Merge branch 'master' into develop

author: Brendan Abolivier <babolivier@matrix.org> 2022-02-08 13:26:09 +0000
committer: Brendan Abolivier <babolivier@matrix.org> 2022-02-08 13:26:09 +0000
commit: 6b91315ddf92c327e7f4414794c9b195030d954c (patch)
tree: 805a67012f500497cbe5ed3dd46f4bae45c93caa /docs/upgrade.md
parent: Add missing type hints to synapse.replication.http. (#11856) (diff)
parent: Merge branch 'release-v1.52' (diff)
download: synapse-6b91315ddf92c327e7f4414794c9b195030d954c.tar.xz
1 files changed, 12 insertions, 0 deletions
diff --git a/docs/upgrade.md b/docs/upgrade.md
index 8ce37bcdee..581fd7de53 100644
--- a/docs/upgrade.md
+++ b/docs/upgrade.md
@@ -113,6 +113,18 @@ setting only applies to the root path `/` of Synapse's web server and no longer
 the `/_matrix/client/` path.
 
 
+# Upgrading to v1.52.0
+
+## Twisted security release
+
+Note that [Twisted 22.1.0](https://github.com/twisted/twisted/releases/tag/twisted-22.1.0)
+has recently been released, which fixes a [security issue](https://github.com/twisted/twisted/security/advisories/GHSA-92x2-jw7w-xvvx)
+within the Twisted library. We do not believe Synapse is affected by this vulnerability,
+though we advise server administrators who installed Synapse via pip to upgrade Twisted
+with `pip install --upgrade Twisted` as a matter of good practice. The Docker image
+`matrixdotorg/synapse` and the Debian packages from `packages.matrix.org` are using the
+updated library.
+
 # Upgrading to v1.51.0
 
 ## Deprecation of `webclient` listeners and non-HTTP(S) `web_client_location`
author	Brendan Abolivier <babolivier@matrix.org>	2022-02-08 13:26:09 +0000
committer	Brendan Abolivier <babolivier@matrix.org>	2022-02-08 13:26:09 +0000
commit	6b91315ddf92c327e7f4414794c9b195030d954c (patch)
tree	805a67012f500497cbe5ed3dd46f4bae45c93caa /docs/upgrade.md
parent	Add missing type hints to synapse.replication.http. (#11856) (diff)
parent	Merge branch 'release-v1.52' (diff)
download	synapse-6b91315ddf92c327e7f4414794c9b195030d954c.tar.xz