Zulip server and webapp - powerful open source team chat


Zulip overview

Zulip is a powerful, open source group chat application that combines the immediacy of real-time chat with the productivity benefits of threaded conversations. Zulip is used by open source projects, Fortune 500 companies, large standards bodies, and others who need a real-time chat system that allows users to easily process hundreds or thousands of messages a day. With over 700 contributors merging over 500 commits a month, Zulip is also the largest and fastest growing open source group chat project.

CircleCI branch coverage status Mypy coverage code style: black code style: prettier GitHub release docs Zulip chat Twitter

Getting started

Click on the appropriate link below. If nothing seems to apply, join us on the Zulip community server and tell us what's up!

You might be interested in:

You may also be interested in reading our blog or following us on Twitter. Zulip is distributed under the Apache 2.0 license.

  • bugdown: Change youtube preview to show name of video instead of link.

    bugdown: Change youtube preview to show name of video instead of link.

    Currently our youtube previews look like image

    And it would be better if they looked like image

    (namely, the url is replaced by a link with the name as the text of the link).

    I think you can find the relevant code by grepping for youtube in zerver/lib/bugdown/__init__.py.

    help wanted good first issue area: markdown 
    opened by rishig 97
  • In Development environment setup instructions, make external links open in a new tab

    In Development environment setup instructions, make external links open in a new tab

    The instructions for setting up the Zulip development environment contain links to external sites for downloads and/or supplemental instructions (e.g. setting up ssh keys for GitHub). After clicking these links, the reader needs to get back to the overall setup instructions in order to continue to the next step of the process. In order to make it easier, it would be better to have these external links default to opening in a new tab.

    Known pages where this would be desirable: https://zulip.readthedocs.io/en/latest/development/setup-vagrant.html https://zulip.readthedocs.io/en/latest/development/setup-advanced.html#installing-directly-on-ubuntu-debian-centos-or-fedora https://zulip.readthedocs.io/en/latest/development/setup-advanced.html#installing-directly-on-windows-10-with-wsl-2

    It may be worth looking around to see if this comes up elsewhere in the developer documentation. @timabbott might have suggestions as well.

    Some advice on how to implement this change: https://stackoverflow.com/questions/4425198/can-i-create-links-with-target-blank-in-markdown

    area: documentation (developer) in progress 
    opened by alya 66
  • integrations: Add grafana.

    integrations: Add grafana.

    Grafana has a webhooks system, so this should be pretty straightforward: https://grafana.com/docs/alerting/notifications/#webhook

    You can follow the instructions for adding a new webhook integration at https://zulipchat.com/api/incoming-webhooks-overview

    area: integrations good first issue in progress 
    opened by rishig 65
  • Dockerfile


    @timabbott Here you go, a working Dockerfile. Any improvements I could add?

    This adds a working Dockerfile and my create-admin-user.sh script.

    I included the docker-compose.yml because the database server needs to be my galexrt/zulip-postgresql-tsearchextras (because other postgresql images don't have the tsearch extension installed). You would just need to change the image names (example zulip/zulip:1.3.10).

    If there is anything that can improve this Pull Request, please let me know.

    Original commit messages:

    This adds a working Dockerfile for "production" use
    It includes a `docker-compose.yml` which currently uses my image.
    The `docker-entrypoint.sh` is about 285 lines of code, but it has inbuilt database backup and restore function.
    (I can remove the backup and restore or add more functions see https://github.com/galexrt/docker-zulip)
    I also added an README.docker.md, it should give users a quick start on how to use the docker image.
    Added Dockerfile for "production" use
    Added other docker related files like docker-compose.yml and docker-entrypoint.sh
    Added the generate secrets command to the entrypoint
    puppet: Move several debugging tool dependencies out of base.pp.
    Rename zulip::postgres_appdb to zulip::postgres_appdb_base.
    The purpose of this rename is to allow us to move the postgres-related
    configuration out of voyager.pp.
    puppet: Move tuned postgres configuration out of voyager.pp.
    This should make it easier for someone to run just the tuned Zulip
    database on one server and the Zulip frontend on another.
    puppet: Move prod-static creation from voyager.pp to app_frontend.pp.
    Every app frontend will need this directory and this should help
    enable more modular puppet rules.
    puppet: Move Zulip apt repository to its own manifest.
    puppet: Rename app_frontend.pp to app_frontend_base.pp.
    This will enable us to move the remaining app-frontend related content
    out of voyager.pp.
    puppet: Move memcached into its own puppet module.
    puppet: Move memcached and rabbitmq include out of app_frontend_base.pp.
    puppet: Move default nginx configuration out of voyager.pp.
    Document the puppet configuration somewhat in zulip::voyager.
    puppet: Make apt repository conditional on the Ubuntu version.
    We still will need to address this in the install script as well.
    puppet: Use a variable to configure the postgres version.
    puppet: Use $postgres_version in postgres template.
    This eliminates hardcoding of the postgres version from the Zulip
    puppet configuration.
    Fix missing puppet dependencies on postgres package.
    Added "custom" dockervoyer puppet manifest
    Add the files from the repo directly (dont use git clone to get something we already have in our docker build directory)
    Added cron.conf for running cron inside the docker container
    Useful for later docker related features like auto backup (see https://github.com/Galexrt/docker-zulip/blob/master/entrypoint.sh#L337-L345)
    Filled .dockerignore with directories and fiels to ignore/exclude from the image builds
    Fixed the linking of directories
    Removed git package and don't add "deb-src" list
    Fixed the settings path aka the zproject settings folder
    Removed the "removement" of "Service" tasks thing puppet
    Remove the puppet files after the puppet install
    Removed the zproject directory from the $DATA_DIR
    The zproject directory causes trouble if it is just linked. Because zulip uses paths like this for example "deployments/../memcached_prefix".
    Removed a trailing slash
    Wait for database to come online and create database and schema "manually"
    (Shouldn't occure because zulip needs the postgres tsearch thingy extensions, thus rendering every other postgresql image/server than the galexrt/zulip-postgresql-tsearchextras:latest)
    Added the wait for database code
    Fixed the rabbitmq connection problem
    Use sed to replace the default memcached location with the env var MEMCACHED_LOCATION
    Added the tsearch_extras extension query to the database (re)creation part
    Migrate the database everytime we start (for safety)
    Tweaks and fixes to the docker-entrypoint.sh
    Restructured the entrypoint.sh
    Restructured the docker-entrypoint.sh
    This restructure adds database backup and restore functionality
    Added "Running in Docker" to the README.md
    Fixed the help text for the app:help function
    Fixed the restore help line (was app:backup is now app:restore)
    Added more explanation to the README.docker.md
    Small adjustments and tweaks to the entrypoint.sh
    We don't need to copy the uploads from the home/zulip
    Added restart always to the docker-compose.yml (because there is no wait for container x to become ready)
    Added Try counter at the migration
    Tweaks and optimization for the entrypoint.sh
    Renamed the zulipgeneratesecrets function
    This could fix the exit code 0 problem
    Fix for the retry at the database migration
    Some changes to the sql queries
    Small change to the queries
    Fixed the if
    Added the forgotten nginx.conf to supervisor
    (It's a little bit embarassing, that forgot the main part of this container)

    @smarx I signed the CLA.

    area: production installer needs review inactive 
    opened by galexrt 65
  • Zulip install on 1und1 VPS

    Zulip install on 1und1 VPS


    I have not much experience in server setup and linus and so on, so I'm sorry for stupid questions ;)

    I try to go through installation process from https://www.zulip.org/server.html and everything is fine until I do install process. This is what I got:

    [email protected]:~/zulip# ./scripts/setup/install
    + wget -O /root/zulip-ppa.asc https://zulip.com/dist/keys/zulip-ppa.asc
    --2015-10-06 03:34:03--  https://zulip.com/dist/keys/zulip-ppa.asc
    Resolving zulip.com (zulip.com)...
    Connecting to zulip.com (zulip.com)||:443... connected.
    HTTP request sent, awaiting response... 200 OK
    Length: 1667 (1.6K) [application/octet-stream]
    Saving to: '/root/zulip-ppa.asc'
         0K .                                                     100%  216M=0s
    2015-10-06 03:34:04 (216 MB/s) - '/root/zulip-ppa.asc' saved [1667/1667]
    + apt-key add /root/zulip-ppa.asc
    + cat
    + apt-get update
    Ign http://mirror-eu.oneandone.net trusty InRelease
    Ign http://mirror-eu.oneandone.net trusty-updates InRelease
    Ign http://mirror-eu.oneandone.net trusty-security InRelease
    Get:1 http://mirror-eu.oneandone.net trusty Release.gpg [933 B]
    Get:2 http://mirror-eu.oneandone.net trusty-updates Release.gpg [933 B]
    Get:3 http://mirror-eu.oneandone.net trusty-security Release.gpg [933 B]
    Hit http://mirror-eu.oneandone.net trusty Release
    Get:4 http://mirror-eu.oneandone.net trusty-updates Release [63.5 kB]
    Get:5 http://mirror-eu.oneandone.net trusty-security Release [63.5 kB]
    Ign http://mirror-eu.oneandone.net trusty Release
    Ign http://mirror-eu.oneandone.net trusty/main amd64 Packages/DiffIndex
    Ign http://mirror-eu.oneandone.net trusty/restricted amd64 Packages/DiffIndex
    Ign http://mirror-eu.oneandone.net trusty/universe amd64 Packages/DiffIndex
    Ign http://mirror-eu.oneandone.net trusty-updates Release
    Ign http://mirror-eu.oneandone.net trusty/main i386 Packages/DiffIndex
    Ign http://mirror-eu.oneandone.net trusty/restricted i386 Packages/DiffIndex
    Ign http://mirror-eu.oneandone.net trusty/universe i386 Packages/DiffIndex
    Hit http://mirror-eu.oneandone.net trusty/main Translation-en
    Ign http://ppa.launchpad.net trusty InRelease
    Ign http://mirror-eu.oneandone.net trusty-security Release
    Hit http://ppa.launchpad.net trusty Release.gpg
    Hit http://mirror-eu.oneandone.net trusty/restricted Translation-en
    Hit http://mirror-eu.oneandone.net trusty/universe Translation-en
    Hit http://mirror-eu.oneandone.net trusty/main amd64 Packages
    Hit http://mirror-eu.oneandone.net trusty/restricted amd64 Packages
    Hit http://mirror-eu.oneandone.net trusty/universe amd64 Packages
    Ign http://mirror-eu.oneandone.net trusty-updates/main amd64 Packages/DiffIndex
    Ign http://mirror-eu.oneandone.net trusty-updates/restricted amd64 Packages/DiffIndex
    Hit http://ppa.launchpad.net trusty Release
    Ign http://mirror-eu.oneandone.net trusty-updates/universe amd64 Packages/DiffIndex
    Ign http://mirror-eu.oneandone.net trusty-updates/main i386 Packages/DiffIndex
    Ign http://mirror-eu.oneandone.net trusty-updates/restricted i386 Packages/DiffIndex
    Ign http://mirror-eu.oneandone.net trusty-updates/universe i386 Packages/DiffIndex
    Get:6 http://mirror-eu.oneandone.net trusty-updates/main Translation-en [305 kB]
    Get:7 http://mirror-eu.oneandone.net trusty-updates/restricted Translation-en [3,569 B]
    Hit http://ppa.launchpad.net trusty/main Sources
    Hit http://ppa.launchpad.net trusty/main amd64 Packages
    Get:8 http://mirror-eu.oneandone.net trusty-updates/universe Translation-en [169 kB]
    Hit http://mirror-eu.oneandone.net trusty/main i386 Packages
    Hit http://mirror-eu.oneandone.net trusty/restricted i386 Packages
    Hit http://mirror-eu.oneandone.net trusty/universe i386 Packages
    Hit http://ppa.launchpad.net trusty/main i386 Packages
    Ign http://mirror-eu.oneandone.net trusty-security/main amd64 Packages/DiffIndex
    Ign http://mirror-eu.oneandone.net trusty-security/restricted amd64 Packages/DiffIndex
    Ign http://mirror-eu.oneandone.net trusty-security/universe amd64 Packages/DiffIndex
    Ign http://mirror-eu.oneandone.net trusty-security/main i386 Packages/DiffIndex
    Ign http://mirror-eu.oneandone.net trusty-security/restricted i386 Packages/DiffIndex
    Ign http://mirror-eu.oneandone.net trusty-security/universe i386 Packages/DiffIndex
    Get:9 http://mirror-eu.oneandone.net trusty-security/main Translation-en [191 kB]
    Hit http://ppa.launchpad.net trusty/main Translation-en
    Get:10 http://mirror-eu.oneandone.net trusty-security/restricted Translation-en [3,076 B]
    Get:11 http://mirror-eu.oneandone.net trusty-security/universe Translation-en [68.2 kB]
    Get:12 http://mirror-eu.oneandone.net trusty-updates/main amd64 Packages [627 kB]
    Get:13 http://mirror-eu.oneandone.net trusty-updates/restricted amd64 Packages [15.4 kB]
    Get:14 http://mirror-eu.oneandone.net trusty-updates/universe amd64 Packages [319 kB]
    Get:15 http://mirror-eu.oneandone.net trusty-updates/main i386 Packages [608 kB]
    Get:16 http://mirror-eu.oneandone.net trusty-updates/restricted i386 Packages [15.1 kB]
    Get:17 http://mirror-eu.oneandone.net trusty-updates/universe i386 Packages [321 kB]
    Get:18 http://mirror-eu.oneandone.net trusty-security/main amd64 Packages [350 kB]
    Get:19 http://mirror-eu.oneandone.net trusty-security/restricted amd64 Packages [12.4 kB]
    Get:20 http://mirror-eu.oneandone.net trusty-security/universe amd64 Packages [117 kB]
    Get:21 http://mirror-eu.oneandone.net trusty-security/main i386 Packages [333 kB]
    Get:22 http://mirror-eu.oneandone.net trusty-security/restricted i386 Packages [12.2 kB]
    Get:23 http://mirror-eu.oneandone.net trusty-security/universe i386 Packages [117 kB]
    Ign http://mirror-eu.oneandone.net trusty/main Translation-en_US
    Ign http://mirror-eu.oneandone.net trusty/restricted Translation-en_US
    Ign http://mirror-eu.oneandone.net trusty/universe Translation-en_US
    Ign http://mirror-eu.oneandone.net trusty-updates/main Translation-en_US
    Ign http://mirror-eu.oneandone.net trusty-updates/restricted Translation-en_US
    Ign http://mirror-eu.oneandone.net trusty-updates/universe Translation-en_US
    Ign http://mirror-eu.oneandone.net trusty-security/main Translation-en_US
    Ign http://mirror-eu.oneandone.net trusty-security/restricted Translation-en_US
    Ign http://mirror-eu.oneandone.net trusty-security/universe Translation-en_US
    Fetched 3,716 kB in 1s (1,949 kB/s)
    Reading package lists...
    W: GPG error: http://mirror-eu.oneandone.net trusty Release: The following signatures couldn't be veri                                                       fied because the public key is not available: NO_PUBKEY 40976EAF437D05B5 NO_PUBKEY 3B4FE6ACC0B21F32
    W: GPG error: http://mirror-eu.oneandone.net trusty-updates Release: The following signatures couldn't                                                        be verified because the public key is not available: NO_PUBKEY 40976EAF437D05B5 NO_PUBKEY 3B4FE6ACC0B                                                       21F32
    W: GPG error: http://mirror-eu.oneandone.net trusty-security Release: The following signatures couldn'                                                       t be verified because the public key is not available: NO_PUBKEY 40976EAF437D05B5 NO_PUBKEY 3B4FE6ACC0                                                       B21F32
    + apt-get -y dist-upgrade
    Reading package lists...
    Building dependency tree...
    Reading state information...
    The following NEW packages will be installed:
      e2fsprogs libss2
    The following packages will be upgraded:
      apache2 apache2-bin apache2-data apache2-doc apache2-mpm-prefork
      apache2-utils apt apt-utils base-files bash bind9 bind9-host bind9utils
      binutils bsd-mailx bsdutils ca-certificates coreutils cpio dh-python dpkg
      dselect e2fslibs expat file fontconfig fontconfig-config gcc-4.8-base
      gcc-4.9-base gnupg gpgv initramfs-tools initramfs-tools-bin initscripts
      iproute2 isc-dhcp-client isc-dhcp-common ldap-utils libapt-inst1.5
      libapt-pkg4.12 libasn1-8-heimdal libbind9-90 libblkid1
      libboost-iostreams1.54.0 libc-bin libc6 libcgmanager0 libcomerr2 libcups2
      libdbus-1-3 libdns100 libdrm-intel1 libdrm-radeon1 libdrm2 libexpat1
      libfontconfig1 libfreetype6 libgcc1 libgcrypt11 libglib2.0-0
      libgnutls-openssl27 libgnutls26 libgomp1 libgssapi-krb5-2 libgssapi3-heimdal
      libhcrypto4-heimdal libhdb9-heimdal libheimbase1-heimdal
      libheimntlm0-heimdal libhx509-5-heimdal libisc95 libisccc90 libisccfg90
      libjson-c2 libjson0 libk5crypto3 libkdc2-heimdal libkrb5-26-heimdal
      libkrb5-3 libkrb5support0 libldap-2.4-2 liblwres90 libmagic1 libmount1
      libpcre3 libplymouth2 libprocps3 libpython2.7 libpython2.7-minimal
      libpython2.7-stdlib libpython3.4-minimal libpython3.4-stdlib
      libroken18-heimdal libsepol1 libsnmp-base libsnmp30 libsqlite3-0 libssl1.0.0
      libstdc++6 libtasn1-6 libudev1 libuuid1 libwbclient0 libwind0-heimdal
      libxml2 locales login man-db mime-support mktemp mount multiarch-support
      net-tools openssh-client openssh-server openssh-sftp-server passwd plymouth
      postfix procmail procps python-samba python2.7 python2.7-minimal python3.4
      python3.4-minimal rpcbind rsyslog samba samba-common samba-common-bin
      samba-dsdb-modules samba-libs snmp sudo sysv-rc sysvinit-utils tcpdump
      traceroute tzdata udev unzip upstart util-linux uuid-runtime wget
    146 upgraded, 2 newly installed, 0 to remove and 0 not upgraded.
    Need to get 57.3 MB of archives.
    After this operation, 2,471 kB of additional disk space will be used.
    WARNING: The following packages cannot be authenticated!
      base-files bash coreutils dpkg sysv-rc sysvinit-utils mount passwd
      initscripts libdbus-1-3 libjson-c2 libuuid1 libblkid1 libcgmanager0 tzdata
      util-linux libprocps3 procps udev libudev1 libjson0 upstart libc-bin
      gcc-4.9-base libgcc1 libc6 e2fslibs libcomerr2 libss2 e2fsprogs login
      libgomp1 gcc-4.8-base libstdc++6 libapt-pkg4.12 gpgv gnupg apt bsdutils
      libmount1 libpcre3 libsepol1 libapt-inst1.5 libexpat1 libgcrypt11 libtasn1-6
      libgnutls-openssl27 libgnutls26 file libmagic1 mime-support libsqlite3-0
      python3.4 libpython3.4-stdlib python3.4-minimal libssl1.0.0
      libpython3.4-minimal libdrm2 initramfs-tools initramfs-tools-bin cpio
      plymouth libplymouth2 libroken18-heimdal libasn1-8-heimdal libglib2.0-0
      libk5crypto3 libgssapi-krb5-2 libkrb5-3 libkrb5support0 libhcrypto4-heimdal
      libheimbase1-heimdal libwind0-heimdal libhx509-5-heimdal libkrb5-26-heimdal
      libheimntlm0-heimdal libgssapi3-heimdal ldap-utils libldap-2.4-2 libxml2
      man-db libboost-iostreams1.54.0 libcups2 libdrm-intel1 libdrm-radeon1
      libfontconfig1 fontconfig-config libfreetype6 libhdb9-heimdal python2.7
      python2.7-minimal libpython2.7 libpython2.7-stdlib libpython2.7-minimal
      libsnmp-base libsnmp30 libwbclient0 mktemp samba samba-common-bin
      samba-common samba-dsdb-modules python-samba samba-libs libkdc2-heimdal
      multiarch-support apt-utils dh-python isc-dhcp-client isc-dhcp-common
      iproute2 net-tools rsyslog sudo locales bind9-host bind9 libisc95 libdns100
      libisccc90 libisccfg90 liblwres90 bind9utils libbind9-90 ca-certificates
      openssh-sftp-server openssh-server openssh-client tcpdump uuid-runtime wget
      apache2-mpm-prefork apache2 apache2-bin apache2-data apache2-doc
      apache2-utils binutils postfix bsd-mailx dselect expat fontconfig procmail
      rpcbind snmp traceroute unzip
    E: There are problems and -y was used without --force-yes

    If I now try to go on with the manual I can't find /etc/zulip/settings.py because there is no zulip folder in /etc/... I also don't know what config I should do there if I would found the file ;) Maybe anyone can help me...

    opened by sxbxstxxn 64
  • notifications: Do not notify for at-all in muted streams.

    notifications: Do not notify for at-all in muted streams.

    In muted streams, we should

    • notify on an @-mention specifically of you
    • but not notify on @-all.

    Currently, we notify both for @-mention of you and for @-all.

    help wanted area: notifications (messages) 
    opened by rishig 63
  • Add support for using Zulip with Python 3

    Add support for using Zulip with Python 3

    Python 3 enables a bunch of awesome stuff like optional static typing, and I think is actually pretty feasible to add. I've already applied the fast majority of the futurize/modernize fixers to the repository in a way that preserves Python 2+3 support; for future work, we should continue using that approach. Based on some hackish testing, we're about 100 LOC away from passing 90% of backend tests against Python 3 (well not including the #! lines that hardcode Python 2.7). Based on that investigation, the main projects that remain are as follows.

    We have some dependencies that don't support Python 3:

    • python-twitter (https://github.com/bear/python-twitter). It looks like some work has been done for Python 3 support there (https://github.com/bear/python-twitter/issues/155) or we could switch to an alternative library; Zulip primarily uses it to render links to Tweets.
    • python-ldap and django-auth-ldap. It appears there are Python 3 supporting libraries python-ldap3 and django-python3-ldap but they seem to have a different interface; so the challenges are (1) decide whether we want to switch to the python2+3 versions and (2) if so, actually do it.
    • Old django-pipeline. We're using an old version but a newer version that supports Python 3 exists; this upgrade may be somewhat messy since it involves renaming things like "load compressed" and "compressed_css" in our Django templates.

    (We can update this list to add others but those are the main ones where we need to do more than a straightforward version upgrade).

    There are also some changes needed to the Zulip code itself still:

    • Doing a few more Python 3 compatibility migrations (I've already done like 20 of them), in particular the file=>open change, .items() iteration, and several libraries like StringIO, urlparse. For these, we can fix things and then add the fixers to the tests in #252 to avoid regressions.
    • Unicode transition fixes such as adding appropriate encode/decode usage where we use base-64 encoding, hash digests, etc.

    If anyone's interested in working on Python 3 support, feel free to claim one of these pieces on this issue's discussion thread!

    I pushed https://github.com/timabbott/zulip/commits/tabbott-py3k-testing which has some total hack commits I wrote as part of the testing process for Python 3 support; with some library version installation work that branch passes 90% of our tests. That could be helpful for anyone working on this.

    help wanted area: tooling 
    opened by timabbott 61
  • Add user-level email address visibility setting.

    Add user-level email address visibility setting.

    This PR adds user-level email address visibility setting (and also the realm-level default for new users) and removes the existing realm setting. Have explained major changes in details in the fourth and fifth commit which are major commits. And we can squash some commits, but have kept it separate now for review.

    Some important points -

    • There is change in logic for how we set client_gravatar to false based on user setting, which means avatar_url field can be available for some users and not for others.
    • Have not made any changes to typeahead and the behavior is same (including showing fake emails) except that user-level setting is used.
    • We need to think how the sort and search should work in users/deactivated users list and subscribers list. In the users list for now the "ID: 16" is just considered a string like email and search and sort is done accordingly.
    • I also wanted to confirm one thing, that we should always show user's own real email to themselves in all places like user popover, users list in settings, etc. irrespective of setting right?

    Work left -

    • Updating and adding help documentation.
    • Prototype adding ? besides ID: 26 mentioning that email is hidden by the user.

    Issue - #20035

    size: XL release goal integration review 
    opened by sahil839 57
  • Switch to pip-compile-multi

    Switch to pip-compile-multi

    Hi, Zulip developers!

    I'm a maintainer of pip-compile-multi - tool, that is meant to replace tools/update-locked-requirements.

    In this PR I added pip-compile-multi to requirements/dev.in and executed:

    $ pip-compile-multi

    Some packages were updated and some stayed as is. I had to relax cryptography constraint because of version conflict.

    It works a bit different from tools/update-locked-requirements - instead of copying all packages from referenced files, it inserts a reference to compiled requirements file. Other than that, it's just a wrapper for pip-tools.

    (It's first battle test for the pip-compile-multi outside of my projects.)

    size: XL has conflicts 
    opened by peterdemin 56
  • notifications: Allow users to pick which notification sound they hear.

    notifications: Allow users to pick which notification sound they hear.

    This allows users to pick what they want their notification sound to be. It also adds 4 new sounds: boing, ding, knock, and tada (along with zulip, which already existed), which are all Creative-Commons-0-licensed from http://freesound.org.

    The way this works is

    1. Add a new property notification_sound to UserProfile.
    2. Also add available_notification_sounds to state based on audio files in a notification_sounds directory.
    3. Use those properties to add a new option on the settings screen and change the sound that plays when the user gets a notification.

    Fix #8051

    needs more work size: XL 
    opened by marco 56
  • Convert medium modules to ES6 modules

    Convert medium modules to ES6 modules

    I taught modzulator (#10118) to make simple adjustments to node_tests. With this, over ~~half~~ 90% of our modules have been converted. Things to note:

    • I’ve changed the way the Node tests use rewiremock. This way seems easier to understand and much easier to produce automatically.

    • I moved most set_global calls before the zrequire calls in the Node tests, so that converting them to rewiremock makes them available before they are imported.

    • I had to remove the _patched_with_set_global check added to the Node tests in 914533c8bc1a548dcb1f72bb4c1d62a07f0e7ebe (#17375). Most of our set_global usage will disappear as our globals do, anyway.

    • This round of conversion exposed a huge number of import cycles. I’ve disabled the import/no-cycle ESLint rule for now, but we should probably do something about this.

    • I disabled webpack module concatenation because it interfered with our debug-require-webpack-plugin and broke the Puppeteer tests. This increases the total uncompressed JS bundle size by 1.6%. We may want to fix the Puppeteer tests to avoid hooking directly into our JS modules so we can turn off debug-require-webpack-plugin in production. I’ll look into whether there are other solutions.

    Testing plan: Basic testing in dev server and production at https://andersk.zulipdev.org (I’d expect any runtime issues to show up during initialization).

    Cc @showell.

    size: XL 
    opened by andersk 55
  • internationalization: Localize dates.

    internationalization: Localize dates.

    Implemented date localization using date-fns. Considered using Format-JS but ultimately decided against it due to potential loss of functionality. Modified all uses of 'format' to 'localizedFormat' and made necessary string formatting changes in 'timerender.ts'.

    1. Wrote a function named localizedFormat that takes the current user's locale and uses the standard format function from date-fns, but with the locale option. By default, it formats dates with 'PP' (corresponding to MMM dd, yyyy in the American format).
    2. Changed all uses of format to localizedFormat. Even in some places where we don't need localization (HH:mm), the result of localizedFormat will be the same as format, so I changed it for consistency.
    3. Changed string formatting as needed in timerender.ts.

    Tested on my local development server, with some random languages.

    Fixes #23987.

    Screenshots and screen captures: image image

    Self-review checklist
    • [ ] Self-reviewed the changes for clarity and maintainability (variable names, code reuse, readability, etc.).

    Communicate decisions, questions, and potential concerns.

    • [ ] Explains differences from previous plans (e.g., issue description).
    • [ ] Highlights technical choices and bugs encountered.
    • [ ] Calls out remaining decisions and concerns.
    • [ ] Automated tests verify logic where appropriate.

    Individual commits are ready for review (see commit discipline).

    • [ ] Each commit is a coherent idea.
    • [ ] Commit message(s) explain reasoning and motivation for changes.

    Completed manual review and testing of the following:

    • [ ] Visual appearance of the changes.
    • [ ] Responsiveness and internationalization.
    • [ ] Strings and tooltips.
    • [ ] End-to-end functionality of buttons, interactions and flows.
    • [ ] Corner cases, error conditions, and easily imagined bugs.
    area: internationalization priority: high size: M release goal 
    opened by shameondev 1
  • add: Node_tests for popover_menus_data.js file.

    add: Node_tests for popover_menus_data.js file.

    • Added three tests to have complete node test coverage for the file popover_menus_data.js

    • Test cases include:

       1.  Message popover in which user has all actions available on the message.
       2.  Message popover in which user has only view actions on the message.
       3.  Message popover in which user can move and view but not edit the message.

    Fixes: #23773

    Self-review checklist
    • [x] Self-reviewed the changes for clarity and maintainability (variable names, code reuse, readability, etc.).

    Communicate decisions, questions, and potential concerns.

    • [x] Explains differences from previous plans (e.g., issue description).
    • [x] Highlights technical choices and bugs encountered.
    • [x] Calls out remaining decisions and concerns.
    • [ ] Automated tests verify logic where appropriate.

    Individual commits are ready for review (see commit discipline).

    • [x] Each commit is a coherent idea.
    • [x] Commit message(s) explain reasoning and motivation for changes.

    Completed manual review and testing of the following:

    • [x] Visual appearance of the changes.
    • [x] Responsiveness and internationalization.
    • [x] Strings and tooltips.
    • [x] End-to-end functionality of buttons, interactions and flows.
    • [x] Corner cases, error conditions, and easily imagined bugs.
    area: testing-coverage size: XL area: popovers 
    opened by palashb01 2
  • Markdown live preview in compose box

    Markdown live preview in compose box

    In #217 the current preview has been implemented, which however requires clicking Preview explicitly. As https://github.com/zulip/zulip/issues/217#issuecomment-969392085 suggested, and as has been sometimes requested by users, we could also implement a live preview, where the user can see it dynamically, while typing their message.

    area: compose 
    opened by mateuszmandera 5
  • compose: show characters limit in message-edit UI

    compose: show characters limit in message-edit UI

    Created a function to check and show overflow of text during message editing similar to what was used in compose box.

    Fixes #22525

    Screenshots and screen captures:

    Previous Behavior:


    New behavior:




    Self-review checklist
    • [X] Self-reviewed the changes for clarity and maintainability (variable names, code reuse, readability, etc.).

    Communicate decisions, questions, and potential concerns.

    • [X] Explains differences from previous plans (e.g., issue description).
    • [X] Highlights technical choices and bugs encountered.
    • [X] Calls out remaining decisions and concerns.
    • [X] Automated tests verify logic where appropriate.

    Individual commits are ready for review (see commit discipline).

    • [X] Each commit is a coherent idea.
    • [X] Commit message(s) explain reasoning and motivation for changes.

    Completed manual review and testing of the following:

    • [X] Visual appearance of the changes.
    • [X] Responsiveness and internationalization.
    • [X] Strings and tooltips.
    • [X] End-to-end functionality of buttons, interactions and flows.
    • [X] Corner cases, error conditions, and easily imagined bugs.
    area: message-editing size: XL 
    opened by SahilSingh177 3
  • Include Code Playground pygment_languages in composebox typeahead

    Include Code Playground pygment_languages in composebox typeahead

    Fixes: #23935

    Screenshots and screen captures:


    Self-review checklist
    • [x] Self-reviewed the changes for clarity and maintainability (variable names, code reuse, readability, etc.).

    Communicate decisions, questions, and potential concerns.

    • [ ] Explains differences from previous plans (e.g., issue description).
    • [ ] Highlights technical choices and bugs encountered.
    • [ ] Calls out remaining decisions and concerns.
    • [x] Automated tests verify logic where appropriate.

    Individual commits are ready for review (see commit discipline).

    • [x] Each commit is a coherent idea.
    • [x] Commit message(s) explain reasoning and motivation for changes.

    Completed manual review and testing of the following:

    • [x] Visual appearance of the changes.
    • [ ] Responsiveness and internationalization.
    • [ ] Strings and tooltips.
    • [x] End-to-end functionality of buttons, interactions and flows.
    • [ ] Corner cases, error conditions, and easily imagined bugs.
    size: XL 
    opened by tridentpancake 4
  • Special characters like '>' in stream name interferes with autocomplete

    Special characters like '>' in stream name interferes with autocomplete

    Seems that Zulip stream and topic names are very permissible. Perhaps by design?

    But that also means it might interfere with autocomplete as currently designed.

    Example 1

    Repro Steps:

    1. Rename one of the streams to "test>"
    2. Rename another one of the streams to "test"
    3. Type "#**test>"

    Expected Result:

    • The broader context of the input is that the user is trying to type a stream name, so the autocomplete should be trying to look in streams.

    Actual Result:

    • The autocomplete is trying to do autocomplete of topics in the "test" stream, rather than trying to autocomplete stream names.

    Example 2

    1. Rename a stream to be "test**"
    2. Type "#te" then select the autocomplete for "test**"
    3. The compose box now has "#**test**** "
    4. Now type ">" to try to bring up the topic autocomplete

    Actual Result: No autocomplete

    area: stream settings 
    opened by tridentpancake 4
  • 6.0(Nov 17, 2022)

    6.0 -- 2022-11-17


    • Users can now mark messages as unread.
    • Added support for viewing read receipts, along with settings allowing both organizations and individual users to disable them.
    • Added new compose box button to navigate to the conversation being composed to, when that is different from the current view.
    • Added a scroll-to-bottom button, analogous to the End shortcut, that appears only when scrolling using the mouse.
    • Added support for up to 2 custom profile fields being highlighted in a user's profile summary popover, and added support for a new Pronouns custom field type designed to take advantage of it. Redesigned the custom profile fields administrative UI.
    • Redesigned the left sidebar to better organize pinned and inactive streams, highlight topics where the user was mentioned, and better advertise streams that the current user can subscribe to.
    • Redesigned the private messages experience in the left sidebar to make browsing conversations more ergonomic, with a similar usage pattern to browsing the topics within a stream.
    • Improved "Recent topics" and renamed it to "Recent conversations" with the addition of including private messages in the view. The timestamp links now go to the latest message in the topic, arrow key navigation was improved, topics containing unread mentions are now highlighted, as well as many other bug fixes or subtle improvements.
    • Messages containing 3 or fewer emoji reactions now display the names of reacting users alongside the emoji. This eliminates the need to mouse over emoji reactions to find out who reacted in the vast majority of cases.
    • Replaced the previous "Unavailable" status with a "Go invisible" feature that is more useful and intuitive.
    • The right sidebar now displays user status messages by default, with an optional compact design available.
    • The public access option was enhanced to skip the login page by default, support switching themes and languages, and add many other UI improvements.
    • Incoming webhook integrations now support filtering which classes of events are sent into Zulip; this can be invaluable when the third-party service doesn't support configuring which events to send to Zulip.
    • Added support for Ubuntu 22.04.
    • Removed support for Debian 10 and PostgreSQL 10 due to their approaching end-of-life upstream.
    • New integrations: Azure DevOps, RhodeCode, wekan.

    Full feature changelog

    • Redesigned the message actions popover to be better organized.
    • Redesigned moving messages to have a cleaner, more consistent UI that is no longer combined with the message editing UI. One can now choose to send automated notices when moving messages within a stream, not only between streams.
    • Redesigned full user profiles to have a cleaner look and also display user IDs, which can be important when using the API. Users can now administer bot stream subscriptions from the bot's full profile.
    • Redesigned the gear menu to display basic details about the Zulip organization, server, and its version.
    • Redesigned several organization settings pages to have more consistent design.
    • Redesigned the footer for self-hosted Zulip servers. The footer now has just a few key links, rather than being almost identical to the footer for the zulip.com website.
    • Redesigned the 500 error pages for self-hosted Zulip servers to be clearer and link to the Zulip server troubleshooting guide.
    • Redesigned the interface for configuring message editing and deletion permissions to be easier to understand.
    • Added support for emoji added in unicode versions since 2017, which had previously been unavailable in Zulip. Users using the deprecated "Google blobs" emoji set are automatically migrated to the modern "Google" emoji set. The "Google blobs" emoji set remains available for users who prefer it, with any new emoji that were added to the Unicode standard since 2017 displayed in the modern "Google" style.
    • Added support for changing the role of bots in the UI; previously, this was only possible via the API.
    • Added confirmation modals for various destructive actions, such as deactivating bots.
    • Added new summary statistics on the organization analytics page. Fixed several bugs with the display of analytics graphs.
    • Added support for administrators sending a final email to a user as part of deactivating their Zulip account.
    • Added API endpoint to get a single stream by ID.
    • Added beta support for user groups to have subgroups, and for some permissions settings to be managed using user groups. Over the coming releases, we plan to migrate all Zulip permissions settings to be based on this more flexible groups-based system. We currently expect this migration to be fully backwards-compatible.
    • Added a new compliance export management command.
    • Zulip's automated emails use the X-Auto-Response-Suppress header to reduce auto-responder replies.
    • Changed various icons to be more intuitive. The bell-based icon for muted topics has been replaced by a more standard muted speaker icon.
    • Reworked how a new user's language is set to prefer their browser's configured language over the organization's configured language. This organization-level setting has been renamed to "Language for automated messages and invitation emails" to reflect what it actually does following this change.
    • Organized the Drafts panel to prioritize drafts matching the current view.
    • Added an automated notification to the "stream events" topic when changing a stream's privacy settings.
    • Added support for conveniently overriding the default rate-limiting rules.
    • Improved the search typeahead to show profile pictures for users.
    • Improved typeahead matching algorithm for stream/user/emoji names containing multiple spaces and other corner cases.
    • Improved the help center, including better display of keyboard shortcuts, mobile documentation for common workflows and many polish improvements.
    • Improved API documentation, including a new page on roles and permissions, an audit to correct missing Changes entries, and new documentation for several previously undocumented endpoints.
    • Improved Python static type-checking to make use of Django stubs for mypy, fixing many minor bugs in the process.
    • Improved RealmAuditLog to cover several previously unauditable changes.
    • Improved the experience for users who have not logged in for a long time, and receive an email or push notification about a private message or personal mention. These users are now automatically soft reactivated at the time of the notification, for a smoother experience when they log in.
    • Improved the Tornado server-to-client push system's sharding system to support realm regular expressions and experimental support for splitting a single realm across multiple push server processes.
    • Improved user deactivation modal to provide details about bots and invitations that will be disabled.
    • Improve matching algorithm for left sidebar stream filtering.
    • Improved several integrations, including CircleCI, Grafana, Harbor, NewRelic, and the Slack compatible incoming webhook. Git webhooks now use a consistent algorithm for choosing shortened commit IDs to display.
    • Improved mention typeahead and rendering for cases where mention syntax appears next to symbols.
    • Improved browser window titles used by the app to be clearer.
    • Improved the language in message notification emails explaining why the notification was sent.
    • Improved interface for accessing stream email addresses.
    • Reordered the organization settings panels to be more intuitive.
    • Increased timeout for processing slow requests from 20s to 60s.
    • Removed the "user list in left sidebar in narrow windows" setting.
    • Removed limits that prevented replying to Zulip email notifications multiple times or, several days after receiving them.
    • Fixed numerous bugs and performance issues with the Rocket.Chat data import tool. Improved importing emoji from Slack.
    • Fixed several bugs where drafts could fail to be saved.
    • Fixed a bug where copy-paste would incorrectly copy an entire message.
    • Fixed the app's main loading page to not suggest reloading until several seconds have passed.
    • Fixed multiple bugs that could cause the web app to flood the server with requests after the computer wakes up from suspend.
    • Fixed a bug where public streams imported from other chat systems could incorrectly be configured as public streams without shared history, a configuration not otherwise possible in Zulip.
    • Fixed several subtle bugs involving editing custom profile field configuration.
    • Fixed several bugs involving compose box keyboard shortcuts.
    • Fixed dozens of settings UI interaction design bugs.
    • Fixed subtle caching bugs in the URL preview system.
    • Fixed several rare race conditions in the server implementation.
    • Fixed many CSS corner cases issues involving content overflowing containers.
    • Fixed entering an emoji in the mobile web app using an emoji keyboard.
    • Fixed Enter being processed incorrectly when inputting a character into Zulip phonetically via an IME composing session.
    • Fixed several subtle bugs with confirmation links.
    • Fixed a subtle performance issue for full-text search for uncommon words.
    • Fixed the estimator for the size of public data exports.
    • Fixed "mark all as read" requiring a browser reload.
    • Major improvements to our documentation for setting up the development environment and for joining the project as a new contributor.
    • Extracted several JavaScript modules to share code with the mobile app.
    • Replaced several Python linters with Ruff, an incredibly fast Python linter written in Rust.
    • Upgraded many third-party dependencies including Django 4.1, and substantially modernized the Python codebase.

    Upgrade notes for 6.0

    • Installations using [docker-zulip][docker-zulip] will need to upgrade Postgres before upgrading to Zulip 6.0, because the previous default of Postgres 10 is no longer supported by this release.
    • Installations using the AzureAD authentication backend will need to update /etc/zulip/zulip-secrets.conf after upgrading. The azure_oauth2_secret secret was renamed to social_auth_azuread_oauth2_secret, to match our other external authentication methods.
    • This release contains an expensive migration, 0419_backfill_message_realm, which adds data to a new realm column in the message table. Expect it to run for 10-15 minutes per million messages in the database. The new column is not yet used in this release, so this migration can be run in the background for installations hoping to avoid extended downtime.
    • Custom profile fields with "Pronouns" in their name and the "short text" field type were converted to the new "Pronouns" field type.
    Source code(tar.gz)
    Source code(zip)
    zulip-server-6.0.tar.gz(88.44 MB)
  • 5.7(Nov 16, 2022)

    5.7 -- 2022-11-16

    • CVE-2022-41914: Fixed the verification of the SCIM account management bearer tokens to use a constant-time comparator. Zulip Server 5.0 through 5.6 checked SCIM bearer tokens using a comparator that did not run in constant time. For organizations with SCIM account management enabled, this bug theoretically allowed an attacker to steal the SCIM bearer token, and use it to read and update the Zulip organization’s user accounts. In practice, this vulnerability may not have been practical or exploitable. Zulip Server installations which have not explicitly enabled SCIM are not affected.
    • Fixed an error with deactivating users with manage.py sync_ldap_user_data when LDAP_DEACTIVATE_NON_MATCHING_USERS was enabled.
    • Fixed several subtle bugs that could lead to browsers reloading repeatedly when the server was updated.
    • Fixed a live-update bug when changing certain notifications settings.
    • Improved error logs when sending push notifications to the push notifications service fails.
    • Upgraded Python requirements.
    Source code(tar.gz)
    Source code(zip)
    zulip-server-5.7.tar.gz(90.06 MB)
  • 6.0-rc1(Nov 3, 2022)

  • 6.0-beta1(Oct 13, 2022)

  • 5.6(Aug 24, 2022)

    5.6 -- 2022-08-24

    • CVE-2022-36048: Change the Markdown renderer to only rewrite known local links as relative links, rather than rewriting all local links. This fix also protects against a vulnerability in the Zulip mobile app (CVE-2022-35962).
    • Added hardening against timing attacks to an internal authentication check.
    • Improved documentation for hosting multiple organizations on a server.
    • Updated dependencies.
    • Updated translations.
    Source code(tar.gz)
    Source code(zip)
    zulip-server-5.6.tar.gz(90.05 MB)
  • 5.5(Jul 22, 2022)

    5.5 -- 2022-07-21

    • CVE-2022-31168: Fix authorization check for changing bot roles. Due to an incorrect authorization check in Zulip Server 5.4 and all prior releases, a member of an organization could craft an API call that would grant organization administrator privileges to one of their bots.
    • Added new options to the restore-backup tool to simplify restoring backups on a system with a different configuration.
    • Updated translations, including major updates to the Mongolian and Serbian translations.'
    Source code(tar.gz)
    Source code(zip)
    zulip-server-5.5.tar.gz(90.06 MB)
  • 5.4(Jul 12, 2022)

    5.4 -- 2022-07-11

    • CVE-2022-31134: Exclude private file uploads from exports of public data. We would like to thank Antoine Benoist for bringing this issue to our attention.
    • Upgraded python requirements.
    • Improved documentation for load balancers to mention CIDR address ranges.
    • Documented an explicit list of supported CPU architectures.
    • Switched html2text to run as a subprocess, rather than a Python module, as its GPL license is not compatible with Zulip’s.
    • Replaced markdown-include python module with a reimplementation, as its GPL license is not compatible with Zulip’s.
    • Relicensed as GPL the tools/check-thirdparty developer tool which verifies third-party licenses, due to a GPL dependency by way of python-debian.
    • Closed a potential race condition in the Tornado server, with events arriving at exactly the same time as request causing server errors.
    • Added a tool to help automate more of the release process.
    Source code(tar.gz)
    Source code(zip)
    zulip-server-5.4.tar.gz(89.96 MB)
  • 5.3(Jun 21, 2022)

    5.3 -- 2022-06-21

    • CVE-2022-31017: Fixed message edit event exposure in protected-history streams. Zulip allows a stream to be configured as private with protected history, which means that new subscribers should only see messages sent after they join. However, due to a logic bug in Zulip Server 2.1.0 through 5.2, when a message was edited, the server would incorrectly send an API event that included both the edited and old content of the message to all of the stream’s current subscribers, regardless of whether they could see the original message. The impact of this issue was reduced by the fact that this API event is ignored by official clients, so it could only be observed by a user using a modified client or their browser’s developer tools.
    • Adjusted upgrade steps to cause servers using PostgreSQL 14 to upgrade to PostgreSQL 14.4, which fixes an important potential database corruption issue.
    • Upgraded the asynchronous request handling to use Tornado 6.
    • Fixed a crash when displaying the error message for a failed attempt to create a stream.
    • Optimized the steps during upgrade-zulip, to reduce the amount of server downtime.
    • Added a --skip-restart flag to upgrade-zulip which prepares the new version, but does not restart the server into it.
    • Stopped mirroring the entire remote Git repository directly into /srv/zulip.git. This mirroring removed local branches and confused the state of previous deployments.
    • Fixed a bug which could cause the delete_old_unclaimed_attachments command-line tool to remove attachments that were still referenced by deleted (but not yet permanently removed) messages.
    • Stopped enabling USE_X_FORWARDED_HOST by default, which was generally unneeded; the proxy documentation now clarifies when it is necessary.
    • Fixed the nginx configuration to include the default system-level nginx modules.
    • Only attempt to fix the certbot SSL renewal configuration if HTTPS is enabled; this addresses a regression in Zulip Server 5.2, where the upgrade would fail if an improperly configured certificate existed, but was both expired and not in use.
    • Improved proxy and database backup documentation.
    Source code(tar.gz)
    Source code(zip)
    zulip-server-5.3.tar.gz(89.96 MB)
  • 5.2(May 4, 2022)

    • Fixed a performance regression in the UI, introduced in 5.0, when opening the compose box.
    • Fixed a bug which could intermittently cause URL previews to fail, if Zulip was being run in Docker or in low-memory environments.
    • Fixed an issue which would cause PostgreSQL 10 and PostgreSQL 11 to attempt to write each WAL log to S3, even if S3 WAL backups/replication were not configured.
    • Fixed an issue which prevented the SCIM integration from deactivating users.
    • Fixed a bug that resulted in an “You unsubscribed” notice incorrectly appearing when new messages arrived in a topic being viewed via a “near” link.
    • Fixed digest emails being incorrectly sent if a user was deactivated after the digest was enqueued but before it was processed.
    • Fixed warning about EMAIL_HOST_PASSWORD being unset when explicitly set to empty.
    • Fixed incomplete tracebacks when timeouts happen during Markdown rendering.
    • Fixed some older versions of Zulip Server not being considered when comparing for the likely original version of settings.py.
    • Stopped using the database_password if it is set but database_user is not.
    • Stopped trying to fix LetsEncrypt certificate configuration if they were not currently in use.
    • Sorted and prettified the output of the check-database-compatibility tool.
    • Split the large zerver/lib/actions.py file into many files under zerver/actions/. This non-functional change was backported to ensure it remains easy to backport other changes.
    • Updated documentation to reflect that current mobile apps are only guaranteed to be compatible with Zulip Server 3.0 and later; they may also work with earlier versions, with a degraded experience.
    Source code(tar.gz)
    Source code(zip)
    zulip-server-5.2.tar.gz(89.77 MB)
  • 5.1(Apr 2, 2022)

    • Fixed upgrade bug where preexisting animated emoji would still always animate in statuses.
    • Improved check that prevents servers from accidentally downgrading, to not block upgrading servers that originally installed Zulip Server prior to mid-2017.
    • Fixed email address de-duplication in Slack imports.
    • Prevented an extraneous scrollbar when a notification banner was present across the top.
    • Fixed installation in LXC containers, which failed due to chrony not being runnable there.
    • Prevented a "push notifications not configured" warning from appearing in the new user default settings panel even when push notifications were configured.
    • Fixed a bug which, in uncommon configurations, would prevent Tornado from being restarted during upgrades; users would be able to log in, but would immediately be logged out.
    • Updated translations.
    Source code(tar.gz)
    Source code(zip)
    zulip-server-5.1.tar.gz(89.75 MB)
  • 5.0(Mar 29, 2022)

    5.0 -- 2022-03-29


    • New resolve topic feature allows marking topics as ✔ completed. It’s a lightweight way to manage a variety of workflows, including support interactions, answering questions, and investigating issues.
    • Administrators may enable the option to create web-public streams. Web-public streams can be viewed by anyone on the Internet without creating an account in your organization.
    • Users can now select a status emoji alongside their status message. Status emoji are shown next to the user's name in the sidebars, message feed, and compose box. Animated status emoji will only animate on hover.
    • Redesigned the compose box, adding formatting buttons for bold, italics and links as well as visual improvements. New button for inserting global times into your message.
    • Redesigned "Stream settings" to be much more usable, with separate tabs for personal settings, global settings, and membership, and more consistent style with the rest of Zulip's settings.
    • Stream creation was redesigned with a much cleaner interface, especially for selecting initial subscribers.
    • Redesigned "Full user profile" widget to show the user's stream and user group subscriptions. Administrators can unsubscribe a user from streams directly from their full profile.
    • Reorganized personal and organization settings to have clearer labels and make it easier to find privacy settings.
    • Organization administrators can now configure the default personal preference settings for new users joining the organization.
    • Most permissions settings now support choosing which roles have the permission, rather than just allowing administrators or everyone.
    • Permanent links to conversations now correctly redirect if the target message has been moved to a new stream or topic.
    • Added a data import tool for migrating from Rocket.Chat. Mattermost data import now supports importing uploaded files.
    • Improved handling of messages containing many images; now up to 20 images can be previewed in a single message (up from 5), and a new grid layout will be used.
    • OpenID Connect joins SAML, LDAP, Google, GitHub, Azure Active Directory, and more as a supported Single Sign-On provider.
    • SAML authentication now supports syncing custom profile fields. Additionally, SAML authentication now supports automatic account creation and IdP-initiated logout.
    • Added SCIM integration for synchronizing accounts with an external user database.
    • Added support for installation on ARM platforms (including Mac M1).
    • Removed support for Ubuntu 18.04, which no longer receives upstream security support for key Zulip dependencies.

    Upgrade notes for 5.0

    • This release contains a migration, 0009_confirmation_expiry_date_backfill, that can take several minutes to run on a server with millions of messages of history.
    • The TERMS_OF_SERVICE and PRIVACY_POLICY settings have been removed in favor of a system that supports additional policy documents, such as a code of conduct. See the updated documentation for the new system.

    Full feature changelog

    • Timestamps in Zulip messages are now permanent links to the message in its thread.
    • Added support for invitation links with configurable expiry, including links that never expire. Deactivating a user now disables all invitations that the user had sent.
    • Added support for expanding the compose box to be full-screen.
    • Added support for filtering events in webhooks.
    • Added support for overriding Zulip's defaults for new users in your organization.
    • Added support for referring to a user group with a silent mention.
    • Added new personal privacy setting controlling whether typing notifications are sent to other users.
    • Added new personal setting controlling whether Esc navigates the user to the default view.
    • Split stream creation policy into separate settings for private, public, and web-public streams.
    • New integrations: Freshstatus, Lidarr, Open Collective, Radarr, Sonarr, SonarQube.
    • Message edit notifications now indicate how many messages were moved, when only part of a topic was moved.
    • Muted topic records are now moved when an entire topic is moved.
    • Search views that don't mark messages as read now have an explanatory notice if any unread messages are present.
    • Added new "Scroll to bottom" widget hovering over the message feed.
    • Changed the default emoji set from Google Classic to Google Modern.
    • User groups mentions now correctly function as silent mentions when inside block quotes.
    • Messages that have been moved (but not otherwise edited) are now displayed as MOVED, not EDITED.
    • Reworked the UI for selecting a stream when moving topics.
    • Redesigned modals in the app to have more consistent and cleaner UX.
    • Added new topic filter widget in left sidebar zoomed view.
    • Redesigned Welcome Bot onboarding experience.
    • Redesigned hover behavior for timestamps and time mentions.
    • Messages sent by muted users can now be rehidden after being revealed. One can also now mute deactivated users.
    • Rewrote Help Center guides for new organizations and users, and made hundreds of other improvements to Help Center content and organization.
    • Reimplemented the image lightbox's pan/zoom functionality to be nicer, allowing us to enable it be default.
    • Added styled loading page for the web application.
    • Webhook integrations now support specifying the target stream by ID.
    • Notifications now differentiate user group mentions from personal mentions.
    • Added support for configuring how long the server should wait before sending email notifications after a mention or PM.
    • Improved integrations: BigBlueButton, GitHub, Grafana, PagerDuty, and many more.
    • Improved various interaction and performance details in Recent Topics.
    • Improved styling for poll and todo list widgets.
    • Zulip now supports configuring the database name and username when using a remote Postgres server. Previously, these were hardcoded to "zulip".
    • Migrated many tooltips to prettier tooltips powered by TippyJS.
    • Autocomplete is now available when editing topics.
    • Typeahead for choosing a topic now consistently fetches the full set of historical topics in the stream.
    • Changed "Quote and reply" to insert quoted content at the cursor when the compose box is not empty.
    • The compose box now has friendly UI for messages longer than 10K characters.
    • Compose typeahead now opens after typing only "@".
    • Improved the typeahead sorting for choosing code block languages.
    • Many additional subtle usability improvements to compose typeahead.
    • Adjusted permissions to only allow administrators to override unicode emoji with a custom emoji of the same name.
    • New "Manage this user" option in user profile popovers simplifies moderation.
    • New automated notifications when changing global stream settings like description and message retention policy.
    • Drafts are now advertised more prominently, in the left sidebar.
    • Drafts and message edit history now correctly render widgets like spoilers and global times.
    • Improved the tooltip formatting for global times.
    • LDAP userAccountControl logic now supports FreeIPA quirks.
    • Fixed a problem where self-hosted servers that permuted the IDs of their users by using the data export/import tools might send mobile push notifications to the wrong devices.
    • Fixed various bugs resulting in missing translations; most importantly in the in-application search/markdown/hotkeys help widgets.
    • Fixed several bugs that prevented browser undo from working in the compose box.
    • Fixed search typeahead not working once you've added a full-text keyword.
    • Fixed linkifier validation to prevent invalid linkifiers.
    • Fixed Ctrl+. shortcut not working correctly with empty topics.
    • Fixed numerous corner case bugs with email and mobile push notifications.
    • Fixed a bug resulting in long LaTeX messages failing to render.
    • Fixed buggy logic displaying users' last active time.
    • Fixed confusing "delete stream" language for archiving streams.
    • Fixed exceptions in races involving messages being deleted while processing a request to add emoji reactions, mark messages as read, or sending notifications.
    • Fixed most remaining 500 errors seen in Zulip Cloud (these were already quite rare, so this process involved debugging several rare races, timeouts, and error handling bugs.).
    • Fixed subtle bugs involving composing messages to deactivated users.
    • Fixed subtle bugs with reloading the page while viewing settings with "Recent topics" as the default view.
    • Fixed bug where pending email notifications could be lost when restarting the Zulip server.
    • Fixed "require topics" setting not being enforced for API clients.
    • Fixed several subtle Markdown rendering bugs.
    • Fixed several bugs with message edit history and stream/topic moves.
    • Fixed multiple subtle bugs that could cause compose box content to not be properly saved as drafts in various situations.
    • Fixed several server bugs involving rare race conditions.
    • Fixed a bug where different messages in search results would be incorrectly shown with a shared recipient bar despite potentially not being temporally adjacent.
    • Fixed lightbox download button not working with the S3 upload backend.
    • Increased default retention period before permanently removing deleted messages from 7 days to 30 days.
    • Rate limiting now supports treating all Tor exit nodes as a single IP.
    • Changed "From" header in invitation emails to no longer include the name of the user who sent the invitation, to prevent anti-phishing software from flagging invitations.
    • Added support for uploading animated PNGs as custom emoji.
    • Renamed "Night mode" to "Dark theme".
    • Added the mobile app's notification sound to desktop sound options, as "Chime".
    • Reworked the manage.py help interface to hide Django commands that are useless or harmful to run on a production system. Also deleted several useless management commands.
    • Improved help and functionality of several management commands. New create_realm management command supports some automation workflows.
    • Added RealmAuditLog logging for most administrative actions that were previously not tracked.
    • Added automated testing of the upgrade process from previous releases, to reduce the likelihood of problems upgrading Zulip.
    • Attempting to "upgrade" to an older version now gives a clear error message.
    • Optimized critical parts of the message sending code path for large organizations.
    • Optimized creating streams in very large organizations.
    • Certain unprintable Unicode characters are no longer permitted in topic names.
    • Added IP-based rate limiting for unauthenticated requests.
    • Added documentation for Zulip's rate-limiting rules.
    • Merged the API endpoints for a user's personal settings into the /settings endpoint with a cleaner interface.
    • The server API now supports marking messages as unread, allowing this upcoming mobile app feature to work with Zulip 5.0.
    • Added to the API most page-load parameters used by the web app application that were missing from the /register API.
    • Simplified the infrastructure for rendering API documentation so that only a few pages require Markdown templates in addition to the OpenAPI specification file.
    • Corrected many minor issues with the API documentation.
    • Major improvements to both the infrastructure and content for Zulip's ReadTheDocs documentation for contributors and sysadmins.
    • Major improvements to the mypy type-checking, discovered via using the django-stubs project to get Django stubs.
    • Renamed main branch from master to main.
    Source code(tar.gz)
    Source code(zip)
    zulip-server-5.0.tar.gz(89.75 MB)
  • 5.0-rc1(Mar 16, 2022)

  • 4.11(Mar 15, 2022)

    • CVE-2022-24751: Zulip Server 4.0 and above were susceptible to a race condition during user deactivation, where a simultaneous access by the user being deactivated may, in rare cases, allow continued access by the deactivated user. This access could theoretically continue until one of the following events happens:
      • The session expires from memcached; this defaults to two weeks, and is controlled by SESSION_COOKIE_AGE in /etc/zulip/settings.py
      • The session cache is evicted from memcached by other cached data.
      • The server is upgraded, which clears the cache.
    • Updated translations.
    Source code(tar.gz)
    Source code(zip)
    zulip-server-4.11.tar.gz(80.94 MB)
  • 4.10(Feb 25, 2022)

    • CVE-2022-21706: Reusable invitation links could be improperly used for other organizations.
    • CVE-2021-3967: Enforce that regenerating an API key must be done with an API key, not a cookie. Thanks to nhiephon (twitter.com/_nhiephon) for their responsible disclosure of this vulnerability.
    • Fixed a bug with the reindex-textual-data tool, where it would sometimes fail to find the libraries it needed.
    • Pin PostgreSQL to 10.19, 11.14, 12.9, 13.5 or 14.1 to avoid a regression which caused deploys with PGroonga enabled to unpredictably fail database queries with the error variable not found in subplan target list.
    • Fix ARM64 support; however, the wal-g binary is not yet supported on ARM64 (zulip/zulip#21070).
    Source code(tar.gz)
    Source code(zip)
    zulip-server-4.10.tar.gz(80.67 MB)
  • 4.9(Jan 25, 2022)

    • CVE-2021-43799: Remote execution of code involving RabbitMQ.
    • Closed access to RabbitMQ port 25672; initial installs tried to close this port, but failed to restart RabbitMQ for the configuration.
    • Removed the rabbitmq.nodename configuration in zulip.conf; all RabbitMQ instances will be reconfigured to have a nodename of [email protected]. You can remove this setting from your zulip.conf configuration file, if it exists.
    • Added missing support for the Camo image proxy in the Docker image. This resolves a longstanding issue with image previews, if enabled, appearing as broken images for Docker-based installs.
    • Fixed a bug which allowed a user to edit a message to add a wildcard mention when they did not have permissions to send such messages originally.
    • Fixed a bug in the tool that corrects database corruption caused by updating the operating system hosting PostgreSQL, which previously omitted some indexes from its verification. If you updated the operating system of your Zulip instance from Ubuntu 18.04 to 20.04, or from Debian Stretch to Debian Buster, you should run the tool, even if you did so previously; full details and instructions are available in the previous blog post.
    • Began routing requests from the Camo image proxy through a non-Smokescreen proxy, if one is configured; because Camo includes logic to deny access to private subnets, routing its requests through Smokescreen is generally not necessary.
    • Fixed a bug where changing the Camo secret required running zulip-puppet-apply.
    • Fixed scripts/setup/compare-settings-to-template to be able to run from any directory.
    • Switched Let's Encrypt renewal to use its own timer, rather than our custom cron job. This fixes a bug where occasionally nginx would not reload after getting an updated certificate.
    • Updated documentation and tooling to note that installs using upgrade-zulip-from-git require 3 GB of RAM, or 2 GB and at least 1 GB of swap.
    Source code(tar.gz)
    Source code(zip)
    zulip-server-4.9.tar.gz(80.67 MB)
  • 4.8(Dec 1, 2021)

    • CVE-2021-43791: Zulip could fail to enforce expiration dates on confirmation keys, allowing users to potentially use expired invitations, self-registrations, or realm creation links.
    • Began installing Smokescreen to harden Zulip against SSRF attacks by default. Zulip has offered Smokescreen as an option since Zulip 4.0. Existing installs which configured an outgoing proxy which is not on localhost:4750 will continue to use that; all other installations will begin having a Smokescreen installation listening on, which Zulip will proxy traffic through. The version of Smokescreen was also upgraded.
    • Replaced the camo image proxy with go-camo, a maintained reimplementation that also protects against SSRF attacks. This server now listens only on when it is deployed as part of a standalone deployment.
    • Began using camo for images displayed in URL previews. This improves privacy and also resolves an issue where an image link to a third party server with an expired or otherwise invalid SSL certificate would trigger a confusing pop-up window for Zulip Desktop users.
    • Fixed a bug which could cause Tornado to shut down improperly (causing an immediate full-page reload for their clients) when restarting a heavily loaded Zulip server.
    • Updated Python dependencies.
    • Truncated large “remove” mobile notification events so that marking hundreds of private messages or other notifiable messages as read at once won’t exceed Apple’s 4 KB notification size limit.
    • Slack importer improvements:
      • Ensured that generated fake email addresses for Slack bots are unique.
      • Added support for importing Slack exports from a directory, not just a .zip file.
      • Provided better error messages with invalid Slack tokens.
      • Added support for non-ASCII Unicode folder names on Windows.
    • Add support for V3 Pagerduty webhook.
    • Updated documentation for Apache SSO, which now requires additional configuration now that Zulip uses a C extension (the re2 module).
    • Fixed a bug where an empty name in a SAML response would raise an error.
    • Ensured that deliver_scheduled_emails and deliver_scheduled_messages did not double-deliver if run on multiple servers at once.
    • Extended Certbot troubleshooting documentation.
    • Fixed a bug in soft deactivation catch-up code, in cases where a race condition had created multiple subscription deactivation entries for a single user and single stream in the audit log.
    • Updated translations, including adding a Sinhala translation.
    Source code(tar.gz)
    Source code(zip)
    zulip-server-4.8.tar.gz(80.67 MB)
  • 4.7(Oct 4, 2021)

  • 4.6(Sep 23, 2021)

    4.6 -- 2021-09-23

    • Documented official support for Debian 11 Bullseye, now that it is officially released by Debian upstream.
    • Fixed installation on Debian 10 Buster. Upstream infrastructure had broken the Python virtualenv tool on this platform, which we've worked around for this release.
    • Zulip releases are now distributed from https://download.zulip.com/server/, replacing the old www.zulip.org server.
    • Added support for LDAP synchronization of the is_realm_owner and is_moderator flags.
    • upgrade-zulip-from-git now uses git fetch --prune; this ensures upgrade-zulip-from-git master with return an error rather than using a stale cached version of the master branch, which was renamed to main this month.
    • Added a new reset_authentication_attempt_count management command to allow sysadmins to manually reset authentication rate limits.
    • Fixed a bug that caused the upgrade-postgresql tool to incorrectly remove supervisord configuration for process-fts-updates.
    • Fixed a rare migration bug when upgrading from Zulip versions 2.1 and older.
    • Fixed a subtle bug where the left sidebar would show both old and new names for some topics that had been renamed.
    • Fixed incoming email gateway support for configurations with the http_only setting enabled.
    • Fixed issues where Zulip's outgoing webhook, with the Slack-compatible interface, had a different format from Slack's documented interface.
    • The installation and upgrade documentations now show the latest release's version number.
    • Backported many improvements to the ReadTheDocs documentation.
    • Updated translation data from Transifex.
    Source code(tar.gz)
    Source code(zip)
    zulip-server-4.6.tar.gz(80.53 MB)
  • 2.1.8(Aug 12, 2021)

  • 4.5(Jul 25, 2021)

  • 4.4(Jul 22, 2021)

    4.4 -- 2021-07-22

    • Added a tool to fix potential database corruption caused by host OS upgrades.
    • Fixed a possible denial-of-service attack in Markdown fenced code block parsing.
    • Smokescreen, if installed, now defaults to only listening on; this prevents it from being used as an open HTTP proxy if it did not have other firewalls protecting incoming port 4750.
    • Fixed a performance/scalability issue for installations using the S3 file uploads backend.
    • Fixed a bug where users could turn other users’ messages they could read into widgets (e.g. polls).
    • Fixed a bug where emoji and avatar image requests were sent through Camo; doing so does not add any security benefit, and broke custom emoji that had been imported from Slack in Zulip 1.8.1 or earlier.
    • Changed to log just a warning, instead of an exception, in the case that the embed_links worker cannot fetch previews for all links in a message within the 30-second timeout. Each preview request within a message already has a 15-second timeout.
    • Ensured psycopg2 is installed before starting process_fts_updates; otherwise, it might fail to start several times before the package was installed.
    • Worked around a bug in supervisor where, when using SysV init, /etc/init.d/supervisor restart would only have stopped, not restarted, the process.
    • Modified upgrade scripts to better handle failure, and suggest next steps and point to logs.
    • Zulip now hides the “show password” eye icon that IE and Edge browsers place in password inputs; this duplicated the already-present JavaScript-based functionality.
    • Fixed “OR” glitch on login page if SAML authentication is enabled but not configured.
    • The send_test_email management command now shows the full SMTP conversation on failure.
    • Provided a change_password management command which takes a --realm option.
    • Fixed upgrade-zulip-from-git crashing in CSS source map generation on 1-CPU systems.
    • Added an auto_signup field in SAML configuration to auto-create accounts upon first login attempt by users which are authenticated by SAML.
    • Provided better error messages when puppet_classes in zulip.conf are mistakenly space-separated instead of comma-separated.
    • Updated translations for many languages.
    Source code(tar.gz)
    Source code(zip)
    zulip-server-4.4.tar.gz(80.43 MB)
  • 4.3(Jun 2, 2021)

    4.3 -- 2021-06-02

    • Fixed exception when upgrading older servers with the JITSI_SERVER_URL setting set to None to disable Jitsi.
    • Fixed GIPHY integration dropdown appearing when the server doesn't have a GIPHY API key configured.
    • The GIPHY API library is no longer loaded for users who are not actively using the GIPHY integration.
    • Improved formatting for Grafana integration.
    • Fixed previews of Dropbox image links.
    • Fixed support for storing avatars/emoji in non-S3 upload backends.
    • Fixed an overly strict database constaint for code playgrounds.
    • Tagged user status strings for translation.
    • Updated translation data from Transifex.
    Source code(tar.gz)
    Source code(zip)
    zulip-server-4.3.tar.gz(80.40 MB)
  • 4.2(May 14, 2021)

  • 4.1(May 14, 2021)

  • 4.0(May 13, 2021)

    4.0 -- 2021-05-13


    • Code blocks now have a copy-to-clipboard button and can be integrated with external code playgrounds, making it convenient to work with code while discussing it in Zulip.
    • Added a new organization Moderator role. Many permissions settings for sensitive features now support only allowing moderators and above to use the feature.
    • Added a native Giphy integration for sending animated GIFs.
    • Added support for muting another user.
    • Recent topics is no longer beta, no longer an overlay, supports composing messages, and is now the default view. The previous default view, "All messages", is still available, and the default view can now be configured via "Display settings".
    • Completed API documentation for Zulip's real-time events system. It is now possible to write a decent Zulip client with minimal interaction with the Zulip server development team.
    • Added new organization settings: wildcard mention policy.
    • Integrated Smokescreen, an outgoing proxy designed to help protect against SSRF attacks; outgoing HTTP requests that can be triggered by end users are routed through this service. We recommend that self-hosted installations configure it.
    • This release contains more than 30 independent changes to the Zulip API, largely to support new features or make the API (and thus its documentation) clearer and easier for clients to implement. Other new API features support better error handling for the mobile and terminal apps.
    • The frontend internationalization library was switched from i18next to FormatJS.
    • The button for replying was redesigned to show the reply recipient and be more obvious to users coming from other chat apps.
    • Added support for moving topics to private streams, and for configuring which roles can move topics between streams.

    Upgrade notes for 4.0

    • Changed the Tornado service to use instead of as its default network address, to simplify support for multiple Tornado processes. Since Tornado only listens on localhost, this change should have no visible effect unless another service is using port 9800.
    • Zulip's top-level puppet classes have been renamed, largely from zulip::foo to zulip::profile::foo. Configuration referencing these /etc/zulip/zulip.conf will be automatically updated during the upgrade process, but if you have a complex deployment or you maintain zulip.conf is another system (E.g. with the manual configuration option for docker-zulip), you'll want to manually update the puppet_classes variable.
    • Zulip's supervisord configuration now lives in /etc/supervisor/conf.d/zulip/
    • Consider enabling Smokescreen
    • Private streams can no longer be default streams (i.e. the ones new users are automatically added to).
    • New scripts/start-server and scripts/stop-server mean that one no longer needs to use supervisorctl directly for these tasks.
    • As this is a major release, we recommend carefully updating the inline documentation in your /etc/zulip/settings.py. Notably, we rewrote the template to be better organized and more readable in this release.
    • The webapp will now display a warning in the UI if the Zulip server has not been upgraded in more than 18 months. template to be better organized and more readable.
    • The next time users log in to Zulip with their password after upgrading to this release, they will be logged out of all active browser sessions (i.e. the web and desktop apps). This is a side effect of improved security settings (increasing the minimum entropy used when salting passwords from 71 bits to 128 bits).
    • We've removed the partial Thumbor integration from Zulip. The Thumbor project appears to be dead upstream, and we no longer feel comfortable including it in Zulip from a security perspective. We hope to introduce a fully supported thumbnailing integration in our next major release.

    Full feature changelog

    • Added new release lifecycle documentation.
    • Added support for subscribing another stream's membership to a stream.
    • Added RealmAuditLog for most settings state changes in Zulip; this data will fascilitate future features showing a log of activity by a given user or changes to an organization's settings.
    • Added support for using Sentry for processing backend exceptions.
    • Added documentation for using wal-g for continuous PostgreSQL backups.
    • Added loading spinners for message editing widgets.
    • Added live update of compose placeholder text when recipients change.
    • Added keyboard navigation for popover menus that were missing it.
    • Added documentation for all zulip.conf settings.
    • Added dozens of new notification sound options.
    • Added menu option to unstar all messages in a topic.
    • Added confirmation dialog before unsubscribing from a private stream.
    • Added confirmation dialog before deleting your profile picture.
    • Added types for all parameters in the API documentation.
    • Added API endpoint to fetch user details by email address.
    • Added API endpoint to fetch presence details by user ID.
    • Added new LDAP configuration options for servers hosting multiple organizations.
    • Added new @**|user_id** mention syntax intended for use in bots.
    • Added preliminary support for Zulip on Debian Bullseye; this release is expected to support Bullseye without any further changes.
    • Added several useful new management commands, including change_realm_subdomain and delete_user.
    • Added support for subscribing all members of a user group to a stream.
    • Added support for sms: and tel: links.
    • Community topic editing time limit increased to 3 days for members.
    • New integrations: Freshping, JotForm, Uptime Robot, and a JSON formatter (which is particularly useful when developing a new integration).
    • Updated integrations: ClubHouse, NewRelic, Bitbucket, Zabbix.
    • Improved formatting of GitHub and GitLab integrations.
    • Improved the user experience for multi-user invitations.
    • Improved several rendered-message styling details.
    • Improved design of <time> widgets.
    • Improved format of nginx logs to include hostname and request time.
    • Redesigned the left sidebar menu icons (now \vdots, not a chevron).
    • The Zoom integration is now stable (no longer beta).
    • Favicon unread counts are more attractive and support large numbers.
    • Zulip now displays the total number of starred messages in the left sidebar by default; over 20% of users had enabled this setting manually.
    • Presence circles for users are now shown in mention typeahead.
    • Email notifications for new messages are now referred to as a "Message notification email", not a "Missed message email".
    • Zulip now sets List-Unsubscribe headers in outgoing emails with unsubscribe links.
    • Password forms now have a "Show password" widget.
    • Fixed performance issues when creating hundreds of new users in quick succession (E.g. at the start of a conference or event).
    • Fixed performance issues in organizations with thousands of online users.
    • Fixed numerous rare exceptions when running Zulip at scale.
    • Fixed several subtle installer bugs.
    • Fixed various UI and accessibility issues in the registration and new user invitation flows.
    • Fixed live update and UI bugs with streams being deactivated or renamed.
    • Fixed a subtle Firefox bug with Esc breaking keyboard accessibility.
    • Fixed name not being populated currently with Apple authentication.
    • Fixed several subtle bugs in the "Stream settings" UI.
    • Fixed error handling for incoming emails that fail to send.
    • Fixed a subtle bug with timestamps for messages that take a long time to send.
    • Fixed missing horizontal scrollbar for overflowing rendered LaTeX.
    • Fixed visual issues with bottoms areas of both sidebars.
    • Fixed several error handling bugs with outgoing webhooks.
    • Fixed bugs with recipient bar UI for muting and topic editing.
    • Fixed highlighting of adjacent alert words.
    • Fixed many settings API endpoints with unusual string encoding.
    • Fixed wildcard mentions in blockquotes not being treated as silent.
    • Increased size of typeahead box for mentions from 5 to 8.
    • Typeahead now always ranks exact string matches first.
    • Tooltips have been migrated from Bootstrap to TippyJS, and added in many places that previously just had title attributes.
    • Zulip now consistently uses the Source Code Pro font for code blocks, rather than varying by operating system.
    • Redesigned "Alert words" settings UI.
    • Linkifiers can now be edited in their settings page.
    • Tables in settings UI now have sticky headers.
    • Confirmation dialogs now consistently use Confirm/Cancel as button labels.
    • Refactored typeahead and emoji components to be shareable with the mobile codebase.
    • Switched to orjson for JSON serialization, resulting in better performance and more standards-compliant validation.
    • Outgoing webhooks now enforce a 10 second timeout.
    • Image previews in a Zulip message are now unconditionally proxied by Camo to improve privacy, rather than only when the URL was not HTTPS.
    • Replaced the old CasperJS frontend test suite with Puppeteer.
    • Split the previous api_super_user permission into can_create_user and can_forge_sender (used for mirroring).
    • Various API endpoints creating objects now return the ID of the created object.
    • Fixed screenreader accessibility of many components, including the compose box, message editing, popovers, and many more.
    • Fixed transparency issues uploading some animated GIFs as custom emoji.
    • Improved positioning logic for inline YouTube previews.
    • Improved performance of several high-throughput queue processors.
    • Improved performance of queries that fetch all active subscribers to a stream or set of streams.
    • Improved performance of sending messages to streams with thousands of subscribers.
    • Upgraded our ancient forked version of bootstrap, on a path towards removing the last forked dependencies from the codebase.
    • Upgraded Django to 3.1 (as well as essentially every other dependency).
    • Updated webapp codebase to use many modern ES6 patterns.
    • Upgraded Zulip's core font to Source Sans 3, which supports more languages.
    • Relabeled :smile: and :stuck_out_tongue: emoji to use better codepoints.
    • Reduced the size of Zulip's main JavaScript bundle by removing moment.js.
    • Server logs now display the version number for Zulip clients.
    • Simplified logic for responsive UI with different browser sizes.
    • Fixed several subtle bugs in the compose and message-edit UIs.
    • Reduced the steady-state load for an idle Zulip server.
    • Removed HipChat import tool, because HipChat has been long EOL.
    • Reformatted the Python codebase with Black, and the frontend codebase with Prettier.
    • Migrated testing from CircleCI to GitHub Actions.
    Source code(tar.gz)
    Source code(zip)
    zulip-server-4.0.tar.gz(80.36 MB)
  • 4.0-rc1(May 4, 2021)

  • 3.4(Apr 14, 2021)

    • CVE-2021-30487: Prevent administrators from moving topics to disallowed streams.
    • CVE-2021-30479: Prevent guest user access to all_public_streams API.
    • CVE-2021-30478: Prevent API super users from forging messages to other organizations.
    • CVE-2021-30477: Prevent outgoing webhook bots from sending arbitrary messages to any stream.
    • Fixed a potential HTML injection bug in outgoing emails.
    • Fixed Postfix configuration error which would prevent outgoing email to any email address containing ., +, or starting with mm, when configured to use the local Postfix to deliver outgoing email.
    • Fixed a backporting error which caused the manage.py change_user_role tool to not work for admin, member, or guest roles.
    • Add support for logout events sent from modern versions of the desktop application.
    • Upgraded minor python dependencies.
    • Minor documentation fixes.
    Source code(tar.gz)
    Source code(zip)
    zulip-server-3.4.tar.gz(73.94 MB)
  • 3.3(Dec 1, 2020)

    • Guest users should not be allowed to post to streams marked “Only organization full members can post.” This flaw has existed since the feature was added in Zulip Server 3.0.
    • Permit outgoing mail from postfix; this resolves a bug introduced in Zulip Server 3.2 which prevented Zulip from sending outgoing mail if the local mail server (used mostly for incoming mail) was also used for outgoing email (MAIL_HOST='localhost').
    • Ensure that the upgrade-postgres tool upgrades the cluster’s data to the specific PostgreSQL version requested; this resolves a bug where, now that PostgreSQL 13 has been released, upgrade-postgres would attempt to upgrade to that version and not PostgreSQL 12.
    • Replace the impenetrably-named ./manage.py knight with ./manage.py change_user_role, and extend it to support “Organization owner” roles.
    • Handle realm emojis that have been manually deleted more gracefully.
    Source code(tar.gz)
    Source code(zip)
    zulip-server-3.3.tar.gz(73.93 MB)
  • 3.2(Sep 15, 2020)

    3.2 -- September 15, 2020

    • Switched from libmemcached to python-binary-memcached, a pure-Python implementation; this should eliminate memcached connection problems affecting some installations.
    • Removed unnecessary django-cookies-samesite dependency, which had its latest release removed from PyPI (breaking installation of Zulip 3.1).
    • Limited which local email addresses Postfix accepts when the incoming email integration is enabled; this prevents the enumeration of local users via the email system.
    • Fixed incorrectly case-sensitive email validation in REMOTE_USER authentication.
    • Fixed search results for has:image.
    • Fixed ability to adjust "Who can post on the stream" configuration.
    • Fixed display of "Permission [to post] will be granted in n days" for n > 365.
    • Support providing nginx_listen_port setting in conjunction with http_only in zulip.conf.
    • Improved upgrade documentation.
    • Removed internal ID lists which could leak into the events API.
    Source code(tar.gz)
    Source code(zip)
    zulip-server-3.2.tar.gz(73.92 MB)
Zulip open source project
Easy-to-use and powerful offline translation tool

Introduction Virtaal is a graphical program for doing translation. It is meant to be easy to use and powerful at the same time. Although the initial f

Translate 271 Nov 22, 2022
GlobaLeaks is free, open source software enabling anyone to easily set up and maintain a secure whistleblowing platform.

GlobaLeaks is free, open souce software enabling anyone to easily set up and maintain a secure whistleblowing platform. Continous Integration and Test

GlobaLeaks 995 Jan 1, 2023
Insular email distribution - mail server as Docker images

Mailu is a simple yet full-featured mail server as a set of Docker images. It is free software (both as in free beer and as in free speech), open to s

Mailu 4.2k Jan 4, 2023
A free & open modern, fast email client with user-friendly encryption and privacy features

Welcome to Mailpile! Introduction Mailpile (https://www.mailpile.is/) is a modern, fast web-mail client with user-friendly encryption and privacy feat

mailpile 8.7k Jan 4, 2023
ProPublica's collaborative tip-gathering framework. Import and manage CSV, Google Sheets and Screendoor data with ease.

Collaborate This is a web application for managing and building stories based on tips solicited from the public. This project is meant to be easy to s

ProPublica 86 Oct 18, 2022
Askbot is a Django/Python Q&A forum. **Contributors README**: https://github.com/ASKBOT/askbot-devel#how-to-contribute. Commercial hosting of Askbot and support are available at https://askbot.com

ATTENTION: master branch is experimental, please read below Askbot - a Django Q&A forum platform This is Askbot project - open source Q&A system, like

ASKBOT 1.5k Dec 28, 2022
A wiki system with complex functionality for simple integration and a superb interface. Store your knowledge with style: Use django models.

django-wiki Django support The below table explains which Django versions are supported. Release Django Upgrade from 0.7.x 2.2, 3.0, 3.1 0.5 or 0.6 0.

django-wiki 1.6k Dec 28, 2022
WebApp Maker make web apps (Duh). It is open source and make with python and shell.

WebApp Maker make web apps (Duh). It is open source and make with python and shell. This app can take any website and turn it into an app. I highly recommend turning these few websites into webapps: - Krunker.io (Fps Game) - play.fancade.com (Minigame Arcade) - Your Own Website If You Have One Apart from that enjoy my app By 220735540 (a.k.a RP400)

null 2 Jan 9, 2022
An open source movie recommendation WebApp build by movie buffs and mathematicians that uses cosine similarity on the backend.

Movie Pundit Find your next flick by asking the (almost) all-knowing Movie Pundit Jump to Project Source » View Demo · Report Bug · Request Feature Ta

Kapil Pramod Deshmukh 8 May 28, 2022
HackBMU-5.0-Team-Ctrl-Alt-Elite - HackBMU 5.0 Team Ctrl Alt Elite

HackBMU-5.0-Team-Ctrl-Alt-Elite The search is over. We present to you ‘Health-A-

null 3 Feb 19, 2022
A TCP Chatroom built with python and TCP/IP sockets, consisting of a server and multiple clients which can connect with the server and chat with each other.

A TCP Chatroom built with python and TCP/IP sockets, consisting of a server and multiple clients which can connect with the server and chat with each other. It also provides an Admin role with features including kicking and baning of users.

null 3 May 22, 2022
A powerful bot to copy your google drive data to your team drive

⚛️ Clonebot - Heroku version ⚡ CloneBot is a telegram bot that allows you to copy folder/team drive to team drives. One of the main advantage of this

MsGsuite 269 Dec 23, 2022
A powerful discord bot for forming team.

Discord_SquadBot A powerful discord bot for forming team. Pre-requirement Python 3.7 and latest Discord.py module is required. Installation guideline

Jacky Yu 2 Jan 29, 2022
Mmdb-server - An open source fast API server to lookup IP addresses for their geographic location

mmdb-server mmdb-server is an open source fast API server to lookup IP addresses

Alexandre Dulaunoy 67 Nov 25, 2022
Red Team Toolkit is an Open-Source Django Offensive Web-App which is keeping the useful offensive tools used in the red-teaming together.

RedTeam Toolkit Note: Only legal activities should be conducted with this project. Red Team Toolkit is an Open-Source Django Offensive Web-App contain

Mohammadreza Sarayloo 382 Jan 1, 2023
The FLARE team's open-source library to disassemble Common Intermediate Language (CIL) instructions.

dncil is a Common Intermediate Language (CIL) disassembly library written in Python that supports parsing the header, instructions, and exception hand

MANDIANT 95 Jan 8, 2023
A Advanced Powerful, Smart And Intelligent Group Management Bot With New And Powerful Features

Vegeta Robot A Advanced Powerful, Smart And Intelligent Group Management Bot With New And Powerful Features ... Written with Pyrogram and Telethon...

⚡ CT_PRO ⚡ 9 Nov 16, 2022
📢 Video Chat Stream Telegram Bot. Can ⏳ Stream Live Videos, Radios, YouTube Videos & Telegram Video Files On Your Video Chat Of Channels & Groups !

Telegram Video Chat Bot (Beta) ?? Video Chat Stream Telegram Bot ?? Can Stream Live Videos, Radios, YouTube Videos & Telegram Video Files On Your Vide

brut✘⁶⁹ // ユスフ 15 Dec 24, 2022
Chat In Terminal - Chat-App in python

Chat In Terminal Hello all. ?? Sockets and servers are vey important for connection and importantly chatting with others. ?? ?? I have thought of maki

Shreejan Dolai 5 Nov 17, 2022
Stevan KZ 1 Oct 27, 2021