Security Release
Zammad 5.0.2
· Heads up to all self-hosted users! ⚡
A critical new issue has been discovered and an update is essential. Please read below for details:
Security Patch Level Release 🔐
It has been brought to our attention that certain LDAP configurations might allow for unauthorized access to Zammad.
That's why it is crucial that all installations using LDAP authentication update to Zammad 5.0.2, which will implement a hot fix.
Note: 🏠 Hosted instances will be updated automatically, so there is no action required from your side.
Earlier versions, prior to Zammad 5.0, are not affected by this vulnerability.
Advisory
You can find the corresponding advisory here:
Downloads
You will find all improvements in the Changelog.
Download Zammad 5.0.2
Changelog (2021-10-28)
Source code
- ftp.zammad.com/zammad-5.0.2.tar.bz2 (md5:82d25e5f2ade481eaeb7c2498c1f76ad)
- ftp.zammad.com/zammad-5.0.2.tar.gz (md5:e3aae3558989805405b7924f8ecf376b)
- ftp.zammad.com/zammad-5.0.2.zip (md5:d85d22cfd17ed9b1680feed6992718f7)
Packages
Upgrade
You can find information on an upgrade of your Zammad installation here:
Notes
Node.js dependency
Please note that starting with Zammad 5.0 you'll need Node.js to run 'rake assets:precompile'.
This affects all source code installations and those who change javascript or stylesheet files in Zammad.
Find out more in our documentation.
Browser Deprecation List: Required for the upcoming Zammad version 5.1.0
- Chrome: 83
- Firefox: 78
- Explorer: 11
- Safari: 11
- Opera: 69
- Edge: 83