-----BEGIN PGP SIGNED MESSAGE-----
Pre-disclosure: Upcoming critical security fix for Synapse
During the ongoing work to finalise a stable release of Matrixâ€™s Server-Server federation API, weâ€™ve been doing a full audit of Synapseâ€™s implementation and have identified a serious vulnerability which we are going to release a security update to address (Synapse 0.33.3.1) on Thursday Sept 6th at 12:00 UTC.
We are coordinating with package maintainers to ensure that patched versions of packages will be available at that time - meanwhile, if you run your own Synapse, please be prepared to upgrade as soon as the patched versions are released. All previous versions of Synapse are affected, so everyone will want to upgrade.
Thank you for your time, patience and understanding while we resolve the issue,
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
More info on the issue: https://security-tracker.debian.org/tracker/CVE-2018-16515