Source: matrix-synapse Version: 0.31.1+dfsg-1 Severity: grave Tags: patch security upstream Forwarded: https://github.com/matrix-org/synapse/pull/3397
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - From https://matrix.org/blog/2018/06/14/security-update-synapse-0-31-2/: > …we are releasing a security update of Synapse (0.31.2) today which > changes the rules used to authenticate power_level events, such that > we fail-safe rather than fail-deadly if the existing auth mechanisms > fail. In practice this means changing the default power level required > to set state to be 50 rather than 0 if there is no power_levels event > present, thus meaning that only the room creator can set the initial > power_levels event. See also https://github.com/matrix-org/matrix-doc/issues/1304 (Proposal to simplify the auth rules of m.room.power_level events.) -----BEGIN PGP SIGNATURE----- iQFIBAEBCAAyFiEEeuS9ZL8A0js0NGiOXkCM2RzYOdIFAlsinAYUHGFuZHJld3No QGRlYmlhbi5vcmcACgkQXkCM2RzYOdKFbQf8CmUFQ7Cnf1gq15BzZ7DW5wdHFSF2 mtCHGSGQQksyjuSw+Lz3Unqil3YRI9Z8hvPM/oCadFH19JxSBPRhW2a90WjZ67V4 8Vcn2l1VC4mLd98Ms38v1j7TiU2Qa3gfadk6+YIXq51D5OC8LXRKozoVHH0XJ0yG 3iV8LodPqL2D5wcDuQry8uZ4tEH3lhQbzqIjZKKeJp2WhFZBCuAU98DYjL7plqph 36Ce41+0z4zJXYi8DQ55MPOskOqYCOHFUZxTBw8umhwfK32xD9ao+Qfv27Poh0YT M6EgZjkKqBBBVZc8NzvuEmHSHMcjI1FdlpZFHhy0DhYmkpPwJ3RHyW+k7g== =5wg3 -----END PGP SIGNATURE-----