Tim Abbott

Tim Abbott is the lead developer of the Zulip open source project and CEO of Kandra Labs, the company providing Zulip hosting and commercial support. Previously, he was founder and CTO of Ksplice.

📍 San Francisco

March 18 Zulip Cloud security incident

On Thursday, March 18, 2021, Zulip Cloud had an important security incident. In short, a subtle caching bug resulted in up to 149 users being shown a broken read-only version of the Zulip UI from one of 26 other users whose data was incorrectly cached. This malfunctioning interface did not

Release announcements

Zulip Server 3.1 bug fix release

We released Zulip Server 3.1 today. This is a bug fix release, containing a few dozen cherry-picked changes since Zulip Server 3.0. What’s newThis releases fixes multiple important bugs in previous versions of Zulip. It contains fixes for the following issues: Removed unused short_name field from

Zulip 3.0: Threaded open source team chat

We’re excited to announce the release of Zulip Server 3.0, containing hundreds of new features and bug fixes to help distributed and remote teams stay productive and focused. Zulip is the open-source threaded team chat app, used by thousands of teams globally. Zulip’s unique topic-based threading experience

Release announcements

Zulip Server 2.1.7 security release

We released Zulip Server 2.1.7 today. This is a security release, containing a couple cherry-picked changes since Zulip Server 2.1.6. What’s newThis releases fixes multiple important bugs in previous versions of Zulip. It contains fixes for the following issues: CVE-2020-15070: Fix privilege escalation vulnerability with

Release announcements

Zulip Server 2.1.5 security release

We released Zulip Server 2.1.5 today. This is a security release, containing a dozen cherry-picked changes since Zulip Server 2.1.4. What’s newThis releases fixes several important bugs in previous versions of Zulip. It contains fixes for the following issues: CVE-2020-12759: Fix reflected XSS vulnerability in

Release announcements

Zulip Server 2.1.4 bug fix release

We released Zulip Server 2.1.4 today. This is a bug fix release, containing several cherry-picked changes since Zulip 2.1.3. What’s newThis releases fixes a few important bugs in previous versions of Zulip. It contains fixes for the following issues: Fixed a regression in 2.1.

Release announcements

Zulip server 2.1.3 security release

We released Zulip Server 2.1.3 today. This is a security release, containing a few dozen cherry-picked changes since Zulip 2.1.2. What’s newThis releases fixes several important bugs in previous versions of Zulip. It contains fixes for the following issues: CVE-2020-9444: Reverse tabnabbing vulnerability in Zulip

Release announcements

Zulip Desktop 5.0.0 security release

Today we released Zulip Desktop 5.0.0, fixing multiple critical security issues as well as several other important issues: CVE-2020-10856: Remote code execution due to missing context isolation.CVE-2020-10857: Remote code execution due to unsafe use of shell.openExternal and shell.openItem.Downloaded files will no longer be opened

Release announcements

Zulip Desktop 4.0.3 security release

Today we released Zulip Desktop 4.0.3, fixing a critical security issue: CVE-2020-9443: Web security was disabled in the Electron webview.This is a critical security issue because Zulip's security model for uploaded files relies on the browser (in this case Electron) enforcing the web security model. Huge thanks

Release announcements

Zulip 2.1.2 security release

We released Zulip Server 2.1.2 today. This is a security release, containing a few dozen cherry-picked changes since Zulip 2.1.1. What’s newThis releases fixes several important bugs in previous versions of Zulip. It contains fixes for the following issues: Corrected fix for CVE-2019-19775 (the original

Release announcements

Zulip 2.1.1 bug fix release

We released Zulip Server 2.1.1 today. This is a bug fix release, containing several cherry-picked changes since Zulip 2.1.1. What’s newThis releases fixes a few important bugs in previous versions of Zulip. It contains fixes for the following issues: Fixed upgrading to 2.1.x

Zulip 2.1: Open source team chat

We're excited to announce the release of Zulip Server 2.1, containing hundreds of new features and bug fixes. Zulip is the world’s most productive team chat software, used by thousands of teams as an alternative to Slack, HipChat, Mattermost and IRC. Zulip's unique topic-based threading combines the immediacy

Release announcements

Zulip 2.0.8 security release

We released Zulip Server 2.0.8 today. This is a security release, containing a handful of cherry-picked changes since Zulip 2.0.7. What’s newThis release fixes a security bug in Zulip 1.9.0 and greater: CVE-2019-19775: Close open redirect in thumbnail view.UpgradingAll installations should upgrade

Release announcements

Zulip 2.0.7 security release

We released Zulip Server 2.0.7 today. This is a security release, containing a handful of cherry-picked changes since Zulip 2.0.6. What’s newThis release fixes an important security bug in previous versions of Zulip. Quoting from the commit fixing it: CVE-2019-18933: Fix insecure account creation via

Release announcements

Zulip 2.0.6 bug fix release

We released Zulip Server 2.0.6 today. This is a bug fix release, containing several cherry-picked changes since Zulip 2.0.5. What’s new This releases fixes a few important bugs in previous versions of Zulip. It contains fixes for the following issues: Updated signing keys for the

Release announcements

Zulip Server 2.0.5 security release

We released Zulip Server 2.0.5 today. This is a security release, containing a handful of cherry-picked changes since Zulip 2.0.4. What’s new This releases fixes a few important bugs in previous versions of Zulip. It contains fixes for the following security issues: CVE-2019-16215: Fix DoS

Release announcements

Zulip Server 2.0.4 bug fix release

We released Zulip Server 2.0.4 today. This is a bug fix release, containing a dozen cherry-picked changes since Zulip 2.0.3. What’s new This releases fixes a few important bugs in Zulip 2.0.3. It contains the following changes: Fixed several configuration-dependent bugs that caused

Release announcements

Zulip Server 2.0.3 bug fix release

We released Zulip Server 2.0.3 today. This is a bug fix release, containing a few dozen cherry-picked changes since Zulip 2.0.2. What’s new This releases fixes a few important bugs in Zulip 2.0.2. It contains the following changes: Added documentation for upgrading the

Release announcements

Zulip Server 2.0.2 bug fix release

We released Zulip Server 2.0.2 today. This is a bug fix release, containing a dozen cherry-picked changes since Zulip 2.0.1. What’s new This releases fixes a few important bugs in Zulip 2.0.1. It contains the following changes: Fixed a regression in the puppet

Release announcements

Zulip 2.0.1 bug fix release

We released Zulip Server 2.0.1 today. This is a bug fix release, containing a dozen cherry-picked changes since Zulip 2.0.0. What’s new This releases fixes a few important bugs in Zulip 2.0.0. It contains the following changes: Fixed handling of uploaded file routing

Zulip 2.0: Open source team chat

We're excited to announce the release of Zulip Server 2.0, containing hundreds of new features and bug fixes. Zulip is the world’s most productive team chat software, used by thousands of teams as an alternative to Slack, HipChat, Mattermost and IRC. Zulip's unique topic-based threading combines the immediacy

Release announcements

Zulip 1.9.2 maintenance release

We released Zulip Server 1.9.2 today. This is a bug fix release, containing a few dozen cherry-picked changes since 1.9.1. What’s new This release is primarily to migrate Zulip off the deprecated Google+ API, which Google plans to remove entirely on March 9. It also

Release announcements

Zulip 1.9.1 bug fix release

We released Zulip Server 1.9.1 today. This is a bug fix release, containing a few dozen cherry-picked changes since 1.9.0. What’s new This release is primarily to improve the experience for users installing a new Zulip server: new installer options, better error messages, etc. This

Zulip 1.9: Open source team chat

We're excited to announce the release of Zulip Server 1.9, containing hundreds of new features and bug fixes. Especially relevant for users migrating from the recently discontinued HipChat is our new HipChat data import tool. img.image-wide-only { float: right; margin-left: 20px; left: 0; transform: none; -webkit-transform: none; max-width: 300px;

Release announcements

Zulip 1.8.1 bug fix release

Today we’re releasing Zulip Server 1.8.1. This is a bug fix release, containing a few dozen cherry-picked changes since 1.8.0. What’s new The highlights of this release are primarily for folks installing a new Zulip server: a tool for automatically registering for push notifications,