| tag name | v1.30.1 (adaaa4e7ff81ea9e0b62430505824daae212ed4e) |
| tag date | 2021-03-26 12:23:36 +0000 |
| tagged by | Erik Johnston <erik@matrix.org> |
| tagged object | commit 262ed05f5b... |
| download | synapse-1.30.1.tar.xz |
|---|
Synapse 1.30.1 (2021-03-26)
=========================== This release is identical to Synapse 1.30.0, with the exception of explicitly setting a minimum version of Python's Cryptography library to ensure that users of Synapse are protected from the recent [OpenSSL security advisories](https://mta.openssl.org/pipermail/openssl-announce/2021-March/000198.html), especially CVE-2021-3449. Note that Cryptography defaults to bundling its own statically linked copy of OpenSSL, which means that you may not be protected by your operating system's security updates. It's also worth noting that Cryptography no longer supports Python 3.5, so admins deploying to older environments may not be protected against this or future vulnerabilities. Synapse will be dropping support for Python 3.5 at the end of March. Updates to the Docker image --------------------------- - Ensure that the docker container has up to date versions of openssl. ([\#9697](https://github.com/matrix-org/synapse/issues/9697)) Internal Changes ---------------- - Enforce that `cryptography` dependency is up to date to ensure it has the most recent openssl patches. ([\#9697](https://github.com/matrix-org/synapse/issues/9697)) -----BEGIN PGP SIGNATURE----- iQFEBAABCgAuFiEEBTGR3/RnAzBGUif3pULk7RsPrAkFAmBd0lQQHGVyaWtAbWF0 cml4Lm9yZwAKCRClQuTtGw+sCfamB/98BteKwFT3RP3unokfWmY8y6vURdUOM59w GcBww3N37c5ZlirDV9HZmFzHQDTtYWyhn4dCljY4tG8xsQeVCjoQj8VMRlqjfk2N HHFSK8IcDOSfH4FB54VA9d4h55SWL7KYZRJR8F1I+iblYmvCWqNI5CbaYgOruTTa lz6SApTlbJY77jDZ06crN0ACM+dr+9XmtAM8nXgTMJO6qhY/nWsCA0tCR/nuvkGd xPqmHi7/dgv6i3VX1fa9CQotgVkR50jFmfEwrJ68WYaSsMR2t17glt5stKQgez+m 3/CeU6dk+hjASmNkJqif5Wk+h7/SndmEKUMPifvdOE/WjvjOETqF =2KC4 -----END PGP SIGNATURE-----