We’re informing you about a Mattermost security update, which addresses medium-level severity vulnerabilities. We highly recommend that you apply the update.
The security update is available for Mattermost dot releases 6.1.1, 6.0.4, 5.39.3, and 5.37.6 (ESR) for both Team Edition and Enterprise Edition. They are available for download here. These security updates are also available in Mattermost 6.2.1.
Customer safety and data security are the utmost priorities for Mattermost. For our customers’ protection, and as outlined in our Responsible Disclosure policy, Mattermost does not disclose specifics on this vulnerability until 30 days after this announcement. After 30 days, we will publish specific details on the vulnerability on our Security Updates webpage.
Mattermost v6.1.1, 6.0.4, 5.39.3, and 5.37.6 also resolve the following bugs. These fixes are also in Mattermost 6.2.1.
- Added a general performance fix for loading the web application and typing.
- Improved performance while typing by moving some autocomplete layout calculations.
- Improved performance by reducing DOM usage during render.
- Removed real-time updates of a couple of features to prevent overloading servers on user updates. The “This channel contains guests” indicator and the number of timezones displayed when notifying members of a group will only be updated on channel change now.
- Fixed slow channel loading for instances with website link previews enabled.
- Fixed an issue with Focalboard where an empty white screen appeared in Mattermost desktop app on reload.
- Fixed an issue where an incorrect mmctl version was reported.
You can follow the standard upgrade instructions to apply the updates.