Security Release

Zammad 6.5.2

· Zammad 6.5.2 addresses three vulnerabilities. For self-hosted environments, an immediate update is strongly advised.

Read on for all the details:

Insertion of Sensitive Data into Log File

The admin interface of Zammad wrote sensitive details, such as private keys, certificates, and passphrases, to the Rails log file.

🏠 Self-hosted users: We strongly recommend updating immediately. Additionally, please review your existing logs — and any connected systems that process them — to identify and clean up potentially exposed data.

☁️ SaaS users: No action is required. We’ve already taken the necessary steps on our end.

📖 For more details, please refer to the Security Advisory ZAA-2025-07.

Incorrect Access Control

Logging subsystem (HttpLog) API access control is now more fine grained. In the past, any admin.* permission was sufficient to access this data. Now, only the relevant parts can be accessed (e.g. admin.webhook).

🏠 For self hosted installations, we strongly advise admins to update their system to Zammad 6.5.2.

☁️ For our SaaS customers, there’s nothing you need to worry about: we’ve already taken care of everything for you.

📖 For more details, please refer to the Security Advisory ZAA-2025-08.

Insecure Storage of Sensitive Information

Logging subsystem (HttpLog) would store complete requests in the database, including sensitive information like tokens, secrets, etc. This was prevented and existing HttpLog records were cleaned up.

🏠 Self-hosted installations: Please update your system to apply the fix and prevent further exposure.

☁️ SaaS users: You’re already protected — no further action needed.

📖 For more details, please refer to the Security Advisory ZAA-2025-09.

Technical Requirements

Please note that you must meet the following browser requirements to use this version:

  • Chrome: 83
  • Firefox: 78
  • Explorer: 11
  • Safari: 11
  • Opera: 69
  • Edge: 83

Advisories

ZAA-2025-07
ZAA-2025-08
ZAA-2025-09

Download Zammad 6.5.2

All improvements can be found in the Changelog.

Packages

Source code

Upgrade

Here you can find information on upgrading your Zammad installation:

Signup
Together we turn your customers into fans.
Start free trial!