diff options
author | Patrick Cloke <patrickc@matrix.org> | 2020-10-15 10:33:43 -0400 |
---|---|---|
committer | Patrick Cloke <patrickc@matrix.org> | 2020-10-15 10:33:43 -0400 |
commit | 9b8a53c7b9e1a3ca5f46e417b9fa705f8bacb494 (patch) | |
tree | 8aafa09d76635694d6356e66a657e267f9b765c5 /CHANGES.md | |
parent | Clarify authlib changes. (diff) | |
download | synapse-9b8a53c7b9e1a3ca5f46e417b9fa705f8bacb494.tar.xz |
Additional tweaks. v1.21.2 github/release-v1.21.2 release-v1.21.2
Diffstat (limited to '')
-rw-r--r-- | CHANGES.md | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/CHANGES.md b/CHANGES.md index e9ff374e4d..38a0814bbf 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -1,14 +1,14 @@ Synapse 1.21.2 (2020-10-15) =========================== -Debian packages and Docker images are rebuilt using the latest versions of dependency libraries, including authlib 0.15.1. Please see bugfixes below. +Debian packages and Docker images have been rebuilt using the latest versions of dependency libraries, including authlib 0.15.1. Please see bugfixes below. Security advisory ----------------- * HTML pages served via Synapse were vulnerable to cross-site scripting (XSS) attacks. All server administrators are encouraged to upgrade. - ([34ff8da8](https://github.com/matrix-org/synapse/commit/34ff8da83b54024289f515c6d73e6b486574d699)) + ([\#8444](https://github.com/matrix-org/synapse/pull/8444)) ([CVE-2020-26891](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26891)) This fix was originally included in v1.21.0 but was missing a security advisory. @@ -19,7 +19,7 @@ Bugfixes -------- - Fix rare bug where sending an event would fail due to a racey assertion. ([\#8530](https://github.com/matrix-org/synapse/issues/8530)) -- An updated version of the authlib dependency is included in the Docker and Debian release to fix an issue using OpenID Connect. +- An updated version of the authlib dependency is included in the Docker and Debian images to fix an issue using OpenID Connect. See [\#8534](https://github.com/matrix-org/synapse/issues/8534) for details. Synapse 1.21.1 (2020-10-13) |