FEDORA-2021-d02dad20ba created by dcallagh 2 weeks ago for Fedora 34
obsolete

New upstream release 1.38.0, incorporating a number of important security fixes.

Upstream changelog: https://github.com/matrix-org/synapse/blob/v1.38.0/CHANGES.md

Upstream upgrade notes: https://matrix-org.github.io/synapse/develop/upgrade#upgrading-to-v1380

This update has been submitted for testing by dcallagh.

2 weeks ago

This update's test gating status has been changed to 'ignored'.

2 weeks ago

This update's test gating status has been changed to 'waiting'.

2 weeks ago

This update's test gating status has been changed to 'ignored'.

2 weeks ago

This update has been pushed to testing.

2 weeks ago
User Icon misc provided feedback 2 weeks ago
karma
BZ#1918426 matrix-synapse-1.38.0 is available

This update has been obsoleted by matrix-synapse-1.38.1-1.fc34.

2 weeks ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
1
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
7 days
Dates
submitted
2 weeks ago
in testing
2 weeks ago
BZ#1910740 synapse.service can fail if it starts before postgresql is ready
0
0
BZ#1918426 matrix-synapse-1.38.0 is available
0
1
BZ#1934603 CVE-2021-21274 matrix-synapse: DoS via .well-known lookups [fedora-all]
0
0
BZ#1934606 CVE-2021-21273 matrix-synapse: open redirects on some federation and push requests [fedora-all]
0
0
BZ#1944136 CVE-2021-21332 matrix-synapse: password reset endpoint is vulnerable to XSS [fedora-all]
0
0
BZ#1944139 CVE-2021-21333 matrix-synapse: HTML injection in email and account expiry notifications [fedora-all]
0
0
BZ#1949110 CVE-2021-21393 matrix-synapse: Denial of service (via resource exhaustion) due to improper input validation on groups/communities endpoints [fedora-all]
0
0
BZ#1949112 CVE-2021-21392 matrix-synapse: IP blacklist bypass via transitional IPv6 addresses on dual-stack networks [fedora-all]
0
0
BZ#1958801 CVE-2021-21394 matrix-synapse: missing input validation may cause excessive use of disk space and memory [fedora-all]
0
0
BZ#1959542 CVE-2021-29471 matrix-synapse: Denial-of-service when processing moderate length events [fedora-all]
0
0

Automated Test Results