SAML Security Hotfix Available

Manuela Massochin
December 7, 2020
min read

Dear Rocket.Chat users, we are providing an important security hotfix for Rocket.Chat server outside of the regular release cycle. If you use SAML authentication, make sure to apply this hotfix as soon as possible. Available versions: 3.9.1 / 3.8.3 / 3.7.3 / 2.4.13 / 1.3.4 / 0.74.4CVE-2020-29594The hotfix will only affect SAML authentication. A possible indicator for compromise could be that a custom SAML certificate was added without administrator approval, e.g.:SAML_custom_..._cert_certDatabase administrators can check this i.a. by calling:db.rocketchat_settings.find({ "_id": /^SAML_Custom_.*/ }, { "_id": 1 })Please check our GitHub repository here for your latest version. Or receive a notification whenever a new version - including hotfixes such as this one - is available by registering your server here.

Get started with Rocket.Chat’s secure collaboration platform

Talk to sales

Frequently asked questions about <anything>

Manuela is a Demand Generation Specialist at Rocket.Chat
Manuela Massochin
Related Article:
Team collaboration: 5 reasons to improve it and 6 ways to master it
Want to collaborate securely with your team?
Deploy Rocket.Chat on-premise or in the cloud and keep your conversations private.
  • Digital sovereignty
  • Federation capabilities
  • Scalable and white-labeled
Talk to sales
Looking for a HIPAA-ready communications platform?
Enable patients and healthcare providers to securely communicate without exposing their data.
  • Highly scalable and secure
  • Full patient conversation history
  • HIPAA-ready
Talk to sales
The #1 communications platform for government
Deploy Rocket.Chat on-premise, in the cloud, or air-gapped environment.
  • Digital sovereignty
  • Trusted by National Geospatial-Intelligence Agency (NGA), the US Army, the US Navy, and the US Air Force
  • Matrix federation capabilities
Talk to sales
Want to customize Rocket.Chat according to your own preferences?
See behind the engine and change the code how you see fit.
  • Open source code
  • Highly secure and scalable
  • Unmatched flexibility
Talk to sales
Looking for a secure collaboration platform?
Keep your conversations private while enjoying a seamless collaboration experience with Rocket.Chat.
  • End-to-end encryption
  • Cloud or on-prem deployment
  • Supports compliance with HIPAA, GDPR, FINRA, and more
Talk to sales
Want to build a highly secure in-app chat experience?
Use Rocket.Chat’s APIs, frameworks, and managed backend to build a secure in-app or live chat experience for your customers.
  • Supports compliance with HIPAA, GDPR, FINRA, and more
  • Highly secure and flexible
  • On-prem or cloud deployment
Talk to sales

Our best content, once a week

Share this on:

Get your free, personalized demo now!

Build the most secure chat experience for your team or customers

Book demo