mattermost security release

Mattermost security updates 7.10.1 / 7.9.4 / 7.8.5 (ESR) released

We’re informing you about a Mattermost security update, which addresses medium-level severity vulnerabilities. We highly recommend that you apply the update.

The security update is available for Mattermost dot releases 7.10.1, 7.9.4, and 7.8.5 (Extended Support Release), for both Team Edition and Enterprise Edition. They are available for download here.

Customer safety and data security are the utmost priorities for Mattermost. For our customers’ protection, and as outlined in our Responsible Disclosure policy, Mattermost does not disclose specifics on this vulnerability until 30 days after this announcement. After 30 days, we will publish specific details on the vulnerability on our Security Updates webpage.

7.10.1 version also resolves the following bugs:

  • Fixed an issue where a user would still see threads in the threads view of channels they have left. Migration execution time in MySQL: Query OK, 2766769 rows affected (4 min 47.57 sec). Migration execution time in PostgreSQL: 58.11 sec, DELETE 2766690.
  • Pre-packaged version 1.2.1 of Apps plugin.
  • Fixed an issue caused by a migration in the previous release. Query takes around 11ms on a PostgreSQL 14 DB t3.medium RDS instance. Locks on the preferences table will only be acquired if there are rows to delete, but the time taken is negligible.

7.9.4 version also resolves the following bugs:

  • Fixed an issue where a user would still see threads in the threads view of channels they have left. Migration execution time in MySQL: Query OK, 2766769 rows affected (4 min 47.57 sec). Migration execution time in PostgreSQL: 58.11 sec, DELETE 2766690.
  • Pre-packaged version 1.2.1 of Apps plugin.
  • Backporting fix for OAuth 2. Query times depend on if you have rows to delete or not. Please see the important upgrade notes for more details.

7.8.5 version also resolves the following bugs:

  • Fixed an issue where a user would still see threads in the threads view of channels they have left. Migration execution time in MySQL: Query OK, 2766769 rows affected (4 min 47.57 sec). Migration execution time in PostgreSQL: 58.11 sec, DELETE 2766690.
  • Pre-packaged version 1.2.1 of Apps plugin.
  • Updated the Docker Base Image from Debian to Ubuntu 22.04 LTS.
  • Backporting fix for OAuth 2. Query times depend on if you have rows to delete or not. Please see the important upgrade notes for more details.

You can follow the standard upgrade instructions to apply the updates.

mm

Amy Blais is the Release Manager at Mattermost, Inc. Her other roles include Community and Customer Support. She previously served as the company’s Associate Marketing Manager.