Mattermost security updates 11.7.2 (ESR), 11.6.4, 11.5.7, and 10.11.19 (ESR) released

We’re informing you about a Mattermost security update, which addresses Medium severity vulnerabilities. We highly recommend that you apply the update. The security update is available for Mattermost dot releases 11.7.2 (Extended Support Release), 11.6.4, 11.5.7, and 10.11.19 (Extended Support Release) for both Team Edition and Enterprise Edition. They are available for download here. You can follow the standard upgrade instructions to apply the updates.

The 11.7.2 version also includes the following fixes: 

• Pre-packaged Playbooks plugin version v2.9.0.
• Updated Go to v1.25.10.
• Fixed a regression saving various masked fields from the System Console.
• Introduced a new permission, Edit Attachments, for controlling who can edit post attachments when editing a post. By default, the permission is granted to whoever has edit post permission.

The 11.6.4, 11.5.7 and v10.11.19 versions also include the following fixes: 

• Pre-packaged Agents plugin version v1.14.2.
• Introduced a new permission, Edit Attachments, for controlling who can edit post attachments when editing a post. By default the permission is granted to whoever has edit post permission.

Customer safety and data security are the utmost priorities for Mattermost. For our customers’ protection, and as outlined in our Responsible Disclosure policy, Mattermost does not disclose specifics on this vulnerability until 30 days after this announcement. After 30 days, we will publish specific details on the vulnerability on our Security Updates webpage.