Dear Rocket.Chat users, we are providing an important security hotfix for Rocket.Chat server outside of the regular release cycle. If you use SAML authentication, make sure to apply this hotfix as soon as possible. Available versions: 3.9.1 / 3.8.3 / 3.7.3 / 2.4.13 / 1.3.4 / 0.74.4CVE-2020-29594The hotfix will only affect SAML authentication. A possible indicator for compromise could be that a custom SAML certificate was added without administrator approval, e.g.:SAML_custom_..._cert_certDatabase administrators can check this i.a. by calling:db.rocketchat_settings.find({ "_id": /^SAML_Custom_.*/ }, { "_id": 1 })Please check our GitHub repository here for your latest version. Or receive a notification whenever a new version - including hotfixes such as this one - is available by registering your server here.
