We’re informing you about a Mattermost security update, which addresses medium-level severity vulnerabilities. We highly recommend that you apply the update.
The security update is available for Mattermost dot releases 6.4.2, 6.3.5 (Extended Support Release), 6.2.5, 5.37.9 (Extended Support Release) for both Team Edition and Enterprise Edition. They are available for download here.
Customer safety and data security are the utmost priorities for Mattermost. For our customers’ protection, and as outlined in our Responsible Disclosure policy, Mattermost does not disclose specifics on this vulnerability until 30 days after this announcement. After 30 days, we will publish specific details on the vulnerability on our Security Updates webpage.
Mattermost v6.4.2 also includes the following bug fix:
- Fixed an issue where the webapp did not route notifications correctly when the computer was locked.
Mattermost v6.3.5 also includes the following bug fixes:
- Improved the performance of code for storing users in the webapp.
- Fixed a memory leak caused by the post textbox.
- Removed the collapsed sidebar menu from the DOM on sidebar collapse and expand.
- Fixed an issue with disabling and re-enabling Custom Terms of Service.
You can follow the standard upgrade instructions to apply the updates.