At SugarCRM, we take seriously the security and the protection of your systems and data. Today, we are publicly announcing the availability of versions 10.0.4, 9.0.6, and 10.2.1 releases to all Sugar Enterprise, Professional, and Ultimate customers. The 10.0.4, 9.0.6, and 10.2.1 releases contain fixes for critical security vulnerabilities. This update also addresses issues identified in prior releases.
For more information regarding the specific advisories and issues addressed, please refer to the appropriate Release Notes:
If your Sugar instance is hosted in Sugar's cloud environment, you do not need to take any action as these vulnerabilities have already been remedied per SugarCloud policy.
ImpactedVersion |
Upgraded Version |
v10.3.0 |
Not Applicable – Not Impacted |
v10.2.0 |
10.2.1 |
v10.0.x |
10.0.4 |
If you host your instance on-site (in any environment outside of the SugarCloud environment), please carefully review the following instructions and take the actions outlined below at the earliest opportunity. Following our investigations, we have no indication that the vulnerabilities were exploited. However, administrators are strongly encouraged to upgrade their Sugar instances running the 10.0.3,9.0.5, or prior versions to 10.0.4 or 9.0.6 to prevent potential exploitation of these weaknesses.
Please visit the Download Manager to download the latest patch for your release, 10.0.4 or 9.0.6, which address these vulnerabilities. Our Installation and Upgrade Guide contains the appropriate guidance to apply these patches to your instance. Please review the Supported Platforms prior to installing or upgrading.
If further assistance is needed, and you are on a supported version of Sugar, have one of your Sugar support-authorized contacts create a case or email support@sugarcrm.com. For more information on the Sugar Support process, please review Working With Sugar Support.
To ensure you are up-to-date on the latest information about Sugar Enterprise & Professional, please join the Enterprise & Professional group in SugarClub, or the other product-specific groups in Explore for additional updates.