Mattermost security updates 9.11.2 (ESR) / 9.10.3 / 9.5.10 (ESR) released

We’re informing you about a Mattermost security update, which addresses low- to medium-level severity vulnerabilities. We highly recommend that you apply the update.

The security update is available for Mattermost dot releases 9.11.2 (Extended Support Release), 9.10.3, and 9.5.10 (Extended Support Release), for both Team Edition and Enterprise Edition. They are available for download here.

Customer safety and data security are the utmost priorities for Mattermost. For our customers’ protection, and as outlined in our Responsible Disclosure policy, Mattermost does not disclose specifics on this vulnerability until 30 days after this announcement. After 30 days, we will publish specific details on the vulnerability on our Security Updates webpage.

The 9.11.2 version also includes the following fixes:

  • Added Mattermost user survey plugin to pre-packaged plugins, v1.1.1.
  • Pre-packaged Calls plugin v0.29.2.
  • Fixed an issue where the Edit Post Time Limit button was not being displayed in the System Console (MM-58529, MM-58824).
  • Added a configuration setting NativeAppSettings > MobileExternalBrowser that tells the Mobile app to perform SSO Authentication using the external default browser (MM-60322).

The 9.11.2 and 9.5.10 versions also include the following fix:

  • Fixed racy use of session in NewWebConn (MM-60307).

The 9.11.2, 9.10.3 and 9.5.10 versions also include the following fix:

  • Pre-packaged Playbooks plugin v1.40.0.

You can follow the standard upgrade instructions to apply the updates.

mm

Amy Blais is the Release Manager at Mattermost, Inc. Her other roles include Community and Customer Support. She previously served as the company’s Associate Marketing Manager.