Impact
Expired Ephemeral Messages were not reliably removed from local chat history of Wire Webapp and Wire Desktop Clients.
In versions before 2022-01-27-production.0 ephemeral messages and assets might still be accessible through the local search functionality.
Any attempt to view one of these message in the chat view will then trigger the deletion.
This issue only affects locally stored messages.
Patches
- The issue has been fixed in wire-webapp 2022-01-27-production.0 and is already deployed on all Wire managed services.
- Users of app.wire.com are already using an updated version and need no further action.
- On premise instances of wire-webapp need to be updated to 2022-01-27-production.0, so that their users are no longer affected.
For more information
If you have any questions or comments about this advisory feel free to email us at vulnerability-report@wire.com
Impact
Expired Ephemeral Messages were not reliably removed from local chat history of Wire Webapp and Wire Desktop Clients.
In versions before 2022-01-27-production.0 ephemeral messages and assets might still be accessible through the local search functionality.
Any attempt to view one of these message in the chat view will then trigger the deletion.
This issue only affects locally stored messages.
Patches
For more information
If you have any questions or comments about this advisory feel free to email us at vulnerability-report@wire.com