Synapse 1.30.1 is now available. This release is identical to Synapse 1.30.0, with the exception of explicitly setting a minimum version of the Python Cryptography library to ensure that users of Synapse are protected from yesterday's OpenSSL security advisories, especially CVE-2021-3449.

Note that Cryptography defaults to bundling its own statically linked copy of OpenSSL, which means that you may not be protected by your operating system's security updates.

It's also worth noting that Cryptography no longer supports Python 3.5, so admins deploying to older environments like Debian 9 (Stretch) or Ubuntu 16.04 (Xenial) may not be protected against this or future vulnerabilities.

The next release of Synapse will be the last to support Python 3.5.

The Foundation needs you

The Foundation is a non-profit and only relies on donations to operate. Its core mission is to maintain the Matrix Specification, but it does much more than that.

It maintains the homeserver and hosts several bridges for free. It fights for our collective rights to digital privacy and dignity.

Support us