# Version history This page the release history for the Zulip server. See also the [Zulip release lifecycle](../overview/release-lifecycle.md). ## Zulip 6.x series ### 6.0 -- unreleased This section is an incomplete draft of the release notes for the next major release, and is only updated occasionally. See the [commit log][commit-log] for an up-to-date list of raw changes. #### Upgrade notes for 6.0 - None yet. ## Zulip 5.x series ### 5.0 -- 2022-03-29 This section is an incomplete draft of the release notes for the next major release, and is only updated occasionally. See the [commit log][commit-log] for an up-to-date list of raw changes. #### Highlights - New [resolve topic](https://zulip.com/help/resolve-a-topic) feature allows marking topics as ✔ completed. It’s a lightweight way to manage a variety of workflows, including support interactions, answering questions, and investigating issues. - Administrators may enable the option to create [web-public streams](https://zulip.com/help/web-public-streams). Web-public streams can be viewed by anyone on the Internet without creating an account in your organization. - Users can now select a status emoji alongside their status message. Status emoji are shown next to the user's name in the sidebars, message feed, and compose box. Animated status emoji will only animate on hover. - Redesigned the compose box, adding formatting buttons for bold, italics and links as well as visual improvements. New button for inserting global times into your message. - Redesigned "Stream settings" to be much more usable, with separate tabs for personal settings, global settings, and membership, and more consistent style with the rest of Zulip's settings. - Stream creation was redesigned with a much cleaner interface, especially for selecting initial subscribers. - Redesigned "Full user profile" widget to show the user's stream and user group subscriptions. Administrators can unsubscribe a user from streams directly from their full profile. - Reorganized personal and organization settings to have clearer labels and make it easier to find privacy settings. - Organization administrators can now configure the default personal preference settings for new users joining the organization. - Most permissions settings now support choosing which roles have the permission, rather than just allowing administrators or everyone. - Permanent links to conversations now correctly redirect if the target message has been moved to a new stream or topic. - Added a data import tool for migrating from Rocket.Chat. Mattermost data import now supports importing uploaded files. - Improved handling of messages containing many images; now up to 20 images can be previewed in a single message (up from 5), and a new grid layout will be used. - OpenID Connect joins SAML, LDAP, Google, GitHub, Azure Active Directory, and more as a supported Single Sign-On provider. - SAML authentication now supports syncing custom profile fields. Additionally, SAML authentication now supports automatic account creation and IdP-initiated logout. - Added SCIM integration for synchronizing accounts with an external user database. - Added support for installation on ARM platforms (including Mac M1). - Removed support for Ubuntu 18.04, which no longer receives upstream security support for key Zulip dependencies. #### Upgrade notes for 5.0 - This release contains a migration, `0009_confirmation_expiry_date_backfill`, that can take several minutes to run on a server with millions of messages of history. - The `TERMS_OF_SERVICE` and `PRIVACY_POLICY` settings have been removed in favor of a system that supports additional policy documents, such as a code of conduct. See the [updated documentation](../production/settings.md) for the new system. #### Full feature changelog - Timestamps in Zulip messages are now permanent links to the message in its thread. - Added support for invitation links with configurable expiry, including links that never expire. Deactivating a user now disables all invitations that the user had sent. - Added support for expanding the compose box to be full-screen. - Added support for filtering events in webhooks. - Added support for overriding Zulip's defaults for new users in your organization. - Added support for referring to a user group with a silent mention. - Added new personal privacy setting controlling whether typing notifications are sent to other users. - Added new personal setting controlling whether `Esc` navigates the user to the default view. - Split stream creation policy into separate settings for private, public, and web-public streams. - New integrations: Freshstatus, Lidarr, Open Collective, Radarr, Sonarr, SonarQube. - Message edit notifications now indicate how many messages were moved, when only part of a topic was moved. - Muted topic records are now moved when an entire topic is moved. - Search views that don't mark messages as read now have an explanatory notice if any unread messages are present. - Added new "Scroll to bottom" widget hovering over the message feed. - Changed the default emoji set from Google Classic to Google Modern. - User groups mentions now correctly function as silent mentions when inside block quotes. - Messages that have been moved (but not otherwise edited) are now displayed as MOVED, not EDITED. - Reworked the UI for selecting a stream when moving topics. - Redesigned modals in the app to have more consistent and cleaner UX. - Added new topic filter widget in left sidebar zoomed view. - Redesigned Welcome Bot onboarding experience. - Redesigned hover behavior for timestamps and time mentions. - Messages sent by muted users can now be rehidden after being revealed. One can also now mute deactivated users. - Rewrote Help Center guides for new organizations and users, and made hundreds of other improvements to Help Center content and organization. - Reimplemented the image lightbox's pan/zoom functionality to be nicer, allowing us to enable it be default. - Added styled loading page for the web application. - Webhook integrations now support specifying the target stream by ID. - Notifications now differentiate user group mentions from personal mentions. - Added support for configuring how long the server should wait before sending email notifications after a mention or PM. - Improved integrations: BigBlueButton, GitHub, Grafana, PagerDuty, and many more. - Improved various interaction and performance details in Recent Topics. - Improved styling for poll and todo list widgets. - Zulip now supports configuring the database name and username when using a remote Postgres server. Previously, these were hardcoded to "zulip". - Migrated many tooltips to prettier tooltips powered by TippyJS. - Autocomplete is now available when editing topics. - Typeahead for choosing a topic now consistently fetches the full set of historical topics in the stream. - Changed "Quote and reply" to insert quoted content at the cursor when the compose box is not empty. - The compose box now has friendly UI for messages longer than 10K characters. - Compose typeahead now opens after typing only "@". - Improved the typeahead sorting for choosing code block languages. - Many additional subtle usability improvements to compose typeahead. - Adjusted permissions to only allow administrators to override unicode emoji with a custom emoji of the same name. - New "Manage this user" option in user profile popovers simplifies moderation. - New automated notifications when changing global stream settings like description and message retention policy. - Drafts are now advertised more prominently, in the left sidebar. - Drafts and message edit history now correctly render widgets like spoilers and global times. - Improved the tooltip formatting for global times. - LDAP userAccountControl logic now supports FreeIPA quirks. - Fixed a problem where self-hosted servers that permuted the IDs of their users by using the data export/import tools might send mobile push notifications to the wrong devices. - Fixed various bugs resulting in missing translations; most importantly in the in-application search/markdown/hotkeys help widgets. - Fixed several bugs that prevented browser undo from working in the compose box. - Fixed search typeahead not working once you've added a full-text keyword. - Fixed linkifier validation to prevent invalid linkifiers. - Fixed `Ctrl+.` shortcut not working correctly with empty topics. - Fixed numerous corner case bugs with email and mobile push notifications. - Fixed a bug resulting in long LaTeX messages failing to render. - Fixed buggy logic displaying users' last active time. - Fixed confusing "delete stream" language for archiving streams. - Fixed exceptions in races involving messages being deleted while processing a request to add emoji reactions, mark messages as read, or sending notifications. - Fixed most remaining 500 errors seen in Zulip Cloud (these were already quite rare, so this process involved debugging several rare races, timeouts, and error handling bugs.). - Fixed subtle bugs involving composing messages to deactivated users. - Fixed subtle bugs with reloading the page while viewing settings with "Recent topics" as the default view. - Fixed bug where pending email notifications could be lost when restarting the Zulip server. - Fixed "require topics" setting not being enforced for API clients. - Fixed several subtle Markdown rendering bugs. - Fixed several bugs with message edit history and stream/topic moves. - Fixed multiple subtle bugs that could cause compose box content to not be properly saved as drafts in various situations. - Fixed several server bugs involving rare race conditions. - Fixed a bug where different messages in search results would be incorrectly shown with a shared recipient bar despite potentially not being temporally adjacent. - Fixed lightbox download button not working with the S3 upload backend. - Increased default retention period before permanently removing deleted messages from 7 days to 30 days. - Rate limiting now supports treating all Tor exit nodes as a single IP. - Changed "From" header in invitation emails to no longer include the name of the user who sent the invitation, to prevent anti-phishing software from flagging invitations. - Added support for uploading animated PNGs as custom emoji. - Renamed "Night mode" to "Dark theme". - Added the mobile app's notification sound to desktop sound options, as "Chime". - Reworked the `manage.py help` interface to hide Django commands that are useless or harmful to run on a production system. Also deleted several useless management commands. - Improved help and functionality of several management commands. New create_realm management command supports some automation workflows. - Added `RealmAuditLog` logging for most administrative actions that were previously not tracked. - Added automated testing of the upgrade process from previous releases, to reduce the likelihood of problems upgrading Zulip. - Attempting to "upgrade" to an older version now gives a clear error message. - Optimized critical parts of the message sending code path for large organizations. - Optimized creating streams in very large organizations. - Certain unprintable Unicode characters are no longer permitted in topic names. - Added IP-based rate limiting for unauthenticated requests. - Added documentation for Zulip's rate-limiting rules. - Merged the API endpoints for a user's personal settings into the /settings endpoint with a cleaner interface. - The server API now supports marking messages as unread, allowing this upcoming mobile app feature to work with Zulip 5.0. - Added to the API most page-load parameters used by the web app application that were missing from the `/register` API. - Simplified the infrastructure for rendering API documentation so that only a few pages require Markdown templates in addition to the OpenAPI specification file. - Corrected many minor issues with the API documentation. - Major improvements to both the infrastructure and content for Zulip's ReadTheDocs documentation for contributors and sysadmins. - Major improvements to the mypy type-checking, discovered via using the django-stubs project to get Django stubs. - Renamed main branch from `master` to `main`. ## Zulip 4.x series ## Zulip 4.11 -- 2022-03-15 - CVE-2022-24751: Zulip Server 4.0 and above were susceptible to a race condition during user deactivation, where a simultaneous access by the user being deactivated may, in rare cases, allow continued access by the deactivated user. This access could theoretically continue until one of the following events happens: - The session expires from memcached; this defaults to two weeks, and is controlled by SESSION_COOKIE_AGE in /etc/zulip/settings.py - The session cache is evicted from memcached by other cached data. - The server is upgraded, which clears the cache. - Updated translations. ## Zulip 4.10 -- 2022-02-25 - CVE-2022-21706: Reusable invitation links could be improperly used for other organizations. - CVE-2021-3967: Enforce that regenerating an API key must be done with an API key, not a cookie. Thanks to nhiephon (twitter.com/\_nhiephon) for their responsible disclosure of this vulnerability. - Fixed a bug with the `reindex-textual-data` tool, where it would sometimes fail to find the libraries it needed. - Pin PostgreSQL to 10.19, 11.14, 12.9, 13.5 or 14.1 to avoid a regression which caused deploys with PGroonga enabled to unpredictably fail database queries with the error `variable not found in subplan target list`. - Fix ARM64 support; however, the wal-g binary is not yet supported on ARM64 (zulip/zulip#21070). ## Zulip 4.9 -- 2022-01-24 - CVE-2021-43799: Remote execution of code involving RabbitMQ. - Closed access to RabbitMQ port 25672; initial installs tried to close this port, but failed to restart RabbitMQ for the configuration. - Removed the `rabbitmq.nodename` configuration in `zulip.conf`; all RabbitMQ instances will be reconfigured to have a nodename of `zulip@localhost`. You can remove this setting from your `zulip.conf` configuration file, if it exists. - Added missing support for the Camo image proxy in the Docker image. This resolves a longstanding issue with image previews, if enabled, appearing as broken images for Docker-based installs. - Fixed a bug which allowed a user to edit a message to add a wildcard mention when they did not have permissions to send such messages originally. - Fixed a bug in the tool that corrects database corruption caused by updating the operating system hosting PostgreSQL, which previously omitted some indexes from its verification. If you updated the operating system of your Zulip instance from Ubuntu 18.04 to 20.04, or from Debian 9 to 10, you should run the tool, even if you did so previously; full details and instructions are available in the previous blog post. - Began routing requests from the Camo image proxy through a non-Smokescreen proxy, if one is configured; because Camo includes logic to deny access to private subnets, routing its requests through Smokescreen is generally not necessary. - Fixed a bug where changing the Camo secret required running `zulip-puppet-apply`. - Fixed `scripts/setup/compare-settings-to-template` to be able to run from any directory. - Switched Let's Encrypt renewal to use its own timer, rather than our custom cron job. This fixes a bug where occasionally `nginx` would not reload after getting an updated certificate. - Updated documentation and tooling to note that installs using `upgrade-zulip-from-git` require 3 GB of RAM, or 2 GB and at least 1 GB of swap. ## Zulip 4.8 -- 2021-12-01 - CVE-2021-43791: Zulip could fail to enforce expiration dates on confirmation keys, allowing users to potentially use expired invitations, self-registrations, or realm creation links. - Began installing Smokescreen to harden Zulip against SSRF attacks by default. Zulip has offered Smokescreen as an option since Zulip 4.0. Existing installs which configured an outgoing proxy which is not on `localhost:4750` will continue to use that; all other installations will begin having a Smokescreen installation listening on 127.0.0.1, which Zulip will proxy traffic through. The version of Smokescreen was also upgraded. - Replaced the camo image proxy with go-camo, a maintained reimplementation that also protects against SSRF attacks. This server now listens only on 127.0.0.1 when it is deployed as part of a standalone deployment. - Began using camo for images displayed in URL previews. This improves privacy and also resolves an issue where an image link to a third party server with an expired or otherwise invalid SSL certificate would trigger a confusing pop-up window for Zulip Desktop users. - Fixed a bug which could cause Tornado to shut down improperly (causing an immediate full-page reload for their clients) when restarting a heavily loaded Zulip server. - Updated Python dependencies. - Truncated large “remove” mobile notification events so that marking hundreds of private messages or other notifiable messages as read at once won’t exceed Apple’s 4 KB notification size limit. - Slack importer improvements: - Ensured that generated fake email addresses for Slack bots are unique. - Added support for importing Slack exports from a directory, not just a .zip file. - Provided better error messages with invalid Slack tokens. - Added support for non-ASCII Unicode folder names on Windows. - Add support for V3 Pagerduty webhook. - Updated documentation for Apache SSO, which now requires additional configuration now that Zulip uses a C extension (the `re2` module). - Fixed a bug where an empty name in a SAML response would raise an error. - Ensured that `deliver_scheduled_emails` and `deliver_scheduled_messages` did not double-deliver if run on multiple servers at once. - Extended Certbot troubleshooting documentation. - Fixed a bug in soft deactivation catch-up code, in cases where a race condition had created multiple subscription deactivation entries for a single user and single stream in the audit log. - Updated translations, including adding a Sinhala translation. ### 4.7 -- 2021-10-04 - CVE-2021-41115: Prevent organization administrators from affecting the server with a regular expression denial-of-service attack through linkifier patterns. ### 4.6 -- 2021-09-23 - Documented official support for Debian 11 Bullseye, now that it is officially released by Debian upstream. - Fixed installation on Debian 10 Buster. Upstream infrastructure had broken the Python `virtualenv` tool on this platform, which we've worked around for this release. - Zulip releases are now distributed from https://download.zulip.com/server/, replacing the old `www.zulip.org` server. - Added support for LDAP synchronization of the `is_realm_owner` and `is_moderator` flags. - `upgrade-zulip-from-git` now uses `git fetch --prune`; this ensures `upgrade-zulip-from-git master` with return an error rather than using a stale cached version of the `master` branch, which was renamed to `main` this month. - Added a new `reset_authentication_attempt_count` management command to allow sysadmins to manually reset authentication rate limits. - Fixed a bug that caused the `upgrade-postgresql` tool to incorrectly remove `supervisord` configuration for `process-fts-updates`. - Fixed a rare migration bug when upgrading from Zulip versions 2.1 and older. - Fixed a subtle bug where the left sidebar would show both old and new names for some topics that had been renamed. - Fixed incoming email gateway support for configurations with the `http_only` setting enabled. - Fixed issues where Zulip's outgoing webhook, with the Slack-compatible interface, had a different format from Slack's documented interface. - The installation and upgrade documentations now show the latest release's version number. - Backported many improvements to the ReadTheDocs documentation. - Updated translation data from Transifex. ### 4.5 -- 2021-07-25 - Added a tool to fix potential database corruption caused by host OS upgrades (was listed in 4.4 release notes, but accidentally omitted). ### 4.4 -- 2021-07-22 - Fixed a possible denial-of-service attack in Markdown fenced code block parsing. - Smokescreen, if installed, now defaults to only listening on 127.0.0.1; this prevents it from being used as an open HTTP proxy if it did not have other firewalls protecting incoming port 4750. - Fixed a performance/scalability issue for installations using the S3 file uploads backend. - Fixed a bug where users could turn other users’ messages they could read into widgets (e.g. polls). - Fixed a bug where emoji and avatar image requests were sent through Camo; doing so does not add any security benefit, and broke custom emoji that had been imported from Slack in Zulip 1.8.1 or earlier. - Changed to log just a warning, instead of an exception, in the case that the `embed_links` worker cannot fetch previews for all links in a message within the 30-second timeout. Each preview request within a message already has a 15-second timeout. - Ensured `psycopg2` is installed before starting `process_fts_updates`; otherwise, it might fail to start several times before the package was installed. - Worked around a bug in supervisor where, when using SysV init, `/etc/init.d/supervisor restart` would only have stopped, not restarted, the process. - Modified upgrade scripts to better handle failure, and suggest next steps and point to logs. - Zulip now hides the “show password” eye icon that IE and Edge browsers place in password inputs; this duplicated the already-present JavaScript-based functionality. - Fixed “OR” glitch on login page if SAML authentication is enabled but not configured. - The `send_test_email` management command now shows the full SMTP conversation on failure. - Provided a `change_password` management command which takes a `--realm` option. - Fixed `upgrade-zulip-from-git` crashing in CSS source map generation on 1-CPU systems. - Added an `auto_signup` field in SAML configuration to auto-create accounts upon first login attempt by users which are authenticated by SAML. - Provided better error messages when `puppet_classes` in `zulip.conf` are mistakenly space-separated instead of comma-separated. - Updated translations for many languages. ### 4.3 -- 2021-06-02 - Fixed exception when upgrading older servers with the `JITSI_SERVER_URL` setting set to `None` to disable Jitsi. - Fixed GIPHY integration dropdown appearing when the server doesn't have a GIPHY API key configured. - The GIPHY API library is no longer loaded for users who are not actively using the GIPHY integration. - Improved formatting for Grafana integration. - Fixed previews of Dropbox image links. - Fixed support for storing avatars/emoji in non-S3 upload backends. - Fixed an overly strict database constraint for code playgrounds. - Tagged user status strings for translation. - Updated translation data from Transifex. ### 4.2 -- 2021-05-13 - Fixed exception in purge-old-deployments when upgrading on a system that has never upgraded using Git. - Fixed installation from a directory readable only by root. ### 4.1 -- 2021-05-13 - Fixed exception upgrading to the 4.x series from older releases. ### 4.0 -- 2021-05-13 #### Highlights - Code blocks now have a copy-to-clipboard button and can be integrated with external code playgrounds, making it convenient to work with code while discussing it in Zulip. - Added a new organization [Moderator role][roles-and-permissions]. Many permissions settings for sensitive features now support only allowing moderators and above to use the feature. - Added a native Giphy integration for sending animated GIFs. - Added support for muting another user. - Recent topics is no longer beta, no longer an overlay, supports composing messages, and is now the default view. The previous default view, "All messages", is still available, and the default view can now be configured via "Display settings". - Completed API documentation for Zulip's real-time events system. It is now possible to write a decent Zulip client with minimal interaction with the Zulip server development team. - Added new organization settings: wildcard mention policy. - Integrated [Smokescreen][smokescreen], an outgoing proxy designed to help protect against SSRF attacks; outgoing HTTP requests that can be triggered by end users are routed through this service. We recommend that self-hosted installations configure it. - This release contains more than 30 independent changes to the [Zulip API](https://zulip.com/api/changelog), largely to support new features or make the API (and thus its documentation) clearer and easier for clients to implement. Other new API features support better error handling for the mobile and terminal apps. - The frontend internationalization library was switched from i18next to FormatJS. - The button for replying was redesigned to show the reply recipient and be more obvious to users coming from other chat apps. - Added support for moving topics to private streams, and for configuring which roles can move topics between streams. [roles-and-permissions]: https://zulip.com/help/roles-and-permissions #### Upgrade notes for 4.0 - Changed the Tornado service to use 127.0.0.1:9800 instead of 127.0.0.1:9993 as its default network address, to simplify support for multiple Tornado processes. Since Tornado only listens on localhost, this change should have no visible effect unless another service is using port 9800. - Zulip's top-level puppet classes have been renamed, largely from `zulip::foo` to `zulip::profile::foo`. Configuration referencing these `/etc/zulip/zulip.conf` will be automatically updated during the upgrade process, but if you have a complex deployment or you maintain `zulip.conf` is another system (E.g. with the [manual configuration][docker-zulip-manual] option for [docker-zulip][docker-zulip]), you'll want to manually update the `puppet_classes` variable. - Zulip's supervisord configuration now lives in `/etc/supervisor/conf.d/zulip/` - Consider enabling [Smokescreen][smokescreen] - Private streams can no longer be default streams (i.e. the ones new users are automatically added to). - New `scripts/start-server` and `scripts/stop-server` mean that one no longer needs to use `supervisorctl` directly for these tasks. - As this is a major release, we recommend [carefully updating the inline documentation in your `/etc/zulip/settings.py`][update-settings-docs]. Notably, we rewrote the template to be better organized and more readable in this release. - The web app will now display a warning in the UI if the Zulip server has not been upgraded in more than 18 months. template to be better organized and more readable. - The next time users log in to Zulip with their password after upgrading to this release, they will be logged out of all active browser sessions (i.e. the web and desktop apps). This is a side effect of improved security settings (increasing the minimum entropy used when salting passwords from 71 bits to 128 bits). - We've removed the partial Thumbor integration from Zulip. The Thumbor project appears to be dead upstream, and we no longer feel comfortable including it in Zulip from a security perspective. We hope to introduce a fully supported thumbnailing integration in our next major release. [docker-zulip-manual]: https://github.com/zulip/docker-zulip#manual-configuration [smokescreen]: ../production/deployment.md#customizing-the-outgoing-http-proxy [update-settings-docs]: ../production/upgrade-or-modify.md#updating-settingspy-inline-documentation #### Full feature changelog - Added new [release lifecycle documentation](release-lifecycle.md). - Added support for subscribing another stream's membership to a stream. - Added RealmAuditLog for most settings state changes in Zulip; this data will facilitate future features showing a log of activity by a given user or changes to an organization's settings. - Added support for using Sentry for processing backend exceptions. - Added documentation for using `wal-g` for continuous PostgreSQL backups. - Added loading spinners for message editing widgets. - Added live update of compose placeholder text when recipients change. - Added keyboard navigation for popover menus that were missing it. - Added documentation for all [zulip.conf settings][zulip-conf-settings]. - Added dozens of new notification sound options. - Added menu option to unstar all messages in a topic. - Added confirmation dialog before unsubscribing from a private stream. - Added confirmation dialog before deleting your profile picture. - Added types for all parameters in the API documentation. - Added API endpoint to fetch user details by email address. - Added API endpoint to fetch presence details by user ID. - Added new LDAP configuration options for servers hosting multiple organizations. - Added new `@**|user_id**` mention syntax intended for use in bots. - Added preliminary support for Zulip on Debian 11; this release is expected to support Debian 11 without any further changes. - Added several useful new management commands, including `change_realm_subdomain` and `delete_user`. - Added support for subscribing all members of a user group to a stream. - Added support for sms: and tel: links. - Community topic editing time limit increased to 3 days for members. - New integrations: Freshping, Jotform, UptimeRobot, and a JSON formatter (which is particularly useful when developing a new integration). - Updated integrations: Clubhouse, NewRelic, Bitbucket, Zabbix. - Improved formatting of GitHub and GitLab integrations. - Improved the user experience for multi-user invitations. - Improved several rendered-message styling details. - Improved design of `