Releasing cve-2022-32211 information

Hi

Information about cve-2022-32211 has still not been made puplic. see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32211

This is in contradiction to what is stated here: Security fixes and updates - Rocket.Chat Docs
The new version (5.0) has been out for a long time now. Could you please explain to us why the release is delayed?

By the way: I - a paying user - even created a support ticket about this, which has been unanswered for more than a week now (Ticket Id #48499)

Thanks in advance
sandro

(and it is not a new issue either. see: Reintroduce documentation on "Security fixes and updates" please )

Hi,

Thanks for your question. Regarding this vulnerability we are waiting our users to upgrade the version so we can release more information about it. We already reserved the CVE number with MITRE and we will publish as soon we see our customers upgrading their environment.

Thanks for the reply Igor. Do you monitor the versions of instances connected to cloud.rocket.chat? If so at what percentage are you planning on releasing the info? Was the policy from this article Security fixes and updates - Rocket.Chat Docs altered for this CVE only or is the article just out of date?
Thanks in advance

Just wanted to check in and ask if you have any news about this? @igor.rincon