We’ve released Zammad 6.4.1 to address a vulnerability related to how configuration settings were logged. Sensitive data like tokens and secrets, previously included in log entries, are now filtered to ensure these values are no longer logged.
Action required: Self-hosted users are strongly advised to update to 6.4.1.
Details and guidance:
Find more information in our Security Advisory: ZAA-2024-05