Security Release

Zammad 6.5.1

ยท Important security updates are included in this release. All self-hosted instances must be updated immediately.

Please read on for details:

Incorrect Access Control in Knowledge Base

A permission issue was identified where agents could see titles of Knowledge Base articles they didnโ€™t have permission to access when using the global search. While the article content remained protected, these entries should not have been visible at all. This has now been corrected.

๐Ÿ“– For more details, please refer to the Security Advisory ZAA-2025-05.

HTML Injection

Various sections of the Zammad front end failed to perform the correct HTML escape function when outputting data. This could have allowed HTML injection in the browser. However, execution of JavaScript code was correctly prevented by Content Security Policy.

๐Ÿ“– For more details, please refer to the Security Advisory ZAA-2025-06.

๐ŸŽฅ Prefer video over text?

No problem! In his latest YouTube video, Marcel โ€“ aka That Helpdesk Guy โ€“ takes you on a quick, clear, and slightly nerdy tour of the latest security release.

๐Ÿ‘‰ Watch the video

Technical Requirements

Please note that you must meet the following browser requirements to use this version:

  • Chrome: 83
  • Firefox: 78
  • Explorer: 11
  • Safari: 11
  • Opera: 69
  • Edge: 83

Advisories

ZAA-2025-05
ZAA-2025-06

Download Zammad 6.5.1

All improvements can be found in the Changelog.

Packages

Source code

Upgrade

Here you can find information on upgrading your Zammad installation:

Signup
Together we turn your customers into fans.
Start free trial!