1.33.2

author: Brendan Abolivier <babolivier@matrix.org> 2021-05-11 13:53:49 +0100
committer: Brendan Abolivier <babolivier@matrix.org> 2021-05-11 14:01:32 +0100
commit: 86fb71431ca562ba536c50620d1e367a9c6d4ac9 (patch)
tree: 37378cf3cf128458c983a19fb2f149616164dd8f /CHANGES.md
parent: Merge pull request from GHSA-x345-32rc-8h85 (diff)
download: synapse-86fb71431ca562ba536c50620d1e367a9c6d4ac9.tar.xz
1 files changed, 16 insertions, 0 deletions
diff --git a/CHANGES.md b/CHANGES.md
index a41abbefba..7ae0e7b3c1 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -1,3 +1,19 @@
+Synapse 1.33.2 (2021-05-11)
+===========================
+
+Due to the security issue highlighted below, server administrators are encouraged to update Synapse. We are not aware of these vulnerabilities being exploited in the wild.
+
+Security advisory
+-----------------
+
+This release fixes a denial of service attack ([CVE-2021-29471](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29471)) against Synapse's push rules implementation. Server admins are encouraged to upgrade.
+
+Internal Changes
+----------------
+
+- Unpin attrs dependency. ([\#9946](https://github.com/matrix-org/synapse/issues/9946))
+
+
 Synapse 1.33.1 (2021-05-06)
 ===========================
author	Brendan Abolivier <babolivier@matrix.org>	2021-05-11 13:53:49 +0100
committer	Brendan Abolivier <babolivier@matrix.org>	2021-05-11 14:01:32 +0100
commit	86fb71431ca562ba536c50620d1e367a9c6d4ac9 (patch)
tree	37378cf3cf128458c983a19fb2f149616164dd8f /CHANGES.md
parent	Merge pull request from GHSA-x345-32rc-8h85 (diff)
download	synapse-86fb71431ca562ba536c50620d1e367a9c6d4ac9.tar.xz