This commit is contained in:
Patrick Cloke 2020-07-02 10:34:28 -04:00
parent 96e9afe625
commit e8c36e527d
3 changed files with 27 additions and 1 deletions

View file

@ -1,3 +1,23 @@
Synapse 1.15.2 (2020-07-02)
===========================
Due to the two security issues highlight below, server administrators are
encouraged to update Synapse. We are not aware of these vulnerabilities being
exploited in the wild.
Security advisory
-----------------
* A malicious homeserver could force Synapse to reset the state in a room to a
small subset of the correct state. This affects all Synapse deployments which
federate with untrusted servers.
* HTML pages served via Synapse were vulnerable to clickjacking attacks. This
predominantly affects homeservers with single-sign-on enabled, but all server
administrators are encouraged to upgrade.
This was reported by [Quentin Gliech](https://sandhose.fr/).
Synapse 1.15.1 (2020-06-16)
===========================

6
debian/changelog vendored
View file

@ -1,3 +1,9 @@
matrix-synapse-py3 (1.15.2) stable; urgency=medium
* New synapse release 1.15.2.
-- Synapse Packaging team <packages@matrix.org> Thu, 02 Jul 2020 10:34:00 -0400
matrix-synapse-py3 (1.15.1) stable; urgency=medium
* New synapse release 1.15.1.

View file

@ -36,7 +36,7 @@ try:
except ImportError:
pass
__version__ = "1.15.1"
__version__ = "1.15.2"
if bool(os.environ.get("SYNAPSE_TEST_PATCH_LOG_CONTEXTS", False)):
# We import here so that we don't have to install a bunch of deps when