Zulip 2.0.8 security release

We released Zulip Server 2.0.8 today. This is a security release, containing a handful of cherry-picked changes since Zulip 2.0.7.

What’s new

This release fixes a security bug in Zulip 1.9.0 and greater:

  • CVE-2019-19775: Close open redirect in thumbnail view.

Upgrading

All installations should upgrade promptly to secure their installations. See the upgrade instructions in the Zulip documentation.

If you’re upgrading from 2.0.x, then the code changes are small and there are no migrations or dependency changes, so the risk of unexpected disruption is low.  If you're upgrading from an older version, we recommend upgrading directly to this latest release.

If you're running a fork of master, you will need to rebase your fork to get these fixes.

If you need help, best-effort support is available on chat.zulip.org, the Zulip community chat server.

Community

We love feedback from the Zulip user community. Here are a few ways you can connect:

Tim Abbott

Tim Abbott is the lead developer of the Zulip open source project and CEO of Kandra Labs, the company providing Zulip hosting and commercial support. Previously, he was founder and CTO of Ksplice.

San Francisco https://zulip.org