Mattermost security updates 6.0.2, 5.39.1, 5.38.3, and 5.37.3 (Extended Support Release)

We’re informing you about a Mattermost security update, which addresses medium-level severity vulnerabilities. We highly recommend that you apply the update.

The security update is available for Mattermost dot releases 6.0.2, 5.39.1, 5.38.3, and 5.37.3 (ESR) for both Team Edition and Enterprise Edition. They are available for download here.

Customer safety and data security are the utmost priorities for Mattermost. For our customers’ protection, and as outlined in our Responsible Disclosure policy, Mattermost does not disclose specifics on this vulnerability until 30 days after this announcement. After 30 days, we will publish specific details on the vulnerability on our Security Updates webpage.

Mattermost v6.0.1 also resolves the following bugs:

• Fixed a race condition in telemetry IDs on High Availability servers.
• Updated prepackaged Boards version to 0.9.4.

Mattermost v5.39.1 also resolves the following bugs:

• Fixed an issue with fetching threads upon websocket reconnection.
• Fixed a race condition in telemetry IDs on High Availability servers.

Mattermost v5.38.3 also resolves the following bug:

• Fixed a race condition in telemetry IDs on High Availability servers.

Mattermost v5.37.3 (ESR) also resolves the following bugs:

• Fixed a race condition in telemetry IDs on High Availability servers.
• Fixed the import process for imports with attachments.
• Fixed an issue that kept message attachment fields unaligned.

You can follow the standard upgrade instructions to apply the updates.