Mattermost security updates Desktop App 6.1.1 and 5.13.15 (ESR) released

We’re informing you about a Mattermost Desktop App security update, which addresses Low to Medium severity vulnerabilities. We highly recommend that you apply the update. The security update is available for Mattermost Desktop App dot releases 6.1.1 and 5.13.15 (Extended Support Release). They are available for download here.

The 6.1.1 version also includes the following fixes: 

• Upgraded to Electron v40.8.4.
• Fixed additional issues around URL parsing with special characters.
• Fixed an issue where new views would not load if the URL to open contained query parameters.
• Fixed an issue where plugins other than Calls could not request desktop screen sharing sources.
• Fixed an issue where content running inside a server view could close the view or cause the app to become unresponsive.

The 5.13.15 version also includes the following fixes: 

• Fixed an issue where the app threw an error on a malformed URL.
• Fixed an issue where content running inside a server view could close the view or cause the app to become unresponsive.

Customer safety and data security are the utmost priorities for Mattermost. For our customers’ protection, and as outlined in our Responsible Disclosure policy, Mattermost does not disclose specifics on this vulnerability until 30 days after this announcement. After 30 days, we will publish specific details on the vulnerability on our Security Updates webpage.