diff options
author | Richard van der Hoff <richard@matrix.org> | 2019-05-03 16:09:34 +0100 |
---|---|---|
committer | Richard van der Hoff <richard@matrix.org> | 2019-05-03 16:09:34 +0100 |
commit | f73f18fe7baba7e6f442e308112eeba91e4b8a61 (patch) | |
tree | c7bcc52b91e78126eeaefb9fcafde804e026881b | |
parent | 0.99.3.1 (diff) | |
download | synapse-github/release-v0.99.3.1.tar.xz |
changelog tweaks v0.99.3.1 github/release-v0.99.3.1 release-v0.99.3.1
-rw-r--r-- | CHANGES.md | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/CHANGES.md b/CHANGES.md index d8eba2ec60..4b84e20823 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -1,8 +1,10 @@ Synapse 0.99.3.1 (2019-05-03) ============================= -Bugfixes --------- +Security update +--------------- + +This release includes two security fixes: - Switch to using a cryptographically-secure random number generator for token strings, ensuring they cannot be predicted by an attacker. Thanks to @opnsec for identifying and responsibly disclosing this issue! ([\#5133](https://github.com/matrix-org/synapse/issues/5133)) - Blacklist 0.0.0.0 and :: by default for URL previews. Thanks to @opnsec for identifying and responsibly disclosing this issue too! ([\#5134](https://github.com/matrix-org/synapse/issues/5134)) |