Mattermost critical security update for 5.29.1, 5.28.2, 5.27.2, 5.25.7 (ESR)

We’re informing you about a Mattermost critical security update. This security update addresses a critical severity vulnerability that we discovered during an internal security audit. We highly recommend that you apply the update immediately.

The security update is available for Mattermost dot releases 5.29.1, 5.28.2, 5.27.2, 5.25.7 (ESR) for both Team Edition and Enterprise Edition. It is available for download here.

Customer safety and data security is of utmost priority for Mattermost. For our customers’ protection, and as outlined in our Responsible Disclosure policy, Mattermost does not disclose specifics on the vulnerability until 30 days after this announcement. After 30 days, we will publish specific details on the vulnerability on our Security Updates webpage.

You can follow the standard upgrade instructions to apply the updates.

Please note that the 5.29.1 release also includes the following fixes:

  • Added UnreadMentions column to ThreadMemberships table, and fixed server log warnings related to ThreadMemberships. Admins planning to enable Collapsed Reply Threads (available in beta in Q1 2021) are recommended to upgrade to v5.29.1 or later.

The full list of bug fixes included in these releases can be found in the changelog.

Share this article:

mm

Amy Blais

Amy Blais is the Release Manager at Mattermost, Inc. Her other roles include Community and Customer Support. She previously served as the company’s Associate Marketing Manager.

To get future blog posts to your inbox, subscribe below.

We use cookies for advertising, social media and analytics purposes. Read about how we use cookies here. By continuing to use this site, you consent to our use of cookies.