1.92.3
parent
053155a2af
commit
d8aed6fba7
17
CHANGES.md
17
CHANGES.md
|
@ -1,3 +1,20 @@
|
|||
# Synapse 1.92.3 (2023-09-18)
|
||||
|
||||
This is again an update targeted at mitigating [CVE-2023-4863](https://cve.org/CVERecord?id=CVE-2023-4863).
|
||||
It turns out that libwebp is bundled statically in Pillow wheels so we need to update this dependency instead of
|
||||
libwebp package at the OS level.
|
||||
|
||||
Unlike what was advertised in 1.92.2 changelog this release also impacts PyPI wheels and Debian packages.
|
||||
|
||||
|
||||
### Internal Changes
|
||||
|
||||
- Pillow 10.0.1 is now mandatory because of libwebp CVE-2023-4863, since Pillow provides libwebp in the wheels. ([\#16347](https://github.com/matrix-org/synapse/issues/16347))
|
||||
|
||||
### Updates to locked dependencies
|
||||
|
||||
* Bump pillow from 10.0.0 to 10.0.1. ([\#16344](https://github.com/matrix-org/synapse/issues/16344))
|
||||
|
||||
# Synapse 1.92.2 (2023-09-15)
|
||||
|
||||
This is a Docker-only update to mitigate [CVE-2023-4863](https://cve.org/CVERecord?id=CVE-2023-4863), a critical vulnerability in `libwebp`. Server admins not using Docker should ensure that their `libwebp` is up to date (if installed). We encourage admins to upgrade as soon as possible.
|
||||
|
|
|
@ -1 +0,0 @@
|
|||
Pillow 10.0.1 is now mandatory because of libwebp CVE-2023-4863, since Pillow provides libwebp in the wheels.
|
|
@ -1,3 +1,9 @@
|
|||
matrix-synapse-py3 (1.92.3) stable; urgency=medium
|
||||
|
||||
* New Synapse release 1.92.3.
|
||||
|
||||
-- Synapse Packaging team <packages@matrix.org> Mon, 18 Sep 2023 15:05:04 +0200
|
||||
|
||||
matrix-synapse-py3 (1.92.2) stable; urgency=medium
|
||||
|
||||
* New Synapse release 1.92.2.
|
||||
|
|
|
@ -89,7 +89,7 @@ manifest-path = "rust/Cargo.toml"
|
|||
|
||||
[tool.poetry]
|
||||
name = "matrix-synapse"
|
||||
version = "1.92.2"
|
||||
version = "1.92.3"
|
||||
description = "Homeserver for the Matrix decentralised comms protocol"
|
||||
authors = ["Matrix.org Team and Contributors <packages@matrix.org>"]
|
||||
license = "Apache-2.0"
|
||||
|
|
Loading…
Reference in New Issue