Released 05 November 2024
CVE: CVE-2024-50335: XSS Vulnerability | GitHub Advisory | Reporter: shellkraft
CVE: CVE-2024-49773: SQL Injection Vulnerability | GitHub Advisory | Reporter: dzentota
CVE: CVE-2024-50332: SQL Injection Vulnerability | GitHub Advisory | Reporter: amame04
CVE: CVE-2024-50333: RCE Vulnerability | GitHub Advisory | Reporter: dzentota
CVE: CVE-2024-49772: SQL Injection Vulnerability | GitHub Advisory | Reporter: LongHair00
CVE: CVE-2024-49774: RCE Vulnerability | GitHub Advisory | Reporter: dzentota
PR: 417 - Fix #168 - Contact Email Address not showing in Subpanels
PR: 10520 - Fix #10520 - Discount Calculation incorrect when changing Currency
PR: 10451 - Fix #10450 - Add check for empty value before searching array
PR: 10523 - Fix #10503 - Item label in dropdown list is not displayed if it contains '<' character
PR: 10101 - Fix #10099 - Workflow action create record on CRON set incorrect date field values from related entity
PR: 10517 - Fix #507 - Calculated Fields - related field won’t show up as parameter
PR: 10225 - Fix #9036 - change log level according it message
PR: 10288 - Fix #9737 - issue with campaigns displaying a blank email template
PR: 10516 - Fix #10445 - Calendar: Calls still show even using Settings: 'Show Calls' = NO
PR: 10489 - Fix #10488 - Expand the number of filters in message queue views
PR: 10455 - Add scrollbars for Toolbox and Layout | Studio
PR: 10495 - Fix #9261 - Use decimal symbol configured in system and user
Users can no longer navigate from the change password screen
Filter Styling Fixes
Fix warning and error logging
We would love to have your feedback and input to help make SuiteCRM 8 great for everyone.
Special thanks to the following members for their contributions and participation in this release!
Special thanks to everyone who reported the security issues addressed in this release!
If you have found an issue you think we should know about, or have suggestion/feedback, please Submit An Issue.
If you want to get involved and submit a fix, fork the repo and when ready please Submit A PR - More detail for developers can be found here.
Please visit the official website to find the appropriate upgrade package.
To report any security issues please follow our Security Policy and send them directly to us via email security@suitecrm.com
Released 3 October 2024
SuiteCRM is now using Symfony v6.4 and Api Platform 3.2. This brings some system requirement updates and breaking changes.
Minimum php version - PHP 8.1
The minimum php version is now 8.1. PHP 7.4 stopped being supported since version 8.4.0 but the system would still run. From this release onwards PHP 7.4 will not work.
[development] Composer v2+ required
Composer 1.x is no longer supported.
SAML configuration has changed
Authentication SAML has been updated, there are new configuration options available and most of the configuration can now be done on env files.
To see how to setup and configure the authentication methods, please see the following documentation:
APP_SECRET env property is now required
For new installations a random APP_SECRET will be generated during the install process. For upgrades a migration has been added to generate a random APP_SECRET.
Move to Symfony runtime
SuiteCRM is now using Symfony runtime, core SuiteCRM code on index.php has been moved to core/backend/Composer/Runtime/autoload_runtime.template
Migration from annotations to attributes
Annotations have been replaced with attributes. They have been disabled in symfony configuration and the doctrine/annotations
dependency has been removed.
Data Providers and Data Persisters have been deprecated
With Api Platform 3.2, Data Providers and Data Persisters have been replaced with StateProvider and StateProcessor.
Graphql Record and RecordList API response structure updated
With Api Platform 3.2 the graphql response structure changed. E.g. response now return recordList
attribute instead of getRecordList
-.
Graphql resolver interfaces path has changed
All the resolvers have been updated to use the new QueryItemResolverInterface
.
ExtensionAssetCacheWarmupDecorator has been replaced with an extra cache warmer
Symfony now supports adding extra warmers. The decorator has been replaced with an extra cache warmer.
Legacy Session swapping removed
Legacy handlers and loading of legacy imports have been updated to remove the need for doing session swapping. Only one session cookie will be used from now on, the LEGACYSESSID
has been removed.
Symfony Commands now require the usage of AsCommand attribute
All core commands have been updated to use the new AsCommand attribute.
Session injectable dependency replaced with RequestStack
It is no longer possible to pass the Session
through Symfony dependency injection, RequestStack
should be used instead. Core code has been updated to support this.
Authentication configuration has been updated
SAML dependency replaced and configuration updated
SAML Hslavich
dependency has been replaced with Nbgrp
.
Base SAML configurations have been updated.
New SAML env options have been added to allow configuring SAML just from the env files.
Usages of Doctrine DBAL execute method have been updated
Doctrine DBAL execute method has been deprecated, usages have been updated to use alternatives.
Log configurations updates
Log configurations have been re-factored to filter deprecations and split the deprecations and the security logs into separate files.
LDAP Configuration documentation has been updated
SAML Configuration documentation has been updated
New docs: SAML configuration reference - 8.7.0+
Old docs: SAML configuration reference - 8.2.0+
7.14.x to 8.7.0+ Migration documentation has been updated
Adding Custom Field Actions documentation added
Authentication with LDAP and SAML has been updated, there are new configuration options available and most of the configuration can now be done on env files.
To see how to setup and configure the authentication methods, please see the following documentation:
The Convert Target action has now been reimplemented
Record Pagination has been re-implemented on record views, this was previously known as VCR
Pre-install page has been redesigned
Extra validations and checks have been added
It is now possible to configure action buttons at the field level
Using SAML Authentication when there is no matching CRM account leads to a Login Loop
Fix #62 Add 'show_fullname' option
Fix #473 Document filename(file) not showing in Subpanels
Fix #436 - Update log configuration
Fix #504 - Fix required validation in Email line items field
Fix validation validation in multienum field
Update cache config - Use cache.adapter.system for both app and system cache pools
Fix Enums and MultiEnums on Mass Update
Fix update logic on create mode
Fix display logic when swapped between edit and detail
Fix page refresh when entered on saved filter
Fix - Close navbar dropdown menu when navigate
Fix propagation on enter after click search and save
Fix required validation after field touch
Fix setting custom datetime
Add portal enable/disable buttons to record view
We would love to have your feedback and input to help make SuiteCRM 8 great for everyone.
If you have found an issue you think we should know about, or have suggestion/feedback, please Submit An Issue.
If you want to get involved and submit a fix, fork the repo and when ready please Submit A PR - More detail for developers can be found here.
Please visit the official website to find the appropriate upgrade package.
To report any security issues please follow our Security Process and send them directly to us via email security@suitecrm.com
Content is available under GNU Free Documentation License 1.3 or later unless otherwise noted.