SugarCRM has released version 7.9.2.0 for all commercial editions. The 7.9.2.0 release is available for download to On-Site customers and is being automatically applied to On-Demand instances running an earlier version of Sugar.

Sugar 7.9.2.0 is a security update released to address certain security vulnerabilities identified during our routine QA checks.

We strongly recommend that you install this update at the earliest opportunity. While we have not experienced any reported incidents relating to these vulnerabilities to date, failure to install this update could leave you exposed to malicious third-party attacks. For more information regarding this, please refer to the following Security Advisory announcements:

• Security Advisory sugarcrm-sa-2017-006 : Authenticated users may cause arbitrary SQL to be executed.
• Security Advisory sugarcrm-sa-2017-007 : Authenticated users may access system files.
• Security Advisory sugarcrm-sa-2017-008 : Unauthenticated users may cause arbitrary code to be executed.

These vulnerabilities have been addressed in release 7.9.2.0 which is available for download from the Download Manager.

Administrators are strongly encouraged to upgrade their Sugar instances running 7.9.1.0 and prior to version 7.9.2.0 to prevent potential exploitation of these weaknesses.

The following issues have been resolved in this release. Support Portal users can use the following links for more details about each issue:

• Ultimate 7.9.2.0 Release Notes
• Enterprise 7.9.2.0 Release Notes
• Professional 7.9.2.0 Release Notes

For information about what is new in 7.9, please reach out to our team… Contact Us