diff --git a/CHANGELOG.md b/CHANGELOG.md index 76e7c0b42e..9893a4b7b8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,38 @@ +Changes in [1.7.22](https://github.com/vector-im/element-web/releases/tag/v1.7.22) (2021-03-01) +=============================================================================================== +[Full Changelog](https://github.com/vector-im/element-web/compare/v1.7.22-rc.1...v1.7.22) + +## Security notice + +Element Web 1.7.22 fixes (by upgrading to matrix-react-sdk 3.15.0) a low +severity issue (CVE-2021-21320) where the user content sandbox can be abused to +trick users into opening unexpected documents. The content is opened with a +`blob` origin that cannot access Matrix user data, so messages and secrets are +not at risk. Thanks to @keerok for responsibly disclosing this via Matrix's +Security Disclosure Policy. + +## All changes + + * Upgrade to React SDK 3.15.0 and JS SDK 9.8.0 + +Changes in [1.7.22-rc.1](https://github.com/vector-im/element-web/releases/tag/v1.7.22-rc.1) (2021-02-24) +========================================================================================================= +[Full Changelog](https://github.com/vector-im/element-web/compare/v1.7.21...v1.7.22-rc.1) + + * Upgrade to React SDK 3.15.0-rc.1 and JS SDK 9.8.0-rc.1 + * Translations update from Weblate + [\#16529](https://github.com/vector-im/element-web/pull/16529) + * Add hostSignup config for element.io clients + [\#16515](https://github.com/vector-im/element-web/pull/16515) + * VoIP virtual rooms, mkII + [\#16442](https://github.com/vector-im/element-web/pull/16442) + * Jitsi widget: Read room name from query parameters + [\#16456](https://github.com/vector-im/element-web/pull/16456) + * fix / sso: make sure to delete only loginToken after redirect + [\#16415](https://github.com/vector-im/element-web/pull/16415) + * Disable Countly + [\#16433](https://github.com/vector-im/element-web/pull/16433) + Changes in [1.7.21](https://github.com/vector-im/element-web/releases/tag/v1.7.21) (2021-02-16) =============================================================================================== [Full Changelog](https://github.com/vector-im/element-web/compare/v1.7.21-rc.1...v1.7.21) diff --git a/package.json b/package.json index 99ab4cf3c6..b53953554a 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "element-web", - "version": "1.7.21", + "version": "1.7.22", "description": "A feature-rich client for Matrix.org", "author": "New Vector Ltd.", "repository": { @@ -58,8 +58,8 @@ "highlight.js": "^10.5.0", "jsrsasign": "^10.1.5", "katex": "^0.12.0", - "matrix-js-sdk": "github:matrix-org/matrix-js-sdk#develop", - "matrix-react-sdk": "github:matrix-org/matrix-react-sdk#develop", + "matrix-js-sdk": "9.8.0", + "matrix-react-sdk": "3.15.0", "matrix-widget-api": "^0.1.0-beta.13", "olm": "https://packages.matrix.org/npm/olm/olm-3.2.1.tgz", "prop-types": "^15.7.2", diff --git a/yarn.lock b/yarn.lock index 923b33f3fb..b469c366be 100644 --- a/yarn.lock +++ b/yarn.lock @@ -7506,9 +7506,10 @@ mathml-tag-names@^2.1.3: resolved "https://registry.yarnpkg.com/mathml-tag-names/-/mathml-tag-names-2.1.3.tgz#4ddadd67308e780cf16a47685878ee27b736a0a3" integrity sha512-APMBEanjybaPzUrfqU0IMU5I0AswKMH7k8OTLs0vvV4KZpExkTkY87nR/zpbuTPj+gARop7aGUbl11pnDfW6xg== -"matrix-js-sdk@github:matrix-org/matrix-js-sdk#develop": - version "9.7.0" - resolved "https://codeload.github.com/matrix-org/matrix-js-sdk/tar.gz/c82bc35202f93efa2cb9b27b140f83df37c64ab2" +matrix-js-sdk@9.8.0: + version "9.8.0" + resolved "https://registry.yarnpkg.com/matrix-js-sdk/-/matrix-js-sdk-9.8.0.tgz#d71d8c777d2fea3dbc9a050060e4f1a74217dca6" + integrity sha512-QKRsnmId53upz4oMhQzm119lT0EcST2SZhnKRRFyykxZI0x7qSulnTTUwztpS/g9yZuZqy7PTVUTHOE2caX5IQ== dependencies: "@babel/runtime" "^7.12.5" another-json "^0.2.0" @@ -7528,9 +7529,10 @@ matrix-mock-request@^1.2.3: bluebird "^3.5.0" expect "^1.20.2" -"matrix-react-sdk@github:matrix-org/matrix-react-sdk#develop": - version "3.14.0" - resolved "https://codeload.github.com/matrix-org/matrix-react-sdk/tar.gz/b6a4876c8a6d6b12b5eaad93ee91869422f02837" +matrix-react-sdk@3.15.0: + version "3.15.0" + resolved "https://registry.yarnpkg.com/matrix-react-sdk/-/matrix-react-sdk-3.15.0.tgz#08ceba225383affa194632dceb3408dcb9127fde" + integrity sha512-85dSe0dBptgC6U98ujN6RIA8WSmRGWnxOW6Ph8LiEsAjI4FKxaShsPjuNM6PDBd5Fl/5ygktA7s3JYzDMJVIrA== dependencies: "@babel/runtime" "^7.12.5" await-lock "^2.1.0" @@ -7558,7 +7560,7 @@ matrix-mock-request@^1.2.3: katex "^0.12.0" linkifyjs "^2.1.9" lodash "^4.17.20" - matrix-js-sdk "github:matrix-org/matrix-js-sdk#develop" + matrix-js-sdk "9.8.0" matrix-widget-api "^0.1.0-beta.13" minimist "^1.2.5" pako "^2.0.3"