Zulip v2.1.3 Release Notes
Release Date: 2020-04-01 // about 4 years ago-
2.1.3 -- 2020-04-01
- CVE-2020-9444: Prevent reverse tabnapping attacks.
- ๐ CVE-2020-9445: Remove unused and insecure modal_link feature.
- CVE-2020-10935: Fix XSS vulnerability in local link rewriting.
- Blocked access from Zulip Desktop versions below 5.0.0. This
behavior can be adjusted by editingDESKTOP_*_VERSION
๐ in/home/zulip/deployments/current/version.py
. - Restructured server initialization to simplify initialization of
๐ณ Docker containers (eliminating common classes of user error). - โ Removed buggy feedback bot (
ENABLE_FEEDBACK
). - Migrated GitHub authentication to use the current encoding.
- ๐ Fixed support for restoring a backup on a different minor release
(in the common case they have the same database schema). - ๐ Fixed restoring backups with memcached authentication enabled.
- ๐ Fixed preview content (preheaders) for many emails.
- ๐ Fixed buggy text in missed-message emails with PM content disabled.
- ๐ Fixed buggy loading spinner in "emoji format" widget.
- ๐ Fixed sorting and filtering users in organization settings.
- ๐ Fixed handling of links to deleted streams.
- ๐ Fixed check-rabbitmq-consumers monitoring.
- ๐ Fixed copy-to-clipboard button for outgoing webhook bots.
- ๐ Fixed logging spam from soft_deactivation cron job.
- ๐ Fixed email integration handling of emails with nested MIME structure.
- ๐ Fixed unicode bugs in incoming email integration.
- ๐ Fixed error handling for Slack data import.
- ๐ Fixed incoming webhook support for AWX 9.x.y.
- ๐ Fixed a couple missing translation tags.
- ๐ Fixed "User groups" settings UI bug for administrators.
- ๐ Fixed data import tool to reset resource limits after importing
๐ data from a free plan organization on zulipchat.com. - ๐ Changed the SAML default signature algorithm to SHA-256, overriding
0๏ธโฃ the SHA-1 default used by python3-saml.