Summary

After upgrading to 5.25.1, clients can’t edit, or reply.

Steps to reproduce

Server: Ubuntu 18.04.4 LTS, proxy’d behind nginx
Clients: Mostly 4.5.2 on Mac, but also web via Firefox, mobile on iOS and Android

Expected behavior

Reply to a thread times out, providing the “Retry” UI. Clicking “Retry” times out.

Clicking Edit on a post does nothing.

Some clients are unable to post new messages but continue getting other people’s posts.

All clients in question refreshed and/or restarted their client software with no difference in behaviour.

Observed behavior

Replies, editing, posting (for some people), all don’t work.

We reverted to 5.21.0 and everything works fine.

We had the same issue with 5.24.1, which we also reverted.

5 posts - 4 participants

Read full topic

Hello,

I know that this is a basic question but … from where can I download the Teams version?

https://mattermost.org/download/ redirects to https://mattermost.com/download/ which provides the Enterprise version.

If that is the single available binary, how can I set the setup to install Teams and not Enterprise?

Please note that this is not specified in the Docs, so adding that in the Installation Guide might be very handy.

Thank you!

2 posts - 2 participants

Read full topic

Using Mattermost 5.25.1

I’m looking for where the system stores major events in the user lifecycle. For example:

• if they received an email invite, who sent it
• if they instead used a team invite URL
• when they registered
• history of changes to username or email address

And pretty much anything else that would be important when investigating a security or abuse issue.

Our logs are set to INFO level, and we’re outputting to file and console, but I see no record of a user’s email address, username, or UserID in mattermost.log or notifications.log.

In the System Console -> Reporting -> Server logs there’s a note to go look at Reporting -> Users, but there is no Users item in the Reporting heading. I have User Management -> Users, but that just shows user profile information, and current state, no history.

1 post - 1 participant

Read full topic

Mattermost version 5.25.1
Mattermost Android App - Updated to latest on July 15, 2020

Hello,

I’m attempting to connect to our Mattermost Team Edition server through an Android app. My Mattermost server is hosted locally and we use HAProxy to provide certificates. I’ve configured HAProxy for our Mattermost and from my Phone Browsers and my Desktop Browsers I can connect through https with no issues securely.

But using the Android Mattermost app I receive an “Untrusted Certificate” error?

I’ve tested our cert using sslshopper and there are no issues found.

Is there something I’m missing when using the Android app for Mattermost? Any information this forum can provide for me would be greatly appreciated.

Thank you.

2 posts - 1 participant

Read full topic

Hello Forum,

I’m new to Mattermost and hope to better understand how to use it in our small office.

I’m planning on using Mattermost Team edition for our small office of approximately 10 people. And for 2 of our vendors as well so we can use Jitsi for video and screen sharing for support purposes.

I see when people login they are directed to the Town Square channel by default. If I setup a private channel for our employees to use, can I change the default channel for our employees so they are directed to this private channel first and not Town Square?

Same goes for our vendor. I was going to setup a private channel for each vendor so that any of our employees would be able to chat/video conference with the vendor from that channel. When a vendor logs in to our Mattermost, can I have them only see the channel that was setup for them and no other channels?

I suppose what I’m looking for as well is to turn off all public channels for our office as I don’t see a reason to have them for our usecase. Is this possible?

Secondly, our vendor has a number of support people and we may not know which one we will get when we open a support case and call them on the phone. What I would like to do is have our employee login to Mattermost, go into the private channel for that vendor and create a link the vendor will use to access our Mattermost site. Our employee will call the vendor and whomever they get the employee will send them an email with the link and while on the phone with them will give them the login username and password that support person from our vendor will use during this support call. Is this possible to do in Mattermost?

Thank you.

1 post - 1 participant

Read full topic

Hi,

two members of the Mattermost team will join my next episode of Cloud Podcast (www.cloudpodcast.eu). We will record the show on thursday. The podcast will be recorded in english.

You have any questions, which should be answered by Mattermost team? Write them here and I will ask for you! Thanks and stay tuned!

1 post - 1 participant

Read full topic

A request that’s come up from time to time is how to embed Mattermost in web applications using an iframe.

Any web application embedded into another using an iframe is at risk of security exploits, since the outer application intercepts all user input into the embedded application, an exploit known as Click-Jacking. By default, Mattermost disables embedding.

If you choose to embed Mattermost using the following instructions we highly recommend it is done only on a private network that you control.

To embed Mattermost in an iframe update your NGINX configuration to strip out the security policy settings in the HTTP header.

Replace all occurrences of the following line in your proxy config:

proxy_set_header X-Frame-Options SAMEORIGIN

With the following two lines:

proxy_hide_header Content-Security-Policy;
proxy_hide_header X-Frame-Options;

You can view related forum posts here.

1 post - 1 participant

Read full topic

With a Jitsi plugin, anyone can easily create a secure Jitsi meeting invite within a Mattermost channel.

Once a meeting is created, other channel members see a notification with a link to join the new meeting. Jitsi will either open in a new tab or open as an embedded meeting within the Mattermost UI. The plugin makes it simple for all end users to quickly and easily set up audio and video calls with colleagues and also share their screens.

image745×365 103 KB

Huge thank you to Sean Sackowitz who created this plugin!

How to get started?

1. Install Jitsi: https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-quickstart
2. Install Mattermost: https://docs.mattermost.com/install/install-ubuntu-1804.html
3. Install and configure the Jitsi-Mattermost plugin: https://github.com/mattermost/mattermost-plugin-jitsi#installation

Need help?

If you have any questions or need help with troubleshooting, let us know by responding to this thread, or opening a new issue in the Jitsi-Mattermost plugin repository.

1 post - 1 participant

Read full topic

We have a specific use-case for MPNS where we need to alter the message sent out for both Android and iOS push service. Since this is very unique to our scenario I am trying to make that change in the codebase and trying to build and deploy the executable locally as adviced in this document https://docs.mattermost.com/mobile/mobile-compile-yourself.html. The build process goes through without any issue but when the service is started we see this error in the log file.

/opt/mattermost-push-proxy/bin/mattermost-push-proxy: 1: /opt/mattermost-push-proxy/bin/matt�: not foundproxy: ����
/opt/mattermost-push-proxy/bin/mattermost-push-proxy: 2: /opt/mattermost-push-proxy/bin/mattermost-push-proxy: Syntax error: "(" unexpected

The code runs fine when we run it locally using make run. Wondering if the issue was my code change, I reverted back to what the source code was but saw the same issue.

Source code I am trying: https://github.com/mattermost/mattermost-push-proxy/archive/v5.9.0.zip

Any direction or help here would be greatly appreciated.

Also noticed a similar question but had no resolution on it: #4829

Thank you,
Abhi.

1 post - 1 participant

Read full topic

The answer here may be a simple ‘this is not supported’ but I’ve got an incoming webhook with a payload that defines the text as a json table. I.e.
{
“username”:“User”,
“icon_url”:“Image.png”,
“text”:{
“rows”:[
{
“items”:[
“10:42:41 UTC”,
“hostname”
],
“message”:“Error message 1”
},
{
“items”:[
“10:42:41 UTC”,
“Hostname”
],
“message”:“Error message 2”
}
],
“columns”:[
“Time”,
“Host”
],
“label”:“Sample Logs”
}
}

This payload triggers a 400 response, “unable to parse data”, yet a json syntax checker says it’s OK.

Can I define a json table within the “text”: parameter of an incoming Webhook or can I only use Markdown for the text parameter?

1 post - 1 participant

Read full topic

After listening to a very upsetting and disturbing Podcast by Sam Harris today, on the prevalence of Child Pornography/Child Sexual Abuse Material (CSAM) on the internet, it got me wondering: what if some criminal user posted some CSAM on my Mattermost server, and I, the administrator, had an obligation to notify the authorities? Or, what if I was merely suspicious that there might be CSAM on my server somewhere, unbeknownst to me, and I wanted to quickly scour all the attached image files, for all users, to see if any were detected, which the authorities should be notified about?

What would I do? How could I track those criminal users down? I wanted to know a clear procedure I could follow, because once the stress of an ugly situation strikes, it can be much more difficult at that time to keep a cool head. Having a good procedure ahead of time can make things much smoother. It’s also good Public Relations, if you can set the tone ahead of time to all your users (by having a posted procedure), that you are ready to deal with such criminals as these in a quick and efficient manner.

After some digging around, and testing, I would like to share a method (no doubt there is room for improvement in this method, but this is a start) which can backtrack from a detected illegal image, to a specific Mattermost user (and we could at least know their email address).

First of all, let’s clarify, that for every Mattermost user on a server, they have a 26-character “User ID”, composed of lowercase letters, and numbers. An example would be “txqo4o397qkgmpy7ucd9qby6ra”. When a Mattermost user attaches an image file, it will be filed under some folder (having this “User ID” for its name), under /opt/mattermost/data somewhere.

So here’s how I went hunting for illegal images. Note: I have MX Linux on my laptop, and these instructions should work for anyone who uses any version of Linux on both their Mattermost server, and their local machine. Also note that I have “Magic Wormhole” installed on both.

1. I logged in as the root user on my Mattermost server, on the command line.

2. cd /opt/mattermost

3. tar cvfz data.tar.gz data/

4. wormhole send data.tar.gz

5. Copy the suggested wormhole command to be used on the laptop…

Then on my Linux laptop, where I have an image viewer called “fim” installed (which can open images in a folder, after recursing down into any and all subdirectories):

6. In a terminal, paste accordingly:

7. wormhole receive 1-some-codeword

8. tar zxvf data.tar.gz

9. fim -R data

10. A window appears, showing the first image from Mattermost. Tap “PageUp” and “PageDown” to cycle through the images. I suggest “PageUp” to start viewing the most recently-posted images (progressing backwards in time, from the present). “fim” is wickedly fast in rendering images, so you can go really fast. You really only need a split-second to know if there is a CSAM picture there or not, before moving on to the next picture.

11. Should you find such a picture, now you know the filename. (look in the titlebar). Let’s say the bad picture was called “bad_pic.jpg”

12. Back on the command line:
    find . -name "bad_pic.jpg"
    …and now you have the pathname to that picture. The folder which that file was in (under the “users” folder), tells you the 26-character User ID.

13. Now that you have the User ID, you can search for it as the Administrator user within Mattermost. Go to the Burger Menu (in the upper left) -> System Console -> Users - > Paste the User ID into the textbox where it says “Search users” (greyed out), and the Username of your criminal should appear, as well as their email address.

Now you have something to go to the authorities with!

1 post - 1 participant

Read full topic

For feature requests, please see: http://www.mattermost.org/feature-requests/.

For troubleshooting questions, please post in the following format:

Summary

I’ve written a bot to take CloudWatch data and create MM messages from it. I’ve been getting random 400 responses on some of the messages I’m sending. For instance, this message:
":git-pr: LTP: kmturley opened [CLOUD-7953 LTP - update README.md](link) | [SourceGraph](link) | [CLOUD-7953 ](link) | Reviewers: @fawzy"

works just fine, but this one:

":git-pr: LTP: kmturley opened [CLOUD-7954 LTP - update README.md](link) | [SourceGraph](link) | [CLOUD-7954 ](link) | Reviewers: @fawzy"

which was made about 20 minutes later, failed with this error:

{
“id”: “api.context.invalid_body_param.app_error”,
“message”: “Invalid or missing post in request body”,
“detailed_error”: “”,
“request_id”: “bfh16mhzapdimqe7rbkzyto9ir”,
“status_code”: 400
}

Both messages were sent by the same bot with the same parameters, so I refuse to believe that something that was present in the first request was missing from the second. The only difference in the two are alphanumeric characters, mainly in the SourceGraph and JIRA links.

Any help here would be appreciated.

Steps to reproduce

Write a bot using the API, and post the above two messages.

Expected behavior

I expect both messages to go thru, since they differ by less than 10 characters.

Observed behavior

One went thru, one did not.

1 post - 1 participant

Read full topic

Summary

i am newbie to mattermost. one of my colleague installed mattermost on centos7 VPS. i hv credentials of root (centos7) as well as mattermost sql root user. my user is also created on mattermost. now i need to find out which user has admin rights on mattermost and i need to assign myself admin role to get system_console access.
plz help me in this regards,

1 post - 1 participant

Read full topic

Is there a way to export a channel to something that can be used offline, such as to an HTML file or perhaps as a PDF file?

The only export functionality I can find is to a json file for importing into another server.

1 post - 1 participant

Read full topic

Q: I have setup a local Gitlab community edition instance, which comes with integrated mattermost server. Gitlab also includes a built-in integration with Mattermost. Using incoming webhooks it allows Gitlab to e.g. notify about merge requests and ci job failures, etc. Does mattermost-plugin-gitlab offer more features than the already built-in functionality? Can I run both in parallel?

A: You can run all services in parallel, and each offers a separate set of features:

1. Built-in Mattermost slash commands: allows you to create and view GitLab issues, and trigger new GitLab CI jobs from Mattermost
2. GitLab webhooks for Mattermost: allows you to send webhook notifications to Mattermost, as you described
3. Mattermost plugin for GitLab: offers similar type of notifications as 2, plus daily reminders and sidebar buttons for quick access to open issues, open merge requests and more (see attached).

All in all, I would recommend starting with #3, as this is actively being developed by the Mattermost community and also ships pre-packaged with the GitLab community edition. #1 (for slash commands) can be a good supplement to it.

1 post - 1 participant

Read full topic

We continuously learn about large servers with 100s and 1,000s of daily active users who run Mattermost, which is exciting to see!

To better support these large deployments, we are releasing new admin advisor notifications in Mattermost v5.26 (releasing on August 16, 2020). These notifications give administrators quick access to optionally contact support for additional assistance with a single click. They also include links to useful resources for user management and provisioning to support large systems.

When these notifications are triggered, a System Admin receives a bot message notification, and for larger instances a dismissable daily banner with quick access to contact support.

If you have any questions about your deployment, or have feedback about our advisor notifications, let us know. We’re here to help.

Mattermost Team

1 post - 1 participant

Read full topic

I’ve a couple of teams and data in it in MM and the latest Android client says, that my server version 5.3.1 may be to old. Ok, I agree – long time ago! I’ve tried to upgrade three times in the past and after each upgrade the service mattermost doesn’t start. But I was able to restore each time my MM version 5.3.1 correctly.

I’ve upgraded with this tutorial:
https://docs.mattermost.com/administration/upgrade.html?src=dl

My server:

• Ubuntu 16.04.7 LTS
• Apache 2.4.18
• PHP 7.2.33-1
• MariaDB 10.0.38
• https over own LetsEncrypt certificate

Another upgrade tutorial (https://docs.mattermost.com/administration/legacy-upgrade.html) speaks about two version depending files, but I’ve neither the one not the other installed:

“RHEL6 and Ubuntu installations must verify the line limit nofile 50000 50000 is included in /etc/init/mattermost.conf file. See the installation guide for your operating system for more details.
RHEL7 and Ubuntu installations must verify the line LimitNOFILE=49152 is included in the /etc/systemd/system/mattermost.service file. See the installation guide for your operating system for more details.”

I already have searched for this issue (so it’s probably possible) in this forum but nothing helpful found.

Any idea why my mattermost service doesn’t start after upgrade?

1 post - 1 participant

Read full topic

On ec2 deployment using UserData, I’m running commands to install and run mattermost. After these commands I’ve added bulk import command, which currently is failing.
Anyone else come across this?
(I’ve also added a loop so it will only run import command when system ping is OK)

Here’s part of the error log which is produced from bulk import --apply
“App.IsPhase2MigrationCompleted: This API endpoint is not accessible as required migrations have not yet completed., SqlSystemStore.GetByName: Unable to find the system variable., sql: no rows in result set
Error occurred on data file line 2”

1 post - 1 participant

Read full topic

Hi everyone, we’re looking for technical help from BlackBerry Dynamics experts across the world, as customers using BlackBerry Dynamics are hitting a security issue we’re trying to address.

A critical requirement for time-sensitive collaboration in a secure environment is the ability to keep notification message payloads private. When users are unable to receive notification messages securely, it delays their ability to react and slows the response of entire organizations.

Notification messages in Mattermost can be encrypted in-transit and encrypted at-rest across web, desktop, and mobile to prevent outside organizations from having access to message contents.

In addition, on mobile—where push notifications to Android and iOS need to pass through message relays from Google or Apple—Mattermost E20 has the ability to send ID-only push notifications so that the relays never see the message contents.

However, when the Mattermost mobile applications on Android or iOS are used with BlackBerry Dynamics, BlackBerry disables the Mattermost mobile app’s ability to execute code when the mobile app is not active. As a result, secure notification messages offered through ID-only push notifications no longer work.

We’re looking to the Mattermost and BlackBerry Dynamics communities to help find a solution to enable secure notification messages using BlackBerry Dynamics.

Any help?

1 post - 1 participant

Read full topic

Summary
All post attachments (images/pdfs/mp4) are missing after import to mattermost

Steps to reproduce
https://docs.mattermost.com/administration/migrating.html#migrating-from-slack-using-the-mattermost-cli
Download Slack export from Slack.
Download attachments via Slack Advanced Exporter. The export-with-attachments.zip has all the files in the __uploads folder.
#sudo ./slack-advanced-exporter-linux-amd64 --input-archive slack.zip --output-archive export-with-attachments.zip fetch-attachments
Import resulting archive to Mattermost 5.24.2 using CLI tool
#/opt/mattermost/bin/mattermost import slack testteam /root/export-with-attachments.zip
After performing the above steps I verified the newly imported team. All the messages are in place, except for attachments. Those were completely missing.

Debian 10
Mattermost 5.24.2

Expected behavior
The mattermost channel has all the attachments like the slack channel.

Logs
#######
{"level":"info","ts":1597277647.6629498,"caller":"utils/i18n.go:83","msg":"Loaded system translations","for locale":"en","from locale":"/opt/mattermost/i18n/en.json"}
{"level":"info","ts":1597277647.6632302,"caller":"app/server_app_adapters.go:58","msg":"Server is initializing..."}
{"level":"info","ts":1597277647.6673126,"caller":"sqlstore/supplier.go:227","msg":"Pinging SQL","database":"master"}
{"level":"error","ts":1597277647.7305863,"caller":"app/server_app_adapters.go:152","msg":"Mail server connection test is failed: SendEmailNotifications is not true"}
{"level":"info","ts":1597277647.7317753,"caller":"app/license.go:37","msg":"License key from https://mattermost.com required to unlock enterprise features."}
{"level":"info","ts":1597277647.7370763,"caller":"mlog/log.go:167","msg":"Starting up plugins"}
{"level":"error","ts":1597277647.737134,"caller":"app/plugin.go:161","msg":"Failed to start up plugins","error":"mkdir ./client/plugins: no such file or directory"}
{"level":"info","ts":1597277647.7371817,"caller":"app/server.go:273","msg":"Current version is 5.24.0 (5.24.2/Fri Jun 26 19:10:02 UTC 2020/2c394d78ca036a439aa06fedd6ad187da535d5fc/8239891909042ef8e47e2b81b5d515ec65d8938c)","current_version":"5.24.0","build_number":"5.24.2","build_date":"Fri Jun 26 19:10:02 UTC 2020","build_hash":"2c394d78ca036a439aa06fedd6ad187da535d5fc","build_hash_enterprise":"8239891909042ef8e47e2b81b5d515ec65d8938c"}
{"level":"info","ts":1597277647.7372105,"caller":"app/server.go:282","msg":"Enterprise Build","enterprise_build":true}
{"level":"info","ts":1597277647.7372365,"caller":"app/server.go:288","msg":"Printing current working","directory":"/root"}
{"level":"info","ts":1597277647.7372603,"caller":"app/server.go:289","msg":"Loaded config","source":"file:///opt/mattermost/config/config.json"}
{"level":"info","ts":1597277647.7566736,"caller":"sqlstore/post_store.go:1571","msg":"Post.Message has size restrictions","max_characters":16383,"max_bytes":65535}
{"level":"info","ts":1597277647.7570834,"caller":"mlog/log.go:167","msg":"Starting up plugins"}
{"level":"error","ts":1597277647.7571416,"caller":"app/plugin.go:161","msg":"Failed to start up plugins","error":"mkdir ./client/plugins: no such file or directory"}
{"level":"info","ts":1597277647.7919083,"caller":"mlog/log.go:167","msg":"Starting up plugins"}
{"level":"error","ts":1597277647.791985,"caller":"app/plugin.go:161","msg":"Failed to start up plugins","error":"mkdir ./client/plugins: no such file or directory"}
{"level":"info","ts":1597277647.7944965,"caller":"bleveengine/bleve.go:267","msg":"UpdateConf Bleve"}
{"level":"info","ts":1597277647.795125,"caller":"app/license.go:37","msg":"License key from https://mattermost.com required to unlock enterprise features."}
{"level":"info","ts":1597277647.7955935,"caller":"mlog/log.go:167","msg":"Starting up plugins"}
{"level":"error","ts":1597277647.7956364,"caller":"app/plugin.go:161","msg":"Failed to start up plugins","error":"mkdir ./client/plugins: no such file or directory"}
Running Slack Import. This may take a long time for large teams or teams with many messages.
{"level":"info","ts":1597277648.0550404,"caller":"app/admin.go:151","msg":"Purging all caches"}
{"level":"info","ts":1597277648.05632,"caller":"app/license.go:37","msg":"License key from https://mattermost.com required to unlock enterprise features."}

Mattermost Slack Import Log

Users created:
===============

Slack user merged with an existing Mattermost user with matching email *** and username ***.
The Integration/Slack Bot user with email slackimportuser_xdbe9txcrbr3bk58og196ze4te@localhost and password *** has been imported.

Channels added:
=================

zufällig
slackexport
testbilder2
allgemein

Notes:
=======

- Some messages may not have been imported because they were not supported by this importer.
- Slack bot messages are currently not supported.
- Additional errors may be found in the server logs.


Finished Slack Import.

{"level":"info","ts":1597277648.0575478,"caller":"app/server.go:416","msg":"Stopping Server..."}
{"level":"info","ts":1597277648.05758,"caller":"app/web_hub.go:130","msg":"stopping websocket hub connections"}
{"level":"info","ts":1597277648.0584583,"caller":"app/server.go:469","msg":"Server stopped"}

1 post - 1 participant

Read full topic