Today we released Zulip Desktop 4.0.3, fixing a critical security issue: CVE-2020-9443: Web security was disabled in the Electron webview. This is a critical security issue because Zulip’s security model for uploaded files relies on the browser (in this case Electron) enforcing the web security model. …
