1.93.0 v1.93.0

author: Erik Johnston <erik@matrix.org> 2023-09-26 15:56:54 +0100
committer: Erik Johnston <erik@matrix.org> 2023-09-26 15:56:54 +0100
commit: 88ba67eb91215a708f321e16559fe3c2c0d0a407 (patch)
tree: 6fb976a0de5fa566a805537ade0ddae5502ae138 /CHANGES.md
parent: Update changelog. (diff)
download: synapse-88ba67eb91215a708f321e16559fe3c2c0d0a407.tar.xz
1 files changed, 20 insertions, 0 deletions
diff --git a/CHANGES.md b/CHANGES.md
index eb537f9f6a..c1ea40de20 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -1,3 +1,23 @@
+# Synapse 1.93.0 (2023-09-26)
+
+No significant changes since 1.93.0rc1.
+
+
+## Security advisory
+
+The following issues are fixed in 1.93.0 (and RCs).
+
+- [GHSA-4f74-84v3-j9q5](https://github.com/matrix-org/synapse/security/advisories/GHSA-4f74-84v3-j9q5) / [CVE-2023-41335](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41335) — Low Severity
+
+  Temporary storage of plaintext passwords during password changes.
+
+- [GHSA-7565-cq32-vx2x](https://github.com/matrix-org/synapse/security/advisories/GHSA-7565-cq32-vx2x) / [CVE-2023-42453](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42453) — Low Severity
+
+  Improper validation of receipts allows forged read receipts.
+
+See the advisories for more details. If you have any questions, email security@matrix.org.
+
+
 # Synapse 1.93.0rc1 (2023-09-19)
 
 ### Features
author	Erik Johnston <erik@matrix.org>	2023-09-26 15:56:54 +0100
committer	Erik Johnston <erik@matrix.org>	2023-09-26 15:56:54 +0100
commit	88ba67eb91215a708f321e16559fe3c2c0d0a407 (patch)
tree	6fb976a0de5fa566a805537ade0ddae5502ae138 /CHANGES.md
parent	Update changelog. (diff)
download	synapse-88ba67eb91215a708f321e16559fe3c2c0d0a407.tar.xz