Security Release

Zammad 6.3.1

· This release note includes a very important security patch. All self-hosted instances should be updated immediately.

Please read on for details:

Security Patch 🔐

A Ruby gem bundled by Zammad was installed with world-writable file permissions. This allowed a local attacker to modify these files and inject arbitrary code into the Zammad processes running with the Zammad user's environment and permissions.
Find the Advisory here: ZAA-2024-04

In addition, the Ruby version in use has been updated from version 3.2.3 to 3.2.4 due to a security release.

🏠 If you're using Zammad on-premise please update to 6.3.1 as soon as possible. The Ruby 3.2.4 security update must also be carried out locally for source code installations.

☁️ Hosted instances will be updated automatically, so there is no action required from your side.

Technical Requirements

Please note that you must meet the following browser requirements to use this version:

  • Chrome: 83
  • Firefox: 78
  • Explorer: 11
  • Safari: 11
  • Opera: 69
  • Edge: 83



Download Zammad 6.3.1

All improvements can be found in the Changelog.

Source code


Here you can find information on upgrading your Zammad installation:

Together we turn your customers into fans.
Start free trial!
All releases and news directly in your inbox.
Subscribe to the newsletter