summary refs log tree commit diff
path: root/changelog.d
diff options
context:
space:
mode:
authorJosh Qou <97894002+joshqou@users.noreply.github.com>2023-06-15 14:23:27 +0100
committerGitHub <noreply@github.com>2023-06-15 14:23:27 +0100
commitd93912042191d30ff1f7aa41d9f0779a609caca8 (patch)
tree49d29205f6ea94a9d374b382c69a36aad7a276c7 /changelog.d
parentFix joining rooms through aliases where the alias server isn't a real homeser... (diff)
downloadsynapse-d93912042191d30ff1f7aa41d9f0779a609caca8.tar.xz
Fix unsafe hotserving behaviour for non-multimedia uploads. (#15680)
* Fix unsafe hotserving behaviour for non-multimedia uploads.

* invert disposition assert

* test_media_storage.py: run lint

* test_base.py: /inline/attachment/s

* Only return attachment for disposition type, update tests

* Update synapse/media/_base.py

Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>

* Update changelog.d/15680.bugfix

Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>

* add attribution

* Update changelog.

---------

Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>
Diffstat (limited to 'changelog.d')
-rw-r--r--changelog.d/15680.bugfix1
1 files changed, 1 insertions, 0 deletions
diff --git a/changelog.d/15680.bugfix b/changelog.d/15680.bugfix
new file mode 100644
index 0000000000..04ac19b4ec
--- /dev/null
+++ b/changelog.d/15680.bugfix
@@ -0,0 +1 @@
+Fix a long-standing bug where media files were served in an unsafe manner. Contributed by @joshqou.