MirrorHub/synapse
0
0
Fork 1
mirror of https://mau.dev/maunium/synapse.git synced 2024-12-14 20:23:52 +01:00
Code Issues Projects Releases Wiki Activity

Add links to the fixes.

Browse source
This commit is contained in:
Patrick Cloke 2020-07-02 10:45:22 -04:00
parent 1d61a24f42
commit 5ae0a4cf76
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
CHANGES.md
View file

@ -10,10 +10,10 @@ Security advisory
* A malicious homeserver could force Synapse to reset the state in a room to a * A malicious homeserver could force Synapse to reset the state in a room to a
small subset of the correct state. This affects all Synapse deployments which small subset of the correct state. This affects all Synapse deployments which
federate with untrusted servers. federate with untrusted servers. ([96e9afe6](https://github.com/matrix-org/synapse/commit/96e9afe62500310977dc3cbc99a8d16d3d2fa15c))
* HTML pages served via Synapse were vulnerable to clickjacking attacks. This * HTML pages served via Synapse were vulnerable to clickjacking attacks. This
predominantly affects homeservers with single-sign-on enabled, but all server predominantly affects homeservers with single-sign-on enabled, but all server
administrators are encouraged to upgrade. administrators are encouraged to upgrade. ([ea26e9a9](https://github.com/matrix-org/synapse/commit/ea26e9a98b0541fc886a1cb826a38352b7599dbe))
This was reported by [Quentin Gliech](https://sandhose.fr/). This was reported by [Quentin Gliech](https://sandhose.fr/).