Dear customers,

Recently our security team received from an external researcher a report related to some vulnerabilities. As soon as we received it we took some actions to fix the vulnerabilities and applied the patches for the versions 3.18.x, 4.4.x, and 4.7.x

All our cloud instances are already upgraded to this version and our incident response team guarantees that we didn't have any incident related to this vulnerability. We kindly ask all our customers that upgrade the instances for the versions 3.18.7, 4.4.5, and 4.7.4 to avoid any security breaches.

We will keep you updated about any news regarding this vulnerability and soon we will release the cve-2022-32211

For further information, please, check

We'd like to thank Ghaem Arasteh for the report.

Best regards,

Rocket.Chat security team

Last updated

Rocket.Chat versions receive support for six months after release.