1.127.1

2025-03-31 03:45:13 +00:00 · 2025-03-26 21:08:00 +00:00 · 2025-03-26 21:08:00 +00:00 · ecc09b15f1
commit ecc09b15f1
parent 2277df2a1e
3 changed files with 14 additions and 1 deletions
--- a/CHANGES.md
+++ b/CHANGES.md
@ -1,3 +1,10 @@
+# Synapse 1.127.1 (2025-03-26)
+
+## Security
+- Fix [CVE-2025-30355](https://www.cve.org/CVERecord?id=CVE-2025-30355) / [GHSA-v56r-hwv5-mxg6](https://github.com/element-hq/synapse/security/advisories/GHSA-v56r-hwv5-mxg6). **High severity vulnerability affecting federation. The vulnerability has been exploited in the wild.**
+
+
+
 # Synapse 1.127.0 (2025-03-25)

 No significant changes since 1.127.0rc1.
--- a/debian/changelog
+++ b/debian/changelog
@ -1,3 +1,9 @@
+matrix-synapse-py3 (1.127.1) stable; urgency=medium
+
+  * New Synapse release 1.127.1.
+
+ -- Synapse Packaging team <packages@matrix.org>  Wed, 26 Mar 2025 21:07:31 +0000
+
 matrix-synapse-py3 (1.127.0) stable; urgency=medium

  * New Synapse release 1.127.0.
--- a/pyproject.toml
+++ b/pyproject.toml
@ -97,7 +97,7 @@ module-name = "synapse.synapse_rust"

 [tool.poetry]
 name = "matrix-synapse"
-version = "1.127.0"
+version = "1.127.1"
 description = "Homeserver for the Matrix decentralised comms protocol"
 authors = ["Matrix.org Team and Contributors <packages@matrix.org>"]
 license = "AGPL-3.0-or-later"