gunnicom
commented
1 year ago Release notes from 6.25.6 state ( https://support.sugarcrm.com/Documentation/Unsupported_Versions/Sugar_6.5/index.html ):
Fixed Issues Sugar 6.5.26 is a security update released to address certain security vulnerabilities identified during our routine QA checks. We strongly recommend that you install this update at the earliest opportunity. While we have not experienced any reported incidents relating to these vulnerabilities to date, failure to install this update could leave you exposed to malicious third party attacks. For more information regarding this, please refer to the following Security Advisory announcements: Security Advisory sugarcrm-sa-2017-003: Instances configured with SAML may enable unauthorized access. Security Advisory sugarcrm-sa-2017-004: Authenticated users may cause arbitrary code to be executed. Security Advisory sugarcrm-sa-2017-005: Custom code may execute an eval through a deprecated function. These vulnerabilities have been addressed in release 6.5.26 which is available for download from the Download Manager. Administrators are strongly encouraged to upgrade their Sugar instances running 6.5.25 and prior to version 6.5.26 to prevent potential exploitation of these weaknesses.
pgorod
mattlorimer
chris001
Issue
CE code base in the repo is on 6.5.25. This isn't the latest version.
Expected Behavior
Update the CE code to latest version 6.5.26.
Actual Behavior
It's running on the old CE 6.5.25.
Possible Fix
Download the CE 6.5.x to 6.5.26 silent updater and run it on this SuiteCRM repo code, let it update, add, and remove files, if any. EDIT: SugarCRM removed all CE download files from SourceForge. They're archived here: **1. silent upgrade to 6.5.26
Steps to Reproduce
sugar_version.phpin the Code folder, it's version 6.5.25. Online it clearly states 6.5.26 is the latest (and last) version of 6.5 CE.Context
The newest version 6.5.26 fixed some bugs. Otherwise SugarCRM wouldn't have released it.
Your Environment