Here is PHP’s official migration guide (https://www.php.net/manual/en/migration82.php)
      • Backwards incompatibilities guide (https://www.php.net/manual/en/migration82.incompatible.php)
    • PHP 8.2 to PHP 8.3 have breaking changes and incompatibilities
      • Here is PHP’s official migration guide (https://www.php.net/manual/en/migration83.php)
      • Backwards incompatibilities guide (https://www.php.net/manual/en/migration83.incompatible.php)
    • PHP 8.3 to PHP 8.4 have breaking changes and incompatibilities
      • Here is PHP’s official migration guide (https://www.php.net/manual/en/migration84.php)
      • Backwards incompatibilities guide (https://www.php.net/manual/en/migration84.incompatible.php)
  • There isn't an upgrade path from 8.0 to 8.4, you must ensure it follows the upgrade path 7.4 -> 8.0 -> 8.1 -> 8.2 -> 8.3 -> 8.4
  • We are supporting IIS 10 and Apache 2.4
  • MySQL Support
    • Keep 8.0 with minimum version 8.0.40
    • Add support for MySQL 8.4.3
  • MSSQL Support
    • We are dropping support for MSSQL 2019
    • Keep support for MSSQL 2022
  • Oracle Support
    • We are dropping support for Oracle 19
    • Adding support for Oracle 23
  • DB2 Support
    • We support for DB2 11.5.9
  • We are dropping support for Windows Server 2019.
  • Search
    • Keep support for Elasticsearch 8.4.3
    • Adding support for Elasticsearch 8.17.1
    • Adding support for OpenSearch 2.7.0

Configurability updates

Sugar Config Settings

Setting Name

Default

Override Example

Description

security.preferIpv6 false $sugar_config['security']['preferIpv6'] = true; Specifies whether Sugar should prefer iPv6 lookups instead of IPv4.
max_external_request_time 600 $sugar_config['max_external_request_time'] = 600; Set timeout value for HTTP requests ExternalResourceClient. 600 is amount of seconds. Examples: 10, 100, 200, 500, 1000, 123

Removed Functions / Libraries / Features

Remove Session and Dbal Scans from HealthCheck

In version 12.3, we added a Dbal scan health check to prevent issues caused by breaking changes introduced with the Dbal version upgrade, as well as some session checks. Since this task has been completed, we are now removing it from the health checks.

Remove previously deprecated Zend components

In 13.2 we deprecated Zend components, in this release we are removing them, those components are:

  • Zend_Service*
  • Zend_Gdata*
  • Zend_Version*

Platform Updates

Sell-Market integration moved into Sugar Core

In this release, we're seamlessly integrating Sell/Market functionality directly into Sugar Core, eliminating the need for customers to install the MLP separately. This integration ensures a consistent experience for both Sell/Market MLP users and Sugar 25.1 users, streamlining setup and reducing the potential for configuration errors.

Looking ahead, this foundational work will pave the way for a more efficient, user-friendly, and maintainable CRM experience, along with a smoother, more reliable Market/Sell sync process. As part of that, we've also updated the Market Connector Key field name to "Organization Name" and help text.

It is important to notice that the following API platforms were added in this release and are exclusively being used by SugarMarket:

  • salesfusion_Data
  • salesfusion_Email
  • salesfusion_Frequent
  • salesfusion_Data_Integration
  • salesfusion_Email_Integration
  • salesfusion_Frequent_Integration
  • SugarMarket_Plaform1
  • SugarMarket_Plaform2
  • SugarMarket_Integration1
  • SugarMarket_Integration2 

Specifics on SugarMarket License

  1. If a customer has both Sell and Serve licenses then Serve users for that customer would be able to access the synced data but it's functionality would be limited to the access a Serve user has to modules in the instance. e.g. Serve user would be able see the synced market data for contacts and accounts. (Same behavior as today)
  2. Sugar will not enable the Sell/Market integration for customers who have Serve only licenses in 25.1.
  3. If an existing Sell customer purchases Market AFTER the upgrade to25.1 (where Market has been added to core), the customer will need to manually assign Market licenses to the users to grant access to those modules.
  4. If an existing Sell/Market customer cancels their Market subscription but keeps the Sell license, we will automatically remove the Market license from any users. Any Market data synced to the CRM would still be in their system, but we would block them from viewing the Market modules. 

Add .json to the list of allowed extensions in ModuleScanner

Some legitimate MLPs use JSON to store data and have to use .php files to store the data to overcome the ModuleLoader restrictions. In this release, we're adding .json files as a valid extension in the PackageScanner.

Support for OpenSearch

We’re excited to announce that in this release, we are officially supporting OpenSearch. The open-source search and analytics engine that was introduced by Amazon in January 2021 as an alternative to Elasticsearch.

OpenSearch can be used both locally (on-premise) and through Amazon’s managed services, offering flexibility in how you deploy and scale your search infrastructure.

Since OpenSearch is built on the same core as Elasticsearch, we’ve kept most of the configuration for full_text_engine the same. The name “Elastic” will be used for both Elasticsearch and OpenSearch, ensuring a seamless transition and consistent experience.

For a simple configuration using OpenSearch in a cloud environment, you can refer to the following example::

'full_text_engine' => 
  array (
    'Elastic' => 
    array (
      'host' => 'vpc-br-9835-ndcv....7t45e.us-west-2.es.amazonaws.com',
      'port' => '443',
      'transport' => 'https',
      'username' => 'some username',
      'password' => 'some password',
    ),
  ),

Note: Admins can also update these configurations in their UI when installing Sugar or after through Admin -> Search -> Full Text Search Settings

ExternalResourceClient now supports IPv6

We have implemented IPv6 support on ExternalResourceClient. Some clients would have their Sugar installations on networks where IPv4 interfaces weren't available causing ERC to fail with Failed to open stream: Network is unreachable.

This occurred because the ERC was relying solely on the gethostbyname() function in the file src/Security/Dns/NativeResolver.php, which only returns IPv4 addresses.

We have introduced a new config that you can set to "prefer IPv6" lookups instead of IPv4 (default is false).

$sugar_config['security']['preferIpv6'] = true;

Improvements

  • We've made significant improvements to the performance of the Quoted Line Items Grid in the Quotes Record View, which previously became irresponsive when handling large volumes of QLIs.
  • We're hiding "Collation" box in the Locale menu for Sugar Cloud instances, customers can accidentally initiate collation conversion and it can take hours to finish.
  • In order to ensure the protection of sensitive information, the Connector configuration screen will only show password information to a user once when it is initially configured, and then obfuscate that information if viewed later.
  • In this release, we've improved our Sugar Core and Sugarstyle guide to use SugarIcons from a single source of truth on SugarIcons by using our internal , before, it was spread across different folders in the application.
  • We're updating Content-Security-Policy (CSP) defaults to include Discover UK region (*.sugarapps.uk)
  • Sugar was not sending a User-Agent header with any external request, some servers block requests with an empty User-Agent. Since, sending User-Agent is a best practice on integrations for debugging purposes, we are setting it by default on our ExternalResourceClient.
    • New helper class Sugarcrm\Sugarcrm\Security\HttpClient\UserAgent
    • provides few methods such as forGeneric(), forCurl(), forSoap(), forErc(), forGuzzle()
    • forErc() for example, it would print/return SugarCRM/15.0/ExternalResourceClient/1.0
    • Default is: 'SugarCRM/' . $GLOBALS['sugar_version'].

Bug Fixes

  • Fixed prospect_lists_prospects endpoint when date_modified filter is used, the API would return a Database error with a 500 Error
  • Fixed Deadlocks when using outbound email extensively due to multiple Language refreshes, which has now been fixed
  • We've aligned FAB icons with Tailwind colors and Modern UI border radius
  • Fixed an issue with Chrome browsers and timezone that was causing the page to refresh multiple times for some timezones in Asia (The root cause is Chromium issue #40453385).
  • Fixed Inbound Email Scheduler breaks if setTransferEncoding does not match RFC1521 exactly ; "8bit" vs "8 bit"
  • Fixed Geocoder Resolver Job Failing by implementing an efficient solution to consume the queue efficiently in a parallelized manner.
  • Fixed Deletion of User Profile Pictures with Admin/Developer privileges to the Users module.
  • Enforcing Authorized-Only Modification of Note Attachment in Notes Module (only users with 'edit' access can modify that)
  • Fixed Campaign Email Templates would not show or insert correctly Tracker URL

Sugar Core Security Updates

As part of our ongoing efforts to keep Sugar clean, fast, reliable, and most importantly secure, we have updated Sugar Core code in different areas of the application such as Package Scanner, Studio, Module Installer, UI rendering, API endpoints, Legacy SOAP API, File Uploads, Legacy Workflows and BWC modules. Not only those changes but we've cleaned up and improve our logging messages around deprecations.

Deprecated functions

In this release, we are deprecating the following methods and/or classes:
  • get_decoded()

SugarUploadS3 is no longer deprecated

In this release, we are un-deprecating and removing HealthCheck (bucket E) to scan for the usage of the SugarUploadS3. We have re-implemented this class in a more secure and safe way.

Denylist Updates

In this release, we are adding the following methods and/or classes to the PackageScanner's denylist:
  • openUri()
  • unserialize()
  • gzwrite()
  • extractTo()
  • class_alias()

  • Sugar 25.1
  • Share
  • History
  • More
  • Cancel
  • Sign in to reply
Related
Recommended