mirror of
https://mau.dev/maunium/synapse.git
synced 2024-10-01 01:36:05 -04:00
1.85.0
This commit is contained in:
parent
4c0bffaca5
commit
564f37aca6
21
CHANGES.md
21
CHANGES.md
@ -1,3 +1,24 @@
|
|||||||
|
Synapse 1.85.0 (2023-06-06)
|
||||||
|
===========================
|
||||||
|
|
||||||
|
No significant changes since 1.85.0rc2.
|
||||||
|
|
||||||
|
|
||||||
|
## Security advisory
|
||||||
|
|
||||||
|
The following issues are fixed in 1.85.0.
|
||||||
|
|
||||||
|
- [GHSA-26c5-ppr8-f33p](https://github.com/matrix-org/synapse/security/advisories/GHSA-26c5-ppr8-f33p) / [CVE-2023-32682](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32683) — Low Severity
|
||||||
|
|
||||||
|
It may be possible for a deactivated user to login when using uncommon configurations.
|
||||||
|
|
||||||
|
- [GHSA-98px-6486-j7qc](https://github.com/matrix-org/synapse/security/advisories/GHSA-98px-6486-j7qc) / [CVE-2023-32683](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32683) — Low Severity
|
||||||
|
|
||||||
|
A discovered oEmbed or image URL can bypass the `url_preview_url_blacklist` setting potentially allowing server side request forgery or bypassing network policies. Impact is limited to IP addresses allowed by the `url_preview_ip_range_blacklist` setting (by default this only allows public IPs).
|
||||||
|
|
||||||
|
See the advisories for more details. If you have any questions, email security@matrix.org.
|
||||||
|
|
||||||
|
|
||||||
Synapse 1.85.0rc2 (2023-06-01)
|
Synapse 1.85.0rc2 (2023-06-01)
|
||||||
==============================
|
==============================
|
||||||
|
|
||||||
|
6
debian/changelog
vendored
6
debian/changelog
vendored
@ -1,3 +1,9 @@
|
|||||||
|
matrix-synapse-py3 (1.85.0) stable; urgency=medium
|
||||||
|
|
||||||
|
* New Synapse release 1.85.0.
|
||||||
|
|
||||||
|
-- Synapse Packaging team <packages@matrix.org> Tue, 06 Jun 2023 09:39:29 +0100
|
||||||
|
|
||||||
matrix-synapse-py3 (1.85.0~rc2) stable; urgency=medium
|
matrix-synapse-py3 (1.85.0~rc2) stable; urgency=medium
|
||||||
|
|
||||||
* New Synapse release 1.85.0rc2.
|
* New Synapse release 1.85.0rc2.
|
||||||
|
@ -89,7 +89,7 @@ manifest-path = "rust/Cargo.toml"
|
|||||||
|
|
||||||
[tool.poetry]
|
[tool.poetry]
|
||||||
name = "matrix-synapse"
|
name = "matrix-synapse"
|
||||||
version = "1.85.0rc2"
|
version = "1.85.0"
|
||||||
description = "Homeserver for the Matrix decentralised comms protocol"
|
description = "Homeserver for the Matrix decentralised comms protocol"
|
||||||
authors = ["Matrix.org Team and Contributors <packages@matrix.org>"]
|
authors = ["Matrix.org Team and Contributors <packages@matrix.org>"]
|
||||||
license = "Apache-2.0"
|
license = "Apache-2.0"
|
||||||
|
Loading…
Reference in New Issue
Block a user