Mattermost Platform

Mattermost security update 4.10.1/4.9.4/4.8.2 released

We are releasing a recommended security update via Mattermost Team Edition 4.10.1/4.9.4/4.8.2 and Mattermost Enterprise Edition 4.10.1/4.9.4/4.8.2. This security update addresses a medium level vulnerability discovered during a security research review by Eric Sethna.

Follow the standard upgrade instructions to apply the updates.

Per the Mattermost Responsible Disclosure Policy, details of the update will be posted on our security updates page 14 days after release.

Mattermost 4.10.1 also resolves the following bugs in Mattermost 4.10:

  • Fixed an issue where the Mattermost screen went blank when viewing “Manage Members” list while another user was added to the channel (#MM-10666).
  • Fixed an issue where automatic replies weren’t properly posting or suppressing emails (#MM-10638).
  • Fixed an issue where a member’s roles for a team wasn’t properly deleted when the team was deleted via the API, causing crashing issues (#MM-10432).

We also recently released a recommended security update via Mattermost Team Edition 4.8.1/4.7.4/4.6.3 and Mattermost Enterprise Edition 4.8.1/4.7.4/4.6.3. This security update addressed a moderate severity vulnerability discovered during a security research review by Jesús Espino and Chris Brown.

mm

Amy Blais is the Release Manager at Mattermost, Inc. Her other roles include Community and Customer Support. She previously served as the company’s Associate Marketing Manager.