Skip to content

v27.190

Compare
Choose a tag to compare
@gnprice gnprice released this 24 Aug 23:32
· 851 commits to main since this release

Highlights for users

  • Fixed an issue where a crafted, malformed image link in a message sent by an authenticated user could lead to credential disclosure if a user taps on the image to expand it. (CVE-2022-35962)

This issue was discovered internally by the Zulip developers. We
analyzed all message history on Zulip Cloud and determined it has
never been exploited there.

Zulip server administrators should also upgrade to Zulip Server 5.6 or
later, to make this issue impossible to exploit on their servers.

sha256sum -c <<EOF
7e8dde1c9d0770f610bcc3e266bea6f06d50df1e12ba1b9fc643252a048a590b  app-arm64-v8a-release.apk
3f446bceeae3768a3bcbf5d772bf566d62f5c0406b38cf13a02ded98f1cabb6e  app-armeabi-v7a-release.apk
93ce4142cd74ac072e2c10708c426c693f86844ad6ae0d5332d59878d6901c18  app-x86_64-release.apk
4029d10c90962e5714af399b2a8a7d5790697e5dd88060a360913a8f019502bf  app-x86-release.apk
5a2a9bf7c7af0b81e818ffc47eea3e6512a75482e21d134684863da9cd8a78f9  app-release.aab
EOF