We’re informing you about a Mattermost critical security update. This security update addresses a critical severity vulnerability that we discovered during an internal security audit. We highly recommend that you apply the update immediately.
The security update is available for Mattermost dot releases 5.29.1, 5.28.2, 5.27.2, 5.25.7 (ESR) for both Team Edition and Enterprise Edition. It is available for download here.
Customer safety and data security is of utmost priority for Mattermost. For our customers’ protection, and as outlined in our Responsible Disclosure policy, Mattermost does not disclose specifics on the vulnerability until 30 days after this announcement. After 30 days, we will publish specific details on the vulnerability on our Security Updates webpage.
You can follow the standard upgrade instructions to apply the updates.
Please note that the 5.29.1 release also includes the following fixes:
ThreadMembershipstable, and fixed server log warnings related to
ThreadMemberships. Admins planning to enable Collapsed Reply Threads (available in beta in Q1 2021) are recommended to upgrade to v5.29.1 or later.
The full list of bug fixes included in these releases can be found in the changelog.