Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Commit

Permalink
Update cahngelog
Browse files Browse the repository at this point in the history
  • Loading branch information
@erikjohnston
erikjohnston committed Mar 26, 2021
1 parent c6f8e80 commit 548c4a6
Showing 1 changed file with 14 additions and 2 deletions.
16 changes: 14 additions & 2 deletions CHANGES.md
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,20 @@
Synapse 1.30.1 (2021-03-26)
===========================

This is a security release to ensure that Synapse is running with a
`cryptography` package built against a patched version of OpenSSL.
This release is identical to Synapse 1.30.0, with the exception of explicitly
setting a minimum version of Python's Cryptography library to ensure that users
of Synapse are protected from the recent [OpenSSL security advisories](https://mta.openssl.org/pipermail/openssl-announce/2021-March/000198.html),
especially CVE-2021-3449.

Note that Cryptography defaults to bundling its own statically linked copy of
OpenSSL, which means that you may not be protected by your operating system's
security updates.

It's also worth noting that Cryptography no longer supports Python 3.5, so
admins deploying to older environments may not be protected against this or
future vulnerabilities.




Updates to the Docker image
Expand Down

0 comments on commit 548c4a6

Please sign in to comment.