Unverified Commit 596cfa3e authored by Markus Kirsch's avatar Markus Kirsch Committed by gitbook-bot
Browse files

GitBook: [master] 3 pages modified

parent 07b18080
......@@ -181,6 +181,7 @@
* [Database Migration](guides/administrator-guides/database-migration.md)
* [Retention Policies](guides/administrator-guides/retention-policies.md)
* [Security and Compliance Guides](guides/security/README.md)
* [Security fixes and updates](guides/security/security-updates.md)
* [Compliance Resources](guides/security/compliance-resources.md)
* [Developer Guides](guides/developer/README.md)
* [Quick Start on Linux](guides/developer/quick-start.md)
......
......@@ -53,6 +53,7 @@ Rocket.Chat is very grateful for the following people who have responsibly discl
* [ALK Surya Teja](https://www.linkedin.com/in/alk-surya-teja-59b677146/), June 2020
* [Virendra Yadav](https://www.linkedin.com/in/virendra-yadav-9232b115a/), June 2020
* Pawel Wylecial of [REDTEAM.PL](https://redteam.pl), July 2020
* [Robert Grösser](https://github.com/qchn), August 2020
Thank you all very much!
# Security fixes and updates
This page includes regular updates about recently patched security issues in Rocket.Chat.
Do you want to report a security issue yourself? Please have a look at our [Responsible Disclosure Policy](https://docs.rocket.chat/contributors/contributing/security#if-you-find-a-security-issue). We appreciate your reports.
New issues are listed below, at first without details to give administrators and users sufficient time to upgrade. Details to the issue are added in with the next version release, e.g.: fixes introduced in version x.1 will be added when version x.2 is available.
Please make sure to follow new version updates by subscribing to our newsletters or activating the announcement feature for new releases directly in the Rocket.Chat server administration settings. We recommend updating to the newest version as soon as possible to always have the newest security fixes.
**Issues**
<table>
<thead>
<tr>
<th style="text-align:left"><b>ID</b>
</th>
<th style="text-align:left"><b>Severity</b>
</th>
<th style="text-align:left"><b>Affected Versions</b>
</th>
<th style="text-align:left"><b>Fix Release Date</b>
</th>
<th style="text-align:left"><b>Fix Versions</b>
</th>
<th style="text-align:left"><b>Issue Details</b>
</th>
<th style="text-align:left"><b>Issue Platform</b>
</th>
</tr>
</thead>
<tbody>
<tr>
<td style="text-align:left">RC-2020-0001</td>
<td style="text-align:left">High</td>
<td style="text-align:left">v3.4.x</td>
<td style="text-align:left">2020-07-25</td>
<td style="text-align:left">
<p>v.3.5</p>
<p>v.3.4.2</p>
</td>
<td style="text-align:left"><b>(RCE) </b>Fixed an issue where thread starting messages could be used
to insert and execute code. Thanks to</td>
<td style="text-align:left">Rocket.Chat server</td>
</tr>
</tbody>
</table>
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment