This release includes 1 security fix for security teams reviewing exposed deployments.
Topics
+3 more
Affected surfaces
ReleasePort's take
Light signalVersion 7.10.11 disables SAML login when signature validation is misconfigured and corrects Slack import errors.
Why it matters: Patch to 7.10.11 immediately if your deployment uses SAML; otherwise treat the Slack fix as a routine upgrade.
Summary
AI summaryDisables SAML login when signature validation is misconfigured and fixes Slack message import errors.
Changes in this release
| Type | Severity | Summary | CVE |
|---|---|---|---|
| Security | High |
Applies a security hotfix (see Rocket.Chat security fixes documentation). Applies a security hotfix (see Rocket.Chat security fixes documentation). Source: granite4.1:30b@2026-05-23-audit Confidence: low |
— |
| Security | Medium |
Disables SAML login when signatures are not properly configured. Disables SAML login when signatures are not properly configured. Source: llm_adapter@2026-05-21 Confidence: low |
— |
| Feature | Low |
Updates Deno runtime to version 1.43.5. Updates Deno runtime to version 1.43.5. Source: granite4.1:30b@2026-05-23-audit Confidence: low |
— |
| Feature | Low |
Supports MongoDB versions 5.0, 6.0, and 7.0. Supports MongoDB versions 5.0, 6.0, and 7.0. Source: granite4.1:30b@2026-05-23-audit Confidence: low |
— |
| Dependency | Low |
Bumps @rocket.chat/meteor package. Bumps @rocket.chat/meteor package. Source: granite4.1:30b@2026-05-23-audit Confidence: low |
— |
| Dependency | Low |
Updates multiple internal dependencies (list provided). Updates multiple internal dependencies (list provided). Source: granite4.1:30b@2026-05-23-audit Confidence: low |
— |
| Bugfix | Medium |
Fixes Slack messages being incorrectly saved on import. Fixes Slack messages being incorrectly saved on import. Source: llm_adapter@2026-05-21 Confidence: low |
— |
| Other | Low |
Updates Node runtime to version 22.16.0. Updates Node runtime to version 22.16.0. Source: granite4.1:30b@2026-05-23-audit Confidence: low |
— |
| Other | Low |
Updates Apps-Engine to version 1.55.3. Updates Apps-Engine to version 1.55.3. Source: granite4.1:30b@2026-05-23-audit Confidence: low |
— |
Full changelog
Engine versions
- Node:
22.16.0 - Deno:
1.43.5 - MongoDB:
5.0, 6.0, 7.0 - Apps-Engine:
1.55.3
Patch Changes
-
Bump @rocket.chat/meteor version.
-
(#40419 by @dionisio-bot) Disables SAML login when it is set to validate signatures without the proper configuration for it
-
(#40436 by @dionisio-bot) Fixes Slack messages being incorrectly saved on import
-
(#40419 by @dionisio-bot) Security Hotfix (https://docs.rocket.chat/docs/security-fixes-and-updates)
-
Updated dependencies [7509293fa2964542fa21f6c6862f3139bbc7ac17]:
- @rocket.chat/[email protected]
- @rocket.chat/[email protected]
- @rocket.chat/[email protected]
- @rocket.chat/[email protected]
- @rocket.chat/[email protected]
- @rocket.chat/[email protected]
- @rocket.chat/[email protected]
- @rocket.chat/[email protected]
- @rocket.chat/[email protected]
- @rocket.chat/[email protected]
- @rocket.chat/[email protected]
- @rocket.chat/[email protected]
- @rocket.chat/[email protected]
- @rocket.chat/[email protected]
- @rocket.chat/[email protected]
- @rocket.chat/[email protected]
- @rocket.chat/[email protected]
- @rocket.chat/[email protected]
- @rocket.chat/[email protected]
- @rocket.chat/[email protected]
- @rocket.chat/[email protected]
- @rocket.chat/[email protected]
- @rocket.chat/[email protected]
- @rocket.chat/[email protected]
- @rocket.chat/[email protected]
- @rocket.chat/[email protected]
- @rocket.chat/[email protected]
- @rocket.chat/[email protected]
- @rocket.chat/[email protected]
Security Fixes
- Security Hotfix (https://docs.rocket.chat/docs/security-fixes-and-updates)
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
Beta — feedback welcome: [email protected]