github matrix-org/synapse v1.92.3

latest releases: v1.98.0, v1.98.0rc1, v1.97.0...
14 months ago

Synapse 1.92.3 (2023-09-18)

This is again a security update targeted at mitigating CVE-2023-4863.
It turns out that libwebp is bundled statically in Pillow wheels so we need to update this dependency instead of
libwebp package at the OS level.

Unlike what was advertised in 1.92.2 changelog this release also impacts PyPI wheels and Debian packages from matrix.org.

We encourage admins to upgrade as soon as possible.

Internal Changes

  • Pillow 10.0.1 is now mandatory because of libwebp CVE-2023-4863, since Pillow provides libwebp in the wheels. (#16347)

Updates to locked dependencies

  • Bump pillow from 10.0.0 to 10.0.1. (#16344)

Don't miss a new synapse release

NewReleases is sending notifications on new releases.