Rocket.Chat's Community Open Call 🎤 Dec 15, 2021 Join us!

Why rocketchat team not treat security issues as priority

There is a serious security issue in mobile app of rocketchat and it seams that rocketchat team doesn’t care very much. There is no progress on fixing this issue since July.
The description of the issue is here

So it is not secure to use rockectchat unless this issue is fixed

I suppose that here on forums mostly administrators of own rocketchat servers.
How are you using rocketchat with such issue. Aren’t you afraid that your users will unintentional leak their userid and authentication token?

Hi! Thanks for your input on this.

As you can see this fix is already in progress.

This forum is for support only. Please, feel free to comment on that issue.


“In progress” ?? no activity for 4 months that is called in progress?

actually that is exactly what I do not understand. why security issue is not in progress.

I did make a comment on that issue without answer. so what the point to comment there.
And here I’ve posted so that others would be aware of this issue and don’t think that rocketchat is a secure messenger. it’s just a free messenger and it seams that is all everyone care about here. No one cares about security.

And this opens another issue. If in the future security issue would be discovered it will not be fixed quickly. And this is even more disturbing than the security issue itself.