Pre-disclosure: upcoming critical fix for several popular Matrix clients

2021-09-10 — Security — Matrix Security

Hi all,

A critical security vulnerability impacting several popular Matrix clients and libraries was recently discovered. A coordinated security release of the affected components will be happening in the afternoon (from an UTC perspective) of Monday, Sept 13th.

We will be reaching out to downstream packagers to ensure they can prepare patched versions of affected packages at the time of the release. The details of the vulnerability will be disclosed in a blog post on the day of the release. There is so far no evidence of the vulnerability being exploited in the wild.

Please be prepared to upgrade as soon as the patched versions are released.

Thank you for your patience while we work to resolve this issue.