Security Release
Zammad 5.4.1
· This release note includes a very important security patch. All self-hosted instances should be updated immediately.
Please read on for details:
Security Patch
An attacker could send manipulated data to the Zammad API to sign up with an arbitrary email address, bypassing the email verification step and manipulating the data of the generated user. In some scenarios this could lead to gaining unauthorized access to existing tickets.
Find the Advisory here: ZAA-2023-03
Note:
🏠 If you're using Zammad on-premise please update to 5.4.1 as soon as possible.
☁️ Hosted instances will be updated automatically, so there is no action required from your side.
🚨 Important Announcements
Mandatory Redis Dependency
Starting with Zammad version 6.0 there will be a fixed dependency on Redis. This means Redis will be necessary to run Zammad. The reason for this is our new tech stack, which requires Redis from version 6.0 onwards. We will update the documentation with all important information regarding the installation.
Note: Hosted customers do not need to do anything regarding this change!
Health Check API Changes
Starting with Zammad 6.0, the "health check" monitoring API at /api/v1/monitoring/health_check will no longer echo the used authentication token in the response payload.
Excel Export Format Change
Starting with Zammad version 6.0, all Excel exports will be exported exclusively in xlsx format. The original xls format will no longer be supported.
MySQL Deprecation
Zammad is designed to provide our users with a secure and stable platform that delivers a convincing performance. For this, the choice of supported database systems is crucial. After much deliberation and based on our many years of experience, we have decided that Zammad will only support PostgreSQL as a database in the future. However, this change will be relevant from Zammad Version 7.0.
Until then, no new installations should be set up with MySQL/MariaDB. Existing systems will continue to be supported but must be migrated to PostgreSQL until the release of Zammad 7. For this purpose, we have provided a detailed migration guide that can be used to migrate existing systems to PostgreSQL free of charge.
This decision was not easy for us. Nevertheless, it is necessary to further develop Zammad with reasonable effort and to keep it reliable also in the future.
Internet Explorer 11 Support
Starting with Zammad version 7.0, Internet Explorer 11 will no longer be supported.
Are you waiting for a certain feature? 🤨
If you're missing something, we're sorry to hear that. Our list of feature requests is very long and ever-growing. In order to speed up the process and put your favourite feature on the fast track, by becoming a Feature Sponsor. Just reach out to us and let's make it happen!
Technical Notes
Please note that you will need to fulfil the following browser prerequisites in order to use this version:
- Chrome: 83
- Firefox: 78
- Explorer: 11
- Safari: 11
- Opera: 69
- Edge: 83
Advisories
Download Zammad 5.4.1
You will find all improvements in the Changelog.
Source code
- ftp.zammad.com/zammad-5.4.1.tar.bz2 (603f0a8047fca4f76cbcc5e0ddbf5bc6)
- ftp.zammad.com/zammad-5.4.1.tar.gz (425943bb168cb04d2c945479fb02fd09)
- ftp.zammad.com/zammad-5.4.1.zip (39749ed277928e77139e367bd520d065)
Packages
Upgrade
You can find information on an update of your Zammad installation here: