Zulip - 4.11
Security
- CVE-2022-24751: Zulip Server 4.0 and above were susceptible to a
race condition during user deactivation, where a simultaneous access
by the user being deactivated may, in rare cases, allow continued
access by the deactivated user. This access could theoretically
continue until one of the following events happens: - The session expires from memcached; this defaults to two weeks, and
is controlled by SESSION_COOKIE_AGE in /etc/zulip/settings.py - The session cache is evicted from memcached by other cached data.
- The server is upgraded, which clears the cache.
- Updated translations.
Security
Details
date
March 15, 2022, 9:03 p.m.
name
Zulip Server 4.11
type
Minor
official page
👇
Register or login to:
- 🔍View and search all Zulip releases.
- 🛠️Create and share lists to track your tools.
- 🚨Setup notifications for major, security, feature or patch updates.
- 🚀Much more coming soon!