0.99.3.1

author: Richard van der Hoff <richard@matrix.org> 2019-05-03 16:03:24 +0100
committer: Richard van der Hoff <richard@matrix.org> 2019-05-03 16:03:24 +0100
commit: 863ec0962210fcb946e68caa7431f69583814c73 (patch)
tree: cf99c8065bb0cf79748966acd1cbe60ad78713a7 /CHANGES.md
parent: Merge pull request #5134 from matrix-org/rav/url_preview_blacklist (diff)
download: synapse-863ec0962210fcb946e68caa7431f69583814c73.tar.xz
1 files changed, 9 insertions, 0 deletions
diff --git a/CHANGES.md b/CHANGES.md
index 490c2021e0..d8eba2ec60 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -1,3 +1,12 @@
+Synapse 0.99.3.1 (2019-05-03)
+=============================
+
+Bugfixes
+--------
+
+- Switch to using a cryptographically-secure random number generator for token strings, ensuring they cannot be predicted by an attacker. Thanks to @opnsec for identifying and responsibly disclosing this issue! ([\#5133](https://github.com/matrix-org/synapse/issues/5133))
+- Blacklist 0.0.0.0 and :: by default for URL previews. Thanks to @opnsec for identifying and responsibly disclosing this issue too! ([\#5134](https://github.com/matrix-org/synapse/issues/5134))
+
 Synapse 0.99.3 (2019-04-01)
 ===========================
author	Richard van der Hoff <richard@matrix.org>	2019-05-03 16:03:24 +0100
committer	Richard van der Hoff <richard@matrix.org>	2019-05-03 16:03:24 +0100
commit	863ec0962210fcb946e68caa7431f69583814c73 (patch)
tree	cf99c8065bb0cf79748966acd1cbe60ad78713a7 /CHANGES.md
parent	Merge pull request #5134 from matrix-org/rav/url_preview_blacklist (diff)
download	synapse-863ec0962210fcb946e68caa7431f69583814c73.tar.xz