SAML Security Hotfix Available

Manuela Massochin
December 7, 2020
·
5
min read
Share this on:

Dear Rocket.Chat users, we are providing an important security hotfix for Rocket.Chat server outside of the regular release cycle. If you use SAML authentication, make sure to apply this hotfix as soon as possible. Available versions: 3.9.1 / 3.8.3 / 3.7.3 / 2.4.13 / 1.3.4 / 0.74.4CVE-2020-29594The hotfix will only affect SAML authentication. A possible indicator for compromise could be that a custom SAML certificate was added without administrator approval, e.g.:SAML_custom_..._cert_certDatabase administrators can check this i.a. by calling:db.rocketchat_settings.find({ "_id": /^SAML_Custom_.*/ }, { "_id": 1 })Please check our GitHub repository here for your latest version. Or receive a notification whenever a new version - including hotfixes such as this one - is available by registering your server here.

Manuela is a Demand Generation Specialist at Rocket.Chat
Manuela Massochin
Related Article:
Team collaboration: 5 reasons to improve it and 6 ways to master it

Our best content, once a week