summary refs log tree commit diff
path: root/CHANGES.md
diff options
context:
space:
mode:
authorErik Johnston <erik@matrix.org>2023-10-31 14:05:52 +0000
committerErik Johnston <erik@matrix.org>2023-10-31 14:05:52 +0000
commit0cc6509cfe88beec4236365e07cac5e89d70ad48 (patch)
treee664889cfe41661308d435cd97e1cf8d2fc040ea /CHANGES.md
parentMerge pull request from GHSA-mp92-3jfm-3575 (diff)
parent1.95.1 (diff)
downloadsynapse-0cc6509cfe88beec4236365e07cac5e89d70ad48.tar.xz
Merge branch 'release-v1.95' into develop
Diffstat (limited to 'CHANGES.md')
-rw-r--r--CHANGES.md14
1 files changed, 14 insertions, 0 deletions
diff --git a/CHANGES.md b/CHANGES.md
index caecc737f3..5aecdfb23d 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -1,3 +1,17 @@
+# Synapse 1.95.1 (2023-10-31)
+
+## Security advisory
+
+The following issue is fixed in 1.95.1.
+
+- [GHSA-mp92-3jfm-3575](https://github.com/matrix-org/synapse/security/advisories/GHSA-mp92-3jfm-3575) / [CVE-2023-43796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43796) — Moderate Severity
+
+  Cached device information of remote users can be queried from Synapse. This can be used to enumerate the remote users known to a homeserver.
+
+See the advisory for more details. If you have any questions, email security@matrix.org.
+
+
+
 # Synapse 1.95.0 (2023-10-24)
 
 ### Internal Changes