We are releasing a recommended security update via Mattermost Team Edition 4.3.1, 4.2.1, and 4.1.2 and Mattermost Enterprise Edition 4.3.1, 4.2.1, and 4.1.2. This security update addresses a low severity vulnerability discovered during a security research review by Frans Rosén.
Mattermost 4.3.1 also resolves the following bugs in the Mattermost 4.3 release:
- Fixed an upgrade issue where the database schema would appear to be out of date and throw a log warning (#7959).
- Fixed the Idle Timeout setting in config.json by changing the setting title from SessionIdleTimeout to SessionIdleTimeoutInMinutes (#7960).
- Fixed a regression where slash commands were not functional in Direct or Group Messages (#7915).