Merge branch 'master' into develop

author: Brendan Abolivier <babolivier@matrix.org> 2021-05-11 14:15:30 +0100
committer: Brendan Abolivier <babolivier@matrix.org> 2021-05-11 14:15:30 +0100
commit: 652a6b094d98e56290f0b6889cc401c364bad433 (patch)
tree: ba7a21ef2804be8fa33bf1463ecbfb0743090f06 /CHANGES.md
parent: Add config option to hide device names over federation (#9945) (diff)
parent: Use link to advisory rather than to the CVE repo (diff)
download: synapse-652a6b094d98e56290f0b6889cc401c364bad433.tar.xz
1 files changed, 16 insertions, 0 deletions
diff --git a/CHANGES.md b/CHANGES.md
index a41abbefba..93efa3ce56 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -1,3 +1,19 @@
+Synapse 1.33.2 (2021-05-11)
+===========================
+
+Due to the security issue highlighted below, server administrators are encouraged to update Synapse. We are not aware of these vulnerabilities being exploited in the wild.
+
+Security advisory
+-----------------
+
+This release fixes a denial of service attack ([CVE-2021-29471](https://github.com/matrix-org/synapse/security/advisories/GHSA-x345-32rc-8h85)) against Synapse's push rules implementation. Server admins are encouraged to upgrade.
+
+Internal Changes
+----------------
+
+- Unpin attrs dependency. ([\#9946](https://github.com/matrix-org/synapse/issues/9946))
+
+
 Synapse 1.33.1 (2021-05-06)
 ===========================
author	Brendan Abolivier <babolivier@matrix.org>	2021-05-11 14:15:30 +0100
committer	Brendan Abolivier <babolivier@matrix.org>	2021-05-11 14:15:30 +0100
commit	652a6b094d98e56290f0b6889cc401c364bad433 (patch)
tree	ba7a21ef2804be8fa33bf1463ecbfb0743090f06 /CHANGES.md
parent	Add config option to hide device names over federation (#9945) (diff)
parent	Use link to advisory rather than to the CVE repo (diff)
download	synapse-652a6b094d98e56290f0b6889cc401c364bad433.tar.xz