Synapse 1.11.1 is a security release which contains a fix impacting installations using Single Sign-On (i.e. SAML2 or CAS) for authentication. Administrators of such installations are encouraged to upgrade as soon as possible.
Admins not using Single Sign-On to authenicate users are not affected though may wish to upgrade anyway to pull in some unrelated bug fixes.
Thanks to Rhys Davies for the responsible disclosure.
Get the new release from github or any of the sources mentioned at https://github.com/matrix-org/synapse/blob/master/INSTALL.md.
Changelog since Synapse 1.11.0
This release includes a security fix impacting installations using Single Sign-On (i.e. SAML2 or CAS) for authentication. Administrators of such installations are encouraged to upgrade as soon as possible.
The release also includes fixes for a couple of other bugs.
PUT /_synapse/admin/v2/users/<user_id>
. Contributed by @dklimpel. (#6910)'coroutine' object has no attribute 'event_id'
. (#6996)