Skip to content

0.35.1 (2022-09-26)
Compare
Choose a tag to compare
@Half-Shot Half-Shot released this 26 Sep 11:27
· 88 commits to develop since this release
0.35.1
This tag was signed with the committer’s verified signature. The key has expired.
Half-Shot Will Hunt
GPG key ID: 22F0C0CF2F015185
Expired
Learn about vigilant mode.
766d1ad

🔒 Security

This release addresses a security vulnerability in the bridge. Please update as a matter of urgency. A matrix.org blog post detailing the specifics of the bugs will be available soon.

Mitigation

A new security vulnerability was found in the matrix-appservice-irc bridge, for which we are releasing 0.35.1 as a fix. If you have the provisioning API enabled, this is potentially exploitable, so we advise you to upgrade immediately.

In case you cannot upgrade at the moment, we advise to update your IRC bridge configuration as a mitigation as follows:

You may revert these configuration changes after patching.

Bugfixes

  • Prevent possible attack by provisisioning a room with a specific roomID. (#1619)
Assets 2
Loading