1.105.1 v1.105.1 github/release-v1.105 release-v1.105

author: Erik Johnston <erik@matrix.org> 2024-04-23 15:57:13 +0100
committer: Erik Johnston <erik@matrix.org> 2024-04-23 15:57:13 +0100
commit: 20c9e195197567c209edf45383e5d0cdd2ef2a5f (patch)
tree: 589253a4c201bb753627e04565cf845e65d89a10 /CHANGES.md
parent: Fix GHSA-3h7q-rfh9-xm4v (diff)
download: synapse-20c9e195197567c209edf45383e5d0cdd2ef2a5f.tar.xz
1 files changed, 14 insertions, 0 deletions
diff --git a/CHANGES.md b/CHANGES.md
index ed9cca73bc..ec5bc22a98 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -1,3 +1,17 @@
+# Synapse 1.105.1 (2024-04-23)
+
+## Security advisory
+
+The following issues are fixed in 1.105.1.
+
+- [GHSA-3h7q-rfh9-xm4v](https://github.com/element-hq/synapse/security/advisories/GHSA-3h7q-rfh9-xm4v) / [CVE-2024-31208](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31208) — High Severity
+
+  Weakness in auth chain indexing allows DoS from remote room members through disk fill and high CPU usage.
+
+See the advisories for more details. If you have any questions, email security@element.io.
+
+
+
 # Synapse 1.105.0 (2024-04-16)
 
 No significant changes since 1.105.0rc1.
author	Erik Johnston <erik@matrix.org>	2024-04-23 15:57:13 +0100
committer	Erik Johnston <erik@matrix.org>	2024-04-23 15:57:13 +0100
commit	20c9e195197567c209edf45383e5d0cdd2ef2a5f (patch)
tree	589253a4c201bb753627e04565cf845e65d89a10 /CHANGES.md
parent	Fix GHSA-3h7q-rfh9-xm4v (diff)
download	synapse-20c9e195197567c209edf45383e5d0cdd2ef2a5f.tar.xz