Mattermost Platform

Mattermost security updates for GitHub and Autolink plugins released

We have released a security update that addresses a high level severity vulnerability. The security vulnerability was discovered by Erlend Leiknes from mnemonic who responsibly disclosed it to Mattermost as part of our bug bounty program

Only servers that have the Mattermost GitHub plugin v2.0.0 or the Mattermost Autolink plugin v1.2.0 or v1.2.1 enabled are affected. 

The security update is available for Mattermost GitHub plugin v2.0.1 and Mattermost Autolink plugin v1.2.2 via the Mattermost Marketplace.

Please follow the standard upgrade instructions for plugins.

Per the Mattermost Responsible Disclosure Policy, details of the update will be posted on our security updates page 30 days after release.


Amy Blais is the Release Manager at Mattermost, Inc. Her other roles include Community and Customer Support. She previously served as the company’s Associate Marketing Manager.