Zulip Versions Save

Zulip server and web application. Open-source team chat that helps teams stay productive and focused.

7.1

10 months ago

7.1 -- 2023-06-13

  • Added checks to check that Zulip is being installed on a supported CPU and OS architecture.
  • Improved error-handling around the upgrade-postgresql tool.
  • Fixed a couple bugs in database migrations as part of the upgrade that could cause the upgrade to fail to complete.
  • Fixed a bug where scheduled messages with @all would fail to send.
  • Fixed a bug which would sometimes cause the j and k keys to not be able to be typed in the compose box.
  • Fixed anonymous access to the “download” link on images in public-access streams.
  • Changed the default DNS resolver in nginx’s configuration to match the system’s; this fixes deployments which use the S3 storage backend and did not run systemd-resolved, like Docker and some versions of Debian.
  • Updated several pieces of documentation.
  • Updated translations, including new translations for Luri (Bakhtiari), Brazilian Portuguese, and Tagalog.

7.0

10 months ago

7.0 -- 2023-05-31

Highlights

  • Many significant visual changes as part of Zulip's ongoing redesign project, including message feed headers, background color, mention colors, dates and times, compose box banners, icons, and tooltips. Many further improvements are planned for future releases.
  • Added support for unmuting a topic in a muted stream, previously the 4th most upvoted GitHub issue.
  • Redesigned the permissions settings for message editing, topic editing, and moving topics to have a cleaner model.
  • New compose box features: Scheduling a message to be sent later, a nicer stream picker, and the ability to switch between stream and private messages.
  • Numerous improvements to the Help Center, including documentation for how to complete many common tasks in the Zulip mobile apps.
  • Redesigned the interface and permissions model for moving topics to be independent from message content editing, providing a cleaner experience and better configurability.
  • Renamed "Private messages" to "Direct messages" across the user interface, including search operators. We expect further API changes to be integrated gradually over coming releases due to backwards compatibility considerations.
  • Added a new personal privacy setting for to what extent the user's email address should be shared with other users in the organization; previously this was solely controlled by organization administrators. This is presented to the user during account creation, including for users imported from other chat products.
  • Added support for the upcoming Debian 12 release.

Full feature changelog

  • Added full support for using JWT authentication to integrate Zulip with another application.
  • Added support for SAML Single-Logout initiated by the Zulip server (SP-initiated Single Logout).
  • Added new stream setting controlling which users can remove other subscribers from the stream.
  • Added new setting to control when messages are marked as read when scrolling.
  • Added notification bot messages when another user adds you to or removes you from a user group.
  • Added additional confirmation dialogs for actions deserving caution, including marking all messages as read, removing the last user from a private stream, and disabling all notifications for direct messages.
  • Added support for Postgres 15, and removed support for Postgres 11.
  • Added new z keyboard shortcut to view a message in context.
  • Added new = keyboard shortcut to upvote an existing emoji reaction.
  • Changed the s keyboard shortcut to be a toggle, replacing the previous model that required both s and S keyboard shortcuts.
  • Clarified automated notifications when moving and resolving topics.
  • New webhook integrations: Rundeck.
  • Reworked linkifiers to use URL templates for the URL patterns.
  • Improved left sidebar to show more topics within the current stream, and more private message converations, especially when many are unread.
  • Reworked the internals of the main message feed scrollbar, fixing several longstanding bugs.
  • Improved many interaction details in the settings subsystem, including how files are uploaded, hover behaviors, etc.
  • Improved the logged out experience to suggest logging in to see more streams in the left sidebar.
  • Improved many subtle details of compose box autocomplete, file uploads, and error handling. Browser undo now works more consistently in the compose box.
  • Improved subscriber management in stream settings to support sorting users and seeing their user cards after a click.
  • Improved previously unspecified behavior when multiple overlapping linkifiers applied to syntax within a message.
  • Improved subject lines for email notifications in topics that have been resolved so that email clients will thread them with the pre-resolution topic.
  • Improved how the Slack data import tool handles Slack threads.
  • Improved the Slack incoming integration's handling of fancier Slack syntax.
  • Improved notification format for most Git integrations.
  • Improved onboarding emails with better content and links to guides.
  • Improved how uploaded files are served with the S3 file uploads backend to better support browser caching.
  • Improved the instructions for data imports from third-party tools to be much more detailed.
  • Improved the web application's main loading indicator.
  • Improved the visuals of todo and poll widgets.
  • Improved the content of onboarding emails.
  • Improved default for whether to include the Zulip realm name in the subject line of email notifications.
  • Improved rendering format for emoji inside headings.
  • Improved performance of rendering message views.
  • Improved capabilities of compliance exports, including new CSV format.
  • Fixed missing localization for dates/times in the message feed.
  • Fixed a subtle issue causing files uploaded via the incoming email gateway to not be viewable.
  • Fixed a subtle compose box issue that could cause a message to be sent twice.
  • Fixed several subtle bugs involving messages that failed to send.
  • Fixed several subtle bugs in message feed loading and rendering.
  • Fixed several subtle live-update bugs involving moving messages.
  • Fixed several error handling bugs in the message edit UI.
  • Fixed an issue where newly created users could get email notifications for messages from Welcome Bot.
  • Fixed an issue the management command to garbage-collect uploaded files that are no longer used in a message was not running in cron.
  • Fixed noticeable lag when marking messages as unread in the web app.
  • Fixed a bug that could cause duplicate mobile push notifications.
  • Fixed several error handling issues with the data export process.
  • Fixed several subtle issues affecting certain container runtimes.
  • Added support for configurable hooks to be run when upgrading the Zulip server.
  • Added support for using TLS to secure the RabbitMQ connection.
  • The Zulip API now includes a ignored_parameters_unsupported field to help client developers debug when they are attempting to use a parameter that the Zulip server does not support.
  • Migrated web application error reporting to use Sentry.
  • Significant portions of the original Bootstrap CSS framework have been deleted. This is an ongoing project.
  • Converted many JavaScript modules to TypeScript.
  • Reorganized the codebase, with new web/, help/, and api_docs/ top-level directories.
  • Upgraded many third-party dependencies, including to Django 4.2 LTS.

Upgrade notes for 7.0

  • When the S3 storage backend is used for storing file uploads, those contents are now fetched by nginx, cached locally on the server, and served to clients; this lets clients cache the contents, and saves them a redirect. However, it may require administrators adjust the size of the server's cache if they have a large deploy; see the documentation.
  • Removed the application_server.no_serve_uploads setting in /etc/zulip/zulip.conf, as all uploads requests go through Zulip now.
  • Installations using the previously undocumented JWT authentication feature will need to make minor adjustments in the format of JWT requests; see the documentation for details on the new format.
  • High volume log files like server.log are now by default retained for 14 days, configured via the access_log_retention_days deployment option. This replaces a harder to understand size-based algorithm that was not easily configurable.
  • The URL patterns for linkifiers have been migrated from a custom format string to RFC 6570 URL templates. A database migration will automatically migrate existing linkifiers correctly in the vast majority of cases, but some fancier linkfiers may require manual adjustment to generate correct URLs following this upgrade.
  • PostgreSQL 11 is no longer supported; if you are currently using it, you will need to upgrade PostgreSQL before upgrading Zulip.
  • Installations that deploy Zulip behind a reverse proxy should make sure the proxy is configured to set the X-Forwarded-Proto HTTP header, and that loadbalancer.ips is accurate for the reverse proxy's IP; the documentation has updated its example configurations.
  • Zulip's Twitter preview integration has been disabled due to Twitter desupporting the API that it relied on.

7.0-beta3

10 months ago

7.0-beta3 -- 2023-05-29

This section is an incomplete draft of the release notes for the next major release, and is only updated occasionally. See the [commit log][commit-log] for an up-to-date list of all changes.

Highlights

  • Many significant visual changes as part of Zulip's ongoing redesign project, including message feed headers, background color, mention colors, dates and times, compose box banners, icons, and tooltips. Many further improvements are planned for future releases.
  • Added support for unmuting a topic in a muted stream, previously the 4th most upvoted GitHub issue.
  • Redesigned the permissions settings for message editing, topic editing, and moving topics to have a cleaner model.
  • New compose box features: Scheduling a message to be sent later, a nicer stream picker, and the ability to switch between stream and private messages.
  • Numerous improvements to the Help Center, including documentation for how to complete many common tasks in the Zulip mobile apps.
  • Redesigned the interface and permissions model for moving topics to be independent from message content editing, providing a cleaner experience and better configurability.
  • Renamed "Private messages" to "Direct messages" across the user interface, including search operators. We expect further API changes to be integrated gradually over coming releases due to backwards compatibility considerations.
  • Added a new personal privacy setting for to what extent the user's email address should be shared with other users in the organization; previously this was solely controlled by organization administrators. This is presented to the user during account creation, including for users imported from other chat products.
  • Added support for the upcoming Debian 12 release.

Full feature changelog

  • Added full support for using JWT authentication to integrate Zulip with another application.
  • Added support for SAML Single-Logout initiated by the Zulip server (SP-initiated Single Logout).
  • Added new stream setting controlling which users can remove other subscribers from the stream.
  • Added new setting to control when messages are marked as read when scrolling.
  • Added notification bot messages when another user adds you to or removes you from a user group.
  • Added additional confirmation dialogs for actions deserving caution, including marking all messages as read, removing the last user from a private stream, and disabling all notifications for direct messages.
  • Added support for Postgres 15, and removed support for Postgres 11.
  • Added new z keyboard shortcut to view a message in context.
  • Added new = keyboard shortcut to upvote an existing emoji reaction.
  • Changed the s keyboard shortcut to be a toggle, replacing the previous model that required both s and S keyboard shortcuts.
  • Clarified automated notifications when moving and resolving topics.
  • New webhook integrations: Rundeck.
  • Reworked linkifiers to use URL templates for the URL patterns.
  • Improved left sidebar to show more topics within the current stream, and more private message converations, especially when many are unread.
  • Reworked the internals of the main message feed scrollbar, fixing several longstanding bugs.
  • Improved many interaction details in the settings subsystem, including how files are uploaded, hover behaviors, etc.
  • Improved the logged out experience to suggest logging in to see more streams in the left sidebar.
  • Improved many subtle details of compose box autocomplete, file uploads, and error handling. Browser undo now works more consistently in the compose box.
  • Improved subscriber management in stream settings to support sorting users and seeing their user cards after a click.
  • Improved previously unspecified behavior when multiple overlapping linkifiers applied to syntax within a message.
  • Improved subject lines for email notifications in topics that have been resolved so that email clients will thread them with the pre-resolution topic.
  • Improved the Slack incoming integration's handling of fancier Slack syntax.
  • Improved notification format for most Git integrations.
  • Improved onboarding emails with better content and links to guides.
  • Improved how uploaded files are served with the S3 file uploads backend to better support browser caching.
  • Improved the instructions for data imports from third-party tools to be much more detailed.
  • Improved the web application's main loading indicator.
  • Improved the visuals of todo and poll widgets.
  • Improved the content of onboarding emails.
  • Improved default for whether to include the Zulip realm name in the subject line of email notifications.
  • Improved rendering format for emoji inside headings.
  • Improved performance of rendering message views.
  • Improved capabilities of compliance exports, including new CSV format.
  • Fixed missing localization for dates/times in the message feed.
  • Fixed a subtle issue causing files uploaded via the incoming email gateway to not be viewable.
  • Fixed a subtle compose box issue that could cause a message to be sent twice.
  • Fixed several subtle bugs involving messages that failed to send.
  • Fixed several subtle bugs in message feed loading and rendering.
  • Fixed several subtle live-update bugs involving moving messages.
  • Fixed several error handling bugs in the message edit UI.
  • Fixed an issue where newly created users could get email notifications for messages from Welcome Bot.
  • Fixed an issue the management command to garbage-collect uploaded files that are no longer used in a message was not running in cron.
  • Fixed noticeable lag when marking messages as unread in the web app.
  • Fixed a bug that could cause duplicate mobile push notifications.
  • Fixed several error handling issues with the data export process.
  • Fixed several subtle issues affecting certain container runtimes.
  • Added support for configurable hooks to be run when upgrading the Zulip server.
  • Added support for using TLS to secure the RabbitMQ connection.
  • The Zulip API now includes a ignored_parameters_unsupported field to help client developers debug when they are attempting to use a parameter that the Zulip server does not support.
  • Migrated web application error reporting to use Sentry.
  • Significant portions of the original Bootstrap CSS framework have been deleted. This is an ongoing project.
  • Converted many JavaScript modules to TypeScript.
  • Reorganized the codebase, with new web/, help/, and api_docs/ top-level directories.
  • Upgraded many third-party dependencies, including to Django 4.2 LTS.

Upgrade notes for 7.0

  • When the S3 storage backend is used for storing file uploads, those contents are now fetched by nginx, cached locally on the server, and served to clients; this lets clients cache the contents, and saves them a redirect. However, it may require administrators adjust the size of the server's cache if they have a large deploy; see the documentation.
  • Removed the application_server.no_serve_uploads setting in /etc/zulip/zulip.conf, as all uploads requests go through Zulip now.
  • Installations using the previously undocumented JWT authentication feature will need to make minor adjustments in the format of JWT requests; see the documentation for details on the new format.
  • High volume log files like server.log are now by default retained for 14 days, configured via the access_log_retention_days deployment option. This replaces a harder to understand size-based algorithm that was not easily configurable.
  • The URL patterns for linkifiers have been migrated from a custom format string to RFC 6570 URL templates. A database migration will automatically migrate existing linkifiers correctly in the vast majority of cases, but some fancier linkfiers may require manual adjustment to generate correct URLs following this upgrade.
  • PostgreSQL 11 is no longer supported; if you are currently using it, you will need to upgrade PostgreSQL before upgrading Zulip.
  • Installations that deploy Zulip behind a reverse proxy should make sure the proxy is configured to set the X-Forwarded-Proto HTTP header; the documentation has updated example configuration.
  • Zulip's Twitter preview integration has been disabled due to Twitter desupporting the API that it relied on.

6.2

11 months ago

6.2 -- 2023-05-19

  • CVE-2023-28623: Fixed a vulnerability that would allow users to sign up for a Zulip Server account with an unauthorized email address, despite the server being configured to require that email addresses be in LDAP. Specifically, if the organization permissions don't require invitations to join, and the only configured authentication backends were ZulipLDAPAuthBackend and some other external authentication backend (any aside from ZulipLDAPAuthBackend and EmailAuthBackend), then an unprivileged remote attacker could have created a new account in the organization with an arbitrary email address in their control that was not in the organization's LDAP directory.
  • CVE-2023-32677: Fixed a vulnerability which allowed users to invite new users to streams when inviting them to the server, even if they did not have permission to invite existing users to streams. This did not allow users to invite others to streams that they themselves were not a member of, and only affected deployments with the rare configuration of a permissive realm invitation policy and a strict stream invitation policy.
  • Fixed a bug that could cause duplicate push notifications when using the mobile push notifications service.
  • Fixed several bugs in the Zulip server and PostgreSQL version upgrade processes.
  • Fixed multiple Recent conversations display bugs for private message conversations.
  • Fixed the left sidebar stream list exiting “more topics” during background re-rendering, and a related rendering bug.
  • Fixed a bug where uploaded files sent via the email gateway were not correctly associated with the message’s sender.
  • Improved error handling for certain puppet failures.
  • Silenced a distracting caniuse browserlist warning in install/upgrade output.
  • Simplified UI for inviting new users to make it easy to select the default streams.
  • Fixed GPG check error handling for PGroonga apt repository.
  • Documented how to manage email address changes when using the LDAP backend.
  • Documented how to use SMTP without authentication.
  • Documented that the Zulip mobile/desktop apps now only support Zulip Server 4.0 and newer (released 22 months ago), following our 18-month support policy.
  • Extracted the documentation on modifying Zulip to a dedicated page.
  • Added a new send_welcome_bot_message management command, to allow the sysadmin to send Welcome Bot messages manually after a data import.
  • Added new RABBITMQ_USE_TLS and RABBITMQ_PORT settings for installations wanting to configure the RabbitMQ connection with a remote RabbitMQ host.
  • Added a new timesync deployment option to allow installations to override Zulip’s default of chrony for time synchronization.
  • Upgraded dependencies for security and bug fixes.

7.0-beta2

11 months ago

7.0-beta2 -- 2023-05-11

This section is an incomplete draft of the release notes for the next major release, and is only updated occasionally. See the [commit log][commit-log] for an up-to-date list of all changes.

Highlights

  • Many significant visual changes as part of Zulip's ongoing redesign project, including message feed headers, background color, mention colors, dates and times, compose box banners, icons, and tooltips. Many further improvements are planned for future releases.
  • Added support for unmuting a topic in a muted stream, previously the 4th most upvoted GitHub issue.
  • Redesigned the permissions settings for message editing, topic editing, and moving topics to have a cleaner model.
  • New compose box features: Scheduling a message to be sent later, a nicer stream picker, and the ability to switch between stream and private messages.
  • Numerous improvements to the Help Center, including documentation for how to complete many common tasks in the Zulip mobile apps.
  • Redesigned the interface and permissions model for moving topics to be independent from message content editing, providing a cleaner experience and better configurability.
  • Renamed "Private messages" to "Direct messages" across the user interface, including search operators. We expect further API changes to be integrated gradually over coming releases due to backwards compatibility considerations.
  • Added a new personal privacy setting for to what extent the user's email address should be shared with other users in the organization; previously this was solely controlled by organization administrators. This is presented to the user during account creation.

Full feature changelog

  • Added full support for using JWT authentication to integrate Zulip with another application.
  • Added new stream setting controlling which users can remove other subscribers from the stream.
  • Added new setting to control when messages are marked as read when scrolling.
  • Added notification bot messages when another user adds you to or removes you from a user group.
  • Added additional confirmation dialogs for actions deserving caution, including marking all messages as read, removing the last user from a private stream, and disabling all notifications for direct messages.
  • Added support for deployment hooks to be run whenever the Zulip server is upgraded.
  • Added support for Postgres 15, and removed support for Postgres 11.
  • Added new z keyboard shortcut to view a message in context.
  • Added new = keyboard shortcut to upvote an existing emoji reaction.
  • Changed the s keyboard shortcut to be a toggle, replacing the previous model that required both s and S keyboard shortcuts.
  • Clarified automated notifications when moving and resolving topics.
  • New webhook integrations: Rundeck.
  • Reworked linkifiers to use URL templates for the URL patterns.
  • Improved left sidebar to show more topics within the current stream, and more private message converations, especially when many are unread.
  • Improved many interaction details in the settings subsystem, including how files are uploaded, hover behaviors, etc.
  • Improved the logged out experience to suggest logging in to see more streams in the left sidebar.
  • Improved many subtle details of compose box autocomplete, file uploads, and error handling. Browser undo now works more consistently in the compose box.
  • Improved subscriber management in stream settings to support sorting users and seeing their user cards after a click.
  • Improved previously unspecified behavior when multiple overlapping linkifiers applied to syntax within a message.
  • Improved subject lines for email notifications in topics that have been resolved so that email clients will thread them with the pre-resolution topic.
  • Improved the Slack incoming integration's handling of fancier Slack syntax.
  • Improved notification format for most Git integrations.
  • Improved onboarding emails with better content and links to guides.
  • Improved how uploaded files are served with the S3 file uploads backend to better support browser caching.
  • Improved the instructions for data imports from third-party tools to be much more detailed.
  • Improved the web application's main loading indicator.
  • Improved the visuals of todo and poll widgets.
  • Improved the content of onboarding emails.
  • Improved default for whether to include the Zulip realm name in the subject line of email notifications.
  • Improved rendering format for emoji inside headings.
  • Improved performance of rendering message views.
  • Improved capabilities of compliance exports, including new CSV format.
  • Fixed missing localization for dates/times in the message feed.
  • Fixed a subtle issue causing files uploaded via the incoming email gateway to not be viewable.
  • Fixed a subtle compose box issue that could cause a message to be sent twice.
  • Fixed several subtle bugs involving messages that failed to send.
  • Fixed several subtle bugs in message feed loading and rendering.
  • Fixed several subtle live-update bugs involving moving messages.
  • Fixed several error handling bugs in the message edit UI.
  • Fixed an issue where newly created users could get email notifications for messages from Welcome Bot.
  • Fixed an issue the management command to garbage-collect uploaded files that are no longer used in a message was not running in cron.
  • Fixed noticeable lag when marking messages as unread in the web app.
  • Fixed a bug that could cause duplicate mobile push notifications.
  • Added support for configurable hooks to be run when upgrading the Zulip server.
  • Added support for using TLS to secure the RabbitMQ connection.
  • The Zulip API now includes a ignored_parameters_unsupported field to help client developers debug when they are attempting to use a parameter that the Zulip server does not support.
  • Migrated web application error reporting to use Sentry.
  • Significant portions of the original Bootstrap CSS framework have been deleted. This is an ongoing project.
  • Converted many JavaScript modules to TypeScript.
  • Reorganized the codebase, with new web/, help/, and api_docs/ top-level directories.
  • Upgraded many third-party dependencies, including to Django 4.2 LTS.

Upgrade notes for 7.0

  • When the S3 storage backend is used for storing file uploads, those contents are now fetched by nginx, cached locally on the server, and served to clients; this lets clients cache the contents, and saves them a redirect. However, it may require administrators adjust the size of the server's cache if they have a large deploy; see the documentation.
  • Removed the application_server.no_serve_uploads setting in /etc/zulip/zulip.conf, as all uploads requests go through Zulip now.
  • Installations using the previously undocumented JWT authentication feature will need to make minor adjustments in the format of JWT requests; see the documentation for details on the new format.
  • High volume log files like server.log are now by default retained for 14 days, configured via the access_log_retention_days deployment option. This replaces a harder to understand size-based algorithm that was not easily configurable.
  • The URL patterns for linkifiers have been migrated from a custom format string to RFC 6570 URL templates. A database migration will automatically migrate existing linkifiers correctly in the vast majority of cases, but some fancier linkfiers may require manual adjustment to generate correct URLs following this upgrade.
  • PostgreSQL 11 is no longer supported; if you are currently using it, you will need to upgrade PostgreSQL before upgrading Zulip.

7.0-beta1

11 months ago

7.0-beta1 -- 2023-05-02

This section is an incomplete draft of the release notes for the next major release, and is only updated occasionally. See the [commit log][commit-log] for an up-to-date list of all changes.

Highlights

  • Many significant visual changes as part of Zulip's ongoing redesign project, including message feed headers, mention colors, dates and times, compose box banners, icons, and tooltips. Many further improvements are planned for future releases.
  • Added support for unmuting a topic in a muted stream, previously the 4th most upvoted GitHub issue.
  • Redesigned the permissions settings for message editing, topic editing, and moving topics to have a cleaner model.
  • New compose box features: Scheduling a message to be sent later, a nicer stream picker, and the ability to switch between stream and private messages.
  • Numerous improvements to the Help Center, including documentation for how to complete many common tasks in the Zulip mobile apps.
  • Redesigned the interface and permissions model for moving topics to be independent from message content editing, providing a cleaner experience and better configurability.
  • Renamed "Private messages" to "Direct messages" across the user interface, including search operators. We expect further API changes to be integrated gradually over coming releases due to backwards compatibility considerations.
  • Added a new personal privacy setting for to what extent the user's email address should be shared with other users in the organization; previously this was solely controlled by organization administrators. This is presented to the user during account creation.

Full feature changelog

  • Added full support for using JWT authentication to integrate Zulip with another application.
  • Added new stream setting controlling which users can remove other subscribers from the stream.
  • Added new setting to control when messages are marked as read when scrolling.
  • Added notification bot messages when another user adds you to or removes you from a user group.
  • Added additional confirmation dialogs for actions deserving caution, including marking all messages as read, removing the last user from a private stream, and disabling all notifications for direct messages.
  • Added support for deployment hooks to be run whenever the Zulip server is upgraded.
  • Added new z keyboard shortcut to view a message in context.
  • Added new = keyboard shortcut to upvote an existing emoji reaction.
  • Changed the s keyboard shortcut to be a toggle, replacing the previous model that required both s and S keyboard shortcuts.
  • Clarified automated notifications when moving and resolving topics.
  • New webhook integrations: Rundeck.
  • Reworked linkifiers to use URL templates for the URL patterns.
  • Improved left sidebar to show more topics within the current stream, and more private message converations, especially when many are unread.
  • Improved many interaction details in the settings subsystem, including how files are uploaded, hover behaviors, etc.
  • Improved the logged out experience to suggest logging in to see more streams in the left sidebar.
  • Improved many subtle details of compose box autocomplete, file uploads, and error handling. Browser undo now works more consistently in the compose box.
  • Improved subscriber management in stream settings to support sorting users and seeing their user cards after a click.
  • Improved previously unspecified behavior when multiple overlapping linkifiers applied to syntax within a message.
  • Improved subject lines for email notifications in topics that have been resolved so that email clients will thread them with the pre-resolution topic.
  • Improved the Slack incoming integration's handling of fancier Slack syntax.
  • Improved notification format for most Git integrations.
  • Improved onboarding emails with better content and links to guides.
  • Improved how uploaded files are served with the S3 file uploads backend to better support browser caching.
  • Improved the instructions for data imports from third-party tools to be much more detailed.
  • Improved the web application's main loading indicator.
  • Improved the visuals of todo and poll widgets.
  • Improved the content of onboarding emails.
  • Improved default for whether to include the Zulip realm name in the subject line of email notifications.
  • Improved rendering format for emoji inside headings.
  • Improved performance of rendering message views.
  • Improved capabilities of compliance exports, including new CSV format.
  • Fixed missing localization for dates/times in the message feed.
  • Fixed a subtle issue causing files uploaded via the incoming email gateway to not be viewable.
  • Fixed a subtle compose box issue that could cause a message to be sent twice.
  • Fixed several subtle bugs involving messages that failed to send.
  • Fixed an issue where newly created users could get email notifications for messages from Welcome Bot.
  • Fixed an issue the management command to garbage-collect uploaded files that are no longer used in a message was not running in cron.
  • Fixed noticeable lag when marking messages as unread in the web app.
  • Fixed a bug that could cause duplicate mobile push notifications.
  • Added support for configurable hooks to be run when upgrading the Zulip server.
  • Added support for using TLS to secure the RabbitMQ connection.
  • The Zulip API now includes a ignored_parameters_unsupported field to help client developers debug when they are attempting to use a parameter that the Zulip server does not support.
  • Migrated web application error reporting to use Sentry.
  • Significant portions of the original Bootstrap CSS framework have been deleted. This is an ongoing project.
  • Converted many JavaScript modules to TypeScript.
  • Reorganized the codebase, with new web/, help/, and api_docs/ top-level directories.
  • Upgraded many third-party dependencies, including to Django 4.2 LTS.

Upgrade notes for 7.0

  • When the S3 storage backend is used for storing file uploads, those contents are now fetched by nginx, cached locally on the server, and served to clients; this lets clients cache the contents, and saves them a redirect. However, it may require administrators adjust the size of the server's cache if they have a large deploy; see the documentation.
  • Removed the application_server.no_serve_uploads setting in /etc/zulip/zulip.conf, as all uploads requests go through Zulip now.
  • Installations using the previously undocumented JWT authentication feature will need to make minor adjustments in the format of JWT requests; see the documentation for details on the new format.
  • High volume log files like server.log are now by default retained for 14 days, configured via the access_log_retention_days deployment option. This replaces a harder to understand size-based algorithm that was not easily configurable.
  • The URL patterns for linkifiers have been migrated from a custom format string to RFC 6570 URL templates. A database migration will automatically migrate existing linkifiers correctly in the vast majority of cases, but some fancier linkfiers may require manual adjustment to generate correct URLs following this upgrade.

6.1

1 year ago

6.1 -- 2023-01-23

  • Fixed loading the web app on Safari 13 and lower.
  • Recent conversations now displays the “Participants” column for private messages too.
  • Fixed minor bugs in “Recent conversations” focus and re-rendering.
  • Fixed bugs that caused some unicode emoji to be incorrectly unavailable.
  • Fixed subtle display bugs rendering the left sidebar.
  • Fixed a bug causing the message feed to briefly show a “no matching messages” notice while loading.
  • Fixed a double escaping display bug when displaying user names in an error notice.
  • Fixed an unhandled exception when displaying user cards if the current user has an invalid timezone configured.
  • Fixed a subtle interaction bug with the compose box preview widget.
  • Added a workaround for a bug in Chromium affecting older versions of the Zulip desktop app that would cause horizontal lines to appear between messages.
  • Stopped clipping the tops of tall characters in stream and topic names.
  • Use internationalized form of “at” in message timestamps.
  • Updated translations.
  • Fixed the “custom” value for the “delay before sending message notification emails” setting.
  • Fixed an error which prevented users from changing stream-specific notification settings.
  • Fixed the redirect from /apps to https://zulip.com/apps/.
  • Started preserving timezone information in Rocket.Chat imports.
  • Updated the Intercom integration to return success on HEAD requests, which it uses to verify its configuration.
  • Documented how each rate limit category is used.
  • Documented the reset_authentication_attempt_count command for when users lock themselves out.
  • Documented the full S3 bucket policy for avatar and uploads buckets.
  • Clarified what the --email value passed to the installer will be used for.
  • Hid harmless "non-existent database" warnings during initial installation.
  • Forced a known locale when upgrading PostgreSQL, which avoids errors when using some terminal applications.
  • Verified that PostgreSQL was running after upgrading it, in case a previous try at an upgrade left it stopped.
  • Updated custom emoji migration 0376 to be a single SQL statement, and no longer crash when no active owners were found.
  • Replaced transifex-client internationalization library with new transifex-cli.
  • Began respecting proxy settings when installing shellcheck and shfmt tools.
  • Fixed the invitation code to signal a user data validation error, and not a server error, if an invalid “invite as” value was given.
  • Renamed internal exceptions to end with Error.

6.0

1 year ago

6.0 -- 2022-11-17

Highlights

  • Users can now mark messages as unread.
  • Added support for viewing read receipts, along with settings allowing both organizations and individual users to disable them.
  • Added new compose box button to navigate to the conversation being composed to, when that is different from the current view.
  • Added a scroll-to-bottom button, analogous to the End shortcut, that appears only when scrolling using the mouse.
  • Added support for up to 2 custom profile fields being highlighted in a user's profile summary popover, and added support for a new Pronouns custom field type designed to take advantage of it. Redesigned the custom profile fields administrative UI.
  • Redesigned the left sidebar to better organize pinned and inactive streams, highlight topics where the user was mentioned, and better advertise streams that the current user can subscribe to.
  • Redesigned the private messages experience in the left sidebar to make browsing conversations more ergonomic, with a similar usage pattern to browsing the topics within a stream.
  • Improved "Recent topics" and renamed it to "Recent conversations" with the addition of including private messages in the view. The timestamp links now go to the latest message in the topic, arrow key navigation was improved, topics containing unread mentions are now highlighted, as well as many other bug fixes or subtle improvements.
  • Messages containing 3 or fewer emoji reactions now display the names of reacting users alongside the emoji. This eliminates the need to mouse over emoji reactions to find out who reacted in the vast majority of cases.
  • Replaced the previous "Unavailable" status with a "Go invisible" feature that is more useful and intuitive.
  • The right sidebar now displays user status messages by default, with an optional compact design available.
  • The public access option was enhanced to skip the login page by default, support switching themes and languages, and add many other UI improvements.
  • Incoming webhook integrations now support filtering which classes of events are sent into Zulip; this can be invaluable when the third-party service doesn't support configuring which events to send to Zulip.
  • Added support for Ubuntu 22.04.
  • Removed support for Debian 10 and PostgreSQL 10 due to their approaching end-of-life upstream.
  • New integrations: Azure DevOps, RhodeCode, wekan.

Full feature changelog

  • Redesigned the message actions popover to be better organized.
  • Redesigned moving messages to have a cleaner, more consistent UI that is no longer combined with the message editing UI. One can now choose to send automated notices when moving messages within a stream, not only between streams.
  • Redesigned full user profiles to have a cleaner look and also display user IDs, which can be important when using the API. Users can now administer bot stream subscriptions from the bot's full profile.
  • Redesigned the gear menu to display basic details about the Zulip organization, server, and its version.
  • Redesigned several organization settings pages to have more consistent design.
  • Redesigned the footer for self-hosted Zulip servers. The footer now has just a few key links, rather than being almost identical to the footer for the zulip.com website.
  • Redesigned the 500 error pages for self-hosted Zulip servers to be clearer and link to the Zulip server troubleshooting guide.
  • Redesigned the interface for configuring message editing and deletion permissions to be easier to understand.
  • Added support for emoji added in unicode versions since 2017, which had previously been unavailable in Zulip. Users using the deprecated "Google blobs" emoji set are automatically migrated to the modern "Google" emoji set. The "Google blobs" emoji set remains available for users who prefer it, with any new emoji that were added to the Unicode standard since 2017 displayed in the modern "Google" style.
  • Added support for changing the role of bots in the UI; previously, this was only possible via the API.
  • Added confirmation modals for various destructive actions, such as deactivating bots.
  • Added new summary statistics on the organization analytics page. Fixed several bugs with the display of analytics graphs.
  • Added support for administrators sending a final email to a user as part of deactivating their Zulip account.
  • Added API endpoint to get a single stream by ID.
  • Added beta support for user groups to have subgroups, and for some permissions settings to be managed using user groups. Over the coming releases, we plan to migrate all Zulip permissions settings to be based on this more flexible groups-based system. We currently expect this migration to be fully backwards-compatible.
  • Added a new compliance export management command.
  • Zulip's automated emails use the X-Auto-Response-Suppress header to reduce auto-responder replies.
  • Changed various icons to be more intuitive. The bell-based icon for muted topics has been replaced by a more standard muted speaker icon.
  • Reworked how a new user's language is set to prefer their browser's configured language over the organization's configured language. This organization-level setting has been renamed to "Language for automated messages and invitation emails" to reflect what it actually does following this change.
  • Organized the Drafts panel to prioritize drafts matching the current view.
  • Added an automated notification to the "stream events" topic when changing a stream's privacy settings.
  • Added support for conveniently overriding the default rate-limiting rules.
  • Improved the search typeahead to show profile pictures for users.
  • Improved typeahead matching algorithm for stream/user/emoji names containing multiple spaces and other corner cases.
  • Improved the help center, including better display of keyboard shortcuts, mobile documentation for common workflows and many polish improvements.
  • Improved API documentation, including a new page on roles and permissions, an audit to correct missing Changes entries, and new documentation for several previously undocumented endpoints.
  • Improved Python static type-checking to make use of Django stubs for mypy, fixing many minor bugs in the process.
  • Improved RealmAuditLog to cover several previously unauditable changes.
  • Improved the experience for users who have not logged in for a long time, and receive an email or push notification about a private message or personal mention. These users are now automatically soft reactivated at the time of the notification, for a smoother experience when they log in.
  • Improved the Tornado server-to-client push system's sharding system to support realm regular expressions and experimental support for splitting a single realm across multiple push server processes.
  • Improved user deactivation modal to provide details about bots and invitations that will be disabled.
  • Improve matching algorithm for left sidebar stream filtering.
  • Improved several integrations, including CircleCI, Grafana, Harbor, NewRelic, and the Slack compatible incoming webhook. Git webhooks now use a consistent algorithm for choosing shortened commit IDs to display.
  • Improved mention typeahead and rendering for cases where mention syntax appears next to symbols.
  • Improved browser window titles used by the app to be clearer.
  • Improved the language in message notification emails explaining why the notification was sent.
  • Improved interface for accessing stream email addresses.
  • Reordered the organization settings panels to be more intuitive.
  • Increased timeout for processing slow requests from 20s to 60s.
  • Removed the "user list in left sidebar in narrow windows" setting.
  • Removed limits that prevented replying to Zulip email notifications multiple times or, several days after receiving them.
  • Fixed numerous bugs and performance issues with the Rocket.Chat data import tool. Improved importing emoji from Slack.
  • Fixed several bugs where drafts could fail to be saved.
  • Fixed a bug where copy-paste would incorrectly copy an entire message.
  • Fixed the app's main loading page to not suggest reloading until several seconds have passed.
  • Fixed multiple bugs that could cause the web app to flood the server with requests after the computer wakes up from suspend.
  • Fixed a bug where public streams imported from other chat systems could incorrectly be configured as public streams without shared history, a configuration not otherwise possible in Zulip.
  • Fixed several subtle bugs involving editing custom profile field configuration.
  • Fixed several bugs involving compose box keyboard shortcuts.
  • Fixed dozens of settings UI interaction design bugs.
  • Fixed subtle caching bugs in the URL preview system.
  • Fixed several rare race conditions in the server implementation.
  • Fixed many CSS corner cases issues involving content overflowing containers.
  • Fixed entering an emoji in the mobile web app using an emoji keyboard.
  • Fixed Enter being processed incorrectly when inputting a character into Zulip phonetically via an IME composing session.
  • Fixed several subtle bugs with confirmation links.
  • Fixed a subtle performance issue for full-text search for uncommon words.
  • Fixed the estimator for the size of public data exports.
  • Fixed "mark all as read" requiring a browser reload.
  • Major improvements to our documentation for setting up the development environment and for joining the project as a new contributor.
  • Extracted several JavaScript modules to share code with the mobile app.
  • Replaced several Python linters with Ruff, an incredibly fast Python linter written in Rust.
  • Upgraded many third-party dependencies including Django 4.1, and substantially modernized the Python codebase.

Upgrade notes for 6.0

  • Installations using [docker-zulip][docker-zulip] will need to upgrade Postgres before upgrading to Zulip 6.0, because the previous default of Postgres 10 is no longer supported by this release.
  • Installations using the AzureAD authentication backend will need to update /etc/zulip/zulip-secrets.conf after upgrading. The azure_oauth2_secret secret was renamed to social_auth_azuread_oauth2_secret, to match our other external authentication methods.
  • This release contains an expensive migration, 0419_backfill_message_realm, which adds data to a new realm column in the message table. Expect it to run for 10-15 minutes per million messages in the database. The new column is not yet used in this release, so this migration can be run in the background for installations hoping to avoid extended downtime.
  • Custom profile fields with "Pronouns" in their name and the "short text" field type were converted to the new "Pronouns" field type.

5.7

1 year ago

5.7 -- 2022-11-16

  • CVE-2022-41914: Fixed the verification of the SCIM account management bearer tokens to use a constant-time comparator. Zulip Server 5.0 through 5.6 checked SCIM bearer tokens using a comparator that did not run in constant time. For organizations with SCIM account management enabled, this bug theoretically allowed an attacker to steal the SCIM bearer token, and use it to read and update the Zulip organization’s user accounts. In practice, this vulnerability may not have been practical or exploitable. Zulip Server installations which have not explicitly enabled SCIM are not affected.
  • Fixed an error with deactivating users with manage.py sync_ldap_user_data when LDAP_DEACTIVATE_NON_MATCHING_USERS was enabled.
  • Fixed several subtle bugs that could lead to browsers reloading repeatedly when the server was updated.
  • Fixed a live-update bug when changing certain notifications settings.
  • Improved error logs when sending push notifications to the push notifications service fails.
  • Upgraded Python requirements.

6.0-rc1

1 year ago

Release Zulip Server 6.0-rc1.