Dear customers,
Recently our security team received from an external researcher a report related to some vulnerabilities. As soon as we received it we took some actions to fix the vulnerabilities and applied the patches for the versions 3.18.x, 4.4.x, and 4.7.x
All our cloud instances are already upgraded to this version and our incident response team guarantees that we didn't have any incident related to this vulnerability. We kindly ask all our customers that upgrade the instances for the versions 3.18.7, 4.4.5, and 4.7.4 to avoid any security breaches.
We will keep you updated about any news regarding this vulnerability and soon we will release the cve-2022-32211
For further information, please, check
{% embed url="https://www.cvedetails.com/vulnerability-list/vendor_id-17468/Rocket.chat.html" %}
We'd like to thank Ghaem Arasteh for the report.\
Best regards,
Rocket.Chat security team