Release announcements, Security

Zulip Server 10.3 security release

Tim Abbott 2 min read

We released Zulip Server 10.3 today! This is a security release, fixing a security issue (CVE-2025-47930), as well as several bugs, most importantly an issue with LDAP synchronization of user roles.

Upgrading

We recommend that all installations upgrade to this new release. See the upgrade instructions in the Zulip documentation.

Commercial support for server upgrades is available for installations that purchase a Business or Enterprise plan. For community support, everyone is welcome to drop by the Zulip development community.

Notable changes

  • CVE-2025-47930: Restrictions on creating public or private channels were incorrectly not applied when editing the channel type for an existing channel. This issue only impacted configurations where users could create private channels but not public channels, or vice versa.
  • Fixed an important bug where the LDAP integration could corrupt system groups when changing a user’s role, resulting in permissions not being applied correctly. This release also contains a migration that corrects the corrupted state for affected systems.
  • Fixed a bug where uploaded files were incorrectly inaccessible to users previewing a private channel that they had permission to join.
  • Fixed multiple live update bugs related to archiving/unarchiving channels or losing access to a channel.
  • Fixed sorting of message IDs in the unread_msgs API.
  • Fixed appearance of the top-of-message-feed loading spinner with non-default font sizes.
  • Fixed several glitches with save/discard buttons in organization settings, and updated visual design.
  • Added the manage.py thumbnail management command. This management command supports generating thumbnails for legacy images that were uploaded prior to the introduction of thumbnailing in Zulip 9.0. This tools shares its queue with thumbnailing of newly sent images, so be careful when enqueuing large numbers of images at once.
  • Updated translations.

Community

We love feedback from the Zulip user community. Here are a few ways you can connect: