Learn more about the newest hotfix provided by Rocket.Chat's Security Team
Dear Rocket.Chat users,
We are providing an important security hotfix for Rocket.Chat server outside of the regular release cycle. This fix fixes a critical vulnerability that allowed Cross-Site-Scripting (XSS) in the message renderer.
We recommend you upgrade your instance as soon as possible, because the vulnerability has already become known and the creation of exploit kits by attackers is very likely.
Available versions: 3.9.3 / 3.8.4 / 3.7.4 / 2.4.14 / 1.3.5
CVE-2020-8288
The hotfix will only affect the message renderer. By exploiting the vulnerability, a user on the Rocket.Chat server may be able to elevate his privileges and/or modify messages, e.g. to remove traces of the exploit.
Please check our GitHub repository here (link) for your latest version. Or receive a notification whenever a new version – including hotfixes such as this one – is available by registering your server here (link).
Get started with Rocket.Chat’s secure collaboration platform
Talk to sales
Frequently asked questions about <anything>
- Digital sovereignty
- Federation capabilities
- Scalable and white-labeled
- Highly scalable and secure
- Full patient conversation history
- HIPAA-ready
- Digital sovereignty
- Trusted by National Geospatial-Intelligence Agency (NGA), the US Army, the US Navy, and the US Air Force
- Matrix federation capabilities
%201.svg)
- Open source code
- Highly secure and scalable
- Unmatched flexibility
- End-to-end encryption
- Cloud or on-prem deployment
- Supports compliance with HIPAA, GDPR, FINRA, and more
- Supports compliance with HIPAA, GDPR, FINRA, and more
- Highly secure and flexible
- On-prem or cloud deployment
