paulmataruso/zulip
1
0
Fork 0
mirror of https://github.com/zulip/zulip.git synced 2025-11-04 05:53:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

Release Zulip Server 2.1.5.

Browse Source
This commit is contained in:
Tim Abbott
2020-06-16 14:23:55 -07:00
parent c21c8dcd95
commit d163143f12
2 changed files with 31 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
docs/overview/changelog.md
View File

@@ -7,6 +7,35 @@ All notable changes to the Zulip server are documented in this file.
This section lists notable unreleased changes; it is generally updated
in bursts.
### 2.1.5 -- 2020-06-16
- CVE-2020-12759: Fix reflected XSS vulnerability in Dropbox webhook.
- CVE-2020-14194: Prevent reverse tabnapping via topic header links.
- CVE-2020-14215: Fixed use of invitation role data from expired
invitations on signup via external authentication methods.
- CVE-2020-14215: Fixed buggy `0198_preregistrationuser_invited_as`
database migration from the 2.0.0-rc1 release, which incorrectly added
the administrator role to invitations.
- CVE-2020-14215: Added migration to clear the administrator role from
any invitation objects already corrupted by the buggy version of the
`0198_preregistrationuser_invited_as` migration.
- Fixed missing quoting of certain attributes in HTML templates.
- Allow /etc/zulip to be a symlink (for docker-zulip).
- Disabled access from insecure Zulip Desktop releases below version 5.2.0.
- Adjusted Slack import documentation to help administrators avoid OOM
kills when doing Slack import on low-RAM systems.
- Fixed a race condition fetching users' personal API keys.
- Fixed a few bugs with Slack data import.
Administrators of servers originally installed with Zulip 1.9 or older
should audit for unexpected [organization
administrators][audit-org-admin] following this upgrade, as it is
possible CVE-2020-14215 caused a user to incorrectly join as an
organization administrator in the past. See the release blog post for
details.
[audit-org-admin]: https://zulip.com/help/change-a-users-role
### 2.1.4 -- 2020-04-16
- Fixed a regression in 2.1.3 that impacted creating the very first

4
version.py
View File

@@ -1,6 +1,6 @@
import os
ZULIP_VERSION = "2.1.4"
ZULIP_VERSION = "2.1.5"
# Add information on number of commits and commit hash to version, if available
zulip_git_version_file = os.path.join(os.path.dirname(os.path.abspath(__file__)), 'zulip-git-version')
if os.path.exists(zulip_git_version_file):
@@ -10,7 +10,7 @@ if os.path.exists(zulip_git_version_file):
ZULIP_VERSION = version
LATEST_MAJOR_VERSION = "2.1"
LATEST_RELEASE_VERSION = "2.1.4"
LATEST_RELEASE_VERSION = "2.1.5"
LATEST_RELEASE_ANNOUNCEMENT = "https://blog.zulip.org/2019/12/13/zulip-2-1-released/"
# Versions of the desktop app below DESKTOP_MINIMUM_VERSION will be