search

YunoHost-Apps / synapse_ynh

Matrix server (synapse) package for YunoHost
https://matrix.org/
GNU General Public License v3.0
79 stars 43 forks source link

Security update available - v1.105.1 #455

Closed nathanael-h closed 2 months ago

nathanael-h commented 2 months ago

A new security update is available : https://github.com/element-hq/synapse/releases/tag/v1.105.1

I don't know if the auto-updater works for this app, and how we should create the build on https://github.com/YunoHost-Apps/synapse_python_build/releases (there I see not github actions file).

Synapse 1.105.1 (2024-04-23) Security advisory

The following issues are fixed in 1.105.1.

[GHSA-3h7q-rfh9-xm4v](https://github.com/element-hq/synapse/security/advisories/GHSA-3h7q-rfh9-xm4v) / [CVE-2024-31208](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31208) — High Severity

Weakness in auth chain indexing allows DoS from remote room members through disk fill and high CPU usage.
Josue-T commented 2 months ago

Fixed in testing