Overview
Request 818381 revoked
- Update to 1.15.2
- Security
- A malicious homeserver could force Synapse to reset the state
in a room to a small subset of the correct state. This
affects all Synapse deployments which federate with untrusted
servers. (96e9afe6)
- HTML pages served via Synapse were vulnerable to clickjacking
attacks. This predominantly affects homeservers with
single-sign-on enabled, but all server administrators are
encouraged to upgrade. (ea26e9a9) (forwarded request 818369 from darix)
- Created by okurz
- In state revoked
- Supersedes 791956 799305 809987 811947 815339
- Open review for licensedigger
- Open review for openSUSE:Factory:Staging:adi:33
unresolvable: nothing provides python3-Twisted >= 20.3.0, (got version 19.10.0-2.6) `
unresolvable: nothing provides (python3-prometheus_client >= 0.4.0 with python3-prometheus_client < 0.8.0)
Request History
okurz created request
- Update to 1.15.2
- Security
- A malicious homeserver could force Synapse to reset the state
in a room to a small subset of the correct state. This
affects all Synapse deployments which federate with untrusted
servers. (96e9afe6)
- HTML pages served via Synapse were vulnerable to clickjacking
attacks. This predominantly affects homeservers with
single-sign-on enabled, but all server administrators are
encouraged to upgrade. (ea26e9a9) (forwarded request 818369 from darix)
factory-auto added opensuse-review-team as a reviewer
Please review sources
factory-auto accepted review
Check script succeeded
dimstar_suse added openSUSE:Factory:Staging:adi:33 as a reviewer
Being evaluated by staging project "openSUSE:Factory:Staging:adi:33"
dimstar_suse accepted review
Picked "openSUSE:Factory:Staging:adi:33"
lrupp declined review
nothing provides (python3-prometheus_client >= 0.4.0 with python3-prometheus_client < 0.8.0)
lrupp declined request
nothing provides (python3-prometheus_client >= 0.4.0 with python3-prometheus_client < 0.8.0)
okurz revoked request
we would need https://github.com/matrix-org/synapse/issues/7641 to be fixed to support python-prometheus_client >= 0.8