Dear Rocket.Chat users, we are providing an important security hotfix for Rocket.Chat server outside of the regular release cycle. If you use SAML authentication, make sure to apply this hotfix as soon as possible. Available versions: 3.9.1 / 3.8.3 / 3.7.3 / 2.4.13 / 1.3.4 / 0.74.4CVE-2020-29594The hotfix will only affect SAML authentication. A possible indicator for compromise could be that a custom SAML certificate was added without administrator approval, e.g.:SAML_custom_..._cert_certDatabase administrators can check this i.a. by calling:db.rocketchat_settings.find({ "_id": /^SAML_Custom_.*/ }, { "_id": 1 })Please check our GitHub repository here for your latest version. Or receive a notification whenever a new version - including hotfixes such as this one - is available by registering your server here.
Get started with Rocket.Chat’s secure collaboration platform
Talk to sales
Frequently asked questions about <anything>
- Digital sovereignty
- Federation capabilities
- Scalable and white-labeled
- Highly scalable and secure
- Full patient conversation history
- HIPAA-ready
- Secure data governance and digital sovereignty
- Trusted by State, Local, and Federal agencies across the world
- Matrix federation capabilities for cross-agency communication
%201.svg)
- Open source code
- Highly secure and scalable
- Unmatched flexibility
- End-to-end encryption
- Cloud or on-prem deployment
- Supports compliance with HIPAA, GDPR, FINRA, and more
- Supports compliance with HIPAA, GDPR, FINRA, and more
- Highly secure and flexible
- On-prem or cloud deployment
