hundredpercent
/
element-web
mirror of https://github.com/vector-im/element-web.git
1
0
Fork 0
Code Issues 3 Releases Wiki Activity

Update security notice

Browse Source 
New information came to light after the original report, so this updates the
notice to match the latest details.
pull/16962/head
J. Ryan Stinnett 1 year ago
parent ddbfab4fc5
commit 3228a3abd1
1 changed files with 5 additions and 5 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 10
      CHANGELOG.md

10
CHANGELOG.md
Unescape View File

@ -90,12 +90,12 @@ Changes in [1.7.22](https://github.com/vector-im/element-web/releases/tag/v1.7.2
## Security notice
Element Web 1.7.22 fixes (by upgrading to matrix-react-sdk 3.15.0) a low
Element Web 1.7.22 fixes (by upgrading to matrix-react-sdk 3.15.0) a moderate
severity issue (CVE-2021-21320) where the user content sandbox can be abused to
trick users into opening unexpected documents. The content is opened with a
`blob` origin that cannot access Matrix user data, so messages and secrets are
not at risk. Thanks to @keerok for responsibly disclosing this via Matrix's
Security Disclosure Policy.
trick users into opening unexpected documents after several user interactions.
The content can be opened with a `blob` origin from the Matrix client, so it is
possible for a malicious document to access user messages and secrets. Thanks to
@keerok for responsibly disclosing this via Matrix's Security Disclosure Policy.
## All changes

Write Preview
Loading…
Cancel
Save