mirror of https://github.com/zulip/zulip.git
version: Update version and changelog after 5.7 release.
This commit is contained in:
parent
2cc3fa4fba
commit
c4e5ddd67f
|
@ -192,6 +192,28 @@ log][commit-log] for an up-to-date list of raw changes.
|
|||
|
||||
## Zulip 5.x series
|
||||
|
||||
### 5.7 -- 2022-11-16
|
||||
|
||||
- CVE-2022-41914: Fixed the verification of the SCIM account
|
||||
management bearer tokens to use a constant-time comparator. Zulip
|
||||
Server 5.0 through 5.6 checked SCIM bearer tokens using a comparator
|
||||
that did not run in constant time. For organizations with SCIM
|
||||
account management enabled, this bug theoretically allowed an
|
||||
attacker to steal the SCIM bearer token, and use it to read and
|
||||
update the Zulip organization’s user accounts. In practice, this
|
||||
vulnerability may not have been practical or exploitable. Zulip
|
||||
Server installations which have not explicitly enabled SCIM are not
|
||||
affected.
|
||||
- Fixed an error with deactivating users with `manage.py sync_ldap_user_data`
|
||||
when `LDAP_DEACTIVATE_NON_MATCHING_USERS` was enabled.
|
||||
- Fixed several subtle bugs that could lead to browsers reloading
|
||||
repeatedly when the server was updated.
|
||||
- Fixed a live-update bug when changing certain notifications
|
||||
settings.
|
||||
- Improved error logs when sending push notifications to the push
|
||||
notifications service fails.
|
||||
- Upgraded Python requirements.
|
||||
|
||||
### 5.6 -- 2022-08-24
|
||||
|
||||
- CVE-2022-36048: Change the Markdown renderer to only rewrite known
|
||||
|
|
|
@ -14,7 +14,7 @@ ZULIP_VERSION = lines.pop(0).strip()
|
|||
ZULIP_MERGE_BASE = lines.pop(0).strip()
|
||||
|
||||
LATEST_MAJOR_VERSION = "5.0"
|
||||
LATEST_RELEASE_VERSION = "5.6"
|
||||
LATEST_RELEASE_VERSION = "5.7"
|
||||
LATEST_RELEASE_ANNOUNCEMENT = "https://blog.zulip.com/2022/03/29/zulip-5-0-released/"
|
||||
|
||||
# Versions of the desktop app below DESKTOP_MINIMUM_VERSION will be
|
||||
|
|
Loading…
Reference in New Issue