Add security advisory note to the changelog

author: Olivier Wilkinson (reivilibre) <oliverw@matrix.org> 2023-10-10 13:20:59 +0100
committer: Olivier Wilkinson (reivilibre) <oliverw@matrix.org> 2023-10-10 13:20:59 +0100
commit: 4f87edc6e82055372bbf424c8e27bcdbbd566381 (patch)
tree: bb45a0ffe30cf79d8af8c1bcbeefc9000eb64e91
parent: 1.94.0 (diff)
download: synapse-4f87edc6e82055372bbf424c8e27bcdbbd566381.tar.xz
1 files changed, 13 insertions, 0 deletions
diff --git a/CHANGES.md b/CHANGES.md
index 123ac25460..0ee3970e2b 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -1,6 +1,19 @@
 # Synapse 1.94.0 (2023-10-10)
 
 No significant changes since 1.94.0rc1.
+However, please take note of the security advisory that follows.
+
+## Security advisory
+
+The following issue is fixed in 1.94.0 (and RC).
+
+- [GHSA-5chr-wjw5-3gq4](https://github.com/matrix-org/synapse/security/advisories/GHSA-5chr-wjw5-3gq4) — Moderate Severity
+
+  A malicious server ACL event can impact performance temporarily or permanently leading to a persistent denial of service.
+
+  Homeservers running on a closed federation (which presumably do not need to use server ACLs) are not affected.
+
+See the advisory for more details. If you have any questions, email security@matrix.org.
 
 
 # Synapse 1.94.0rc1 (2023-10-03)
author	Olivier Wilkinson (reivilibre) <oliverw@matrix.org>	2023-10-10 13:20:59 +0100
committer	Olivier Wilkinson (reivilibre) <oliverw@matrix.org>	2023-10-10 13:20:59 +0100
commit	4f87edc6e82055372bbf424c8e27bcdbbd566381 (patch)
tree	bb45a0ffe30cf79d8af8c1bcbeefc9000eb64e91
parent	1.94.0 (diff)
download	synapse-4f87edc6e82055372bbf424c8e27bcdbbd566381.tar.xz