Release announcements, Security

Zulip Server 4.7 security release

Alex Vandiver 1 min read

We released Zulip Server 4.7 today! This is a security release, containing minor security fixes since Zulip Server 4.6.

What’s new

This release fixes CVE-2021-41115, which prevents organization administrators from affecting the server with a regular expression denial-of-service attack through linkifier patterns.

Parts of this vulnerability were discovered by @erik-krogh (Erik Krogh Kristensen) and @yoff (Rasmus Petersen), as GHSL-2021-118.


We recommend that all installations upgrade to this new release. See the upgrade instructions in the Zulip documentation. If you need help, best-effort support is available on


We love feedback from the Zulip user community. Here are a few ways you can connect: