Synapse 1.95.1 (2023-10-31)
Security advisory
The following issue is fixed in 1.95.1.
-
GHSA-mp92-3jfm-3575 / CVE-2023-43796 — Moderate Severity
Cached device information of remote users can be queried from Synapse. This can be used to enumerate the remote users known to a homeserver.
See the advisory for more details. If you have any questions, email security@matrix.org.