Zulip - 5.4

Security

5.4 -- 2022-07-11

  • CVE-2022-31134: Exclude private file uploads from exports of public
    data    . We
    would like to thank Antoine Benoist for bringing this issue to our
    attention.
  • Upgraded python requirements.
  • Improved documentation for load balancers to mention CIDR address
    ranges.
  • Documented an explicit list of supported CPU architectures.
  • Switched html2text to run as a subprocess, rather than a Python
    module, as its GPL license is not compatible with Zulip’s.
  • Replaced markdown-include python module with a reimplementation,
    as its GPL license is not compatible with Zulip’s.
  • Relicensed as GPL the tools/check-thirdparty developer tool which
    verifies third-party licenses, due to a GPL dependency by way of
    python-debian.
  • Closed a potential race condition in the Tornado server, with events
    arriving at exactly the same time as request causing server errors.
  • Added a tool to help automate more of the release process.

Details

date
July 12, 2022, 5:39 a.m.
name
Zulip Server 5.4
type
Minor
official page
https://github.com/zulip/zulip/releases/tag/5.4
👇
Register or login to:
  • 🔍View and search all Zulip releases.
  • 🛠️Create and share lists to track your tools.
  • 🚨Setup notifications for major, security, feature or patch updates.
  • 🚀Much more coming soon!
Continue with GitHub
Continue with Google
or