automation: Update matrix-synapse Docker tag to v1.94.0 (!1084) · Merge requests · saibotk.de / Infrastructure

This MR contains the following updates:

Package	Update	Change
matrix-synapse	minor	`1.92.3` -> `1.94.0`

matrix-org/synapse (matrix-synapse)

No significant changes since 1.94.0rc1. However, please take note of the security advisory that follows.

The following issue is fixed in 1.94.0 (and RC).

GHSA-5chr-wjw5-3gq4 / CVE-2023-45129 — Moderate Severity

A malicious server ACL event can impact performance temporarily or permanently leading to a persistent denial of service.

Homeservers running on a closed federation (which presumably do not need to use server ACLs) are not affected.

See the advisory for more details. If you have any questions, email security@matrix.org.

No significant changes since 1.93.0rc1.

The following issues are fixed in 1.93.0 (and RCs).

GHSA-4f74-84v3-j9q5 / CVE-2023-41335 — Low Severity

Temporary storage of plaintext passwords during password changes.
GHSA-7565-cq32-vx2x / CVE-2023-42453 — Low Severity

Improper validation of receipts allows forged read receipts.

See the advisories for more details. If you have any questions, email security@matrix.org.

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about this update again.

This MR has been generated by Renovate Bot. The local configuration can be found in the local Renovate Bot repository.

Edited Oct 13, 2023 by Housekeeper (bot)

automation: Update matrix-synapse Docker tag to v1.94.0