Security bug in 4.0.0
-
https://github.com/RocketChat/Rocket.Chat/issues/23367
Let's wait for the fix. Until then we should stay with the current version 3.18.2
@girish: better stop the rollout of 4.0.0Pronouns: he/him | Primary language: German
-
https://github.com/RocketChat/Rocket.Chat/issues/23367
Let's wait for the fix. Until then we should stay with the current version 3.18.2
@girish: better stop the rollout of 4.0.0 -
-
Wow, that’s bad…
@necrevistonnezr said in Security bug in 4.0.0:
Wow, that’s bad…
Yep, it really is. I just checked my install and it'd already updated to 4.0 and I was able to login as anyone using any password.
Everyone ought to check if their installs of Rocket.Chat and revert to an earlier backup ASAP!
What I love about Cloudron was how quickly I was able to restore a backup and fix this problem all while on my phone.
And of course that we have great people like @luckow in our community who come here and tell us all about the issue in the first place! Thanks! (I wonder if this post could be highlighted somehow? This is a serious security bug)
-
@necrevistonnezr said in Security bug in 4.0.0:
Wow, that’s bad…
Yep, it really is. I just checked my install and it'd already updated to 4.0 and I was able to login as anyone using any password.
Everyone ought to check if their installs of Rocket.Chat and revert to an earlier backup ASAP!
What I love about Cloudron was how quickly I was able to restore a backup and fix this problem all while on my phone.
And of course that we have great people like @luckow in our community who come here and tell us all about the issue in the first place! Thanks! (I wonder if this post could be highlighted somehow? This is a serious security bug)
Looks like 4.0.1 that fixes this will be ready soon
I have revoked the release. I have also left a note on the GitHub issue.
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better đŸ’—
Register Login