We found a high severity vulnerability in Synapse and plan to release a fix in Synapse 1.47.1 on Tuesday 23rd November.
If you run a Synapse instance, please be prepared to upgrade as soon as the patched version is released.
Full pre-disclosure post: https://matrix.org/blog/2021/11/18/pre-disclosure-upcoming-security-release-of-synapse-1-47-1
@matrix Are earlier versions than 1.47.0 affected as well?
@koyax @matrix Pretty sure, I'd update to be safe.
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!