1.92.2

author: Erik Johnston <erik@matrix.org> 2023-09-15 13:30:16 +0100
committer: Erik Johnston <erik@matrix.org> 2023-09-15 13:30:16 +0100
commit: e6be9a3ca465b475d7eb8f752f42e9c9e17b20f2 (patch)
tree: cb32780aba77b455c29c5b997e2fa05d72084055 /CHANGES.md
parent: Use bookwork as docker base image (#16324) (diff)
download: synapse-e6be9a3ca465b475d7eb8f752f42e9c9e17b20f2.tar.xz
1 files changed, 10 insertions, 0 deletions
diff --git a/CHANGES.md b/CHANGES.md
index 13c53d2606..077588459a 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -1,3 +1,13 @@
+# Synapse 1.92.2 (2023-09-15)
+
+This is a Docker only update to mitigate [CVE-2023-4863](https://cve.org/CVERecord?id=CVE-2023-4863), a critical vulnerability in `libewebp`. Server admins not using Docker should ensure that their `libwebp` is up to date (if installed). We encourage admins to upgrade as soon as possible.
+
+
+### Updates to the Docker image
+
+- Update docker image to use Debian bookworm as the base. ([\#16324](https://github.com/matrix-org/synapse/issues/16324))
+
+
 # Synapse 1.92.1 (2023-09-12)
 
 Stop building Ubuntu Kinetic since it is EOL and repos seem to be dead.
author	Erik Johnston <erik@matrix.org>	2023-09-15 13:30:16 +0100
committer	Erik Johnston <erik@matrix.org>	2023-09-15 13:30:16 +0100
commit	e6be9a3ca465b475d7eb8f752f42e9c9e17b20f2 (patch)
tree	cb32780aba77b455c29c5b997e2fa05d72084055 /CHANGES.md
parent	Use bookwork as docker base image (#16324) (diff)
download	synapse-e6be9a3ca465b475d7eb8f752f42e9c9e17b20f2.tar.xz