1.2 KiB
+++ title = "Synapse: Disclosing CVE-2020-26890" date = "2020-11-23T14:59:25Z" path = "/blog/2020/11/23/synapse-disclosing-cve-2020-26890"
[taxonomies] author = ["Dan Callahan"] category = ["Security"] +++
Today we are disclosing CVE-2020-26890 / GHSA-4mp3-385r-v63f, a denial of service vulnerability affecting Synapse versions prior to 1.20.0. We strongly encourage all Synapse admins to upgrade as soon as possible. If you have not upgraded in a while, please refer to the upgrade notes, especially the latter portion of that document which covers any backwards incompatible changes which you may need to take into consideration.
As a best practice, we encourage Synapse admins to upgrade regularly, and either subscribe on GitHub or join #homeowners:matrix.org for low-traffic notifications of new releases.
We extend our thanks to Denis Kasak for reporting this issue, earning a second entry in the Matrix Security Hall of Fame.