Skip to content
Snippets Groups Projects
Commit 562532dd authored by Matthew Hodgson's avatar Matthew Hodgson
Browse files

Merge branch 'release-v0.28.1'

parents 40d1bbd2 5c2214f4
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 3 additions and 3 deletions
CHANGES.rst
+ 3
3
View file @ 562532dd
...@@ -4,8 +4,8 @@ Changes in synapse v0.28.1 (2018-05-01) ...@@ -4,8 +4,8 @@ Changes in synapse v0.28.1 (2018-05-01)
SECURITY UPDATE SECURITY UPDATE
* Clamp the allowed values of event depth received over federation to be * Clamp the allowed values of event depth received over federation to be
[0, 2**63 - 1]. This mitigates an attack where malicious events [0, 2^63 - 1]. This mitigates an attack where malicious events
injected with depth = 2**63 - 1 render rooms unusable. Depth is used to injected with depth = 2^63 - 1 render rooms unusable. Depth is used to
determine the cosmetic ordering of events within a room, and so the ordering determine the cosmetic ordering of events within a room, and so the ordering
of events in such a room will default to using stream_ordering rather than depth of events in such a room will default to using stream_ordering rather than depth
(topological_ordering). (topological_ordering).
...@@ -14,7 +14,7 @@ SECURITY UPDATE ...@@ -14,7 +14,7 @@ SECURITY UPDATE
is being implemented to improve how the depth parameter is used. is being implemented to improve how the depth parameter is used.
Full details at Full details at
https://docs.google.com/document/d/1I3fi2S-XnpO45qrpCsowZv8P8dHcNZ4fsBsbOW7KABI/edit# https://docs.google.com/document/d/1I3fi2S-XnpO45qrpCsowZv8P8dHcNZ4fsBsbOW7KABI
* Pin Twisted to <18.4 until we stop using the private _OpenSSLECCurve API. * Pin Twisted to <18.4 until we stop using the private _OpenSSLECCurve API.
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment