mirror of https://github.com/zulip/zulip.git
version: Update version and changelog after 6.2 release.
This commit is contained in:
parent
7ac891a6b9
commit
e6b1384a05
|
@ -157,6 +157,55 @@ log][commit-log] for an up-to-date list of all changes.
|
|||
|
||||
## Zulip 6.x series
|
||||
|
||||
### 6.2 -- 2023-05-19
|
||||
|
||||
- CVE-2023-28623: Fixed a vulnerability that would allow users to sign up for a
|
||||
Zulip Server account with an unauthorized email address, despite the server
|
||||
being configured to require that email addresses be in LDAP. Specifically, if
|
||||
the organization permissions don't require invitations to join, and the only
|
||||
configured authentication backends were `ZulipLDAPAuthBackend` and some other
|
||||
external authentication backend (any aside from `ZulipLDAPAuthBackend` and
|
||||
`EmailAuthBackend`), then an unprivileged remote attacker could have created a
|
||||
new account in the organization with an arbitrary email address in their
|
||||
control that was not in the organization's LDAP directory.
|
||||
- CVE-2023-32677: Fixed a vulnerability which allowed users to invite new users
|
||||
to streams when inviting them to the server, even if they did not have
|
||||
[permission to invite existing users to streams](https://zulip.com/help/configure-who-can-invite-to-streams).
|
||||
This did not allow users to invite others to streams that they themselves were
|
||||
not a member of, and only affected deployments with the rare configuration of
|
||||
a permissive
|
||||
[realm invitation policy](https://zulip.com/help/restrict-account-creation#change-who-can-send-invitations)
|
||||
and a strict
|
||||
[stream invitation policy](https://zulip.com/help/configure-who-can-invite-to-streams).
|
||||
- Fixed a bug that could cause duplicate push notifications when using the
|
||||
mobile push notifications service.
|
||||
- Fixed several bugs in the Zulip server and PostgreSQL version upgrade
|
||||
processes.
|
||||
- Fixed multiple Recent conversations display bugs for private message
|
||||
conversations.
|
||||
- Fixed the left sidebar stream list exiting “more topics” during background
|
||||
re-rendering, and a related rendering bug.
|
||||
- Fixed a bug where uploaded files sent via the email gateway were not correctly
|
||||
associated with the message’s sender.
|
||||
- Improved error handling for certain puppet failures.
|
||||
- Silenced a distracting `caniuse browserlist` warning in install/upgrade
|
||||
output.
|
||||
- Simplified UI for inviting new users to make it easy to select the default
|
||||
streams.
|
||||
- Fixed GPG check error handling for PGroonga apt repository.
|
||||
- Documented how to manage email address changes when using the LDAP backend.
|
||||
- Documented how to use SMTP without authentication.
|
||||
- Documented that the Zulip mobile/desktop apps now only support Zulip Server
|
||||
4.0 and newer (released 22 months ago), following our 18-month support policy.
|
||||
- Extracted the documentation on modifying Zulip to a dedicated page.
|
||||
- Added a new `send_welcome_bot_message` management command, to allow the
|
||||
sysadmin to send Welcome Bot messages manually after a data import.
|
||||
- Added new `RABBITMQ_USE_TLS` and `RABBITMQ_PORT` settings for installations
|
||||
wanting to configure the RabbitMQ connection with a remote RabbitMQ host.
|
||||
- Added a new `timesync` deployment option to allow installations to override
|
||||
Zulip’s default of `chrony` for time synchronization.
|
||||
- Upgraded dependencies for security and bug fixes.
|
||||
|
||||
### 6.1 -- 2023-01-23
|
||||
|
||||
- Fixed a bug that caused the web app to not load on Safari 13 and lower;
|
||||
|
|
|
@ -14,7 +14,7 @@ ZULIP_VERSION = lines.pop(0).strip()
|
|||
ZULIP_MERGE_BASE = lines.pop(0).strip()
|
||||
|
||||
LATEST_MAJOR_VERSION = "6.0"
|
||||
LATEST_RELEASE_VERSION = "6.1"
|
||||
LATEST_RELEASE_VERSION = "6.2"
|
||||
LATEST_RELEASE_ANNOUNCEMENT = "https://blog.zulip.com/2022/11/17/zulip-6-0-released/"
|
||||
|
||||
# Versions of the desktop app below DESKTOP_MINIMUM_VERSION will be
|
||||
|
|
Loading…
Reference in New Issue