-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Pre-disclosure: Upcoming critical security fix for Synapse

Hi all,

During the ongoing work to finalise a stable release of Matrix’s Server-Server federation API, we’ve been doing a full audit of Synapse’s implementation and have identified a serious vulnerability which we are going to release a security update to address (Synapse 0.33.3.1) on Thursday Sept 6th at 12:00 UTC.

We are coordinating with package maintainers to ensure that patched versions of packages will be available at that time - meanwhile, if you run your own Synapse, please be prepared to upgrade as soon as the patched versions are released.  All previous versions of Synapse are affected, so everyone will want to upgrade.

Thank you for your time, patience and understanding while we resolve the issue,
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEumuwyPtYLL2OMhYdOtoG7cdT0R4FAluPtyUACgkQOtoG7cdT
0R4EcxAAgzNXKgl4/EhfAJylryo141HKmu7UgK9I7fF6fdkZL9W9UvLeeJCsSlJp
RF3QQM6EHHkWXLRiXYXVUxc45sg2iYUJz+inIb1eH4du9E68j/o1qk1n3/Z+OaeI
XCvMnJqgNwpsiKJCnvOsnumDyOODY3Fg1zWauG/YDnSJmPISgBM9d6OY8vwcAm54
M/qV+xiJwVse0jp7Ne5RX+aZmUibUJpgp4pAvJpDYRI7AX612hizlTzFAwljRyWM
7V28W9E6jbsndI1F+3Ok+KK7+AGFmeBGXKY4uxbkoXq/TPHVFjWimgS5CrZ9V8ry
Kyeo5i5UbP7V7d53h7U8/KGIxzNsNRKSgU7FXZthJCZQQkAnhPDf3nhUI0YJTvNv
r3n/ZnRz/1gO7ceTY87ea31kxbnR3+d6lrYwHy/1g6SkyMJfvFYehQkWXHXcr6tN
OXS+eK2o8cdaQduhGTKAcWVmcwbbMnj6eHCMrnRsdtPzboLd8FHXUphsEdBgs2Tv
7Q0JKoXZM3Rbn2ksFPGOTwm+RkcTUWFJ8iVZQ9lIC0uMRgYyDHk0gFvDCACirBB7
+NGbPALFuBmCKdKiKOC74s+Z0WeOISQKCoSD1H/YprDrXOgamLSGMrkLDZ9FB0M6
XSAH3aRmdquCOWsw91JqeMeDi2FOBfiLUzkhzTVDVrPGbgS9Qqs=
=KvsN
-----END PGP SIGNATURE-----