summary refs log tree commit diff
diff options
context:
space:
mode:
authorErik Johnston <erik@matrix.org>2024-04-23 15:57:13 +0100
committerErik Johnston <erik@matrix.org>2024-04-23 15:57:13 +0100
commit20c9e195197567c209edf45383e5d0cdd2ef2a5f (patch)
tree589253a4c201bb753627e04565cf845e65d89a10
parentFix GHSA-3h7q-rfh9-xm4v (diff)
downloadsynapse-release-v1.105.tar.xz
-rw-r--r--CHANGES.md14
-rw-r--r--changelog.d/17044.misc1
-rw-r--r--debian/changelog6
-rw-r--r--pyproject.toml2
4 files changed, 21 insertions, 2 deletions
diff --git a/CHANGES.md b/CHANGES.md
index ed9cca73bc..ec5bc22a98 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -1,3 +1,17 @@
+# Synapse 1.105.1 (2024-04-23)
+
+## Security advisory
+
+The following issues are fixed in 1.105.1.
+
+- [GHSA-3h7q-rfh9-xm4v](https://github.com/element-hq/synapse/security/advisories/GHSA-3h7q-rfh9-xm4v) / [CVE-2024-31208](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31208) — High Severity
+
+  Weakness in auth chain indexing allows DoS from remote room members through disk fill and high CPU usage.
+
+See the advisories for more details. If you have any questions, email security@element.io.
+
+
+
 # Synapse 1.105.0 (2024-04-16)
 
 No significant changes since 1.105.0rc1.
diff --git a/changelog.d/17044.misc b/changelog.d/17044.misc
deleted file mode 100644
index a1439752d3..0000000000
--- a/changelog.d/17044.misc
+++ /dev/null
@@ -1 +0,0 @@
-Refactor auth chain fetching to reduce duplication.
diff --git a/debian/changelog b/debian/changelog
index 49c9b3b497..214ed59426 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+matrix-synapse-py3 (1.105.1) stable; urgency=medium
+
+  * New Synapse release 1.105.1.
+
+ -- Synapse Packaging team <packages@matrix.org>  Tue, 23 Apr 2024 15:56:18 +0100
+
 matrix-synapse-py3 (1.105.0) stable; urgency=medium
 
   * New Synapse release 1.105.0.
diff --git a/pyproject.toml b/pyproject.toml
index f0f025645f..508d31d8d7 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -96,7 +96,7 @@ module-name = "synapse.synapse_rust"
 
 [tool.poetry]
 name = "matrix-synapse"
-version = "1.105.0"
+version = "1.105.1"
 description = "Homeserver for the Matrix decentralised comms protocol"
 authors = ["Matrix.org Team and Contributors <packages@matrix.org>"]
 license = "AGPL-3.0-or-later"