This is a security release to fix an identified vulnerability in SQLite deployments — if you are running Dendrite in SQLite mode, please upgrade immediately.
Fixes
- SECURITY: A bug in SQLite mode which could cause the registration flow to complete unexpectedly for existing accounts has been fixed (PostgreSQL deployments are not affected)
- A panic in the federation sender has been fixed when shutting down destination queues
- The
/keys/uploadendpoint now correctly returns the number of one-time keys in response to an empty upload request