Those are basically the same steps I ran, since they match your upgrade docs. The only difference is I chose 5.27.2 as the new version to fetch, as the security announcement implied it contained the required fix, for, in my case, an installation of 5.27.0.
The ‘About Mattermost’ section of my site shows the same info as I pasted above.
Mattermost Version: ee_onprem_003fb092761115ea1bcfae56482d67f59395b8d0_b76e2800149b382e117c8d17d1d6031a55926115_429
Database Schema Version: 5.27.0
That build version number is really weird. And I have reproduced it on two separate Mattermost installations now, both trying to upgrade to 5.27.2.
Are you saying that in fact, users need to upgrade from 5.27 to 5.29 to obtain the security fix? I’m not really inclined to re-run the upgrade per the link you provided, which would upgrade me to 5.29, unless you’re saying that’s the only way to fix it (but in which case, what was the 5.27.2 release for?)
Thanks, well yep, that’s what I did, on two separate servers already.
Maybe my original post isn’t making sense to you. I wanted to point out that despite having upgraded to 5.27.2, all version numbers still show either ‘5.27.0’, or that crazy build number (which seems to be an anomaly compared to the previous release where that build number shared the same version number as the other fields).
I am going to assume I upgraded ok (that is - I’ll assume that the 5.27.2 tarball gave me the correct release despite what its internals tell me), but I recommend to the upstream devs to look at adjusting the version numbers properly when releasing a critical vulnerability, as it’s pretty confusing to those of us paying attention There’s a bit of extra cognitive load to worrying about the version numbers when it’s a critical vuln you’re trying to fix. The peace of mind would be nice
I don’t understand why the devs can’t just install 5.27.0, then upgrade 5.27.2, and confirm for themselves that what I am seeing is to be expected? It’s not very complicated, there are only two scenarios:
Something I did is weird, and I have not actually upgraded to the correct version
It is just the version numbers in the new release that are weird and unnecessarily confusing (crazy build number, and other version numbers still showing 5.27.0), and is the same for everyone else that has upgraded to 5.72.2 - in which case, it’s just that I’m the only one who bothered to a) check b) ask about it , and it’s nothing to worry about