New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix event filtering in get_missing_events handler #3371

Merged
merged 1 commit into from Jun 8, 2018

Conversation

Projects
None yet
3 participants
@richvdh
Member

richvdh commented Jun 8, 2018

No description provided.

@dbkr

dbkr approved these changes Jun 8, 2018

@dbkr dbkr merged commit ad9edd1 into develop Jun 8, 2018

6 checks passed

Sytest Postgres (Commit) Build #5589 origin/rav/fix_get_missing_events succeeded in 7 min 42 sec
Details
Sytest Postgres (Merged PR) Build finished.
Details
Sytest SQLite (Commit) Build #5733 origin/rav/fix_get_missing_events succeeded in 3 min 28 sec
Details
Sytest SQLite (Merged PR) Build finished.
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
continuous-integration/travis-ci/push The Travis CI build passed
Details

neilisfragile added a commit that referenced this pull request Jun 8, 2018

Merge tag 'v0.31.1'
Changes in synapse v0.31.1 (2018-06-08)
=======================================

v0.31.1 fixes a security bug in the ``get_missing_events`` federation API
where event visibility rules were not applied correctly.

We are not aware of it being actively exploited but please upgrade asap.

Bug Fixes:

* Fix event filtering in get_missing_events handler (PR #3371)
@carnil

This comment has been minimized.

carnil commented Jun 13, 2018

CVE-2018-12291 has been assigned for this issue by MITRE.

@richvdh richvdh deleted the rav/fix_get_missing_events branch Jul 10, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment