Releasing cve-2022-32211 information


Information about cve-2022-32211 has still not been made puplic. see:

This is in contradiction to what is stated here: Security fixes and updates - Rocket.Chat Docs
The new version (5.0) has been out for a long time now. Could you please explain to us why the release is delayed?

By the way: I - a paying user - even created a support ticket about this, which has been unanswered for more than a week now (Ticket Id #48499)

Thanks in advance

(and it is not a new issue either. see: Reintroduce documentation on "Security fixes and updates" please )


Thanks for your question. Regarding this vulnerability we are waiting our users to upgrade the version so we can release more information about it. We already reserved the CVE number with MITRE and we will publish as soon we see our customers upgrading their environment.

Thanks for the reply Igor. Do you monitor the versions of instances connected to If so at what percentage are you planning on releasing the info? Was the policy from this article Security fixes and updates - Rocket.Chat Docs altered for this CVE only or is the article just out of date?
Thanks in advance

Just wanted to check in and ask if you have any news about this? @igor.rincon

Could we get this disclosed, asap? It’s getting embarrassing. For four months I have had to put my boss off, and soon our licenses are running out… It would be a shame if we had to change providers because of such a trifle.

Besides: Such a lax approach to documenting security vulnerabilities would certainly scare me off if I were to evaluate a chat/collaboration tool today.
@gabriel.engel @igor.rincon

Hi! Can you check this link?