Matrix Synapse before 1.5.0 mishandles signature checking on some federation APIs. Events sent over /send_join, /send_leave, and /invite may not be correctly signed, or may not come from the expected servers.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 999 | all | matrix-synapse | < 1.5.0-1 | matrix-synapse_1.5.0-1_all.deb |
Debian | 13 | all | matrix-synapse | < 1.5.0-1 | matrix-synapse_1.5.0-1_all.deb |