summary refs log tree commit diff
path: root/CHANGES.rst
diff options
context:
space:
mode:
Diffstat (limited to 'CHANGES.rst')
-rw-r--r--CHANGES.rst21
1 files changed, 21 insertions, 0 deletions
diff --git a/CHANGES.rst b/CHANGES.rst
index 3a2a30873f..70fc5af4c1 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -1,3 +1,24 @@
+Changes in synapse v0.31.2 (2018-06-14)
+=======================================
+
+SECURITY UPDATE: Prevent unauthorised users from setting state events in a room
+when there is no ``m.room.power_levels`` event in force in the room. (PR #3397)
+
+Discussion around the Matrix Spec change proposal for this change can be
+followed at https://github.com/matrix-org/matrix-doc/issues/1304.
+
+Changes in synapse v0.31.1 (2018-06-08)
+=======================================
+
+v0.31.1 fixes a security bug in the ``get_missing_events`` federation API
+where event visibility rules were not applied correctly.
+
+We are not aware of it being actively exploited but please upgrade asap.
+
+Bug Fixes:
+
+* Fix event filtering in get_missing_events handler (PR #3371)
+
 Changes in synapse v0.31.0 (2018-06-06)
 =======================================
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-11-11 16:52:30 +0000