mirror of
https://github.com/element-hq/synapse.git
synced 2024-11-22 09:35:45 +03:00
Update cahngelog
This commit is contained in:
Erik Johnston
parent
c6f8e8086c
commit
548c4a6587
1 changed files with 14 additions and 2 deletions
16
CHANGES.md
16
CHANGES.md
|
|
@ -1,8 +1,20 @@
|
|||
Synapse 1.30.1 (2021-03-26)
|
||||
===========================
|
||||
|
||||
This is a security release to ensure that Synapse is running with a
|
||||
`cryptography` package built against a patched version of OpenSSL.
|
||||
This release is identical to Synapse 1.30.0, with the exception of explicitly
|
||||
setting a minimum version of Python's Cryptography library to ensure that users
|
||||
of Synapse are protected from the recent [OpenSSL security advisories](https://mta.openssl.org/pipermail/openssl-announce/2021-March/000198.html),
|
||||
especially CVE-2021-3449.
|
||||
|
||||
Note that Cryptography defaults to bundling its own statically linked copy of
|
||||
OpenSSL, which means that you may not be protected by your operating system's
|
||||
security updates.
|
||||
|
||||
It's also worth noting that Cryptography no longer supports Python 3.5, so
|
||||
admins deploying to older environments may not be protected against this or
|
||||
future vulnerabilities.
|
||||
|
||||
|
||||
|
||||
|
||||
Updates to the Docker image
|
||||
|
|
|
|||
Loading…
Reference in a new issue