We released Zulip Server 4.9 today! This is a security release, containing critical security fixes, as well as important cherry-picked bug fixes, since Zulip Server 4.8. UpgradingWe strongly recommend that all installations upgrade to this new release. See the upgrade instructions in the Zulip documentation. If you need

We released Zulip Server 4.8 today! This is a security release, containing important security fixes, as well as important cherry-picked bug fixes, since Zulip Server 4.7. Deprecating support for Ubuntu 18.04 BionicWith this release, we are deprecating support for Ubuntu 18.04 Bionic. Specifically, Ubuntu 18.04

We released Zulip Server 4.7 today!  This is a security release, containing minor security fixes since Zulip Server 4.6. What's newThis release fixes CVE-2021-41115, which prevents organization administrators from affecting the server with a regular expression denial-of-service attack through linkifier patterns. Parts of this vulnerability were discovered by

We released Zulip Server 4.4 today! This is a security release, containing important security fixes, as well as important cherry-picked bug fixes, since Zulip Server 4.3. What’s newThis release fixes the following issues: Added a tool to fix potential database corruption caused by host OS upgrades; see

Zulip Server 3.4 was released today! This is a security release, containing important security updates for the 3.x series of Zulip Server. This will likely be the last release in the 3.x stable release series, as we are getting close to publishing the first release candidate for

We released Zulip Server 2.1.7 today. This is a security release, containing a couple cherry-picked changes since Zulip Server 2.1.6. What’s newThis releases fixes multiple important bugs in previous versions of Zulip. It contains fixes for the following issues: CVE-2020-15070: Fix privilege escalation vulnerability with

We released Zulip Server 2.1.5 today. This is a security release, containing a dozen cherry-picked changes since Zulip Server 2.1.4. What’s newThis releases fixes several important bugs in previous versions of Zulip. It contains fixes for the following issues: CVE-2020-12759: Fix reflected XSS vulnerability in

Today we released Zulip Desktop 5.2.0, fixing a critical security issue: CVE-2020-12637: Zulip Desktop 0.5.10 introduced a certificate validation handler to support the undocumented ignoreCerts option available by manually editing the configuration file. However, the handler inadvertently disabled all certificate validation, whether or not ignoreCerts was

We released Zulip Server 2.1.3 today. This is a security release, containing a few dozen cherry-picked changes since Zulip 2.1.2. What’s newThis releases fixes several important bugs in previous versions of Zulip. It contains fixes for the following issues: CVE-2020-9444: Reverse tabnabbing vulnerability in Zulip

Today we released Zulip Desktop 5.0.0, fixing multiple critical security issues as well as several other important issues: CVE-2020-10856: Remote code execution due to missing context isolation.CVE-2020-10857: Remote code execution due to unsafe use of shell.openExternal and shell.openItem.Downloaded files will no longer be opened

Today we released Zulip Desktop 4.0.3, fixing a critical security issue: CVE-2020-9443: Web security was disabled in the Electron webview.This is a critical security issue because Zulip's security model for uploaded files relies on the browser (in this case Electron) enforcing the web security model. Huge thanks

We released Zulip Server 2.1.2 today. This is a security release, containing a few dozen cherry-picked changes since Zulip 2.1.1. What’s newThis releases fixes several important bugs in previous versions of Zulip. It contains fixes for the following issues: Corrected fix for CVE-2019-19775 (the original

We released Zulip Server 2.0.8 today. This is a security release, containing a handful of cherry-picked changes since Zulip 2.0.7. What’s newThis release fixes a security bug in Zulip 1.9.0 and greater: CVE-2019-19775: Close open redirect in thumbnail view.UpgradingAll installations should upgrade

We released Zulip Server 2.0.7 today. This is a security release, containing a handful of cherry-picked changes since Zulip 2.0.6. What’s newThis release fixes an important security bug in previous versions of Zulip.  Quoting from the commit fixing it:   CVE-2019-18933: Fix insecure account creation via

We released Zulip Server 2.0.5 today. This is a security release, containing a handful of cherry-picked changes since Zulip 2.0.4. What’s new This releases fixes a few important bugs in previous versions of Zulip. It contains fixes for the following security issues: CVE-2019-16215: Fix DoS

Today we’re releasing Zulip Server 1.7.2. This is a security release, containing just a handful of cherry-picked changes since 1.7.1. What’s new This release fixes several security issues: CVE-2018-9986: Fix XSS issues with frontend markdown processor. CVE-2018-9987: Fix XSS issue with muting notifications. CVE-2018-9990:

Today we’re releasing Zulip Server 1.7.1. This is a security release, containing just a handful of cherry-picked changes since 1.7.0. To readers in the US: happy Thanksgiving! We generally avoid making a security release just before a major holiday, but we’ve made an exception