Metabase has patched a severe security vulnerability discovered by an independent researcher. The flaw allows authenticated users (including embedding users) to retrieve sensitive information such as database credentials from a Metabase instance. Metabase Cloud users are already protected, but all self-hosted instances must upgrade immediately to the minimum safe release for their version (v0.55.20+, v0.56.20+, v0.57.13+, or v0.58.7+). Custom fork users should contact Metabase directly for patches.
Sort: