At SugarCRM, we take seriously the security and protection of your systems and data. Today, we are announcing the availability of versions 11.0.5 and 12.0.2 to all Enterprise and Professional customers. Sugar versions 11.0.5 and 12.0.2 contain a fix for a critical security vulnerability, sugarcrm-sa-2023-001. To learn more about the details of this vulnerability and Sugar's investigation, and to stay informed of any future updates, please review this update: January 5, 2023: Security vulnerability update and FAQ.
If your Sugar instance is hosted in Sugar's cloud environment, you do not need to take any action as the vulnerability has already been patched by the SugarCloud Operations team.
Customers Hosted Outside of SugarCloud
If you host your instance in any environment outside of the SugarCloud environment, please carefully review the following instructions and take the actions outlined below at the earliest opportunity. Administrators are strongly encouraged to upgrade their Sugar instances to 11.0.5 or 12.0.2, as determined by their current version of Sugar, to prevent the potential exploitation of these weaknesses. Customers are encouraged to upgrade even if they have previously installed the hotfix.
|Current Version||Upgraded Version|
Please visit the Download Manager to download the latest patch for your release, 11.0.5 or 12.0.2, to address this vulnerability. The Installation and Upgrade Guide specific to your Sugar version and product contains the appropriate guidance to apply these patches to your instance. Please review the Supported Platforms prior to installing or upgrading.
If further assistance is needed and you are on a supported version of Sugar, have one of your Sugar support-authorized contacts create a case or email firstname.lastname@example.org. If you're running an unsupported version, you can review suggestions here to help protect your instance. For more information on the Sugar Support process, please visit the Working With Sugar Support article.