Merge remote-tracking branch 'origin/develop' into anoa/public_rooms_module_api github/anoa/public_rooms_module_api anoa/public_rooms_module_api

author: Mathieu Velten <matmaul@gmail.com> 2023-10-10 16:55:30 +0200
committer: Mathieu Velten <matmaul@gmail.com> 2023-10-10 16:55:30 +0200
commit: 86641cb3a820e287b8c0a256fd363a2826b51dcb (patch)
tree: 096ea776661f1d14876b7e7f33553d376ade43bf /CHANGES.md
parent: Merge remote-tracking branch 'origin/develop' into anoa/public_rooms_module_api (diff)
parent: Merge branch 'master' into develop (diff)
download: synapse-anoa/public_rooms_module_api.tar.xz
1 files changed, 18 insertions, 0 deletions
diff --git a/CHANGES.md b/CHANGES.md
index 6c30c40858..0ee3970e2b 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -1,3 +1,21 @@
+# Synapse 1.94.0 (2023-10-10)
+
+No significant changes since 1.94.0rc1.
+However, please take note of the security advisory that follows.
+
+## Security advisory
+
+The following issue is fixed in 1.94.0 (and RC).
+
+- [GHSA-5chr-wjw5-3gq4](https://github.com/matrix-org/synapse/security/advisories/GHSA-5chr-wjw5-3gq4) — Moderate Severity
+
+  A malicious server ACL event can impact performance temporarily or permanently leading to a persistent denial of service.
+
+  Homeservers running on a closed federation (which presumably do not need to use server ACLs) are not affected.
+
+See the advisory for more details. If you have any questions, email security@matrix.org.
+
+
 # Synapse 1.94.0rc1 (2023-10-03)
 
 ### Features
author	Mathieu Velten <matmaul@gmail.com>	2023-10-10 16:55:30 +0200
committer	Mathieu Velten <matmaul@gmail.com>	2023-10-10 16:55:30 +0200
commit	86641cb3a820e287b8c0a256fd363a2826b51dcb (patch)
tree	096ea776661f1d14876b7e7f33553d376ade43bf /CHANGES.md
parent	Merge remote-tracking branch 'origin/develop' into anoa/public_rooms_module_api (diff)
parent	Merge branch 'master' into develop (diff)
download	synapse-anoa/public_rooms_module_api.tar.xz