version: Update version and changelog after 5.7 release.

This commit is contained in:
Alex Vandiver 2022-11-16 16:03:05 +00:00
parent 2cc3fa4fba
commit c4e5ddd67f
2 changed files with 23 additions and 1 deletions

View File

@ -192,6 +192,28 @@ log][commit-log] for an up-to-date list of raw changes.
## Zulip 5.x series
### 5.7 -- 2022-11-16
- CVE-2022-41914: Fixed the verification of the SCIM account
management bearer tokens to use a constant-time comparator. Zulip
Server 5.0 through 5.6 checked SCIM bearer tokens using a comparator
that did not run in constant time. For organizations with SCIM
account management enabled, this bug theoretically allowed an
attacker to steal the SCIM bearer token, and use it to read and
update the Zulip organizations user accounts. In practice, this
vulnerability may not have been practical or exploitable. Zulip
Server installations which have not explicitly enabled SCIM are not
affected.
- Fixed an error with deactivating users with `manage.py sync_ldap_user_data`
when `LDAP_DEACTIVATE_NON_MATCHING_USERS` was enabled.
- Fixed several subtle bugs that could lead to browsers reloading
repeatedly when the server was updated.
- Fixed a live-update bug when changing certain notifications
settings.
- Improved error logs when sending push notifications to the push
notifications service fails.
- Upgraded Python requirements.
### 5.6 -- 2022-08-24
- CVE-2022-36048: Change the Markdown renderer to only rewrite known

View File

@ -14,7 +14,7 @@ ZULIP_VERSION = lines.pop(0).strip()
ZULIP_MERGE_BASE = lines.pop(0).strip()
LATEST_MAJOR_VERSION = "5.0"
LATEST_RELEASE_VERSION = "5.6"
LATEST_RELEASE_VERSION = "5.7"
LATEST_RELEASE_ANNOUNCEMENT = "https://blog.zulip.com/2022/03/29/zulip-5-0-released/"
# Versions of the desktop app below DESKTOP_MINIMUM_VERSION will be