[Action Required] Security Release for 12.x and 13.x

At SugarCRM, we take the security and protection of your systems and data seriously. Today, we are publicly announcing the availability of versions 12.0.4 and 13.0.2 to all Sugar Sell, Serve, and Enterprise customers. Sugar versions 12.0.4 and 13.0.2 contain fixes for critical security vulnerabilities.

SugarCloud Customers

If your Sugar instance is hosted in Sugar's cloud environment, you do not need to take any action as the vulnerabilities have already been patched by the SugarCloud Operations team.

Customers Hosted Outside of SugarCloud

If you host your instance in any environment outside of the SugarCloud environment, please carefully review the following instructions and take the actions outlined below at the earliest opportunity. Following our investigations, we have no indication that the vulnerabilities were exploited. However, administrators are strongly encouraged to upgrade their Sugar instances to 12.0.4 or 13.0.2 (as determined by their current version of Sugar) to prevent potential exploitation of these weaknesses.

Current Version Upgraded Version
13.0.x 13.0.2
12.0.x 12.0.4

Please visit the Download Manager to download the latest patch for your release, 12.0.4 or 13.0.2, to address these vulnerabilities. The Installation and Upgrade Guide specific to your Sugar version and product contains the appropriate guidance to apply these patches to your instance. Please review the Supported Platforms prior to installing or upgrading.

If further assistance is needed and you are on a supported version of Sugar, have one of your Sugar support-authorized contacts create a case or email support@sugarcrm.com. If you have a partner, please contact your partner first before contacting Sugar. For more information on the Sugar Support process, please visit the Working With Sugar Support article.

If you would like to consider moving to SugarCloud, please see the SugarCloud Migration Guide to learn how SugarCRM can help you transition smoothly.