Merge tag 'v0.31.2'

SECURITY UPDATE: Prevent unauthorised users from setting state events in a room when there is no `m.room.power_levels` event in force in the room. (PR #3397) Discussion around the Matrix Spec change proposal for this change can be followed at https://github.com/matrix-org/matrix-doc/issues/1304.
author: Richard van der Hoff <richard@matrix.org> 2018-06-14 16:35:33 +0100
committer: Richard van der Hoff <richard@matrix.org> 2018-06-14 16:35:33 +0100
commit: 53969e196004659c6a9f138f5d8abd86f4957d74 (patch)
tree: 321c7b3feae12392ae8fbc0b88aa237f93de8cf7 /synapse/api/auth.py
parent: Merge tag 'v0.31.1' (diff)
parent: link to spec proposal from changelog (diff)
download: synapse-53969e196004659c6a9f138f5d8abd86f4957d74.tar.xz
1 files changed, 1 insertions, 1 deletions
diff --git a/synapse/api/auth.py b/synapse/api/auth.py
index 06fa38366d..66639b0089 100644
--- a/synapse/api/auth.py
+++ b/synapse/api/auth.py
@@ -655,7 +655,7 @@ class Auth(object):
             auth_events[(EventTypes.PowerLevels, "")] = power_level_event
 
         send_level = event_auth.get_send_level(
-            EventTypes.Aliases, "", auth_events
+            EventTypes.Aliases, "", power_level_event,
         )
         user_level = event_auth.get_user_power_level(user_id, auth_events)
author	Richard van der Hoff <richard@matrix.org>	2018-06-14 16:35:33 +0100
committer	Richard van der Hoff <richard@matrix.org>	2018-06-14 16:35:33 +0100
commit	53969e196004659c6a9f138f5d8abd86f4957d74 (patch)
tree	321c7b3feae12392ae8fbc0b88aa237f93de8cf7 /synapse/api/auth.py
parent	Merge tag 'v0.31.1' (diff)
parent	link to spec proposal from changelog (diff)
download	synapse-53969e196004659c6a9f138f5d8abd86f4957d74.tar.xz