Table of Contents Previous Next

Sugar Open Source Release Notes

Version 4.5.1j

Fixed Bugs in 4.5.1c
Fixed Bugs in 4.5.1c
Installation
Bug 12607
During installation, several notices are displayed during the Perform Setup step.
Security
Bug 12008
An Admin User in Sugar can construct a malicious string to trigger deletion of any file to which the Web server can write.
Bug 12269
The login authentication mechanism can be used to include any PHP file in the system.
Bug 12270
The JavaScript variable associated_javascript_data embedded in the user selection popup menu contains sensitive user data.
Bug 12272
The Last Viewed tracker values can be manipulated to execute JavaScript.
Bug 12273
Malicious RSS feeds can trigger JavaScript executions in Sugar.
Bug 12274
Json server is vulnerable to “CSRF”.
Note:
For more information on XSS and CSRF, see the “Security” section at http://www.sugarcrm.com/wiki/index.php?title=Sugar_Developer_Wiki
Administration
Bug 12191
After creating a custom drop-down field in Studio, the field displays as a multiple select field even though it is a single drop-down list.
Sugar Modules
Bug 12431
You cannot select any records from a pop-up list in an account’s Edit view.
Bug 12518
You cannot create an account from the Accounts sub-panel of an opportunity.
Bug 12572/12570
From a record’s detail page, you may not be able to select records from the pop-up window of a sub-panel.
Bug 12604
If a # character is passed in an INT field, MySQL treats it as a comment, and everything after the # is ignored by MySQL. This leads any WHERE clause to be ignored, updating every record in the table to have the same values for fields preceding the #.
Bug 12637
When you click the My RSS News Feeds link in the RSS module, the system displays a fatal error notice.
Bug 12642
On the Compose Email page, you cannot select contacts from the contacts link in the pop up window or by selecting the boxes next to the records.
Bug 12672
In the Leads module, when you import leads, the Import Results page displays an error for running count query and a dialog box displays the following message: “Please make a selection before proceeding”
Bug 12689
When you duplicate an account that specified a Website address, the detail page of the duplicate copy displays "http%3A%2F%2F" in front of the Website field.
Bug 12691
If you attempt to search for invitees when scheduling a meeting, the system does not display user names and contact names.
Table of Contents Previous Next

Copyright 2004-2008 SugarCRM Inc.
Product License