Security fixes and updates

This document provides regular updates on recently patched security issues in Rocket.Chat.

If you wish to report a security issue, please refer to our Responsible Disclosure Policy. We appreciate your contributions.

New issues are initially listed without details to allow administrators and users time to upgrade. Detailed information is provided with the next version release. For example, fixes introduced in version x.1 will be detailed when version x.2 becomes available.

Due to significant code differences, providing fixes for legacy versions of Rocket.Chat is increasingly challenging. Therefore, we focus on maintaining and updating the most recent versions. For details on supported versions, please refer to our support center.

Stay informed about new version updates by subscribing to our newsletters or enabling the announcement feature for new releases in the Rocket.Chat server administration settings. We recommend updating to the latest version promptly to ensure you have the newest security fixes.

Known vulnerabilities

We address all identified vulnerabilities in our product by assigning a CVE. Please refer to CVEs list for further details.