Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

v1.15.2
Compare
Choose a tag to compare
@clokep clokep released this 02 Jul 15:28
· 6436 commits to develop since this release
v1.15.2
This tag was signed with the committer’s verified signature. The key has expired.
clokep Patrick Cloke
GPG key ID: 33FC58F6A7113048
Expired
Learn about vigilant mode.
244649b

Synapse 1.15.2 (2020-07-02)

Due to the two security issues highlighted below, server administrators are encouraged to update Synapse. We are not aware of these vulnerabilities being exploited in the wild.

Security advisory

  • A malicious homeserver could force Synapse to reset the state in a room to a small subset of the correct state. This affects all Synapse deployments which federate with untrusted servers. (96e9afe6)

  • HTML pages served via Synapse were vulnerable to clickjacking attacks. This predominantly affects homeservers with single-sign-on enabled, but all server administrators are encouraged to upgrade. (ea26e9a9)

    This was reported by Quentin Gliech.

Assets 2
Loading