Today we are announcing security updates for several of our bridges.

In addition we have released matrix-appservice-bridge 9.0.1 (and backported to 8.1.2) which patches GHSA-vc7j-h8xg-fv5x.

All mentioned bridges are affected by a vulnerability in the provisioning interfaces of these bridges. If you are unable to upgrade, please disable provisioning for now (which should be documented in the relevant bridge sample config).

The IRC bridge is also affected by two additional vulnerabilities. In this case, we would recommend upgrading immediately rather than working around the problems.

Disclosures for these vulnerabilities, as well as CVE numbers will be out in three days (Thursday 3rd).

We advise to upgrade as soon as possible.

If you have further questions, please reach out on [email protected]