Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Improve signature checking on some federation APIs #6262

Merged
merged 2 commits into from
Oct 28, 2019
Merged

Improve signature checking on some federation APIs #6262

merged 2 commits into from
Oct 28, 2019

Conversation

richvdh
Copy link
Member

@richvdh richvdh commented Oct 28, 2019

Make sure that we check that events sent over /send_join, /send_leave, and
/invite, are correctly signed and come from the expected servers.

@richvdh
Improve signature checking on some federation APIs
45b5cff 
Make sure that we check that events sent over /send_join, /send_leave, and
/invite, are correctly signed and come from the expected servers.
@richvdh
newsfile
2fbba56
@richvdh richvdh requested a review from a team October 28, 2019 11:54
@richvdh richvdh mentioned this pull request Oct 28, 2019
Merged
@richvdh richvdh merged commit 172f264 into release-v1.5.0 Oct 28, 2019
@richvdh richvdh deleted the rav/send_join_sigs branch October 28, 2019 12:43
richvdh added a commit that referenced this pull request Oct 28, 2019
@richvdh
Merge tag 'v1.5.0rc2' into develop
bcfc647 
Synapse 1.5.0rc2 (2019-10-28)
=============================

Bugfixes
--------

- Update list of boolean columns in `synapse_port_db`. ([\#6247](#6247))
- Fix /keys/query API on workers. ([\#6256](#6256))
- Improve signature checking on some federation APIs. ([\#6262](#6262))

Internal Changes
----------------

- Move schema delta files to the correct data store. ([\#6248](#6248))
- Small performance improvement by removing repeated config lookups in room stats calculation. ([\#6255](#6255))
@Ma27 Ma27 mentioned this pull request Oct 29, 2019
Merged
10 tasks
@kyrias
Copy link
Contributor

kyrias commented Nov 8, 2019

This apparently got assigned CVE-2019-18835.

svenstaro pushed a commit to archlinux/svntogit-community that referenced this pull request Jul 22, 2020
@kyrias
upgpkg: matrix-synapse 1.5.0-1
4df779e 
This release fixes a security issue relating to signature checking of events.
matrix-org/synapse#6262

git-svn-id: file:///srv/repos/svn-community/svn@522534 9fca08f4-af9d-4005-b8df-a31f2cc04f65
babolivier pushed a commit that referenced this pull request Sep 1, 2021
@anoadragon453
Improve signature checking on some federation APIs (#6262)
9528bab 
* commit '172f264ed':
  Improve signature checking on some federation APIs (#6262)
@westonsteimel westonsteimel mentioned this pull request Sep 5, 2022
Merged
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@erikjohnston erikjohnston erikjohnston approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@richvdh @kyrias @erikjohnston