We have released a security update that addresses a high level severity vulnerability. The security vulnerability was discovered by Erlend Leiknes from mnemonic who responsibly disclosed it to Mattermost as part of our bug bounty program.
Only servers that have the Mattermost GitHub plugin v2.0.0 or the Mattermost Autolink plugin v1.2.0 or v1.2.1 enabled are affected.
The security update is available for Mattermost GitHub plugin v2.0.1 and Mattermost Autolink plugin v1.2.2 via the Mattermost Marketplace.
Please follow the standard upgrade instructions for plugins.