Overview All releases

Version History

8.3 8.2 8.1 8.0 8.0-beta2 8.0-beta1

7.5 7.4 7.3 7.2 7.1 7.0 7.0-beta3

7.0-beta2

7.0-beta1

6.2 6.1 6.0

6.0-rc1

6.0-beta1

5.7 5.6 5.5 5.4 5.3 5.2 5.1 5.0

5.0-rc2

5.0-rc1

4.11

4.10 4.9

4.8

4.7

4.6

4.5

4.4

4.3

4.2

4.1

4.0

4.0-rc1

3.4

3.3

3.2

3.1

3.0

3.0-rc1

2.1.8

2.1.7

2.1.6

2.1.5

2.1.4

2.1.3

2.1.2

2.1.1

2.1.0

2.1.0-rc1

2.0.8

2.0.7

2.0.6

2.0.5

2.0.4

2.0.3

2.0.2

2.0.1

2.0.0

2.0.0-rc1

1.9.1

1.9.0

1.9.0-rc2

1.8.1

1.8.0

1.7.2

1.7.1

1.7.0

1.6.0

1.5.2

1.5.1

1.5.0

1.4.3

1.4.2

1.4.1

1.4.0

1.3.13

1.3.12

1.3.11

1.3.10

1.3.9

1.3.8

1.3.7

1.3.6

1.3.5

1.3.4

1.3.3

1.3.2

1.3.1

1.3.0

Zulip - 4.11

Security

CVE-2022-24751: Zulip Server 4.0 and above were susceptible to a
race condition during user deactivation, where a simultaneous access
by the user being deactivated may, in rare cases, allow continued
access by the deactivated user. This access could theoretically
continue until one of the following events happens:
The session expires from memcached; this defaults to two weeks, and
is controlled by SESSION_COOKIE_AGE in /etc/zulip/settings.py
The session cache is evicted from memcached by other cached data.
The server is upgraded, which clears the cache.
Updated translations.

Security

CVE-2022-24751

Details

date

March 15, 2022, 9:03 p.m.

name

Zulip Server 4.11

type

Minor

official page

https://github.com/zulip/zulip/releases/tag/4.11

👇

🔍View and search all Zulip releases.
🛠️Create and share lists to track your tools.
🚨Setup notifications for major, security, feature or patch updates.
🚀Much more coming soon!

Continue with GitHub

Continue with Google

Username

Password

Password (again)

leave this field blank to prove your humanity