Mattermost security updates 6.3.1, 6.2.2, 6.1.2, 5.37.7 released
We’re informing you about a Mattermost security update, which addresses a medium-level severity vulnerability. We highly recommend that you apply the update.
The security update is available for Mattermost dot releases 6.3.1 (Extended Support Release), 6.2.2, 6.1.2, 5.37.7 (Extended Support Release) for both Team Edition and Enterprise Edition. They are available for download here.
Customer safety and data security are the utmost priorities for Mattermost. For our customers’ protection, and as outlined in our Responsible Disclosure policy, Mattermost does not disclose specifics on this vulnerability until 30 days after this announcement. After 30 days, we will publish specific details on the vulnerability on our Security Updates webpage.
Mattermost v6.3.1 also resolves the following bugs:
- Updated Mattermost Boards to v0.12.1 with various bug fixes.
- Added the ability to normalize DN strings if they were returned with a different attribute letter casing for LDAP users versus LDAP group members.
- Removed file attachment options in channels when file attachments are disabled on the server.
- Fixed a bug causing the team sidebar to display for servers running in a subpath.
Mattermost v6.2.2 also resolves the following bugs:
- Fixed an issue with the v6 migration where the
Users.Timezone
column had a default. This affected servers that had Mattermost v4.9 or earlier installed before upgrading to v6.0 or later. - Fixed an issue where attempting to parse an empty flag resulted in a spurious log line which clogged up the console.
Mattermost v6.1.2 also resolves the following bug:
- Fixed an issue with the v6 migration where the
Users.Timezone
column had a default. This affected servers that had Mattermost v4.9 or earlier installed before upgrading to v6.0 or later.
Mattermost v5.37.7 also resolves the following bug:
- Added support for channel moderation for Professional-licensed servers.
You can follow the standard upgrade instructions to apply the updates.