MMSA-2023-00255: (CWE-400) Fixed an issue where a RegExp was being built off the server URL path, allowing an attacker in control of an enrolled server to mount a Denial Of Service. Thanks to DoyenSec for contributing to this improvement under the Mattermost responsible disclosure policy. MMSA-2023-00251: (CWE-693) Fixed an issue where the application was not correctly handling permissions, or prompting the user for certain sensitive ones. Thanks to DoyenSec for contributing to this improvement under the Mattermost responsible disclosure policy. MMSA-2023-00249: (CWE-200) Fixed an issue where the application was not utilizing the secure keyboard input functionality provided by macOS, allowing for other processes to read the keyboard input. Thanks to DoyenSec for contributing to this improvement under the Mattermost responsible disclosure policy. Plus one more that isn't tracked with an MMSA identifier which we're presumably vulnerable to due to our packaging of the binary: "Mitigated the vulnerability CVE-2023-4863 of the third-party library libwebp by updating to Electron v26.2.1."
And we're already cleaned up so all done!
