Skip to content
This repository was archived by the owner on Apr 12, 2024. It is now read-only.

Commit f49708d

Browse files
clokepclokep
committed
Add additional release notes.
1 parent 9991aaa commit f49708d

File tree

1 file changed

+13
-0
lines changed

1 file changed

+13
-0
lines changed

CHANGES.md

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,10 +1,23 @@
11
Synapse 1.21.2 (2020-10-15)
22
===========================
33

4+
Security advisory
5+
-----------------
6+
7+
* HTML pages served via Synapse were vulernable to cross-site scripting (XSS)
8+
attacks. All server administrators are encouraged to upgrade.
9+
([34ff8da8](https://github.com/matrix-org/synapse/commit/34ff8da83b54024289f515c6d73e6b486574d699))
10+
([CVE-2020-26891](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26891))
11+
12+
This fix was originally included in v1.21.0 but was missing a security advisory.
13+
14+
This was reported by [Denis Kasak](https://github.com/dkasak).
15+
416
Bugfixes
517
--------
618

719
- Fix rare bug where sending an event would fail due to a racey assertion. ([\#8530](https://github.com/matrix-org/synapse/issues/8530))
20+
- Fix issues introduced in the packaging of v1.21.1 when using OpenID Connect with the Docker or Debian packages by including an updated version of the authlib dependency.
821

922

1023
Synapse 1.21.1 (2020-10-13)

0 commit comments

Comments
 (0)