The Zulip Blog
  • GitHub
  • Zulip.com
  • Twitter
Subscribe
Anders Kaseorg

Anders Kaseorg

2 posts published

Security

Zulip Desktop 5.4.3 security release

Today we released Zulip Desktop 5.4.3, fixing a security issue: CVE-2020-24582: Zulip Desktop failed to escape various strings interpolated into the user interface HTML. This could result in code execution when connecting to a maliciously altered Zulip server. The Zulip security team discovered this issue during internal auditing.

  • Anders Kaseorg
Anders Kaseorg Sep 9, 2020 • 1 min read
Release announcements

Zulip Desktop 5.2.0 security release

Today we released Zulip Desktop 5.2.0, fixing a critical security issue: CVE-2020-12637: Zulip Desktop 0.5.10 introduced a certificate validation handler to support the undocumented ignoreCerts option available by manually editing the configuration file. However, the handler inadvertently disabled all certificate validation, whether or not ignoreCerts was

  • Anders Kaseorg
Anders Kaseorg May 6, 2020 • 1 min read
The Zulip Blog © 2021
Powered by Ghost