matrix-org/synapse v1.21.2
on GitHub

latest releases: v1.98.0, v1.98.0rc1, v1.97.0...

3 years ago

Synapse 1.21.2 (2020-10-15)

Debian packages and Docker images have been rebuilt using the latest versions of dependency libraries, including authlib 0.15.1. Please see bugfixes below.

Security advisory

HTML pages served via Synapse were vulnerable to cross-site scripting (XSS) attacks. All server administrators are encouraged to upgrade. (#8444) (CVE-2020-26891)
This fix was originally included in v1.21.0 but was missing a security advisory.
This was reported by Denis Kasak.

Bugfixes

Fix rare bug where sending an event would fail due to a racey assertion. (#8530)
An updated version of the authlib dependency is included in the Docker and Debian images to fix an issue using OpenID Connect. See #8534 for details.

Check out latest releases or
releases around matrix-org/synapse v1.21.2

Don't miss a new synapse release

NewReleases is sending notifications on new releases.

Get notifications