etke.ccthe only FOSS-based service offering Matrix chat server hosting
2023-03-28 17:17 UTC
Servers Update In Progress (Security Fix)
- Element 1.11.25 -> Element 1.11.26
The issues involve prototype pollution via events containing special strings in key locations, which can temporarily disrupt normal functioning of matrix-js-sdk and matrix-react-sdk, potentially impacting the consumer’s ability to process data safely.
Although we have only demonstrated a denial-of-service-style impact, we cannot completely rule out the possibility of a more severe impact due to the relatively extensive attack surface. We have therefore classified this as High severity and strongly recommend upgrading as a precautionary measure.
from: matrix.org security announcement
#discussion:etke.cc