Zulip Server 4.7 security release
Alex Vandiver We released Zulip Server 4.7 today! This is a security release, containing minor security fixes since Zulip Server 4.6.
What’s new
This release fixes CVE-2021-41115, which prevents organization administrators from affecting the server with a regular expression denial-of-service attack through linkifier patterns.
Parts of this vulnerability were discovered by @erik-krogh (Erik Krogh Kristensen) and @yoff (Rasmus Petersen), as GHSL-2021-118.
Upgrading
We recommend that all installations upgrade to this new release. See the upgrade instructions in the Zulip documentation. If you need help, best-effort support is available on chat.zulip.org.
Community
We love feedback from the Zulip user community. Here are a few ways you can connect:
- Join chat.zulip.org and provide feedback directly to the development community!
- Follow us on Twitter, or join our announcement mailing list (or subscribe to the blog posts, which are mostly a subset of the already low-volume mailing list).