summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--CHANGES.md16
-rw-r--r--changelog.d/9946.misc1
-rw-r--r--debian/changelog6
-rw-r--r--synapse/__init__.py2
4 files changed, 23 insertions, 2 deletions
diff --git a/CHANGES.md b/CHANGES.md
index a41abbefba..7ae0e7b3c1 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -1,3 +1,19 @@
+Synapse 1.33.2 (2021-05-11)
+===========================
+
+Due to the security issue highlighted below, server administrators are encouraged to update Synapse. We are not aware of these vulnerabilities being exploited in the wild.
+
+Security advisory
+-----------------
+
+This release fixes a denial of service attack ([CVE-2021-29471](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29471)) against Synapse's push rules implementation. Server admins are encouraged to upgrade.
+
+Internal Changes
+----------------
+
+- Unpin attrs dependency. ([\#9946](https://github.com/matrix-org/synapse/issues/9946))
+
+
 Synapse 1.33.1 (2021-05-06)
 ===========================
 
diff --git a/changelog.d/9946.misc b/changelog.d/9946.misc
deleted file mode 100644
index 142ec5496f..0000000000
--- a/changelog.d/9946.misc
+++ /dev/null
@@ -1 +0,0 @@
-Unpin attrs dependency.
diff --git a/debian/changelog b/debian/changelog
index de50dd14ea..76b82c172e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+matrix-synapse-py3 (1.33.2) stable; urgency=medium
+
+  * New synapse release 1.33.2.
+
+ -- Synapse Packaging team <packages@matrix.org>  Tue, 11 May 2021 11:17:59 +0100
+
 matrix-synapse-py3 (1.33.1) stable; urgency=medium
 
   * New synapse release 1.33.1.
diff --git a/synapse/__init__.py b/synapse/__init__.py
index 441cd8b339..ce822ccb04 100644
--- a/synapse/__init__.py
+++ b/synapse/__init__.py
@@ -47,7 +47,7 @@ try:
 except ImportError:
     pass
 
-__version__ = "1.33.1"
+__version__ = "1.33.2"
 
 if bool(os.environ.get("SYNAPSE_TEST_PATCH_LOG_CONTEXTS", False)):
     # We import here so that we don't have to install a bunch of deps when