Overview
This document describes fixed and known issues, supported platforms, and acknowledgments for Sugar 6.5.18.
Fixed Issues
Sugar 6.5.18 is a security update released to address certain security vulnerabilities identified during our routine QA checks.
We strongly recommend that you install this update at the earliest opportunity. While we have not experienced any reported incidents relating to these vulnerabilities to date, failure to install this update could leave you exposed to the following types of malicious third party attacks:
- Authenticated admin users may cause arbitrary code to be executed.
- Authenticated admin users may initiate a cross-site scripting attack.
These vulnerabilities have been addressed in release 6.5.18 which is available for download from the Download Manager.
Administrators are strongly encouraged to upgrade their Sugar instances running 6.5.x or earlier to 6.5.18 to prevent potential exploitation of these weaknesses.
Supported Platforms
For information on supported platform components, see Sugar 6.5.x Supported Platforms.
Acknowledgments
SugarCRM would like to thank the following community members for their help in resolving issues in Release 6.5:
- Aleš Pudil
- Alexei Avramenko, Letrium
- Antonio Musarra
- Aurélien Requiem, Loaded Technologies
- Björn Schotte, Mayflower GmbH
- Cedric Mourizard, Synolia
- Daniel Gadd, Aura Information Security
- Danil Sazonov, Richlode Solutions
- Dave Miller
- Enrico Simonetti, InsightfulCRM, Australia
- Fabio Grande, Poker Spa
- Frank Saguma
- Jason Eggers
- Jeff Bickart, NEPO Systems, LLC
- Jens Jahnke, Telematika
- João Morais, DRI - Consultoria Informatica, Lda.
- Johan Westin, Redpill-Linpro
- Jon Auer
- Jonathan Cutting, EnableIT SugarUK Technologies Ltd
- Kawai Cheung, OSSCRM, Inc.
- Masaki Fukumitsu
- Matthew Poer, Profiling Solutions
- Maxime Dauphin
- Rasmus Haglund
- Ray Gauss
- Tony Lin, Kratos Defense
- Yannick Biet, Captivea
- Yoann Hercouet, System in Motion
