Security Release
Zammad 6.5.1
· Important security updates are included in this release. All self-hosted instances must be updated immediately.
Please read on for details:
Incorrect Access Control in Knowledge Base
A permission issue was identified where agents could see titles of Knowledge Base articles they didn’t have permission to access when using the global search. While the article content remained protected, these entries should not have been visible at all. This has now been corrected.
📖 For more details, please refer to the Security Advisory ZAA-2025-05.
HTML Injection
Various sections of the Zammad front end failed to perform the correct HTML escape function when outputting data. This could have allowed HTML injection in the browser. However, execution of JavaScript code was correctly prevented by Content Security Policy.
📖 For more details, please refer to the Security Advisory ZAA-2025-06.
🎥 Prefer video over text?
No problem! In his latest YouTube video, Marcel – aka That Helpdesk Guy – takes you on a quick, clear, and slightly nerdy tour of the latest security release.
Technical Requirements
Please note that you must meet the following browser requirements to use this version:
- Chrome: 83
- Firefox: 78
- Explorer: 11
- Safari: 11
- Opera: 69
- Edge: 83
Advisories
Download Zammad 6.5.1
All improvements can be found in the Changelog.
Packages
Source code
- ftp.zammad.com/zammad-6.5.1.tar.bz2
(fe9b2e645f8ecb8bb1b090d8aa61a846) - ftp.zammad.com/zammad-6.5.1.tar.gz
(9e2789a9f54f06166332cf78d4011b64) - ftp.zammad.com/zammad-6.5.1.zip
(33da8a7755fff7e6787b88cf109d489a)
Upgrade
Here you can find information on upgrading your Zammad installation: