We released Zulip Server 3.2 today! This is a bug fix release, containing a few cherry-picked changes since Zulip Server 3.1.

What’s new

This releases fixes multiple important bugs in previous versions of Zulip. It contains fixes for the following issues:

  • Switched from libmemcached to python-binary-memcached, a pure-Python implementation; this should eliminate memcached connection problems affecting some installations.
  • Removed unnecessary django-cookies-samesite dependency, which had its latest release removed from PyPI (breaking installation of Zulip 3.1).
  • Limited which local email addresses Postfix accepts when the incoming email integration is enabled; this prevents the enumeration of local users via the email system.
  • Fixed incorrectly case-sensitive email validation in REMOTE_USER authentication.
  • Fixed search results for has:image.
  • Fixed ability to adjust "Who can post on the stream" configuration.
  • Fixed display of "Permission [to post] will be granted in n days" for n > 365.
  • Support providing nginx_listen_port setting in conjunction with http_only in zulip.conf.
  • Improved upgrade documentation.
  • Removed internal ID lists which could leak into the events API.

Upgrading

We recommend that all installations upgrade to this new release. See the upgrade instructions in the Zulip documentation.If you need help, best-effort support is available on chat.zulip.org.

Community

We love feedback from the Zulip user community. Here are a few ways you can connect: