Zulip 2.0.8 security release

We released Zulip Server 2.0.8 today. This is a security release, containing a handful of cherry-picked changes since Zulip 2.0.7.

What’s new

This release fixes a security bug in Zulip 1.9.0 and greater:

  • CVE-2019-19775: Close open redirect in thumbnail view.

Upgrading

All installations should upgrade promptly to secure their installations. See the upgrade instructions in the Zulip documentation.

If you’re upgrading from 2.0.x, then the code changes are small and there are no migrations or dependency changes, so the risk of unexpected disruption is low.  If you're upgrading from an older version, we recommend upgrading directly to this latest release.

If you're running a fork of master, you will need to rebase your fork to get these fixes.

If you need help, best-effort support is available on chat.zulip.org, the Zulip community chat server.

Community

We love feedback from the Zulip user community. Here are a few ways you can connect: