Mattermost security updates 8.1.2 (ESR) / 8.0.3 / 7.8.11 (ESR) released

We’re informing you about a Mattermost security update, which addresses medium-level severity vulnerabilities. We highly recommend that you apply the update.

The security update is available for Mattermost dot releases 8.1.2 (Extended Support Release), 8.0.3, and 7.8.11 (Extended Support Release), for both Team Edition and Enterprise Edition. They are available for download here.

Customer safety and data security are the utmost priorities for Mattermost. For our customers’ protection, and as outlined in our Responsible Disclosure policy, Mattermost does not disclose specifics on this vulnerability until 30 days after this announcement. After 30 days, we will publish specific details on the vulnerability on our Security Updates webpage.

8.1.2 and 7.8.11 versions also resolve the following bug:

• Improved performance on data retention DeleteOrphanedRows queries. See the Important Upgrade Notes for notes on a new migration that was added. Removed feature flag DataRetentionConcurrencyEnabled. Data retention now runs without concurrency in order to avoid any performance degradation. Added a new configuration setting DataRetentionSettings.RetentionIdsBatchSize, which allows admins to configure how many batches of IDs will be fetched at a time when deleting orphaned reactions. The default value is 100.

You can follow the standard upgrade instructions to apply the updates.