diff options
author | Richard van der Hoff <richard@matrix.org> | 2019-05-03 19:25:01 +0100 |
---|---|---|
committer | Richard van der Hoff <richard@matrix.org> | 2019-05-03 19:25:01 +0100 |
commit | 836d3adcce81bdafd8d9033df028485dcbb9d4ed (patch) | |
tree | 1f8485651a7d7dc88908ae8783125c1b4afbf17d /CHANGES.md | |
parent | Add admin api for sending server_notices (#5121) (diff) | |
parent | Merge tag 'v0.99.3.2' (diff) | |
download | synapse-836d3adcce81bdafd8d9033df028485dcbb9d4ed.tar.xz |
Merge branch 'master' into develop
Diffstat (limited to 'CHANGES.md')
-rw-r--r-- | CHANGES.md | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/CHANGES.md b/CHANGES.md index 490c2021e0..d8cfbbebef 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -1,3 +1,23 @@ +Synapse 0.99.3.2 (2019-05-03) +============================= + +Internal Changes +---------------- + +- Ensure that we have `urllib3` <1.25, to resolve incompatibility with `requests`. ([\#5135](https://github.com/matrix-org/synapse/issues/5135)) + + +Synapse 0.99.3.1 (2019-05-03) +============================= + +Security update +--------------- + +This release includes two security fixes: + +- Switch to using a cryptographically-secure random number generator for token strings, ensuring they cannot be predicted by an attacker. Thanks to @opnsec for identifying and responsibly disclosing this issue! ([\#5133](https://github.com/matrix-org/synapse/issues/5133)) +- Blacklist 0.0.0.0 and :: by default for URL previews. Thanks to @opnsec for identifying and responsibly disclosing this issue too! ([\#5134](https://github.com/matrix-org/synapse/issues/5134)) + Synapse 0.99.3 (2019-04-01) =========================== |