Matrix-Mirrors/forked-synapse
1
0
Fork 0
mirror of https://mau.dev/maunium/synapse.git synced 2024-10-01 01:36:05 -04:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'release-v0.28.1' into develop

Browse Source
This commit is contained in:
Matthew Hodgson 2018-05-01 19:05:03 +01:00
commit 8ae7096958
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CHANGES.rst
View File

@ -4,8 +4,8 @@ Changes in synapse v0.28.1 (2018-05-01)
SECURITY UPDATE SECURITY UPDATE
* Clamp the allowed values of event depth received over federation to be * Clamp the allowed values of event depth received over federation to be
[0, 2**63 - 1]. This mitigates an attack where malicious events [0, 2^63 - 1]. This mitigates an attack where malicious events
injected with depth = 2**63 - 1 render rooms unusable. Depth is used to injected with depth = 2^63 - 1 render rooms unusable. Depth is used to
determine the cosmetic ordering of events within a room, and so the ordering determine the cosmetic ordering of events within a room, and so the ordering
of events in such a room will default to using stream_ordering rather than depth of events in such a room will default to using stream_ordering rather than depth
(topological_ordering). (topological_ordering).
@ -14,7 +14,7 @@ SECURITY UPDATE
is being implemented to improve how the depth parameter is used. is being implemented to improve how the depth parameter is used.
Full details at Full details at
https://docs.google.com/document/d/1I3fi2S-XnpO45qrpCsowZv8P8dHcNZ4fsBsbOW7KABI/edit# https://docs.google.com/document/d/1I3fi2S-XnpO45qrpCsowZv8P8dHcNZ4fsBsbOW7KABI
* Pin Twisted to <18.4 until we stop using the private _OpenSSLECCurve API. * Pin Twisted to <18.4 until we stop using the private _OpenSSLECCurve API.