SugarCRM 6.5.17 Patch List

SugarCRM Released the first patch in since 20 October 2013 for 6.5 on 23 June 2014.

The release notes detailed a security patch which all users should install, but did not detail anything further.

Here at provident we dug into the patch, and here is a more detailed list of the changes:

  1. Module scanner now blocks two additional functions: simplexml_load_file, & simplexml_load_string
  2. JS Security Fix in Emails – changing AJAX call from GET to POST
  3. XML Handling – Additional error handling and libxml_disable_entity_loader is now set to true
  4. Users module – Additional checking on un-authorised access to other users profile, plus Bugfix for password field
    We would recommend all users update to this version ASAP, particularly given the security fixes on the Users module/password handling.

If you require assistance patching your SugarCRM system, please contact us:

Official SugarCRM Release notes for 6.5.17 are available here.

Provident CRM are a Platinum 3 Star Partner, with offices in UK, Ireland and DACH Regions.