Zulip - 5.4
Security
5.4 -- 2022-07-11
- CVE-2022-31134: Exclude private file uploads from exports of public
data. We
would like to thank Antoine Benoist for bringing this issue to our
attention. - Upgraded python requirements.
- Improved documentation for load balancers to mention CIDR address
ranges. - Documented an explicit list of supported CPU architectures.
- Switched
html2text
to run as a subprocess, rather than a Python
module, as its GPL license is not compatible with Zulip’s. - Replaced
markdown-include
python module with a reimplementation,
as its GPL license is not compatible with Zulip’s. - Relicensed as GPL the
tools/check-thirdparty
developer tool which
verifies third-party licenses, due to a GPL dependency by way of
python-debian
. - Closed a potential race condition in the Tornado server, with events
arriving at exactly the same time as request causing server errors. - Added a tool to help automate more of the release process.
Security
Details
date
July 12, 2022, 5:39 a.m.
name
Zulip Server 5.4
type
Minor
official page
👇
Register or login to:
- 🔍View and search all Zulip releases.
- 🛠️Create and share lists to track your tools.
- 🚨Setup notifications for major, security, feature or patch updates.
- 🚀Much more coming soon!