Merge branch 'master' into develop

author: Richard van der Hoff <richard@matrix.org> 2019-05-03 19:25:01 +0100
committer: Richard van der Hoff <richard@matrix.org> 2019-05-03 19:25:01 +0100
commit: 836d3adcce81bdafd8d9033df028485dcbb9d4ed (patch)
tree: 1f8485651a7d7dc88908ae8783125c1b4afbf17d /CHANGES.md
parent: Add admin api for sending server_notices (#5121) (diff)
parent: Merge tag 'v0.99.3.2' (diff)
download: synapse-836d3adcce81bdafd8d9033df028485dcbb9d4ed.tar.xz
1 files changed, 20 insertions, 0 deletions
diff --git a/CHANGES.md b/CHANGES.md
index 490c2021e0..d8cfbbebef 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -1,3 +1,23 @@
+Synapse 0.99.3.2 (2019-05-03)
+=============================
+
+Internal Changes
+----------------
+
+- Ensure that we have `urllib3` <1.25, to resolve incompatibility with `requests`. ([\#5135](https://github.com/matrix-org/synapse/issues/5135))
+
+
+Synapse 0.99.3.1 (2019-05-03)
+=============================
+
+Security update
+---------------
+
+This release includes two security fixes:
+
+- Switch to using a cryptographically-secure random number generator for token strings, ensuring they cannot be predicted by an attacker. Thanks to @opnsec for identifying and responsibly disclosing this issue! ([\#5133](https://github.com/matrix-org/synapse/issues/5133))
+- Blacklist 0.0.0.0 and :: by default for URL previews. Thanks to @opnsec for identifying and responsibly disclosing this issue too! ([\#5134](https://github.com/matrix-org/synapse/issues/5134))
+
 Synapse 0.99.3 (2019-04-01)
 ===========================
author	Richard van der Hoff <richard@matrix.org>	2019-05-03 19:25:01 +0100
committer	Richard van der Hoff <richard@matrix.org>	2019-05-03 19:25:01 +0100
commit	836d3adcce81bdafd8d9033df028485dcbb9d4ed (patch)
tree	1f8485651a7d7dc88908ae8783125c1b4afbf17d /CHANGES.md
parent	Add admin api for sending server_notices (#5121) (diff)
parent	Merge tag 'v0.99.3.2' (diff)
download	synapse-836d3adcce81bdafd8d9033df028485dcbb9d4ed.tar.xz