SAML Security Hotfix Available

SHARE

Share on facebook
Share on twitter
Share on linkedin
Share on whatsapp
SAML Security

Dear Rocket.Chat users,

 

We are providing an important security hotfix for Rocket.Chat server outside of the regular release cycle. If you use SAML authentication, make sure to apply this hotfix as soon as possible.

 

Available versions: 3.9.1 / 3.8.3 / 3.7.3 / 2.4.13 / 1.3.4 / 0.74.4

CVE-2020-29594

 

The hotfix will only affect SAML authentication. A possible indicator for compromise could be that a custom SAML certificate was added without administrator approval, e.g.:

 

SAML_custom_…_cert_cert

 

Database administrators can check this i.a. by calling:

 
db.rocketchat_settings.find({ “_id”: /^SAML_Custom_.*/ }, { “_id”: 1 })

 

Please check our GitHub repository here for your latest version. Or receive a notification whenever a new version – including hotfixes such as this one – is available by registering your server here.

Wondering if Rocket.Chat is the right fit for your team?

Topics

Manuela Massochin

Manuela Massochin

SHARE

Share on facebook
Share on twitter
Share on linkedin
Share on whatsapp