Anders Kaseorg

2 posts published

📍 San Francisco, CA

Zulip Desktop 5.4.3 security release

Today we released Zulip Desktop 5.4.3, fixing a security issue: CVE-2020-24582: Zulip Desktop failed to escape various strings interpolated into the user interface HTML. This could result in code execution when connecting to a maliciously altered Zulip server. The Zulip security team discovered this …

Anders Kaseorg Sep 10, 2020 • 1 min read

Release announcements, Security

Zulip Desktop 5.2.0 security release

Today we released Zulip Desktop 5.2.0, fixing a critical security issue: CVE-2020-12637: Zulip Desktop 0.5.10 introduced a certificate validation handler to support the undocumented ignoreCerts option available by manually editing the configuration file. However, the handler inadvertently disabled …

Anders Kaseorg May 6, 2020 • 2 min read