Security release
This release includes a vulnerability fix. Please update to it as soon as possible. Details for the vulnerability will be posted later on. As a safety measure, please logout and login your account from Cinny once.
Note: Make sure you have working key-backup or take a manual backup for the encrypted chat keys before logging out.
Special thanks to @Quasar0147 and @mat-1 for finding and reporting the vulnerability!
What's Changed
- Fix typo: change "Advance Options" to "Advanced Options" (#2537)
- Fix read marker triggering room-wide notifications on alias mention (#2562)
- Replace envs.net with unredacted.org in config (#2601)
- Hide "Delete Message" button if it is forbidden (#2602)
- Fix muted rooms showing unread badges (#2581)
- fix(deps): update dependency react-router-dom to v6.30.3 (#2612)
- Post session info to service worker instead of asking from it (#2605)
- Prevent invalid mxc from getting used (#2609)
- Add
noreferrerto sanitized links for improved privacy consistency (#2628)
New Contributors
- @42willow made their first contribution in #2537
- @Santhoshkumar044 made their first contribution in #2562
- @lunarthegrey made their first contribution in #2601
- @andrewmurphyio made their first contribution in #2581
- @RinZ27 made their first contribution in #2628
Full Changelog: v4.10.2...v4.10.3