After upgrading to Zammad 5.0, a few users with special constellations noticed an unwelcome change: They suddenly saw tickets in the Overview that belonged to groups they were not a part of. While the tickets as such were not accessible to them (they could only see the metadata), it still represents a flaw from a privacy and security perspective. 🆘
We have already put a fix in place which is fully deployed. So what does that mean for you? Here's what actions (if any) you should take.
🏠 If you're using Zammad on-prem
If you are self-hosting Zammad and you have already performed an upgrade to Zammad 5.0, please ensure to install the new security release as well. ☝️
If you have not yet upgraded to Zammad 5.0, you can jump right to 5.0.1 when you're ready.
☁️ If you're using a hosted version of Zammad
Great - then you don't have to do anything! 😎 We're updating all hosted instances, which should be completed by end-of-day on Friday, October 8, 2021.
You can find the corresponding advisory here:
You will find all improvements in the Changelog.
You can find information on an upgrade of your Zammad installation here:
Please note that starting with Zammad 5.0 you'll need Node.js to run 'rake assets:precompile'.
Find out more in our documentation.
Browser Deprecation List: Required for Zammad 5.1.0
- Chrome: 83
- Firefox: 78
- Explorer: 11
- Safari: 11
- Opera: 69
- Edge: 83