FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

py-matrix-synapse -- users of single-sign-on are vulnerable to phishing

Affected packages
py35-matrix-synapse < 1.11.1
py36-matrix-synapse < 1.11.1
py37-matrix-synapse < 1.11.1

Details

VuXML ID 1afe9552-5ee3-11ea-9b6d-901b0e934d69
Discovery 2020-03-03
Entry 2020-03-11

Matrix developers report:

[The 1.11.1] release includes a security fix impacting installations using Single Sign-On (i.e. SAML2 or CAS) for authentication. Administrators of such installations are encouraged to upgrade as soon as possible.

References

URL https://github.com/matrix-org/synapse/releases/tag/v1.11.1