Regular software vulnerability monitoring including penetration testing is a crucial part of Sage CRM's development cycle. Upgrades are critical for protecting data, maintaining compliance, safeguarding business, ensuring business continuity, and addressing third-party risks.
Sage CRM 2024 R2 has implemented several important security fixes that are documented in the Release Notes.
- CRMS-1590
- When a system administrator selected to opt out of web analytics, Sage CRM still tried to make calls to the web analytics API. Web analytics code is now completely removed from Sage CRM setup. For customers using older versions of Sage CRM see: https://communityhub.sage.com/sage-global-solutions/sage-crm/f/announcements/233486/advisory-preventing-sage-crm-2024-r1-and-earlier-from-making-calls-to-the-web-analytics-api-crms-1590
- CRMS-1788, CRMS-1458
- When IIS auto login was enabled in Sage CRM, it was possible to use the RESTful API to view, edit, and delete data without providing a password. Fixed
- CRMS-1895
- Apache Solr 8.11.2 used by Sage CRM contained security vulnerabilities. Apache Solr has been upgraded to version 8.11.3.
- CRMS-925, CRMS-914
- The Log4j libraries used by Sage CRM contained security vulnerabilities.Log4j libraries have been upgraded.
It's important to note that there have been no reports of unauthorized access or data breaches. Sage CRM is designed to protect customer data, and we take this responsibility very seriously.
If you have any further questions or concerns, please don't hesitate to contact your local Sage customer support team.