Hi folks; today we are releasing Synapse 1.7.1.
This is a security release which fixes some problems which affected all previous versions of Synapse. We advise all admins whose servers are open to public federation to upgrade as soon as possible.
Full details follow, but the most important change improves event authorization, thereby preventing the ability to add certain events to a given room erroneously.
You can get the new release from github or any of the sources mentioned at https://github.com/matrix-org/synapse/blob/master/INSTALL.md.
The changelog since 1.7.0 follows:
Security updates
- Fix a bug which could cause room events to be incorrectly authorized using events from a different room. (#6501, #6503, #6521, #6524, #6530, #6531)
- Fix a bug causing responses to the
/contextclient endpoint to not use the pruned version of the event. (#6553) - Fix a cause of state resets in room versions 2 onwards. (#6556, #6560)