Security Release

Zammad 6.3.1

· This release note includes a very important security patch. All self-hosted instances should be updated immediately.

Please read on for details:

Security Patch 🔐

A Ruby gem bundled by Zammad was installed with world-writable file permissions. This allowed a local attacker to modify these files and inject arbitrary code into the Zammad processes running with the Zammad user's environment and permissions.
Find the Advisory here: ZAA-2024-04

In addition, the Ruby version in use has been updated from version 3.2.3 to 3.2.4 due to a security release.

Note:
🏠 If you're using Zammad on-premise please update to 6.3.1 as soon as possible. The Ruby 3.2.4 security update must also be carried out locally for source code installations.

☁️ Hosted instances will be updated automatically, so there is no action required from your side.

Technical Requirements

Please note that you must meet the following browser requirements to use this version:

  • Chrome: 83
  • Firefox: 78
  • Explorer: 11
  • Safari: 11
  • Opera: 69
  • Edge: 83

Advisory

ZAA-2024-04

Download Zammad 6.3.1

All improvements can be found in the Changelog.

Source code

Packages

Upgrade
Here you can find information on upgrading your Zammad installation:

Signup
Together we turn your customers into fans.
Start free trial!
Newsletter
All releases and news directly in your inbox.
Subscribe to the newsletter