From e8c36e527d4e817b09abf96cc2cb342c699316d0 Mon Sep 17 00:00:00 2001 From: Patrick Cloke Date: Thu, 2 Jul 2020 10:34:28 -0400 Subject: 1.15.2 --- CHANGES.md | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) (limited to 'CHANGES.md') diff --git a/CHANGES.md b/CHANGES.md index 9a30a2e901..25ec35025e 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -1,3 +1,23 @@ +Synapse 1.15.2 (2020-07-02) +=========================== + +Due to the two security issues highlight below, server administrators are +encouraged to update Synapse. We are not aware of these vulnerabilities being +exploited in the wild. + +Security advisory +----------------- + +* A malicious homeserver could force Synapse to reset the state in a room to a + small subset of the correct state. This affects all Synapse deployments which + federate with untrusted servers. +* HTML pages served via Synapse were vulnerable to clickjacking attacks. This + predominantly affects homeservers with single-sign-on enabled, but all server + administrators are encouraged to upgrade. + + This was reported by [Quentin Gliech](https://sandhose.fr/). + + Synapse 1.15.1 (2020-06-16) =========================== -- cgit 1.4.1 From 1d61a24f420b6a78c53cf7d2d2ea2aecfaca76d2 Mon Sep 17 00:00:00 2001 From: Patrick Cloke Date: Thu, 2 Jul 2020 10:41:00 -0400 Subject: Fix tense in the release notes. --- CHANGES.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'CHANGES.md') diff --git a/CHANGES.md b/CHANGES.md index 25ec35025e..8b773fae18 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -1,7 +1,7 @@ Synapse 1.15.2 (2020-07-02) =========================== -Due to the two security issues highlight below, server administrators are +Due to the two security issues highlighted below, server administrators are encouraged to update Synapse. We are not aware of these vulnerabilities being exploited in the wild. -- cgit 1.4.1 From 5ae0a4cf76d40973d22de421e13c6ee88b0afcd4 Mon Sep 17 00:00:00 2001 From: Patrick Cloke Date: Thu, 2 Jul 2020 10:45:22 -0400 Subject: Add links to the fixes. --- CHANGES.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'CHANGES.md') diff --git a/CHANGES.md b/CHANGES.md index 8b773fae18..251991f789 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -10,10 +10,10 @@ Security advisory * A malicious homeserver could force Synapse to reset the state in a room to a small subset of the correct state. This affects all Synapse deployments which - federate with untrusted servers. + federate with untrusted servers. ([96e9afe6](https://github.com/matrix-org/synapse/commit/96e9afe62500310977dc3cbc99a8d16d3d2fa15c)) * HTML pages served via Synapse were vulnerable to clickjacking attacks. This predominantly affects homeservers with single-sign-on enabled, but all server - administrators are encouraged to upgrade. + administrators are encouraged to upgrade. ([ea26e9a9](https://github.com/matrix-org/synapse/commit/ea26e9a98b0541fc886a1cb826a38352b7599dbe)) This was reported by [Quentin Gliech](https://sandhose.fr/). -- cgit 1.4.1 From 244649b7d514165e038d45506c33915f19f5a50d Mon Sep 17 00:00:00 2001 From: Patrick Cloke Date: Thu, 2 Jul 2020 10:53:14 -0400 Subject: Remove an extraneous space. --- CHANGES.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'CHANGES.md') diff --git a/CHANGES.md b/CHANGES.md index 251991f789..5069fbd027 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -13,7 +13,7 @@ Security advisory federate with untrusted servers. ([96e9afe6](https://github.com/matrix-org/synapse/commit/96e9afe62500310977dc3cbc99a8d16d3d2fa15c)) * HTML pages served via Synapse were vulnerable to clickjacking attacks. This predominantly affects homeservers with single-sign-on enabled, but all server - administrators are encouraged to upgrade. ([ea26e9a9](https://github.com/matrix-org/synapse/commit/ea26e9a98b0541fc886a1cb826a38352b7599dbe)) + administrators are encouraged to upgrade. ([ea26e9a9](https://github.com/matrix-org/synapse/commit/ea26e9a98b0541fc886a1cb826a38352b7599dbe)) This was reported by [Quentin Gliech](https://sandhose.fr/). -- cgit 1.4.1