backups/grapevine
1
0
Fork 0
mirror of https://gitlab.computer.surgery/matrix/grapevine.git synced 2026-02-04 15:51:23 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

validate event type and membership for create_join and create_invite

Browse source 
Both of these endpoints sign the received event so without the
validation a malicious server can use these endpoints to trick our
server into signing effectively arbitrary forged events from local
users.

Rebased from a continuwuity patch by nex. The create_join changes were
not present in the continuwuity version because these checks were
already present there.

Co-authored-by: Olivia Lee <olivia@computer.surgery>
This commit is contained in:
timedout 2025-12-20 21:35:18 -08:00 committed by Lambda
parent f903421c3f
commit 06c3c083a2
2 changed files with 74 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

3
book/changelog.md
View file

@ -56,6 +56,9 @@ This will be the first release of Grapevine since it was forked from Conduit
7. Only allow the admin bot to change the room ID that the admin room alias
points to.
([!42](https://gitlab.computer.surgery/matrix/grapevine/-/merge_requests/42))
8. Fix vulnerability that allows a malicious server to trick a grapevine server
into signing arbitrary forged events via the send_invite endpoint.
([!205](https://gitlab.computer.surgery/matrix/grapevine/-/merge_requests/205))
### Removed