36 lines
1.4 KiB
Plaintext
36 lines
1.4 KiB
Plaintext
-----BEGIN PGP SIGNED MESSAGE-----
|
|
Hash: SHA1
|
|
|
|
Synapse Debian Package Security Announcement
|
|
============================================
|
|
|
|
We were advised of a bug with the LDAP integration an hour ago that allowed
|
|
unauthenticated login in certain circumstances when using an old version of
|
|
the ldap3 python module (v0.9.x).
|
|
|
|
Currently, this is only known to affect the debian packages of synapse. A fix
|
|
has been pushed, v0.18.2-2, and it is strongly advised for you to update as
|
|
soon as possible.
|
|
|
|
Synapse installed using pip should not be affected, as pip will have bundled
|
|
a newer version of the ldap3 module.
|
|
|
|
|
|
-----BEGIN PGP SIGNATURE-----
|
|
Version: GnuPG v1
|
|
|
|
iQIcBAEBAgAGBQJYId+6AAoJEDraBu3HU9EeeqMP/RvH5vK2pa21cWHWPtqcD/tk
|
|
9BkiGRbekY3RhIXifMXSE/S0evdgFjyRuTJKcxjoyVLhtPDhP1cx7q+sNFICOUE9
|
|
facVLvoKrivWhdroU2MJ22EhTjzpB0Qa7SIh3u1J3T5J3eB0XFw+wfKGzEY+ma2N
|
|
AHAv4qhqx0iT92YCWxPPE+wGBwuiYXZCrl9s+H6pRe+u/5ehe7T3fxjtbdrfCURL
|
|
Y3Ex+dHK4y7l4D87qBCMkwt5vlVeXOSIUZw6X/JIH1T7dW0ZOQBZypR6lXz368pV
|
|
2r/zpAktYD1h9/P0CmUkg6iWOZZNHhc31gO68dY1nKA85NivSVPbnPh/tk6ALjaM
|
|
h5TiTZzYHG6zx8mTkTeNUIpFER7cKCKETqxs4ObCmTy4ZBsJPQslm93Wg3QAttWY
|
|
fUHsE3NhoW1oKycYomiAanDLvf1BQ8VvA+Om3OVAiUTBi6Fez4MAexoteOiOlO0K
|
|
IWKzXINscI2MurlosGHyKGM7kXDXIXk4PRUC00eMW/TisTams9XgKEo62yUyr6xO
|
|
9uzPZlDA1wI0OFUjozGk+bJPVYOk+swpSaT3mAYJDg2WvIIXqZJ+dAf+W90LbcpE
|
|
s980JzfHL0hcAmz7zg6zJRUzwYUoAyWh6I7q4FQtS0MtqqMxJ+B3yPCfl6669O3o
|
|
rSW9LbsE75SpEx8+5SH2
|
|
=krCA
|
|
-----END PGP SIGNATURE-----
|