Zulip Server 4.7 security release

We released Zulip Server 4.7 today!  This is a security release, containing minor security fixes since Zulip Server 4.6.

What's new

This release fixes CVE-2021-41115, which prevents organization administrators from affecting the server with a regular expression denial-of-service attack through linkifier patterns.

Parts of this vulnerability were discovered by @erik-krogh (Erik Krogh Kristensen) and @yoff (Rasmus Petersen), as GHSL-2021-118.

Upgrading

We recommend that all installations upgrade to this new release. See the upgrade instructions in the Zulip documentation. If you need help, best-effort support is available on chat.zulip.org.

Community

We love feedback from the Zulip user community. Here are a few ways you can connect: