summary refs log tree commit diff
path: root/CHANGES.md
diff options
context:
space:
mode:
authorRichard van der Hoff <richard@matrix.org>2019-05-03 19:25:01 +0100
committerRichard van der Hoff <richard@matrix.org>2019-05-03 19:25:01 +0100
commit836d3adcce81bdafd8d9033df028485dcbb9d4ed (patch)
tree1f8485651a7d7dc88908ae8783125c1b4afbf17d /CHANGES.md
parentAdd admin api for sending server_notices (#5121) (diff)
parentMerge tag 'v0.99.3.2' (diff)
downloadsynapse-836d3adcce81bdafd8d9033df028485dcbb9d4ed.tar.xz
Merge branch 'master' into develop
Diffstat (limited to 'CHANGES.md')
-rw-r--r--CHANGES.md20
1 files changed, 20 insertions, 0 deletions
diff --git a/CHANGES.md b/CHANGES.md
index 490c2021e0..d8cfbbebef 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -1,3 +1,23 @@
+Synapse 0.99.3.2 (2019-05-03)
+=============================
+
+Internal Changes
+----------------
+
+- Ensure that we have `urllib3` <1.25, to resolve incompatibility with `requests`. ([\#5135](https://github.com/matrix-org/synapse/issues/5135))
+
+
+Synapse 0.99.3.1 (2019-05-03)
+=============================
+
+Security update
+---------------
+
+This release includes two security fixes:
+
+- Switch to using a cryptographically-secure random number generator for token strings, ensuring they cannot be predicted by an attacker. Thanks to @opnsec for identifying and responsibly disclosing this issue! ([\#5133](https://github.com/matrix-org/synapse/issues/5133))
+- Blacklist 0.0.0.0 and :: by default for URL previews. Thanks to @opnsec for identifying and responsibly disclosing this issue too! ([\#5134](https://github.com/matrix-org/synapse/issues/5134))
+
 Synapse 0.99.3 (2019-04-01)
 ===========================