4.11
版本发布时间: 2022-03-16 05:03:18
zulip/zulip最新发布版本:9.2(2024-09-13 05:09:15)
- CVE-2022-24751: Zulip Server 4.0 and above were susceptible to a
race condition during user deactivation, where a simultaneous access
by the user being deactivated may, in rare cases, allow continued
access by the deactivated user. This access could theoretically
continue until one of the following events happens:
- The session expires from memcached; this defaults to two weeks, and is controlled by SESSION_COOKIE_AGE in /etc/zulip/settings.py
- The session cache is evicted from memcached by other cached data.
- The server is upgraded, which clears the cache.
- Updated translations.
1、 zulip-server-4.11.tar.gz 80.94MB