Mattermost security updates 9.7.2 / 9.6.2 / 9.5.4 (ESR) / 8.1.13 (ESR) released

We’re informing you about a Mattermost security update, which addresses low- to medium-level severity vulnerabilities. We highly recommend that you apply the update.

The security update is available for Mattermost dot releases 9.7.2, 9.6.2, 9.5.4 (Extended Support Release), and 8.1.13 (Extended Support Release), for both Team Edition and Enterprise Edition. They are available for download here.

Customer safety and data security are the utmost priorities for Mattermost. For our customers’ protection, and as outlined in our Responsible Disclosure policy, Mattermost does not disclose specifics on this vulnerability until 30 days after this announcement. After 30 days, we will publish specific details on the vulnerability on our Security Updates webpage.

The v9.7.2, v9.6.2, v9.5.4, and v8.1.13 versions also include the following fix:

• Pre-packaged Playbooks version v1.39.3.

The v9.7.2, v9.5.4, and v8.1.13 versions also include the following fix:

• Increased the default payload size limit (MaximumPayloadSizeBytes) from 100 kB to 300 kB.

The v9.7.2 and v9.6.2 versions also include the following fix:

• Fixed an issue where it was not possible to clear the plugin settings with a default value in the System Console.

The v9.5.4 version also includes the following fixes:

• Fixed an issue with context cancellation for integration requests.
• Fixed an issue where end users were not allowed to fetch the group members list of groups that allow @-mentions.

You can follow the standard upgrade instructions to apply the updates.