Gitter is a communication product for communities and teams on GitHub. Find out more at


Gitter Token Leak Security Issue Notification

Issue Summary A vulnerability in the Gitter desktop application resulted in an inadvertent leak of your Gitter tokens. This affects v2 and v3 of the Gitter desktop app which we officially distribute for Windows and Linux. This only affects macOS if you manually downloaded v2/v3 (we distribute v1.177 on Thanks to Dale Higgs for responsibly disclosing this vulnerability [] to us. Your tokens have already been…

Gitter XSS Crypto Mining Security Issue Notification

Issue Summary An XSS exploit in our KaTeX parser [] was used to embed a JavaScript crypto miner in clients via an exploitative message. The exploitative message was spread across 25 rooms and 146 users read those messages. The messages were available for about 1 hour (minutes after being reported []) before being cleaned up across the board. User Remediation Steps To…