From 27d3f2e7ab8e88ef61e930e0b817608863760f92 Mon Sep 17 00:00:00 2001 From: Erik Johnston Date: Tue, 8 Nov 2016 14:32:54 +0000 Subject: Explicitly set authentication mode in ldap3 This only makes a difference for versions of ldap3 before 1.0, but a) its best to be explicit and b) there are distributions that package ancient versions for ldap3 (e.g. debian). --- synapse/util/ldap_auth_provider.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'synapse') diff --git a/synapse/util/ldap_auth_provider.py b/synapse/util/ldap_auth_provider.py index f852e9b037..1b989248fb 100644 --- a/synapse/util/ldap_auth_provider.py +++ b/synapse/util/ldap_auth_provider.py @@ -236,7 +236,8 @@ class LdapAuthProvider(object): value=localpart, base=self.ldap_base ) - conn = ldap3.Connection(server, bind_dn, password) + conn = ldap3.Connection(server, bind_dn, password, + authentication=ldap3.AUTH_SIMPLE) logger.debug( "Established LDAP connection in simple bind mode: %s", conn -- cgit 1.4.1 From 3c09818d914219c3946f5298679e61de4e27a410 Mon Sep 17 00:00:00 2001 From: Erik Johnston Date: Tue, 8 Nov 2016 14:39:55 +0000 Subject: Bump version and changelog --- CHANGES.rst | 13 +++++++++++++ synapse/__init__.py | 2 +- 2 files changed, 14 insertions(+), 1 deletion(-) (limited to 'synapse') diff --git a/CHANGES.rst b/CHANGES.rst index 371f26eb6e..1ce58632b8 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -1,3 +1,16 @@ +Changes in synapse v0.18.3 (2016-11-08) +======================================= + +SECURITY UPDATE + +Explicitly require authentication when using LDAP3. This is the default on +versions of ``ldap3`` above 1.0, but some distributions will package an older +version. + +If you are using LDAP3 login and have a version of ``ldap3`` older than 1.0 it +is **CRITICAL to updgrade**. + + Changes in synapse v0.18.2 (2016-11-01) ======================================= diff --git a/synapse/__init__.py b/synapse/__init__.py index 4e2a592d3d..d366b69dab 100644 --- a/synapse/__init__.py +++ b/synapse/__init__.py @@ -16,4 +16,4 @@ """ This is a reference implementation of a Matrix home server. """ -__version__ = "0.18.2" +__version__ = "0.18.3" -- cgit 1.4.1