summary refs log tree commit diff
diff options
context:
space:
mode:
authorErik Johnston <erik@matrix.org>2023-06-06 10:49:04 +0100
committerErik Johnston <erik@matrix.org>2023-06-06 10:49:04 +0100
commit07fd6d82d7890b10a02727c9892f01c684f207ef (patch)
tree6f54b38d55311a757ba2f4aef304afbbf1649945
parentStabilize support for MSC3952: Intentional mentions. (#15520) (diff)
parentFixup changelog (diff)
downloadsynapse-07fd6d82d7890b10a02727c9892f01c684f207ef.tar.xz
Merge branch 'master' into develop
-rw-r--r--CHANGES.md21
-rw-r--r--debian/changelog6
-rw-r--r--pyproject.toml2
3 files changed, 28 insertions, 1 deletions
diff --git a/CHANGES.md b/CHANGES.md
index f0885a2f1e..ea13b554ba 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -1,3 +1,24 @@
+Synapse 1.85.0 (2023-06-06)
+===========================
+
+No significant changes since 1.85.0rc2.
+
+
+## Security advisory
+
+The following issues are fixed in 1.85.0 (and RCs).
+
+- [GHSA-26c5-ppr8-f33p](https://github.com/matrix-org/synapse/security/advisories/GHSA-26c5-ppr8-f33p) / [CVE-2023-32682](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32683) — Low Severity
+
+  It may be possible for a deactivated user to login when using uncommon configurations.
+
+- [GHSA-98px-6486-j7qc](https://github.com/matrix-org/synapse/security/advisories/GHSA-98px-6486-j7qc) / [CVE-2023-32683](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32683) — Low Severity
+
+  A discovered oEmbed or image URL can bypass the `url_preview_url_blacklist` setting potentially allowing server side request forgery or bypassing network policies. Impact is limited to IP addresses allowed by the `url_preview_ip_range_blacklist` setting (by default this only allows public IPs).
+
+See the advisories for more details. If you have any questions, email security@matrix.org.
+
+
 Synapse 1.85.0rc2 (2023-06-01)
 ==============================
 
diff --git a/debian/changelog b/debian/changelog
index ae348ce4df..2278a83283 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+matrix-synapse-py3 (1.85.0) stable; urgency=medium
+
+  * New Synapse release 1.85.0.
+
+ -- Synapse Packaging team <packages@matrix.org>  Tue, 06 Jun 2023 09:39:29 +0100
+
 matrix-synapse-py3 (1.85.0~rc2) stable; urgency=medium
 
   * New Synapse release 1.85.0rc2.
diff --git a/pyproject.toml b/pyproject.toml
index 9802cd2a18..434eaa52ae 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -89,7 +89,7 @@ manifest-path = "rust/Cargo.toml"
 
 [tool.poetry]
 name = "matrix-synapse"
-version = "1.85.0rc2"
+version = "1.85.0"
 description = "Homeserver for the Matrix decentralised comms protocol"
 authors = ["Matrix.org Team and Contributors <packages@matrix.org>"]
 license = "Apache-2.0"