At SugarCRM, we take seriously the security and the protection of your systems and data.
Today (January 4, 2023), we are publicly announcing the availability of v1.1 of "hotfix 91155 XXXX" for all Sugar Sell, Serve, Enterprise, Professional, and Ultimate customers. This hotfix contains additional fixes for a critical security vulnerability released earlier today.
If you are running in SugarCloud there is no action needed on your part. Sugar has already applied the hotfix to all applicable instances running in SugarCloud.
If you are running a Sugar instance outside of SugarCloud you will need to take action. SugarCRM strongly recommends at the earliest opportunity you download and apply this hotfix to the relevant Sugar instance(s) to prevent potential exploitation of the vulnerability.
For information about downloading the hotfix packages, we have emailed details to customers and partners. If further assistance is needed, please contact the SugarCRM Support team.
v1.1 Hotfix 91155 XXXX should be applied in addition to (or in lieu of) the hotfix released earlier today. If you have not yet applied the hotfix released earlier today, you need only download and apply v1.1 Hotfix 91155 XXXX.
We understand that this announcement may require action on your part, and we are ready to assist with whichever path you choose. Please contact your Sugar partner or Sugar Support for assistance.
SugarCRM will continue to investigate the situation and will provide any further updates as required.
The SugarCRM team