Affected by GO-2022-0540 and 17 other vulnerabilities

GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server

GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server

GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server

GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server

GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server

GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server

GO-2023-1939: Mattermost Server Sensitive Data Exposure in github.com/mattermost/mattermost

GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server

GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server

GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server

GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server

GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server

GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server

GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server

GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server

GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server

GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server

GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server

The highest tagged major version is v6.

mattermost-server

module

v4.4.0-rc3+incompatible Latest Latest Go to latest Published: Nov 13, 2017 License: AGPL-3.0, Apache-2.0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Mattermost is an open source, self-hosted Slack-alternative from https://mattermost.org.

It's written in Golang and React and runs as a single Linux binary with MySQL or Postgres. Every month on the 16th a new compiled version is released under an MIT license.

Try out Mattermost:

Deploy on Heroku

Note: Heroku preview does not include email or persistent storage

Install on your own machine:

Get Involved:

Learn More:

Get the Latest News:

Any other questions, mail us at info@mattermost.com. We’d love to meet you!

Path	Synopsis
api
api4
app
plugin
plugin/jira
plugin/ldapextras
cmd
platform
einterfaces
jobs
imports
jobs
manualtesting
model
gitlab
plugin The plugin package defines the primary interfaces for interacting with a Mattermost server: the API and the hook interfaces.	The plugin package defines the primary interfaces for interacting with a Mattermost server: the API and the hook interfaces.
pluginenv Package pluginenv provides high level functionality for discovering and launching plugins.	Package pluginenv provides high level functionality for discovering and launching plugins.
plugintest
rpcplugin
server module
public Module
store
sqlstore
storetest
storetest/mocks
utils
logger
web
wsapi