You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Apr 26, 2024. It is now read-only.
Copy file name to clipboardExpand all lines: CHANGES.md
+4-1Lines changed: 4 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -12,7 +12,10 @@ This release includes *four* security fixes:
12
12
- Fix a vulnerability where a federated server could spoof read-receipts from
13
13
users on other servers. Thanks to @Dylanger for identifying this issue too. ([\#5743](https://github.com/matrix-org/synapse/issues/5743))
14
14
15
-
Note that Synapse 1.2.0 also contained a security fix which was not correctly identified during the original release. The changelog below is now updated.
15
+
Additionally, the following fix was in Synapse **1.2.0**, but was not correctly
16
+
identified during the original release:
17
+
18
+
- It was possible for a room moderator to send a redaction for an `m.room.create` event, which would downgrade the room to version 1. Thanks to `/dev/ponies` for identifying and responsibly disclosing this issue! ([\#5701](https://github.com/matrix-org/synapse/issues/5701))
0 commit comments