This page includes regular updates about recently patched security issues in Rocket.Chat.
Do you want to report a security issue yourself? Please have a look at our Responsible Disclosure Policy. We appreciate your reports.
New issues are listed below, at first without details to give administrators and users sufficient time to upgrade. Details to the issue are added in with the next version release, e.g.: fixes introduced in version x.1 will be added when version x.2 is available.
{% hint style="info" %} Providing fixes for legacy versions of Rocket.Chat becomes increasingly difficult due to the code differences, which is why we focus on providing fixes for the most recent versions only. Please see our support policy, which outlines our supported versions. {% endhint %}
Please make sure to follow new version updates by subscribing to our newsletters or activating the announcement feature for new releases directly in the Rocket.Chat server administration settings. We recommend updating to the newest version as soon as possible to always have the newest security fixes.
Known vulnerabilities
We address a CVE for all vulnerabilities found in our product, you can check it by accessing the following page:
https://www.cvedetails.com/vulnerability-list/vendor_id-17468/Rocket.chat.html