etke.cc2023-03-28 17:17 UTC
Servers Update In Progress (Security Fix)
- Element 1.11.25 -> Element 1.11.26
The issues involve prototype pollution via events containing special strings in key locations, which can temporarily disrupt normal functioning of matrix-js-sdk and matrix-react-sdk, potentially impacting the consumer’s ability to process data safely.
Although we have only demonstrated a denial-of-service-style impact, we cannot completely rule out the possibility of a more severe impact due to the relatively extensive attack surface. We have therefore classified this as High severity and strongly recommend upgrading as a precautionary measure.
Don't have a Matrix server yet?
We specialize in setup, hosting and maintenance of Matrix and various Matrix & non-Matrix add-ons.
Hosting is on affordable VPS servers provided by us (via Hetzner Cloud) in the EU or US,
or on your own infrastructure anywhere in the world.
Let's build your Matrix haven together!