Mattermost security update 5.16.1 / 5.15.2 / 5.14.5 / 5.9.6 (ESR) released

We have released a recommended security update via Mattermost Team Edition 5.16.1, 5.15.2, 5.14.5, 5.9.6 (ESR) and Mattermost Enterprise Edition 5.16.1, 5.15.2, 5.14.5, 5.9.6 (ESR).

This security update addresses a high level vulnerability discovered during a security research review by Roman Shchekin.

Follow the standard upgrade instructions to apply the updates.

Per the Mattermost Responsible Disclosure Policy, details of the update will be posted on our security updates page 30 days after release.

The 5.16.1 and 5.15.2 versions also resolve the following bugs:

• (Accessibility) Fixed an issue where “Click here to jump to recent messages” was not accessible via keyboard.
• (Accessibility) Fixed an issue where post options were skipped when tabbing through a post in search results.
• (Accessibility) Fixed an issue where F6 did not allow navigating to the right-hand side when a thread wasn’t open.
• Fixed an issue where a change to the production Plugin Marketplace URL wasn’t backported to v5.16.0.