NIXPKGS-2026-0263
GitHub issue
published on 17 Feb 2026
by @LeSuisse Activity log
- Created automatic suggestion
-
@LeSuisse
removed
4 packages
- mattermost-desktop
- python312Packages.mattermostdriver
- python313Packages.mattermostdriver
- python314Packages.mattermostdriver
-
@LeSuisse
removed
5 maintainers
- @fsagbuya
- @Kranzes
- @numinit
- @mgdelacroix
- @ryantm
- @LeSuisse accepted
- @LeSuisse published on GitHub
Team Admin Bypass of Invite Permissions via allow_open_invite Field
Mattermost versions 10.11.x <= 10.11.9 fail to enforce invite permissions when updating team settings, which allows team administrators without proper permissions to bypass restrictions and add users to their team via API requests. Mattermost Advisory ID: MMSA-2025-00561
Affected products
Mattermost
- =<10.11.9
- ==11.3.0
- ==10.11.10
Matching in nixpkgs
pkgs.mattermost
Mattermost is an open source platform for secure collaboration across the entire software development lifecycle
Package maintainers
Ignored maintainers (5)
-
@fsagbuya Florian Agbuya <fa@m-labs.ph>
-
@Kranzes Ilan Joselevich <personal@ilanjoselevich.com>
-
@numinit Morgan Jones <me+nixpkgs@numin.it>
-
@mgdelacroix Miguel de la Cruz <mgdelacroix@gmail.com>
-
@ryantm Ryan Mulligan <ryan@ryantm.com>