OpenCloud
/
MatrixSynapse
mirror of https://github.com/matrix-org/synapse
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge branch 'release-v0.28.1' into develop

pull/3172/head
Matthew Hodgson 2018-05-01 19:05:03 +01:00
parent 2414178ed6 5c2214f4c7
commit 8ae7096958
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CHANGES.rst
View File

@ -4,8 +4,8 @@ Changes in synapse v0.28.1 (2018-05-01)
SECURITY UPDATE
* Clamp the allowed values of event depth received over federation to be
[0, 2**63 - 1]. This mitigates an attack where malicious events
injected with depth = 2**63 - 1 render rooms unusable. Depth is used to
[0, 2^63 - 1]. This mitigates an attack where malicious events
injected with depth = 2^63 - 1 render rooms unusable. Depth is used to
determine the cosmetic ordering of events within a room, and so the ordering
of events in such a room will default to using stream_ordering rather than depth
(topological_ordering).
@ -14,7 +14,7 @@ SECURITY UPDATE
is being implemented to improve how the depth parameter is used.
Full details at
https://docs.google.com/document/d/1I3fi2S-XnpO45qrpCsowZv8P8dHcNZ4fsBsbOW7KABI/edit#
https://docs.google.com/document/d/1I3fi2S-XnpO45qrpCsowZv8P8dHcNZ4fsBsbOW7KABI
* Pin Twisted to <18.4 until we stop using the private _OpenSSLECCurve API.