v11 Changelog

Important

• Support for Mattermost Server v10.5 Extended Support Release has come to the end of its life cycle on November 15, 2025. Upgrading to Mattermost Server v10.11 or later is required.

• Upgrading from one Extended Support Release (ESR) to the next ESR (major -> major_next) is fully supported and tested. However, upgrading across multiple ESR versions (major to major+2) is supported, but not tested. If you plan to skip versions, we strongly recommend upgrading only between ESR releases. For example, if you’re upgrading from v8.1 ESR, upgrade to the v9.5 ESR or the v9.11 ESR before attempting to upgrade to the v10.5 ESR or the v10.11 ESR.

• See the Important Upgrade Notes documentation for details on upgrading to a newer release.

• See the changelog in progress for details about the upcoming release.

Release v11.1 - Feature Release

• 11.1.1, released 2025-11-21

Attention

Critical Fixes

• Mattermost v11.1.1 contains a Critical severity level security fix in the Jira plugin. Upgrading to this release as soon as possible is highly recommended. Details will be posted on our security updates page 30 days after release as per the Mattermost Responsible Disclosure Policy.

• Pre-packaged Jira plugin version v4.4.1.

• Fixed an issue where thread popouts did not show the current user’s status MM-66586.

• Fixed an issue where clicking on a permalink to a reply in another thread would not navigate the main window MM-66614.

• Fixed an issue where users could not add bots without an error message popping up MM-66684.

• Mattermost v11.1.1 contains no database or functional changes.

• 11.1.0, released 2025-11-14

  • Original 11.1.0 release.

Attention

Breaking Changes

• The version of React used by the Mattermost web app has been updated from React 17 to React 18. See more details in this forum post.

Compatibility

• Updated minimum required Edge, Firefox and Chrome versions to v140+ and updated minimum supported Windows version to v11+.

Important Upgrade Notes

• Added three new tables, ContentFlaggingCommonReviewers, ContentFlaggingTeamSettings, and ContentFlaggingTeamReviewers for storing Data Spillage settings. Added an index on ContentFlaggingTeamReviewers table to optimize fetching the team settings. No database downtime is expected for this upgrade. See the Important Upgrade Notes for more details.

Important

If you upgrade from a release earlier than v11.0, please read the other Important Upgrade Notes.

Improvements

User Interface (UI)

• Pre-packaged Agents plugin version v1.4.0.

• Pre-packaged Playbooks plugin version v2.5.1.

• Pre-packaged GitLab plugin version v1.11.0.

• Pre-packaged Jira plugin version v4.4.0.

• Pre-packaged GitHub plugin version v2.5.0.

• Pre-packaged Boards plugin version v9.1.7.

• Pre-packaged MS Teams Meetings plugin version v2.3.0.

• Pre-packaged Calls plugin version v1.11.0.

• Removed Mattermost MS Teams Sync plugin from pre-packaged plugins.

• Added support for standalone windows pop-out. Threads can now be popped out to its own window in Desktop.

• The desktop app version is now shown on the About modal, allowing clicking to copy both the server and desktop app versions.

• Downgraded French language support from Beta to Alpha.

Administration

• Added the ability to edit User Attributes in System Console > Users > User Configuration.

Integrations

• Added Date and DateTime types for interactive dialogs.

• Added MultiForm and Element refresh support for interactive dialogs.

Bug Fixes

• Fixed an issue where email address verification for SAML/LDAP users was required when a user’s email address changed.

• Fixed an issue where users could still message each other when not sharing a team, despite the configuration setting stating otherwise.

• Fixed an issue with the mmctl system status to return non-zero exit codes when health checks fail, ensuring proper integration with container orchestration health check systems.

• Fixed a configuration retention issue where even active configuration got deleted.

• Fixed an issue where plugins could not receive 3rd-party authorization headers.

config.json

New setting options were added to config.json. Below is a list of the additions and their default values on install. The settings can be modified in config.json, or the System Console when available.

Changes to Enterprise Advanced plan:

• Added a new AutoTranslationSettings configuration settings section. The auto-translation feature will be available in a future release.

API Changes

• Added a new API endpoint POST /api/v4/groups/names.

• Added a since parameter to the property value search method of the PluginApi.

Audit Log Event Changes

• Added AuditEventFlagPost, AuditEventGetFlaggedPost, AuditEventPermanentlyRemoveFlaggedPost, AuditEventKeepFlaggedPost, AuditEventUpdateContentFlaggingConfig, and AuditEventSetReviewer.

Go Version

• v11.1 is built with Go v1.24.6.

Open Source Components

• Added @redux-devtools/extension and @types/react-is, and removed react-intl from https://github.com/mattermost/mattermost/.

Contributors

• abbas-dependable-naqvi, abhijit-singh, agarciamontoro, amyblais, andrleite, Arusekk, asaadmahmood, BenCookie95, bgardner8008, buzzyboy, calebroseland, codiphile, cpoile, crspeller, ctlaltdieliet, cwarnermm, davidkrauser, devinbinnie, DHaussermann, enahum, enzowritescode, esarafianou, esethna, ewwollesen, fmartingr, franklinferre, frankps, fsilye, grubbins, hanzei, harshilsharma63, hereje, hmhealey, homerCOD, isacikgoz, itz-Me-Pj, iyampaul, jgheithcock, johnsonbrothers, jprusch, jsedy7, JulienTant, kaakaa, kayazeren, KohheiAdachi, Kshitij-Katiyar, l-ra, larkox, lieut-data, lindy65, lynn915, majo, mansil, marianunez, master7, matt-w99, matthew-w, matthewbirtch, mental-space1532, mgdelacroix, moi90, neflyte, nickmisasi, Omar8345, pavelzeman, pnaskardev, polyacedev, pvev, rahimrahman, Rajat-Dabade, Reinkard, roberson-io, roskee, saturninoabril, sbishel, Sharuru, shawnaym, svelle, thejoeejoee, ThrRip, tnir, Victor-Nyagudi, vpecinka, wiersgallak, wiggin77, Willyfrog, yairsz, Yash-Chakerverti, yasserfaraazkhan

Release v11.0 - Major Release

• 11.0.6, released 2025-11-21

Attention

Critical Fixes

• Mattermost v11.0.6 contains a Critical severity level security fix in the Jira plugin. Upgrading to this release as soon as possible is highly recommended. Details will be posted on our security updates page 30 days after release as per the Mattermost Responsible Disclosure Policy.

• Pre-packaged Jira plugin version v4.4.1.

• Mattermost v11.0.6 contains no database or functional changes.

• 11.0.5, released 2025-11-17

  • Mattermost v11.0.5 contains medium severity level security fixes. Upgrading to this release is recommended. Details will be posted on our security updates page 30 days after release as per the Mattermost Responsible Disclosure Policy.

  • Pre-packaged MS Teams Meetings plugin version v2.3.0.

  • Pre-packaged Calls plugin version v1.11.0.

  • Fixed a configuration retention issue where even active configuration got deleted MM-66216.

  • Fixed an issue where plugins could not receive 3rd-party authorization headers MM-66335.

  • Mattermost v11.0.5 contains no database or functional changes.

• 11.0.4, released 2025-10-28

Attention

Critical Fixes

• Mattermost v11.0.4 contains Critical severity level security fixes. Upgrading to this release as soon as possible is highly recommended. Details will be posted on our security updates page 30 days after release as per the Mattermost Responsible Disclosure Policy.

• Fixed an issue where plugin configuration settings were incorrectly sanitized, causing API endpoints and plugins to receive masked values instead of actual configuration values.

• Pre-packaged Boards plugin v9.1.7.

• Mattermost v11.0.4 contains no database or functional changes.

• 11.0.3, released 2025-10-27

  • Mattermost v11.0.3 contains no database or functional changes.

• 11.0.2, released 2025-10-16

  • Reverted a breaking change related to ServiceSettings.ExperimentalStrictCSRFEnforcement setting.

• 11.0.1, released 2025-10-16

  • Original 11.0.1 release.

Attention

Breaking Changes

• GitLab SSO has been deprecated from Team Edition. Deployments using GitLab SSO can remain on v10.11 ESR (with 12 months of security updates), transition to our new free offering Mattermost Entry, or can explore commercial/nonprofit options. See more details in this forum post.

• The TeamSettings.ExperimentalViewArchivedChannels setting has been deprecated. Archived channels will always be accessible, subject to normal channel membership. The server will fail to start if this setting is set to false. To deny access to archived channels, mark them as private and remove affected channel members. See more details in this forum post.

• Playbooks has been deprecated from Team Edition. Entry, Professional, Enterprise, and Enterprise Advanced plans are automatically upgraded to Playbooks v2 with no expected downtime. See more details in this forum post.

• Experimental Bleve Search functionality has been retired. If Bleve is enabled, search will not work until DisableDatabaseSearch is set to false. See more details in this forum post.

• Support for MySQL has ended. Our Migration Guide outlines the steps, tools and support available for migrating to PostgreSQL. See more details in this forum post.

• The registerPostDropdownMenuComponent hook in the web app’s plugin API has been removed in favour of registerPostDropdownMenuAction. See more details in this forum post.

• The web app is no longer exposing the Styled Components dependency for use by web app plugins. See more details in this forum post.

• Omnibus support has been deprecated. The last mattermost-omnibus release was v10.12. See more details in this forum post.

• Deprecated include_removed_members option in api/v4/ldap/sync has been removed. Admins can use the LDAP setting ReAddRemovedMembers.

• Customers that have the NPS plugin enabled can remove it as it no longer sends the feedback over through telemetry.

• Format query parameter requirement in the /api/v4/config/client endpoint has been deprecated.

• Removed deprecated mmctl commands and flags:

  • channel add - use channel users add

  • channel remove - use channel users remove

  • channel restore - use channel unarchive

  • channel make-private - use channel modify --private

  • command delete - use command archive

  • permissions show - use permissions role show

  • mmctl user email - use mmctl user edit email

  • mmctl user username - use mmctl user edit username

• Experimental certificate-based authentication feature has been removed. ExperimentalSettings.ClientSideCertEnable must be false to start the server.

• Added logic to migrate the password hashing method from bcrypt to PBKDF2. The migration will happen progressively, migrating the password of a user as soon as they enter it; e.g. when logging in or when double-checking their password for any sensitive action. There is an edge case where users might get locked out of their account: if a server upgrades to v11 and user A logs in (i.e., they need to enter their password), and then the server downgrades to v10.12 or previous, user A will no longer be able to log in. In this case, admins will need to manually reset the password of such users, through the system console or through the mmctl user reset-password [users] command. The new password hashing method is more CPU-intensive. Admins of servers with password-based login should monitor the performance on periods where many users log in at the same time.

• /api/v4/teams/{team_id}/channels/search_archived has been deprecated in favour of /api/v4/channels/search with the deleted parameter.

• Changed default database connection pool settings: changed MaxOpenConns from 300 to 100 and MaxIdleConns from 20 to 50, establishing a healthier 2:1 ratio for better database connection management.

• Separate notification log file has been deprecated. If admins want to continue using a separate log file for notification logs, they can use the AdvancedLoggingJSON configuration. See the Important Upgrade Notes for an example configuration.

• Stopped supporting manually installed plugins as per https://forum.mattermost.com/t/deprecation-notice-manual-plugin-deployment/21192

• Support for PostgreSQL v13 has been removed. The new minimum PostgreSQL version is v14+. See the minimum supported PostgreSQL version policy documentation for details.

Important

If you upgrade from a release earlier than v10.10, please read the other Important Upgrade Notes.

Improvements

User Interface (UI)

• Pre-packaged Agents plugin v1.3.1.

• Pre-packaged Boards plugin v9.1.6.

• Pre-packaged MS Teams plugin v2.2.2.

• Pre-packaged Playbooks plugin v2.4.2, allowing Professional licenses to use playbooks v2.

• Removed Playbooks v1 from pre-packaged plugins.

• Updated the library used for customizing scrollbars.

• Increased page size when retrieving posts in channels with high number of hidden messages.

Administration

• Introduced support for Mattermost Entry, a commercial evaluation environment to explore Enterprise Advanced with usage limits. See more details in this forum post.

• User limits were lowered to final threshold of 250 for Mattermost Team Edition (MIT-Compiled License).

• Added support for a FIPS-compliant Mattermost image.

• PBKDF2 is now used as the new key derivation algorithm for remote cluster invitations. We do this in a backward compatible way such that invitations generated from new/old clusters work in all clusters.

• Updated the default SAML signature algorithm from SHA1 to SHA256 for improved security.

• Added admin-managed property fields to Custom Profile Attributes.

• Admin managed Custom Profile Attribute fields can now be used as part of Attribute Based Access Control policies.

• System Admins can now mark Custom Profile Attribute fields as “admin managed” from the System Console.

• Added Channel-Level Attribute-Based Access Control (Available only in Enterprise Advanced). Channel Admins can now configure attribute-based access rules directly in Channel Settings through a new Access Control tab when the EnableChannelScopeAccessControl setting is enabled.

• Channel access control policies now support multiple parent inheritances.

• Updated interactive dialogs to use the apps form framework. Implemented dynamic select and multi-select for interactive dialogs. Also, UserId and TeamId are now passed in interactive dialog submissions.

• Mattermost profile image is now deleted when LDAP profile picture is deleted.

• User auth_data is now shown in the System Console user details page.

• Added Elasticsearch test to Support Packet diagnostics.

• Added support for a new EmailNotificationWillBeSent plugin hook.

• Added a console warning when a plugin uses the now-deprecated registerPostDropdownMenuComponent API.

mmctl

• Added mmctl user edit command.

• Updated mmctl shell completion to fully support zsh, powershell, and fish. Check out mmctl completion for a guide on how to set it up for your shell.

• Added the mmctl cpa set of commands to manage Custom Profile Attributes.

Bug Fixes

• Fixed an issue where extra date separators were added in search results, pinned posts and saved messages.

• Fixed an issue where MFA warning was thrown in the logs for unauthenticated plugin requests.

• Fixed an issue that prevented new users from searching channels right after joining a team when Elasticsearch was enabled.

• Fixed some crashes in the threads screen.

config.json

New setting options were added to config.json. Below is a list of the additions and their default values on install. The settings can be modified in config.json, or the System Console when available.

Changes to all plans:

• Under CloudSettings in config.json:

  • Added PreviewModalBucketURL.

• Removed VerboseDiagnostics configuration setting as part of removing all telemetry support from Mattermost.

• Removed BleveSettings configuration setting as part of removing Bleve.

• Removed NotificationLogSettings as part of deprecating the separate notification log file.

Changes to Enterprise and Enterprise Advanced plans:

• Removed ClientSideCertCheck as part of removing the experimental certificate-based authentication feature.

API Changes

• Added a counting plugin API for properties.

• Added a new API endpoint to update Custom Profile Attribute values for a given user.

Go Version

• v11.0 is built with Go v1.24.6.

Open Source Components

• Added simplebar-react, and removed go-sql-driver/mysql, blevesearch/bleve and axios from https://github.com/mattermost/mattermost/.

Contributors

• abbas-dependable-naqvi, adityadav1987, agarciamontoro, amyblais, andrleite, angeloskyratzakos, arush-vashishtha, AulakhHarsh, AurelienS, avasconcelos114, azistellar, azizthegit, BenCookie95, bndn, Boruus, bshumylo, buzzyboy, calebroseland, catalintomai, crspeller, ctlaltdieliet, cwarnermm, danilvalov, David, davidkrauser, devinbinnie, eagerid, enahum, enzowritescode, esarafianou, esethna, flyply, fmartingr, frankps, fsilye, gabrieljackson, grubbins, guenjun, hanzei, harshilsharma63, hmhealey, isacikgoz, jabi27, jgheithcock, johnsonbrothers, jprusch, JulienTant, jwilander, kayazeren, Kshitij-Katiyar, ladudu, lani009, lani009217f4195555e46f1, larkox, lieut-data, M-ZubairAhmed, majo, mansil, marianunez, master7, matthewbirtch, mgdelacroix, minchae.lee, mrckndt, neflyte, nickmisasi, onovy, polnetwork, pvev, raghavaggarwal2308, rahimrahman, Rajat-Dabade, saturninoabril, sayzard, sbishel, Sharuru, stafot, thejoeejoee, ThrRip, tnir, Victor-Nyagudi, vish9812, vpecinka, wiersgallak, wiggin77, Willyfrog, Yash-Chakerverti, yasserfaraazkhan