diff --git a/CHANGELOG.md b/CHANGELOG.md index 8a8a0c2ea8..c2f6f82361 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,40 @@ +Changes in [1.7.29](https://github.com/vector-im/element-web/releases/tag/v1.7.29) (2021-05-24) +=============================================================================================== +[Full Changelog](https://github.com/vector-im/element-web/compare/v1.7.29-rc.1...v1.7.29) + +## Security notice + +Element Web 1.7.29 fixes (by upgrading to olm 3.2.3) an issue in code used for +decrypting server-side stored secrets. The issue could potentially allow a +malicious homeserver to cause a stack buffer overflow in the affected function +and to control that function's local variables. + +## All changes + + * Upgrade to React SDK 3.22.0 and JS SDK 11.1.0 + * [Release] Bump libolm dependency, and update package name + [\#17456](https://github.com/vector-im/element-web/pull/17456) + +Changes in [1.7.29-rc.1](https://github.com/vector-im/element-web/releases/tag/v1.7.29-rc.1) (2021-05-19) +========================================================================================================= +[Full Changelog](https://github.com/vector-im/element-web/compare/v1.7.28...v1.7.29-rc.1) + + * Upgrade to React SDK 3.22.0-rc.1 and JS SDK 11.1.0-rc.1 + * Translations update from Weblate + [\#17384](https://github.com/vector-im/element-web/pull/17384) + * Prevent minification of `.html` files + [\#17349](https://github.com/vector-im/element-web/pull/17349) + * Update matrix-widget-api/react-sdk dependency reference + [\#17346](https://github.com/vector-im/element-web/pull/17346) + * Add `yarn start:https` + [\#16989](https://github.com/vector-im/element-web/pull/16989) + * Translations update from Weblate + [\#17239](https://github.com/vector-im/element-web/pull/17239) + * Remove "in development" flag from voice messages labs documentation + [\#17204](https://github.com/vector-im/element-web/pull/17204) + * Add required webpack+jest config to load Safari support modules + [\#17193](https://github.com/vector-im/element-web/pull/17193) + Changes in [1.7.28](https://github.com/vector-im/element-web/releases/tag/v1.7.28) (2021-05-17) =============================================================================================== [Full Changelog](https://github.com/vector-im/element-web/compare/v1.7.28-rc.1...v1.7.28) diff --git a/package.json b/package.json index 928e6268b2..c73077c92d 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "element-web", - "version": "1.7.28", + "version": "1.7.29", "description": "A feature-rich client for Matrix.org", "author": "New Vector Ltd.", "repository": { @@ -54,15 +54,15 @@ "test": "jest" }, "dependencies": { + "@matrix-org/olm": "https://gitlab.matrix.org/api/v4/projects/27/packages/npm/@matrix-org/olm/-/@matrix-org/olm-3.2.3.tgz", "browser-request": "^0.3.3", "gfm.css": "^1.1.2", "highlight.js": "^10.5.0", "jsrsasign": "^10.1.5", "katex": "^0.12.0", - "matrix-js-sdk": "github:matrix-org/matrix-js-sdk#develop", - "matrix-react-sdk": "github:matrix-org/matrix-react-sdk#develop", + "matrix-js-sdk": "11.1.0", + "matrix-react-sdk": "3.22.0", "matrix-widget-api": "^0.1.0-beta.14", - "@matrix-org/olm": "https://gitlab.matrix.org/api/v4/projects/27/packages/npm/@matrix-org/olm/-/@matrix-org/olm-3.2.3.tgz", "prop-types": "^15.7.2", "react": "^16.14.0", "react-dom": "^16.14.0", diff --git a/yarn.lock b/yarn.lock index 048cfda875..aaf3bd4e7f 100644 --- a/yarn.lock +++ b/yarn.lock @@ -7652,9 +7652,10 @@ mathml-tag-names@^2.1.3: resolved "https://registry.yarnpkg.com/mathml-tag-names/-/mathml-tag-names-2.1.3.tgz#4ddadd67308e780cf16a47685878ee27b736a0a3" integrity sha512-APMBEanjybaPzUrfqU0IMU5I0AswKMH7k8OTLs0vvV4KZpExkTkY87nR/zpbuTPj+gARop7aGUbl11pnDfW6xg== -"matrix-js-sdk@github:matrix-org/matrix-js-sdk#develop": - version "11.0.0" - resolved "https://codeload.github.com/matrix-org/matrix-js-sdk/tar.gz/52a893a8116d60bb76f1b015d3161a15404b3628" +matrix-js-sdk@11.1.0: + version "11.1.0" + resolved "https://registry.yarnpkg.com/matrix-js-sdk/-/matrix-js-sdk-11.1.0.tgz#59119f9fe76adbc38b309947c5532baea8499bf1" + integrity sha512-yBvSGb33MDz9mfbjtVGO7557kgtY/kJcrFyhtN7LwSyi/TDhhYleq5xAqsi7MJrmIb/E0JIF10JIwlF9dAW64Q== dependencies: "@babel/runtime" "^7.12.5" another-json "^0.2.0" @@ -7674,9 +7675,10 @@ matrix-mock-request@^1.2.3: bluebird "^3.5.0" expect "^1.20.2" -"matrix-react-sdk@github:matrix-org/matrix-react-sdk#develop": - version "3.21.0" - resolved "https://codeload.github.com/matrix-org/matrix-react-sdk/tar.gz/4929e3f3edf8ee15d6ddd27d1f13b4da340bb5b4" +matrix-react-sdk@3.22.0: + version "3.22.0" + resolved "https://registry.yarnpkg.com/matrix-react-sdk/-/matrix-react-sdk-3.22.0.tgz#1b6d660737f48e541eb64bda2d8352e454399a79" + integrity sha512-HicdBqx5tyHBNW+hpfbKoMNLC2fWwqbtNJwHZ6qzmkRHTAGiVnmxJigbKRuIxHRfWcUF50Sh7kPHN0zIoohmfw== dependencies: "@babel/runtime" "^7.12.5" await-lock "^2.1.0" @@ -7704,7 +7706,7 @@ matrix-mock-request@^1.2.3: katex "^0.12.0" linkifyjs "^2.1.9" lodash "^4.17.20" - matrix-js-sdk "github:matrix-org/matrix-js-sdk#develop" + matrix-js-sdk "11.1.0" matrix-widget-api "^0.1.0-beta.14" minimist "^1.2.5" opus-recorder "^8.0.3"