Security advisory: Kopano Konnect & external SAML authority support

December 14, 2020

On monday the 14th of december the Mattermost team concluded their effort of a joined disclosure of issues found in a popular Golang XML parser also used in Kopano Konnect.

Users of Kopano Konnect who are using a SAML authority to sign into Konnect are recommended to update Konnect to version 0.33.11 or later.

The upstream advisory can be found at crewjam/saml – GHSA-4hq8-gmxx-h6w9

Affected products:

  • Kopano Konnect < 0.33.11