mirror of
https://mau.dev/maunium/synapse.git
synced 2024-10-01 01:36:05 -04:00
1.15.2
This commit is contained in:
parent
96e9afe625
commit
e8c36e527d
20
CHANGES.md
20
CHANGES.md
@ -1,3 +1,23 @@
|
|||||||
|
Synapse 1.15.2 (2020-07-02)
|
||||||
|
===========================
|
||||||
|
|
||||||
|
Due to the two security issues highlight below, server administrators are
|
||||||
|
encouraged to update Synapse. We are not aware of these vulnerabilities being
|
||||||
|
exploited in the wild.
|
||||||
|
|
||||||
|
Security advisory
|
||||||
|
-----------------
|
||||||
|
|
||||||
|
* A malicious homeserver could force Synapse to reset the state in a room to a
|
||||||
|
small subset of the correct state. This affects all Synapse deployments which
|
||||||
|
federate with untrusted servers.
|
||||||
|
* HTML pages served via Synapse were vulnerable to clickjacking attacks. This
|
||||||
|
predominantly affects homeservers with single-sign-on enabled, but all server
|
||||||
|
administrators are encouraged to upgrade.
|
||||||
|
|
||||||
|
This was reported by [Quentin Gliech](https://sandhose.fr/).
|
||||||
|
|
||||||
|
|
||||||
Synapse 1.15.1 (2020-06-16)
|
Synapse 1.15.1 (2020-06-16)
|
||||||
===========================
|
===========================
|
||||||
|
|
||||||
|
6
debian/changelog
vendored
6
debian/changelog
vendored
@ -1,3 +1,9 @@
|
|||||||
|
matrix-synapse-py3 (1.15.2) stable; urgency=medium
|
||||||
|
|
||||||
|
* New synapse release 1.15.2.
|
||||||
|
|
||||||
|
-- Synapse Packaging team <packages@matrix.org> Thu, 02 Jul 2020 10:34:00 -0400
|
||||||
|
|
||||||
matrix-synapse-py3 (1.15.1) stable; urgency=medium
|
matrix-synapse-py3 (1.15.1) stable; urgency=medium
|
||||||
|
|
||||||
* New synapse release 1.15.1.
|
* New synapse release 1.15.1.
|
||||||
|
@ -36,7 +36,7 @@ try:
|
|||||||
except ImportError:
|
except ImportError:
|
||||||
pass
|
pass
|
||||||
|
|
||||||
__version__ = "1.15.1"
|
__version__ = "1.15.2"
|
||||||
|
|
||||||
if bool(os.environ.get("SYNAPSE_TEST_PATCH_LOG_CONTEXTS", False)):
|
if bool(os.environ.get("SYNAPSE_TEST_PATCH_LOG_CONTEXTS", False)):
|
||||||
# We import here so that we don't have to install a bunch of deps when
|
# We import here so that we don't have to install a bunch of deps when
|
||||||
|
Loading…
Reference in New Issue
Block a user