CVE-2021-3866: XSS in stream names

1 · Zulip · Jan. 19, 2022, 5:29 a.m.
This is an important security announcement for Zulip installations running the main (development) branch of the Zulip server. The main branch of Zulip Server, since a commit merged on December 4th, was vulnerable to a stored cross-site scripting vulnerability in stream names. A malicious user with permission to create or...