We are releasing a recommended security update via Mattermost Team Edition 4.3.1, 4.2.1, and 4.1.2 and Mattermost Enterprise Edition 4.3.1, 4.2.1, and 4.1.2. This security update addresses a low severity vulnerability discovered during a security research review by Frans Rosén.
Follow the standard upgrade instructions to apply the updates.
Per the Mattermost Responsible Disclosure Policy, details of the update will be posted on our security updates page 14 days after release.
Mattermost 4.3.1 also resolves the following bugs in the Mattermost 4.3 release:
- Fixed an upgrade issue where the database schema would appear to be out of date and throw a log warning (#7959).
- Fixed the Idle Timeout setting in config.json by changing the setting title from SessionIdleTimeout to SessionIdleTimeoutInMinutes (#7960).
- Fixed a regression where slash commands were not functional in Direct or Group Messages (#7915).
More about Mattermost: