/explore/product-updates/b/sugar-serve-updates/posts/january-4-2023-critical-security-hotfixAt SugarCRM, we take seriously the security and the protection of your systems and data. Today (January 4, 2023), we are publicly announcing the availability of v1.1 of &quot;hotfix 91155 XXXX&quot; for all Sugar Sell, Serve, Enterprise, Professional, and Ultien-USTelligent Community 12https://sugarclub.sugarai.com/explore/product-updates/b/sugar-serve-updates/posts/january-4-2023-critical-security-hotfixThu, 05 Jan 2023 23:40:19 GMT5c521d64-519d-47a6-9065-134618b211bf:c92fa2db-b693-41a5-b15e-d8cf96caaad9Alex Nassi0<p><span>Please review the most recent information and updates&nbsp;</span><a href="/engage/b/sugar-news/posts/jan-5-2023-security-vulnerability-update">here</a><span>.</span></p><img src="https://sugarclub.sugarai.com/aggbug?PostID=3105&AppID=43&AppType=Weblog&ContentType=0" width="1" height="1">https://sugarclub.sugarai.com/explore/product-updates/b/sugar-serve-updates/posts/january-4-2023-critical-security-hotfixThu, 05 Jan 2023 18:36:39 GMT5c521d64-519d-47a6-9065-134618b211bf:c92fa2db-b693-41a5-b15e-d8cf96caaad9Murray Crane1<p>Turns out&nbsp;our on-site was&nbsp;&quot;exploited&quot; (which I discovered while applying the hot fix). Not a problem, killed everything that was running and (after taking copies of the payload) deleted it all. Would like to thank Wilfred for posting that link, otherwise I&#39;d have had no real information about this. Only other complaint I&#39;d make is that the installation instructions were woefully lacking - assumed the hot fix applied via the &quot;Upgrade Wizard&quot;, but that threw an error that led me down a rabbit hole that ended with me &quot;discovering&quot; the Module Loader. A one-line &quot;Apply the hot fix with the Module Loader.&quot; would have fixed that so quickly and easily...</p><img src="https://sugarclub.sugarai.com/aggbug?PostID=3105&AppID=43&AppType=Weblog&ContentType=0" width="1" height="1">https://sugarclub.sugarai.com/explore/product-updates/b/sugar-serve-updates/posts/january-4-2023-critical-security-hotfixThu, 05 Jan 2023 16:37:49 GMT5c521d64-519d-47a6-9065-134618b211bf:c92fa2db-b693-41a5-b15e-d8cf96caaad9Wilfried Pascault1<p>Is there a link between this fix and the 0day file upload vulnerability published on Full Disclosure security list ?&nbsp;<br /><a rel="nofollow" target="_blank" href="https://seclists.org/fulldisclosure/2022/Dec/31">seclists.org/.../31</a></p><img src="https://sugarclub.sugarai.com/aggbug?PostID=3105&AppID=43&AppType=Weblog&ContentType=0" width="1" height="1">https://sugarclub.sugarai.com/explore/product-updates/b/sugar-serve-updates/posts/january-4-2023-critical-security-hotfixThu, 05 Jan 2023 14:13:05 GMT5c521d64-519d-47a6-9065-134618b211bf:c92fa2db-b693-41a5-b15e-d8cf96caaad9Olaf Doernenburg1<p>Hi,&nbsp;</p> <p>since we got only this message, we are not sure what is meant by</p> <p><span>&quot;If you have not yet applied the hotfix released earlier today, you need only download and apply v1.1 Hotfix 91155 XXXX</span>&quot;</p> <p>Had there been a release which was not announced?&nbsp;</p> <p>And which security issues are fixed, usually we get a list of the impacts.&nbsp;</p> <p>Thanks and best regards</p> <p>Olaf&nbsp;</p><img src="https://sugarclub.sugarai.com/aggbug?PostID=3105&AppID=43&AppType=Weblog&ContentType=0" width="1" height="1">