| tag name | v1.15.2 (d20d51e6f9cec72457806e5dddccbdea8889bb0a) |
| tag date | 2020-07-02 10:53:54 -0400 |
| tagged by | Patrick Cloke <patrickc@matrix.org> |
| tagged object | commit 244649b7d5... |
| download | synapse-1.15.2.tar.xz |
|---|
Synapse 1.15.2 (2020-07-02)
=========================== Due to the two security issues highlighted below, server administrators are encouraged to update Synapse. We are not aware of these vulnerabilities being exploited in the wild. Security advisory ----------------- * A malicious homeserver could force Synapse to reset the state in a room to a small subset of the correct state. This affects all Synapse deployments which federate with untrusted servers. ([96e9afe6](https://github.com/matrix-org/synapse/commit/96e9afe62500310977dc3cbc99a8d16d3d2fa15c)) * HTML pages served via Synapse were vulnerable to clickjacking attacks. This predominantly affects homeservers with single-sign-on enabled, but all server administrators are encouraged to upgrade. ([ea26e9a9](https://github.com/matrix-org/synapse/commit/ea26e9a98b0541fc886a1cb826a38352b7599dbe)) This was reported by [Quentin Gliech](https://sandhose.fr/). -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEF3tZXk38tRDFVnUIM/xY9qcRMEgFAl799QkACgkQM/xY9qcR MEhKzQ/+JJCbIuaymKQuyZRRt4b2ylXmMjfM8LpYgwk1vEUN2z+NNt4pmbFQtvdJ Q1unHToDIK8b080DMagAc55MEF8GRtl8D411iGgSDeI/AqgVnsBTOW1cd7gDc0LC eEs3jwnL5TYDeZYZUGqu+OfoPbdGnUX8ywQYTXk8y0njELwnoJdMuHSMq8kgsMur eQ1cryevidpJiDQZlZFJQzlGoMrr4Aq94BZHooXfAdJnwCoIR/EVW4iie8GKSaNa OT5tVYg8l4KzBOWZBrtXeeIKVNh7HHie8aJRJVXAGq/3vAEDT8HTAxPNJ6Ru4DA9 2VrflzmuRl9phxybfq2m1G1AvNkOlKu67e21YTSKK9EG/52VJoSXzKEeP9hdMfj5 v/Xfm7v1WqolukZZMc9zyleCoAK2Znu32/0/PYGsgw/vX7wGoCORdP22/vVfuCni ZpUkZPlCA5XyD4QAyegzTVlp94IRI5oCErl6v1mESAaSkKyaGZ5jejTFWzOsKMuo TpyCLLz6ZKLCtxsU6e7nGwDV7dX2iztq8fGf9+8lFsdXCbdI0YsyzAE8reehK9lL rYxzl7fV+m6kzYg+pu3bfjH/YYgkPTvnV4juCOT/LQV7P3sEJAQrYBceIpAzyuS7 t0kCWTfX4UDrt1XbouuWJnvIHAFOG5/o/BEyhkQmW1c3GvDe8Jo= =QQ4B -----END PGP SIGNATURE-----