Merge branch 'release-v0.28.1'
This commit is contained in:
commit
562532dd2d
|
@ -4,8 +4,8 @@ Changes in synapse v0.28.1 (2018-05-01)
|
|||
SECURITY UPDATE
|
||||
|
||||
* Clamp the allowed values of event depth received over federation to be
|
||||
[0, 2**63 - 1]. This mitigates an attack where malicious events
|
||||
injected with depth = 2**63 - 1 render rooms unusable. Depth is used to
|
||||
[0, 2^63 - 1]. This mitigates an attack where malicious events
|
||||
injected with depth = 2^63 - 1 render rooms unusable. Depth is used to
|
||||
determine the cosmetic ordering of events within a room, and so the ordering
|
||||
of events in such a room will default to using stream_ordering rather than depth
|
||||
(topological_ordering).
|
||||
|
@ -14,7 +14,7 @@ SECURITY UPDATE
|
|||
is being implemented to improve how the depth parameter is used.
|
||||
|
||||
Full details at
|
||||
https://docs.google.com/document/d/1I3fi2S-XnpO45qrpCsowZv8P8dHcNZ4fsBsbOW7KABI/edit#
|
||||
https://docs.google.com/document/d/1I3fi2S-XnpO45qrpCsowZv8P8dHcNZ4fsBsbOW7KABI
|
||||
|
||||
* Pin Twisted to <18.4 until we stop using the private _OpenSSLECCurve API.
|
||||
|
||||
|
|
Loading…
Reference in New Issue