Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

v1.21.2
Compare
Choose a tag to compare
@clokep clokep released this 15 Oct 14:42
· 5783 commits to develop since this release
v1.21.2
This tag was signed with the committer’s verified signature. The key has expired.
clokep Patrick Cloke
GPG key ID: 33FC58F6A7113048
Expired
Learn about vigilant mode.
9b8a53c

Synapse 1.21.2 (2020-10-15)

Debian packages and Docker images have been rebuilt using the latest versions of dependency libraries, including authlib 0.15.1. Please see bugfixes below.

Security advisory

  • HTML pages served via Synapse were vulnerable to cross-site scripting (XSS) attacks. All server administrators are encouraged to upgrade. (#8444) (CVE-2020-26891)

    This fix was originally included in v1.21.0 but was missing a security advisory.

    This was reported by Denis Kasak.

Bugfixes

  • Fix rare bug where sending an event would fail due to a racey assertion. (#8530)
  • An updated version of the authlib dependency is included in the Docker and Debian images to fix an issue using OpenID Connect. See #8534 for details.
Assets 2
Loading