MirrorHub/synapse
0
0
Fork 1
mirror of https://mau.dev/maunium/synapse.git synced 2024-11-03 21:28:57 +01:00
Code Issues Projects Releases Wiki Activity

Merge branch 'release-v0.28.1'

Browse source
This commit is contained in:
Matthew Hodgson 2018-05-01 19:04:11 +01:00
commit 562532dd2d
1 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
CHANGES.rst
View file

@ -4,8 +4,8 @@ Changes in synapse v0.28.1 (2018-05-01)
SECURITY UPDATE
* Clamp the allowed values of event depth received over federation to be
[0, 2**63 - 1]. This mitigates an attack where malicious events
injected with depth = 2**63 - 1 render rooms unusable. Depth is used to
[0, 2^63 - 1]. This mitigates an attack where malicious events
injected with depth = 2^63 - 1 render rooms unusable. Depth is used to
determine the cosmetic ordering of events within a room, and so the ordering
of events in such a room will default to using stream_ordering rather than depth
(topological_ordering).
@ -14,7 +14,7 @@ SECURITY UPDATE
is being implemented to improve how the depth parameter is used.
Full details at
https://docs.google.com/document/d/1I3fi2S-XnpO45qrpCsowZv8P8dHcNZ4fsBsbOW7KABI/edit#
https://docs.google.com/document/d/1I3fi2S-XnpO45qrpCsowZv8P8dHcNZ4fsBsbOW7KABI
* Pin Twisted to <18.4 until we stop using the private _OpenSSLECCurve API.