Skip to content

v1.7.22
Compare
Choose a tag to compare
@RiotRobot RiotRobot released this 01 Mar 13:21
· 3584 commits to develop since this release
v1.7.22
This tag was signed with the committer’s verified signature. The key has expired.
RiotRobot ElementRobot
GPG key ID: F6151806032026F9
Expired
Learn about vigilant mode.
06798f3

Full Changelog

Security notice

Element Web 1.7.22 fixes (by upgrading to matrix-react-sdk 3.15.0) a moderate
severity issue (CVE-2021-21320) where the user content sandbox can be abused to
trick users into opening unexpected documents after several user interactions.
The content can be opened with a blob origin from the Matrix client, so it is
possible for a malicious document to access user messages and secrets. Thanks to
@keerok for responsibly disclosing this via Matrix's Security Disclosure Policy.

All changes

  • Upgrade to React SDK 3.15.0 and JS SDK 9.8.0
Assets 5
Loading