SUSE CVE-2025-31363

Mattermost versions 10.4.x = 10.4.2, 10.5.x = 10.5.0, 9.11.x = 9.11.9 fail to restrict domains the LLM can request to contact upstream which allows an authenticated user to exfiltrate data from an arbitrary server accessible to the victim via performing a prompt injection in the AI plugin's Jira...

Limitation of 256 characters only for TUNNEL_EXCLUDE_DOMAINS client property

When we try to add TUNNELEXCLUDEDOMAINS client property, it limits only for 256 characters. Due to which we cannot add extra domains apart from default ones. Default list:...