| tag name | v0.99.3.1 (8f091c13d128a70a7c0080afe082e2d93e488100) |
| tag date | 2019-05-03 17:27:27 +0100 |
| tagged by | Richard van der Hoff <richard@matrix.org> |
| tagged object | commit f73f18fe7b... |
| download | synapse-0.99.3.1.tar.xz |
|---|
Synapse 0.99.3.1 (2019-05-03)
============================= Security update --------------- This release includes two security fixes: - Switch to using a cryptographically-secure random number generator for token strings, ensuring they cannot be predicted by an attacker. Thanks to @opnsec for identifying and responsibly disclosing this issue! ([\#5133](https://github.com/matrix-org/synapse/issues/5133)) - Blacklist 0.0.0.0 and :: by default for URL previews. Thanks to @opnsec for identifying and responsibly disclosing this issue too! ([\#5134](https://github.com/matrix-org/synapse/issues/5134)) -----BEGIN PGP SIGNATURE----- iQFHBAABCAAxFiEEQlNDQm4FMsm53u1sih+T1XW16NUFAlzMa/gTHHJpY2hhcmRA bWF0cml4Lm9yZwAKCRCKH5PVdbXo1WSqB/9M6qOTo49ejMrOQkybQQQn7IK7tec6 UD6aPXRk0c6i5uTgu/r7rqFO1vs3M0nBLb0zDIlZ5JkMRMYY28pA2tSIzbdelXt8 m4TNpZWnnn+3441HnVi+lIHCq4APbEm66db+cSQzDJkX7TRKM8oxdfSKMOLNQ6Hx 4VuXa8Csbwd/4KWLHnCbIIs96WPnnOqwRiWm3kMxvBwBY8a1wB0gil5swxnJR1Yz GuE4L8rqSuH1MKoQdEbY4mykvPSCwfX5f1lYy3E7kKKlroMWPyctAOnfeF8+S2AV WI8h7TKcMBLYoJRfBS4faTIXgVl42JoP+P2YyDdI60+T9CyUT7QxiKfi =cbSH -----END PGP SIGNATURE-----