AUTHOR: Eric Eastwood

Gitter is a communication product for communities and teams on GitHub. Find out more at gitter.im.

Navigation

Gitter Topics Deprecation Notice

We introduced Gitter Topics in September 2016 as an experiment. Unfortunately, it never gained traction and remained in beta through its life-span. After some consideration, we've decided to deprecate and remove this underused feature, allowing us to focus on the chat application. Topics will be completely removed from the Gitter UI on September 1st, 2018 (2018-09-01). We will disable the ability to create new topics/replies in the week prior. You can export and download all…

Gitter Token Leak Security Issue Notification

Issue Summary A vulnerability in the Gitter desktop application resulted in an inadvertent leak of your Gitter tokens. This affects v2 and v3 of the Gitter desktop app which we officially distribute for Windows and Linux. This only affects macOS if you manually downloaded v2/v3 (we distribute v1.177 on https://gitter.im/apps). Thanks to Dale Higgs for responsibly disclosing this vulnerability to us. Your tokens have already been revoked and rotated. If you…

Gitter XSS Crypto Mining Security Issue Notification

Issue Summary An XSS exploit in our KaTeX parser was used to embed a JavaScript crypto miner in clients via an exploitative message. The exploitative message was spread across 25 rooms and 146 users read those messages. The messages were available for about 1 hour (minutes after being reported) before being cleaned up across the board. User Remediation Steps To check if you are affected, open up the devtools(right-click on the page -> Inspect element)…