mirror of
https://mau.dev/maunium/synapse.git
synced 2024-12-15 10:03:54 +01:00
Add links to the fixes.
This commit is contained in:
parent
1d61a24f42
commit
5ae0a4cf76
1 changed files with 2 additions and 2 deletions
|
@ -10,10 +10,10 @@ Security advisory
|
||||||
|
|
||||||
* A malicious homeserver could force Synapse to reset the state in a room to a
|
* A malicious homeserver could force Synapse to reset the state in a room to a
|
||||||
small subset of the correct state. This affects all Synapse deployments which
|
small subset of the correct state. This affects all Synapse deployments which
|
||||||
federate with untrusted servers.
|
federate with untrusted servers. ([96e9afe6](https://github.com/matrix-org/synapse/commit/96e9afe62500310977dc3cbc99a8d16d3d2fa15c))
|
||||||
* HTML pages served via Synapse were vulnerable to clickjacking attacks. This
|
* HTML pages served via Synapse were vulnerable to clickjacking attacks. This
|
||||||
predominantly affects homeservers with single-sign-on enabled, but all server
|
predominantly affects homeservers with single-sign-on enabled, but all server
|
||||||
administrators are encouraged to upgrade.
|
administrators are encouraged to upgrade. ([ea26e9a9](https://github.com/matrix-org/synapse/commit/ea26e9a98b0541fc886a1cb826a38352b7599dbe))
|
||||||
|
|
||||||
This was reported by [Quentin Gliech](https://sandhose.fr/).
|
This was reported by [Quentin Gliech](https://sandhose.fr/).
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue