summary refs log tree commit diff
path: root/changelog.d
diff options
context:
space:
mode:
authorAndrew Morgan <1342360+anoadragon453@users.noreply.github.com>2019-09-23 16:38:38 +0200
committerRichard van der Hoff <1389908+richvdh@users.noreply.github.com>2019-09-23 15:38:38 +0100
commit1b519e0272a13649d442aad2a10c9a3b39c2d200 (patch)
tree7b3c3d5ef227e01fe67de92c0ca466747acba7c8 /changelog.d
parentGeneralize email sending logging (#6075) (diff)
downloadsynapse-1b519e0272a13649d442aad2a10c9a3b39c2d200.tar.xz
Disable /register/available if registration is disabled (#6082)
Fixes #6066

This register endpoint should be disabled if registration is disabled, otherwise we're giving anyone the ability to check if a username exists on a server when we don't need to be.

Error code is 403 (Forbidden) as that's the same returned by /register when registration is disabled.

Diffstat (limited to 'changelog.d')
-rw-r--r--changelog.d/6082.feature1
1 files changed, 1 insertions, 0 deletions
diff --git a/changelog.d/6082.feature b/changelog.d/6082.feature
new file mode 100644
index 0000000000..c30662b608
--- /dev/null
+++ b/changelog.d/6082.feature
@@ -0,0 +1 @@
+Return 403 on `/register/available` if registration has been disabled.
\ No newline at end of file