Release Zulip Server 5.7.

docs/overview/changelog.md

@@ -7,6 +7,28 @@ up-to-date list of raw changes.
 
 ## Zulip 5.x series
 
+### 5.7 -- 2022-11-16
+
+- CVE-2022-41914: Fixed the verification of the SCIM account
+  management bearer tokens to use a constant-time comparator. Zulip
+  Server 5.0 through 5.6 checked SCIM bearer tokens using a comparator
+  that did not run in constant time. For organizations with SCIM
+  account management enabled, this bug theoretically allowed an
+  attacker to steal the SCIM bearer token, and use it to read and
+  update the Zulip organization’s user accounts. In practice, this
+  vulnerability may not have been practical or exploitable. Zulip
+  Server installations which have not explicitly enabled SCIM are not
+  affected.
+- Fixed an error with deactivating users with `manage.py sync_ldap_user_data`
+  when `LDAP_DEACTIVATE_NON_MATCHING_USERS` was enabled.
+- Fixed several subtle bugs that could lead to browsers reloading
+  repeatedly when the server was updated.
+- Fixed a live-update bug when changing certain notifications
+  settings.
+- Improved error logs when sending push notifications to the push
+  notifications service fails.
+- Upgraded Python requirements.
+
 ### 5.6 -- 2022-08-24
 
 - CVE-2022-36048: Change the Markdown renderer to only rewrite known

version.py

@@ -1,6 +1,6 @@
 import os
 
-ZULIP_VERSION = "5.6+git"
+ZULIP_VERSION = "5.7"
 
 # Add information on number of commits and commit hash to version, if available
 zulip_git_version_file = os.path.join(
@@ -14,7 +14,7 @@ ZULIP_VERSION = lines.pop(0).strip()
 ZULIP_MERGE_BASE = lines.pop(0).strip()
 
 LATEST_MAJOR_VERSION = "5.0"
-LATEST_RELEASE_VERSION = "5.6"
+LATEST_RELEASE_VERSION = "5.7"
 LATEST_RELEASE_ANNOUNCEMENT = "https://blog.zulip.com/2022/03/29/zulip-5-0-released/"
 
 # Versions of the desktop app below DESKTOP_MINIMUM_VERSION will be