Skip to content

Lime CRM Knowledge Base

Version 12.49.0.390

Released January 29, 2019

New features

  • Plugin configuration support

A plugin can register configuration that can be configured from the webclient. * Web Client: Possible to use the table view on mobile devices. * Web Client: Possible to use the table view for history notes. * Web Client: Possible to search for lime-link and lime-phone in table view. * Web Client: Possible to search for number, percent and yes-no fields in the table view.

Improvements

  • Support for aliases on object properties in lime_query
  • Web Client: Change font from Open Sans to Roboto.
  • Web Client: A dropdown menu is used instead of the /add route when selecting the type of an object to create.
  • Web Client: Added icons in the table view menu.

Fixes

  • Don't return 200 when a request is aborted due to a restricted access.
  • Web Client: Being able to resume a todo from the todo item menu again.
  • Web Client: Possible to load web client even with config errors on the dashboard. (No more `unexpected error when the application is loading)

Version 12.50.0.458

Released March 6, 2019

New Features

  • Web Client: It is now possible to save and apply filters in the table view!

Administrators can now use and combine column filters and save the result as a saved filter to be applied by all users in the table view! This will speed up our users everyday. Happy filtering!

Improvements

  • Lime diagnostics: Possible to validate and repair object access
  • Web Client: Added badges to the add-new and table view menu in the header.
  • Web Client: Possible to select “Me” when using column filter on coworker relations will show a list of objects connected to myself.
  • Web Client: It is now possible to select “In filter…” when using column filter on relations.
  • Web Client: It is now possible to select more than one related object when column filter on relations and selecting “Connected to…”. This will make it possible to create, for example, a filter to see all deals where the responsible coworker is either “Kalle” or “Anna”.

Fixes

  • Object access: Fix bug where removing members from a group would remove all members
  • Lime diagnostics: Exclude admin (id 1) when resetting default passwords
  • Decorator restrict_to_groups no longer restricts administrators

Version 12.51.0.700

Released June 17, 2019

New features

  • Newsletter 2.0 is included in Lime CRM Server.

Read more about the features here: https://lime-lime-newsletter.readthedocs-hosted.com/en/latest/CHANGELOG/#v203.

Improvements

  • Lime CRM Server is now running Python 3.7.3 (from 3.4.4) for stability and future security.
  • Web Client: New objects are now created through a dialogue instead of navigating to a new, empty page.

Fixes

  • Removed use of offset_id param in generated links. Replaced by offset.
  • Let object-access shim handle null values.
  • Fixed security vulnerability where API validation could be done with partial key.
  • Added validation for limetype lables in lime diagnostics.
  • Added validation for virtual tables lime diagnostics.
  • Added validation for empty passwords lime diagnostics.
  • Removed duplicate errors during options validation in lime diagnostics.
  • Resolve timing issue when initializing plugins when using the file import.
  • Removed lsp_setactionpadattribute to improve security for Actionpads.

Version 13.0.3.8 (1.3.1)

Released October 11, 2019

New features

Release is based on lime-crm-1.3.1

  • BREAKING CHANGE: No longer possible to create the fieldtype with of type sql
  • Possible to run lime_application.get_applications() in tests.

limefu

  • Added commands to handle users (list, info, new, disable, enable, set-password)
  • Moved the command limeplug solution to limefu
  • limefu database list works when database is unavaliable

Web Client

  • Now possible to customize the web client using web components
  • Possible to bulk create objects from table view
  • Info Tiles is now included in the web client!
  • The web client is now available in French! Bonjour!

Improvements

Web Client

  • Table view format changed to json (from xml)
  • Upgrade from Angular 6 to Angular 8
  • Removed the markdown text underneath the notes input field when adding a new history note
  • Linkfields is using fieldtype to show as links in web client instead of fieldname 'www'

Fixes

  • Error codes returned from custom endpoints will no longer result in 500. (Correct error will be returned insted)

Web Client

  • Duplicated objects might be created if you presss quickly on “Create” in the add-new dialogue
  • Not possible to select filter to delete in “Delete filter” dialog when using smaller screens
  • Not possible to set a “between” filter on a date column if the column is included in the chosen filter
  • Add new dialog is shown underneath object card when triggered from related in Safari
  • Selecting option through option property makes it impossible to scroll down in add-new dialog
  • Belongs-to picker does not show any result in add new dialog
  • Table view is not properly shown when opening from related
  • Belongs-to picker in add-new dialog flickers when there are no suggestions
  • Not possible to set a column filter on iOS in landscape mode

Version 13.2.6.26 (1.6.2)

Released February 3, 2020

New Features

  • Added a QueryBuilder to lime-core to make it easier to create lime queries.
  • Added query endpoint to core-api.
  • Added the possibility to create migrations to migrate the config (upwards or downwards) for a lime-package or a a solution.
  • Dynamic groups can not have subgroups and members of a dynamic group are added/removed to both the member table and membercache table the same time. This is an optimization primarily for customers utilizing object access.
  • Web Client: Option query support to make it much easier to connect objects.
  • Web Client: Included the following system properties to be able to use in the table view: id, createdtime and timestamp.
  • Web Client: Possible to set field as required in card views.

Improvements

  • Lime search - Improve error handling when indexing limeobjects.
  • Groups - get_members returns a list of Member:s instead of User:s. The method refresh_member_cache was added such that you can manually trigger a refresh of the cache.
  • Lime Newsletter add-on updated to v. 2.2.3
  • Web Client: limel-picker from lime-elements is used almost everywhere.
  • Web Client: Improved the suggestions returned when using limel-picker.

Fixes

  • Unit of work: When deleting two related (belongsto/hasmany) limeobjects only one was deleted, this is now fixed.
  • Web Client: Possible to upload documents on iOS again.

Security update for Lime CRM Desktop Client

Bulletin ID LCSEC20-01 Date published 2020-12-21 Priority 2 Severity Critical

Priority and severity ratings are determined as described here.

Summary

This security update resolved a vulnerability in Lime CRM Desktop Client. The vulnerability enables local Windows users to execute programs with elevated privileges.

Affected versions

Product Version Platform
Lime CRM Desktop Client initial – 10.18.579 Windows

Solution

Upgrade to newest version of Lime CRM Desktop Client.

Product Type Updated version Availability
Lime CRM Desktop Client Product release 10.18.962 - latest Download

Vulnerability information

Detailed summary

An attacker could launch Lime CRM Desktop Client with elevated privileges and via programmatic extensions or documents launch any Windows process with elevated privileges.

Mitigating factors

The attacker must be an authenticated user for the system and have a high technical knowledge about it.

  • Last modified: 3 years ago
  • by Jonatan Folger Asu

Security implications of Apache Log4j vulnerabilities

Bulletin ID LCSEC21-01 Date published 2021-12-12 Priority 1 Severity Important

Priority and severity ratings are determined as described here.

Activity log

Date Update
2021-12-21 10.39 New version of Lime BI is now available.
2021-12-21 08.30 Simplified Lime BI mitigation instruction.
2021-12-20 08.48 Added info regarding CVE-2021-45105.
2021-12-15 12.29 Added info regarding CVE-2021-45046.
2021-12-13 16.25 A patch has been published and is available to mitigate the vulnerability.
2021-12-13 15.48 A patch has been created and is being validated.
2021-12-13 11.42 Updated info regarding Elasticsearch.
2021-12-12 20.24 Page created.

Summary

A high severity vulnerability (CVE-2021-44228) in the widely used Java logging framework Apache Log4j has been disclosed. Log4j is not directly used in Lime CRM, but it is used via third party components in the following system services:

  • Full-text search

The Elasticsearch search engine may be susceptible to information leakage caused by the vulnerability. * Lime BI add-on

Metabase powers the BI engine in Lime BI and is affected by the vulnerability when installed on-premises.

A related vulnerability (CVE-2021-45046) was disclosed 2021-12-14. Lime BI is not affected by this vulnerability. Applying the patch for Lime CRM (below) will also remediate any possible vulnerability to CVE-2021-45046.

Yet another vulnerability (CVE-2021-45105) was disclosed 2021-12-16. Applying the existing Lime CRM patch (below) will remediate the vulnerability (denial of service). No mitigation exists for Lime BI, await official update.

Affected versions

Product Version Platform
Lime CRM ⇐ 2021.1.523 On-premises
Lime BI < 3.32.0 On-premises

Remediation

Updated installers for Lime CRM and Lime BI will be released when ready. Until then perform mitigation actions as detailed below.

Vulnerability information

Detailed summary

General details about the vulnerability can be found online, for example at:

Details regarding how Elasticsearch is affected can be found here.

Mitigation

There are patches available for both Lime CRM and Lime BI. Depending on which service you are using both need to be applied.

Lime CRM

Download and execute the Python script found here. The script supports all versions of Lime CRM and needs to be run with admin privileges. It will automatically remove the vulnerability from the log4j library. Note that the Lime CRM Search Engine service will be restarted.

Usage:

  1. Unzip the downloaded file and copy the contained patch-log4j-cve-2021-44228.py script to a temporary folder on the Lime CRM server.
  2. Launch an elevated command prompt (cmd.exe).
  3. Run the following command to activate the correct Python environment: 

"C:\Program Files (x86)\Lundalogik\procmd.bat"
4. Apply the patch with the following command (make sure to replace the path to the script): 
python "c:\path\to\patch-log4j-cve-2021-44228.py"

If the installation is not located at C:\Program Files (x86)\Lundalogik\ the following command can be used to specify the correct location:

python "c:\path\to\patch-log4j-cve-2021-44228.py" --installdir "x:path\to\LIME Pro Server"

If the patch is successful the script will output The patch has been applied in green text.

Lime BI

An update of Lime BI is available which can be installed by updating to v3.32.0 or later. This update removes the vulnerability and enables the mitigation below. Note that the installer needs to be re-run as well in order to fully upgrade to the latest version.

For on-premises installations of Lime BI that cannot be updated to the latest version, the vulnerability can be mitigated by modifying Java runtime options. Execute the following command:

"C:\Program Files (x86)\Lundalogik\Python3\Lib\site-packages\nssm\bin\win64\nssm.exe" set lime-crm-bi AppParameters "-Dlog4j2.formatMsgNoLookups=true -jar ""c:\Lime BI\metabase.jar"""

Then restart the Lime BI service:

net stop lime-crm-bi
net start lime-crm-bi
  • Last modified: 12 months ago
  • by Jens Gustafsson

Lime CRM 2020.3 - Zugspitze

Description

At Lime we have coworkers from all over the world, and some of them are originally from Germany. We dedicate our third release of 2020 to the mighty Zugspitze, Germanys highest mountain.

This third, and last, release of 2020 primarily releases features that has been behind feature flags before. A brand new look of our web client and the ability to have scheduled tasks are the key features of this release.

Important Changes

lime_config - config.ini goes config.yml!

Each Python Service in Lime CRM Server can have a config file saved on disk that overrides the default server config. Those files can be found in the %LIME_HOME_PATH% folder in a subdirectory for the corresponding service. Usually it's only the "Web Server" that has a config file but you might have manually created config files for other services as well - for instance the importer or the event handler.

In this release we are deprecating the use of config.ini.

The installer will automatically try to upgrade all config.ini files to yaml. If the migration fails, an empty config.yml will be created.

Features

🎨 Redesigned web client

Since its inception, Lime CRM has focused on being a tool that adapts to customers' needs and operations and not the other way around. The key words in the development of the product have always been adaptable, scalable and simple.

Simplicity also means that it should be easy to access the information in Lime CRM. The web client makes it possible to access Lime from your phone, tablet or computer - wherever the user is.

Now we have made the web client even easier to use!

The biggest news are:

The menu is now at the left or bottom of the screen if you have a smaller screen, e.g. on the phone. This gives more space for the information you work with.

Menu on the left side of the app for better usage of screen.

Menu on the left side of the app for better usage of screen.

Fullscreen mode on smaller devices.

Fullscreen mode on smaller devices.

The search results are still grouped by object type, but now only the tables where the search returns a hit are displayed. It makes it easier to get an overview of the hits you get!

Improved global search.

Improved global search.

Object card

The view for presenting information has been re-made on several points. The purpose of the changes is to improve the overview of information, and to provide better control over how the information is displayed.

  • You now have a new overview which, together with the history notes, gives you a faster overview of the card. This makes it easier to see and edit information related to the card while always having the latest events available on the right side.
  • To create a better overview of the related information, these are now presented in separate tabs.
  • On the tab there is a number that indicates the number of related objects so that you can quickly see if there are any and if so how many related objects there are.
  • It should be easy and fast to find exactly the information you need, therefore we have added filter and search options under the tabs, all so that you can work faster and more efficiently.
  • To facilitate your particular way of working, it is now possible to choose how the information is displayed. Currently you can choose between table or list. More visualizations of the information will be coming.

Completely new object card design.

Completely new object card design.

When using the global table view search or the related object search, we have changed such that the search string is applied after the user press Enter. The search string is shown in a chip, making it easy to add additional search strings after the first one and easily clear one of the strings applied.

Lime%20CRM%202020%203%20-%20Zugspitze%2059967f7101d04bd8a60247eebd20b23a/Untitled%202.png

📅 Scheduled tasks

A highly wanted part of the customization and integration tool box for Lime CRM!

With the introduction of tasks, we made it possible to bulk create large amount of objects using, a task queue. We have now included the support for scheduling tasks to run at a specific time or at a specific interval.

This makes it possible to schedule of integrations at certain times or to create specific objects in a certain interval.

Please read more here: https://platform.docs.lime-crm.com/en/latest/development/scheduled-tasks/

⛓️ Auto attach relations

It is now possible to configure such that relations can automatically be correctly connected when creating new objects. For example, if creating a new todo from a person, the todo can automatically be connected to the persons connected company. This will both save time and ensure good data quality.

The configuration is done for the card view in Lime Admin.

Lime%20CRM%202020%203%20-%20Zugspitze%2059967f7101d04bd8a60247eebd20b23a/Untitled%203.png

Improvements

Web client:

  • Multiline text-field is used for properties having this configuration when adding new objects. For example the note field when adding a new history note.

Server

  • Application Config is released and feature flag removed
  • Configuration options to speed up API requests using an API-key has been added:

API Key Generator - Lime CRM Platform Documentation

Bugfixes

Server

  • Removed excessive logging that caused logs to overflow
  • Fixed Task-handler rebooting-loop if user running the lime-task service has insufficient privileges

Lime CRM 2020.2 - Keb

🖖 Trusted, yet brand new

This releases of Lime CRM is one of the biggest we ever have done, and it it really feels like both the underlying platform and the Web Client has started to come to their own. Paired with just released Lime BI and the upcoming Lime eSign we are taking our offering to new places.

Getting a release like this together is a massive effort, and every single part of our organisation has help out in different ways. We are especially glad to have a lot direct contributions to Lime CRM from the expert service organisations! With this release we are changing the version scheme of Lime CRM and this release will be called Lime CRM 2020.2.

The scheme is really simple [year-of-release].[release-number-that-year]. We think the scheme will be simpler, yet more functional then our previous scheme

Versions numbers in all honour, but with this release we will give our on-premise release a name too! As mentioned, releasing great software is a massive effort, but it is also a processes where you need to adapt, overcome and change. It requires dedication and very little room for error. Finally it is a team effort. One could almost compare it to an expedition to climb a mountain, so with this our on-premise releases will be given a name of peaks worthy summiting, but also has a relation to us as an organisation and the people who work here. We think the first name is pretty given – Kebnekaise, or for short Keb. Situated in the very, very north Kebnekaise is the highest mountain in Sweden, rising 2106 m over the sea.

Thank you Kristoffer Cedeberg for pitching the idea of naming our releases.

⚠️ Breaking changes!

With this release of Lime CRM the add-ons Infotiles, Newsletter, GDPR and Lime Event are no longer included in the base installer. To (keep) use(ing) these add-ons they should be added to you solution as requirements.

✨ Highlighted Features

📁 File based document storage

Lime CRM can be configured to store documents on disk instead of in the database. Shout out to Tommy Lindh for implementing this feature!

🔐 Login in using AzureAD for the Web Client

Support for AzureAD while logging into the Web Client. This will enabled customer to use security and convenience features such as, single sign on, multi factor sign on, enforce password policies. We are looking into brining the same functionality to the Desktop Client in the fall. The feature will also arrive in the cloud during the fall. Thank you Martin Berg for being the catalyst of creating this feature

✏️ A brand new Lime Admin

A brand new version of Lime Admin, providing a visual UI for configuring the web client and add-ons. When creating add-ons to Lime CRM, you can automagically get a custom UI for the add-on to simplify configuration. It is no secret that we see Lime Admin as the coming replacement for LISA.

Lime%20CRM%202020%202%20-%20Keb%205fa4ef1441d24963b0abc2317198ce4d/lime_admin_2.gif

💄 Improved UI in the Web Client

Many minor UI improvements in the Web Client; to provide a simpler and easier to use interface:

  • Related view is now wider and pops out to make it easier to know where you are in the web client.

Lime%20CRM%202020%202%20-%20Keb%205fa4ef1441d24963b0abc2317198ce4d/relate_view.gif

  • The table view is now adjusting to screen size in a much better way, making it easier to grasp the information shown. The rows are also tighter to get a better overview of the data shown in the table.

Lime%20CRM%202020%202%20-%20Keb%205fa4ef1441d24963b0abc2317198ce4d/table.gif

  • The activity feed has been redesigned to include soft borders, more highlighted headings and improved relation pickers.

Lime%20CRM%202020%202%20-%20Keb%205fa4ef1441d24963b0abc2317198ce4d/Untitled.png

  • The start page can now be customized to be able to show custom widgets (this was previously behind a feature switch). Lime%20CRM%202020%202%20-%20Keb%205fa4ef1441d24963b0abc2317198ce4d/startpage.gif ### 🛠️ Application Configuration When configuring Lime CRM we have so far had to pick between either lime-config or lime-data based config. lime-config is file based and server instance unique; perfect for server configuration such as ports, timeouts etc. lime-data powers Lime Admin and is stored in the database. Albeit convenient it comes with some trade offs; secrets such as API-keys or passwords are best kept out of the database and URLs for integrations can become problematic when for example restoring a production database to a test environment. With Lime 2020.2 we are expanding lime-config to include application level configuration. One can now configure unique configurations for each app running on a Lime Server. This is perfect for API-keys, Passwords or URLs. Full documentation can be found here. ### 👩‍🔬 EXPERIMENTAL: A comply re-designed object card

A completely new layout of the object card in the Web Client behind a feature switch. The new design includes the following:

  • Related information is now presented in tabs
  • The tabs have counters indicating the number of items in them
  • You now have the possibility to create custom tabs to meet specific customer needs (on-premise only until we have isolated apps)
  • There are now three different slots where customized widget/actions can be reached (on-premise only until we have isolated apps)
  • The visual design is more minimalistic and cleaner and
  • The overall usability is improved

Lime%20CRM%202020%202%20-%20Keb%205fa4ef1441d24963b0abc2317198ce4d/Untitled%201.png

👨‍🔬 EXPERIMENTAL: Speed improvements for the Desktop Client on-premise

****A Redis caching backend can now be configured and The Lime CRM data structure is cached. We have seen speed improvements between 3x-10x for common read operations in the Desktop Client. Read more here

🔨 Highlighted Improvements and Bug fixes

Lime Core

  • Improvements to Object Access. Several bugs where to few objects where returned has been fixed
  • Makes the task-handler debuggable in VSCode
  • The API documentation now supports having a colon in a fields local name. Thank you Richard Westberg!
  • The API documentation can now be used while developing, served over http
  • The search indexer no longer crashes while indexing fields with over 10000 characters, instead these fields are ignored
  • BeginsWithOperator now works with Lime Objects, great contribution Niklas Olsson!
  • You can use much larger DSL while writing tests. Nice fix David Hurtig!

Lime Web Client

  • Search in option queries now handle capital letters
  • The table view is now updated when updating an object not part of the current filter
  • Editing a already existing history note will no longer update the date for when the history note originally was created
  • User is now returned to previous page after login in again