SuiteCRM 7.9.4 is now available to download.
This release resolves a IMPORTANT Security Vulnerability that effect all releases of SuiteCRM, all users of ALL previous releases are advised to Upgrade to 7.9.4 as soon as possible.
SuiteCRM LTS 7.8.x will be released shortly.
This 7.9.4 release was an immediate patch for a bug that was raised on Github and the Forums due to decoding special characters which affected all languages - we’ve detailed the situation in a previous announcement here.
Would like to also go into more detailed the Security Fixes that 7.9.4 provides (as this release superseeds 7.9.3).
Security Issues Resolved:
[color=#ff0088][size=4]Ensuring Users can only send an Email via their own Inbound Email Account[/size][/color]
This issue affects Group Email Accounts as well. Previously Users with Group Inbound Email Accounts would’ve been able to send out Emails from those said Accounts using their own From Names and Addresses but this is of course is a Security risk.
All Group Account Email Accounts use the Email Settings found in the Admin Panel. Ensure that if you wish to allow normal users to send out emails from Group Inbound Accounts that the following setting is ticked TRUE.
Allow users to use this account for outgoing email:
[color=#ff0088][size=4]Cleaner HTML for Fields[/size][/color]
Dealing with a Cross-Site scripting regards to HTML fields. This fix was also applied to all fields to improve security.
[color=#ff0088][size=4]Apply Roles to Inline Editing[/size][/color]
This fix ensures that the current user has the ‘Edit’ Role of that field that they can complete an Inline Edit.
Download here from the SuiteCRM GitHub Repository or visit the official website to find the appropriate upgrade.
Thank you to all community members who logged bugs and contributed to this release.
All input is welcome.
The SuiteCRM Team.