Zulip
Open-source team chat with unique topic-based threading
Alternative to: slack, microsoft teams, discord
About
Versions (100)
4.11
2022-03-15- CVE-2022-24751: Zulip Server 4.0 and above were susceptible to a
race condition during user deactivation, where a simultaneous access
by the user being deactivated may, in rare cases, allow continued
access by the deactivated user. This access could theoretically
continue until one of the following events happens:
- The session expires from memcached; this defaults to two weeks, and is controlled by SESSION_COOKIE_AGE in /etc/zulip/settings.py
- The session cache is evicted from memcached by other cached data.
- The server is upgraded, which clears the cache.
- Updated translations.