Sugar Open Source Release Notes Version 4.5.1j

Fixed Bugs in 4.5.1h

Modules

Bug 17767

A vulnerability in the Document module allows a malicious authenticated user to upload files with arbitrary names. These files, depending on the server’s configuration, may then be callable remotely.

Administration

Bug 16702

Non-admin users can edit information on Admin user in the Employees module.