Action needed - January 4, 2023: SugarCRM Hotfix for critical security vulnerability

At SugarCRM, we take seriously the security and the protection of your systems and data.

Today (January 4, 2023), we are publicly announcing the availability of v1.1 of "hotfix 91155 XXXX" for all Sugar Sell, Serve, Enterprise, Professional, and Ultimate customers. This hotfix contains additional fixes for a critical security vulnerability released earlier today.

If you are running in SugarCloud there is no action needed on your part. Sugar has already applied the hotfix to all applicable instances running in SugarCloud.

If you are running a Sugar instance outside of SugarCloud you will need to take action. SugarCRM strongly recommends at the earliest opportunity you download and apply this hotfix to the relevant Sugar instance(s) to prevent potential exploitation of the vulnerability.

For information about downloading the hotfix packages, we have emailed details to customers and partners. If further assistance is needed, please contact the SugarCRM Support team

v1.1 Hotfix 91155 XXXX should be applied in addition to (or in lieu of) the hotfix released earlier today. If you have not yet applied the hotfix released earlier today, you need only download and apply v1.1 Hotfix 91155 XXXX.

We understand that this announcement may require action on your part, and we are ready to assist with whichever path you choose. Please contact your Sugar partner or Sugar Support for assistance.

SugarCRM will continue to investigate the situation and will provide any further updates as required.

Sincerely,  

The SugarCRM team 

Anonymous
  • Hi, 

    We can  apply this hot fix released via "Admin > Module Loader"?

    I have tried to apply this released via "module Loader" and it gives me error 

    Scanning Package


    Installation failed!

    Copy Issues

    files/install/install_utils.php
    Overriding of core SugarCRM files is not allowed (install/install_utils.php)
    files/modules/EmailTemplates/AttachFiles.php
    Overriding of core SugarCRM files is not allowed (modules/EmailTemplates/AttachFiles.php)
    files/include/MVC/SugarApplication.php
    Overriding of core SugarCRM files is not allowed (include/MVC/SugarApplication.php)
  • Please review the most recent information and updates here.