CVE ID: CVE-2021-3866 Vulnerability Type: XSS (Cross-Site Scripting) in stream names Affected Systems: - Zulip installations running the (development) branch of the Zulip server - Self-hosted installations upgraded to the branch on or after December 4 - Zulip Cloud from December 6th through January 15th Mitigation: - Upgrade to the latest version of the branch - Use the command to check if the installation is affected - Zulip Cloud has completed an audit of access logs, and the vulnerability was not exploited Additional Information: - CVE originally assigned as CVE-2021-3853, but corrected to CVE-2021-3866 due to an error - Upgrade the host operating system to Ubuntu 20.04 is recommended for any Zulip servers running on Ubuntu 18.04 Support and Community: - Join for feedback and support - Follow Zulip on Twitter or join the announcement mailing list for updates