summary refs log tree commit diff
path: root/docs/upgrade.md
diff options
context:
space:
mode:
Diffstat (limited to 'docs/upgrade.md')
-rw-r--r--docs/upgrade.md12
1 files changed, 12 insertions, 0 deletions
diff --git a/docs/upgrade.md b/docs/upgrade.md
index f455d257ba..0105f87f90 100644
--- a/docs/upgrade.md
+++ b/docs/upgrade.md
@@ -85,6 +85,18 @@ process, for example:
     dpkg -i matrix-synapse-py3_1.3.0+stretch1_amd64.deb
     ```
 
+# Upgrading to v1.52.0
+
+## Twisted security release
+
+Note that [Twisted 22.1.0](https://github.com/twisted/twisted/releases/tag/twisted-22.1.0)
+has recently been released, which fixes a [security issue](https://github.com/twisted/twisted/security/advisories/GHSA-92x2-jw7w-xvvx)
+within the Twisted library. We do not believe Synapse is affected by this vulnerability,
+though we advise server administrators who installed Synapse via pip to upgrade Twisted
+with `pip install --upgrade Twisted` as a matter of good practice. The Docker image
+`matrixdotorg/synapse` and the Debian packages from `packages.matrix.org` are using the
+updated library.
+
 # Upgrading to v1.51.0
 
 ## Deprecation of `webclient` listeners and non-HTTP(S) `web_client_location`
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-11-21 16:00:47 +0000