Zulip v2.1.5

Version Release Notes from June 17, 2020 (almost 4 years ago)

« Changelog History

Zulip v2.1.5 Release Notes

Release Date: 2020-06-17 // almost 4 years ago

2.1.5 -- 2020-06-16
- CVE-2020-12759: Fix reflected XSS vulnerability in Dropbox webhook.
- CVE-2020-14194: Prevent reverse tabnapping via topic header links.
- 🛠 CVE-2020-14215: Fixed use of invitation role data from expired
  invitations on signup via external authentication methods.
- CVE-2020-14215: Fixed buggy 0198_preregistrationuser_invited_as
  🚀 database migration from the 2.0.0-rc1 release, which incorrectly added
  the administrator role to invitations.
- CVE-2020-14215: Added migration to clear the administrator role from
  any invitation objects already corrupted by the buggy version of the
  0198_preregistrationuser_invited_as migration.
- 🛠 Fixed missing quoting of certain attributes in HTML templates.
- 👍 Allow /etc/zulip to be a symlink (for docker-zulip).
- 🚀 Disabled access from insecure Zulip Desktop releases below version 5.2.0.
- 📚 Adjusted Slack import documentation to help administrators avoid OOM
  kills when doing Slack import on low-RAM systems.
- 🛠 Fixed a race condition fetching users' personal API keys.
- 🛠 Fixed a few bugs with Slack data import.

Awesome SysAdmin is part of the LibHunt network. Terms. Privacy Policy.