diff options
| author | Olivier Wilkinson (reivilibre) <oliverw@matrix.org> | 2023-10-10 13:21:23 +0100 |
|---|---|---|
| committer | Olivier Wilkinson (reivilibre) <oliverw@matrix.org> | 2023-10-10 13:21:23 +0100 |
| commit | 336b0b9e8919299e2449ec5d47a33682b6af634b (patch) | |
| tree | 8188d3db9239f5f2cd74994071c59252475d30df | |
| parent | Merge branch 'master' into develop (diff) | |
| parent | Add security advisory note to the changelog (diff) | |
| download | synapse-336b0b9e8919299e2449ec5d47a33682b6af634b.tar.xz | |
Merge branch 'master' into develop
| -rw-r--r-- | CHANGES.md | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/CHANGES.md b/CHANGES.md index 123ac25460..0ee3970e2b 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -1,6 +1,19 @@ # Synapse 1.94.0 (2023-10-10) No significant changes since 1.94.0rc1. +However, please take note of the security advisory that follows. + +## Security advisory + +The following issue is fixed in 1.94.0 (and RC). + +- [GHSA-5chr-wjw5-3gq4](https://github.com/matrix-org/synapse/security/advisories/GHSA-5chr-wjw5-3gq4) — Moderate Severity + + A malicious server ACL event can impact performance temporarily or permanently leading to a persistent denial of service. + + Homeservers running on a closed federation (which presumably do not need to use server ACLs) are not affected. + +See the advisory for more details. If you have any questions, email security@matrix.org. # Synapse 1.94.0rc1 (2023-10-03) |