|
SugarClub will be undergoing scheduled maintenance and will be inaccessible beginning on Friday, 10 April 2026 (15:00 UTC | 11am EDT | 1am AEST on 11 April). |
|
SugarClub will be undergoing scheduled maintenance and will be inaccessible beginning on Friday, 10 April 2026 (15:00 UTC | 11am EDT | 1am AEST on 11 April). |
Like many software companies around the world, SugarCRM recently became aware of a critical vulnerability in the Log4j software developed by Apache Software Foundation, which is generally used in web server applications. The zero-day attack exploiting Log4j software versions 2.0 to 2.14.1 is being referred to as CVE-2021-44228 or "Log4Shell." We quickly identified and remediated our affected systems by December 13, 2021. Based on our investigation, we have not detected that our web-based services were negatively affected by the exploit.
The SugarCRM Security Team continues to monitor the situation and we are ready to react appropriately to any intelligence about this vulnerability. In addition, measures designed to detect and prevent any attempted activity related to this vulnerability have been implemented by our organization. We will continue to keep our customers informed by way of email, if necessary.
On Premises customers should evaluate any technology stacks running SugarCRM products to ensure no vulnerabilities exist. Customers are encouraged to upgrade Elastic Search to at least the remediated version 7.16.1.
For further information about the vulnerability please visit these links, or search for CVE 2021-44228:
The SugarCRM Security Team
