Security Release

Zammad 6.4.1

· This release note provides a very important security patch. All self-hosted instances must be updated immediately.

Please read on for details:

Security Patch 🔐

Zammad stores its configuration settings in the database, and changes to these settings are logged for auditing purposes. Previously, all setting values—including sensitive data such as tokens and secrets—were included in the log entries. This has now been changed to ensure sensitive settings are filtered out, so their actual values are no longer logged.

🚨 Action required: Administrators are advised to review log files, backups and any systems that process log data and take appropriate action to secure or remove sensitive information.

📖 For more details, please refer to the Security Advisory: ZAA-2024-05

Note:
🏠 Self-hosted users: Please update to version 6.4.1 immediately to ensure your system remains secure.

☁️ Hosted customers do not have to take any actions, the issue has been resolved on SaaS already.

🚨 Important Announcements

Unified Search Endpoints
With the next release, all search endpoints (/:object/search) will be revised, extended and unified. This will also result in breaking changes in the existing endpoints. Full details will be outlined in the upcoming release notes.

Changes to Merged States in Next Release
In the upcoming release, having more than one state of the "merged" type will no longer be supported. Additional states will be changed to the closed type automatically with that update. If you want to prevent that, make sure to only have one state of the type merged before you make an update to the next release.

Technical Requirements

Please note that you must meet the following browser requirements to use this version:

  • Chrome: 83
  • Firefox: 78
  • Explorer: 11
  • Safari: 11
  • Opera: 69
  • Edge: 83

Advisory

ZAA-2024-05

Download Zammad 6.4.1

All improvements can be found in the Changelog.

Source code

Packages

Upgrade
Here you can find information on upgrading your Zammad installation:

Signup
Together we turn your customers into fans.
Start free trial!