Add words about the Twisted security fix v1.52.0

author: Brendan Abolivier <babolivier@matrix.org> 2022-02-08 11:47:35 +0000
committer: Brendan Abolivier <babolivier@matrix.org> 2022-02-08 11:47:35 +0000
commit: 5cdd4913100961f943f6432d9fbdaa20907142c2 (patch)
tree: 25c0fa9e55e01bf86dae6a0395f20d868364eddc /docs/upgrade.md
parent: 1.52.0 (diff)
download: synapse-5cdd4913100961f943f6432d9fbdaa20907142c2.tar.xz
1 files changed, 11 insertions, 0 deletions
diff --git a/docs/upgrade.md b/docs/upgrade.md
index f455d257ba..913f97385d 100644
--- a/docs/upgrade.md
+++ b/docs/upgrade.md
@@ -85,6 +85,17 @@ process, for example:
     dpkg -i matrix-synapse-py3_1.3.0+stretch1_amd64.deb
     ```
 
+# Upgrading to v1.52.0
+
+## Twisted security release
+
+During the making of this release, the developers of Twisted have released
+[Twisted 22.1.0](https://github.com/twisted/twisted/releases/tag/twisted-22.1.0), which
+fixes [a security issue](https://github.com/twisted/twisted/security/advisories/GHSA-92x2-jw7w-xvvx)
+within Twisted. We do not believe Synapse to be vulnerable to any security problem caused
+by this issue, though we advise server administrators to update their local version of
+Twisted if they can.
+
 # Upgrading to v1.51.0
 
 ## Deprecation of `webclient` listeners and non-HTTP(S) `web_client_location`
author	Brendan Abolivier <babolivier@matrix.org>	2022-02-08 11:47:35 +0000
committer	Brendan Abolivier <babolivier@matrix.org>	2022-02-08 11:47:35 +0000
commit	5cdd4913100961f943f6432d9fbdaa20907142c2 (patch)
tree	25c0fa9e55e01bf86dae6a0395f20d868364eddc /docs/upgrade.md
parent	1.52.0 (diff)
download	synapse-5cdd4913100961f943f6432d9fbdaa20907142c2.tar.xz