Synapse v1.21.2

Version Release Notes from October 15, 2020 (over 3 years ago)

« Changelog History

Synapse v1.21.2 Release Notes

Release Date: 2020-10-15 // over 3 years ago

Synapse 1.21.2 (2020-10-15)

🛠 Debian packages and Docker images have been rebuilt using the latest versions of dependency libraries, including authlib 0.15.1. Please see bugfixes below.

🔒 Security advisory
⬆️ HTML pages served via Synapse were vulnerable to cross-site scripting (XSS) attacks. All server administrators are encouraged to upgrade. (#8444) (CVE-2020-26891)

🔒 This fix was originally included in v1.21.0 but was missing a security advisory.

This was reported by Denis Kasak.

🛠 Bugfixes
- 🛠 Fix rare bug where sending an event would fail due to a racey assertion. (#8530)
- ⚡️ An updated version of the authlib dependency is included in the Docker and Debian images to fix an issue using OpenID Connect. See #8534 for details.

Awesome Self Hosted is part of the LibHunt network. Terms. Privacy Policy.