Zulip
Open-source team chat with unique topic-based threading
Alternative to: slack, microsoft teams, discord
About
Versions (100)
2.1.5
2020-06-172.1.5 — 2020-06-16
- CVE-2020-12759: Fix reflected XSS vulnerability in Dropbox webhook.
- CVE-2020-14194: Prevent reverse tabnapping via topic header links.
- CVE-2020-14215: Fixed use of invitation role data from expired invitations on signup via external authentication methods.
- CVE-2020-14215: Fixed buggy
0198_preregistrationuser_invited_asdatabase migration from the 2.0.0-rc1 release, which incorrectly added the administrator role to invitations. - CVE-2020-14215: Added migration to clear the administrator role from
any invitation objects already corrupted by the buggy version of the
0198_preregistrationuser_invited_asmigration. - Fixed missing quoting of certain attributes in HTML templates.
- Allow /etc/zulip to be a symlink (for docker-zulip).
- Disabled access from insecure Zulip Desktop releases below version 5.2.0.
- Adjusted Slack import documentation to help administrators avoid OOM kills when doing Slack import on low-RAM systems.
- Fixed a race condition fetching users’ personal API keys.
- Fixed a few bugs with Slack data import.