This is in contradiction to what is stated here: Security fixes and updates - Rocket.Chat Docs
The new version (5.0) has been out for a long time now. Could you please explain to us why the release is delayed?
By the way: I - a paying user - even created a support ticket about this, which has been unanswered for more than a week now (Ticket Id #48499)
Thanks for your question. Regarding this vulnerability we are waiting our users to upgrade the version so we can release more information about it. We already reserved the CVE number with MITRE and we will publish as soon we see our customers upgrading their environment.
Thanks for the reply Igor. Do you monitor the versions of instances connected to cloud.rocket.chat? If so at what percentage are you planning on releasing the info? Was the policy from this article Security fixes and updates - Rocket.Chat Docs altered for this CVE only or is the article just out of date?
Thanks in advance
Could we get this disclosed, asap? It’s getting embarrassing. For four months I have had to put my boss off, and soon our licenses are running out… It would be a shame if we had to change providers because of such a trifle.
Besides: Such a lax approach to documenting security vulnerabilities would certainly scare me off if I were to evaluate a chat/collaboration tool today. @gabriel.engel@igor.rincon