paulmataruso/zulip
1
0
Fork 0
mirror of https://github.com/zulip/zulip.git synced 2025-10-23 16:14:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

Release Zulip Server 7.5.

Browse Source
This commit is contained in:
Alex Vandiver
2023-11-16 17:00:11 +00:00
parent ee6ab3d15b
commit 09ccdc301b
2 changed files with 30 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
docs/overview/changelog.md
View File

@@ -7,6 +7,34 @@ up-to-date list of all changes.
## Zulip Server 7.x series ## Zulip Server 7.x series
### Zulip Server 7.5
_Released 2023-11-16_
- CVE-2023-47642: Invalid metadata access for formerly subscribed streams.
It was discovered by the Zulip development team that active users who had
previously been subscribed to a stream incorrectly continued being able to use
the Zulip API to access metadata for that stream. As a result, users who had
been removed from a stream, but still had an account in the organization,
could still view metadata for that stream (including the stream name,
description, settings, and an email address used to send emails into the
stream via the incoming email integration). This potentially allowed users to
see changes to a streams metadata after they had lost access to the stream.
This bug was present in all Zulip releases prior to Zulip Server 7.5.
- Fixed a bug where [backups](../production/export-and-import.md#backups) might
be written using `postgresql-client-16`, which could not be straightforwardly
restored into a Zulip instance, as the format is not backwards-compatible, and
Zulip does not yet support PostgreSQL 16.
- Renamed the `reactivate_stream` management command to `unarchive_stream`, to
match terminology in the app, and [documented
it](https://zulip.com/help/archive-a-stream#unarchiving-archived-streams).
- Fixed a regression, introduced in 6.0, where users created via the API or LDAP
would have English set as their language, ignoring the configured realm
default.
- Improved [documentation on `AUTH_LDAP_ADVANCED_REALM_ACCESS_CONTROL`](../production/authentication-methods.md#restricting-ldap-user-access-to-specific-organizations).
- Improved error messages for subdomains being reserved versus being in use.
- Upgraded Python dependencies.
### Zulip Server 7.4 ### Zulip Server 7.4
_Released 2023-09-15_ _Released 2023-09-15_

4
version.py
View File

@@ -1,6 +1,6 @@
import os import os
ZULIP_VERSION = "7.4+git" ZULIP_VERSION = "7.5"
# Add information on number of commits and commit hash to version, if available # Add information on number of commits and commit hash to version, if available
zulip_git_version_file = os.path.join( zulip_git_version_file = os.path.join(
@@ -14,7 +14,7 @@ ZULIP_VERSION = lines.pop(0).strip()
ZULIP_MERGE_BASE = lines.pop(0).strip() ZULIP_MERGE_BASE = lines.pop(0).strip()
LATEST_MAJOR_VERSION = "7.0" LATEST_MAJOR_VERSION = "7.0"
LATEST_RELEASE_VERSION = "7.4" LATEST_RELEASE_VERSION = "7.5"
LATEST_RELEASE_ANNOUNCEMENT = "https://blog.zulip.com/2023/05/31/zulip-7-0-released/" LATEST_RELEASE_ANNOUNCEMENT = "https://blog.zulip.com/2023/05/31/zulip-7-0-released/"
# Versions of the desktop app below DESKTOP_MINIMUM_VERSION will be # Versions of the desktop app below DESKTOP_MINIMUM_VERSION will be