From 79299891fd4c1afb20d1faa1bf397c14e353e942 Mon Sep 17 00:00:00 2001
From: David Baker <dbkr@users.noreply.github.com>
Date: Mon, 22 Jul 2024 15:24:49 +0200
Subject: [PATCH 1/3] Detect cycles when looking for predecessor rooms

---
 src/client.ts | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/client.ts b/src/client.ts
index 32ce1b26850..d7d4f08f16a 100644
--- a/src/client.ts
+++ b/src/client.ts
@@ -5401,10 +5401,15 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
 
     private findPredecessorRooms(room: Room, verifyLinks: boolean, msc3946ProcessDynamicPredecessor: boolean): Room[] {
         const ret: Room[] = [];
+        const seenRoomIDs = new Set<string>([room.roomId]);
 
         // Work backwards from newer to older rooms
         let predecessorRoomId = room.findPredecessor(msc3946ProcessDynamicPredecessor)?.roomId;
         while (predecessorRoomId !== null) {
+            if (predecessorRoomId) {
+                if (seenRoomIDs.has(predecessorRoomId)) return ret;
+                seenRoomIDs.add(predecessorRoomId);
+            }
             const predecessorRoom = this.getRoom(predecessorRoomId);
             if (predecessorRoom === null) {
                 break;

From e0ef467d7d2f223fde4d8203287779efd6425d03 Mon Sep 17 00:00:00 2001
From: David Baker <dbkr@users.noreply.github.com>
Date: Mon, 29 Jul 2024 13:55:08 +0100
Subject: [PATCH 2/3] break instead of return

---
 src/client.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/client.ts b/src/client.ts
index d7d4f08f16a..8e4609607ab 100644
--- a/src/client.ts
+++ b/src/client.ts
@@ -5407,7 +5407,7 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
         let predecessorRoomId = room.findPredecessor(msc3946ProcessDynamicPredecessor)?.roomId;
         while (predecessorRoomId !== null) {
             if (predecessorRoomId) {
-                if (seenRoomIDs.has(predecessorRoomId)) return ret;
+                if (seenRoomIDs.has(predecessorRoomId)) break;
                 seenRoomIDs.add(predecessorRoomId);
             }
             const predecessorRoom = this.getRoom(predecessorRoomId);

From 340bbe1a8fae05a514ac133e6e9b549326854957 Mon Sep 17 00:00:00 2001
From: RiotRobot <releases@riot.im>
Date: Tue, 20 Aug 2024 11:29:48 +0000
Subject: [PATCH 3/3] v34.3.1

---
 CHANGELOG.md | 5 +++++
 package.json | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index a815c846905..321dba96d17 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,8 @@
+Changes in [34.3.1](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v34.3.1) (2024-08-20)
+==================================================================================================
+# Security
+- Fixes for [CVE-2024-42369](https://nvd.nist.gov/vuln/detail/CVE-2024-42369) / [GHSA-vhr5-g3pm-49fm](https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-vhr5-g3pm-49fm).
+
 Changes in [34.3.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v34.3.0) (2024-08-13)
 ==================================================================================================
 ## ✨ Features
diff --git a/package.json b/package.json
index 29df7946551..4c15a7da265 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
     "name": "matrix-js-sdk",
-    "version": "34.3.0",
+    "version": "34.3.1",
     "description": "Matrix Client-Server SDK for Javascript",
     "engines": {
         "node": ">=20.0.0"