diff options
| author | Erik Johnston <erik@matrix.org> | 2023-10-31 14:02:32 +0000 |
|---|---|---|
| committer | Erik Johnston <erik@matrix.org> | 2023-10-31 14:02:32 +0000 |
| commit | a11511954a58975d2e5400257a0cecfd27413447 (patch) | |
| tree | 9bb31f092877b92bec86409b2c4fbb420dbcdd8a /CHANGES.md | |
| parent | Merge pull request from GHSA-mp92-3jfm-3575 (diff) | |
| download | synapse-a11511954a58975d2e5400257a0cecfd27413447.tar.xz | |
1.95.1 v1.95.1
Diffstat (limited to 'CHANGES.md')
| -rw-r--r-- | CHANGES.md | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/CHANGES.md b/CHANGES.md index caecc737f3..5aecdfb23d 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -1,3 +1,17 @@ +# Synapse 1.95.1 (2023-10-31) + +## Security advisory + +The following issue is fixed in 1.95.1. + +- [GHSA-mp92-3jfm-3575](https://github.com/matrix-org/synapse/security/advisories/GHSA-mp92-3jfm-3575) / [CVE-2023-43796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43796) — Moderate Severity + + Cached device information of remote users can be queried from Synapse. This can be used to enumerate the remote users known to a homeserver. + +See the advisory for more details. If you have any questions, email security@matrix.org. + + + # Synapse 1.95.0 (2023-10-24) ### Internal Changes |