We have released a recommended security update via Mattermost Team Edition 5.16.1, 5.15.2, 5.14.5, 5.9.6 (ESR) and Mattermost Enterprise Edition 5.16.1, 5.15.2, 5.14.5, 5.9.6 (ESR).
This security update addresses a high level vulnerability discovered during a security research review by Roman Shchekin.
The 5.16.1 and 5.15.2 versions also resolve the following bugs:
- (Accessibility) Fixed an issue where “Click here to jump to recent messages” was not accessible via keyboard.
- (Accessibility) Fixed an issue where post options were skipped when tabbing through a post in search results.
- (Accessibility) Fixed an issue where F6 did not allow navigating to the right-hand side when a thread wasn’t open.
- Fixed an issue where a change to the production Plugin Marketplace URL wasn’t backported to v5.16.0.