Release announcements, SecurityZulip Desktop 5.4.3 security releaseToday we released Zulip Desktop 5.4.3, fixing a security issue: CVE-2020-24582: Zulip Desktop failed to escape various strings interpolated into the user interface HTML. This could result in code execution when connecting to a maliciously altered Zulip server. The Zulip security team discovered this …Anders KaseorgSep 10, 2020•1 min read
Release announcements, SecurityZulip Desktop 5.2.0 security releaseToday we released Zulip Desktop 5.2.0, fixing a critical security issue: CVE-2020-12637: Zulip Desktop 0.5.10 introduced a certificate validation handler to support the undocumented ignoreCerts option available by manually editing the configuration file. However, the handler inadvertently disabled …Anders KaseorgMay 6, 2020•2 min read
Anders Kaseorg
Anders KaseorgAnders KaseorgAnders KaseorgAnders Kaseorg