Mattermost security updates 6.6.1, 6.5.1, 6.4.3, 6.3.8 (ESR) released
We’re informing you about a Mattermost security update, which addresses a medium-level severity vulnerability. We highly recommend that you apply the update.
The security update is available for Mattermost dot releases 6.6.1, 6.5.1, 6.4.3 and 6.3.8 (Extended Support Release) for both Team Edition and Enterprise Edition. They are available for download here.
Customer safety and data security are the utmost priorities for Mattermost. For our customers’ protection, and as outlined in our Responsible Disclosure policy, Mattermost does not disclose specifics on this vulnerability until 30 days after this announcement. After 30 days, we will publish specific details on the vulnerability on our Security Updates webpage.
Mattermost 6.6.1 version also resolves the following bugs:
- Replaced an expired GPG key which is used to verify the enterprise binary.
- Fixed an issue with null values in the OAuthApps table’s MattermostAppID column, which was introduced in v6.6.0.
- Fixed an issue where the Workspace Optimization dashboard mentioned that the workspace had reached over 100 users, when fewer than 100 users were registered.
Mattermost 6.5.1 version also resolves the following bugs:
- Fixed an issue on schema migrations where the Mattermost server failed to restart after having an error in the migration process.
- Fixed an issue where the Get trial endpoint did not seem to complete.
Mattermost 6.4.3 version also resolves the following bug:
- Fixed an issue on schema migrations where the Mattermost server failed to restart after having an error in the migration process.
Mattermost 6.3.8 version also resolves the following bug:
- Ping endpoint now can receive a device ID, which will report whether the device is able to receive push notifications.
You can follow the standard upgrade instructions to apply the updates.