backups/grapevine
1
0
Fork 0
mirror of https://gitlab.computer.surgery/matrix/grapevine.git synced 2026-02-04 07:41:23 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
Grapevine is a Matrix homeserver, forked from Conduit 0.7.0
2869 commits 35 branches 1 tag 23 MiB
Find a file
Olivia Lee e6f6fb0861
validate membership events returned by remote servers 
This fixes a vulnerability where an attacker with a a malicious remote
server and a user on the local server can trick the local server into
signing arbitrary events. The attacker issue a remote leave as the local
user to a room on the malicious server. Without any validation of the
make_leave response, the local server would sign the attacker-controlled
event and pass it back to the malicious server with send_leave.

The join endpoints is also fixed in this commit, but is less useful for
exploitation because the local server replaces the "content" field
returned by the remote server. Remote invites are unaffected because we
already check that the event returned from /invite has the same event ID
as the event passed to it.
2025-12-30 17:11:01 -08:00
.cargo Update ruma to 0.12.2 2025-05-04 14:03:46 -07:00
bin remove nix-direnv 2025-08-03 10:59:28 -07:00
book validate membership events returned by remote servers 2025-12-30 17:11:01 -08:00
nix Revert "do default-feature unification in nix" 2025-07-24 15:09:12 -07:00
src validate membership events returned by remote servers 2025-12-30 17:11:01 -08:00
tests/integrations support listening on Unix sockets 2025-06-01 22:16:48 +02:00
.envrc optionally use nom to build devshell dependencies 2024-05-30 21:19:09 -07:00
.gitignore expose static binaries in gitlab artifacts again 2024-12-11 14:37:43 -08:00
.gitlab-ci.yml assume nix is available 2025-08-03 10:59:28 -07:00
.lycheeignore set up mdbook 2024-06-16 20:23:18 -07:00
.mailmap update name and email in mailmap 2024-11-16 21:15:16 -08:00
.markdownlintignore set up mdbook 2024-06-16 20:23:18 -07:00
book.toml add flake output for the website root 2024-11-22 11:21:39 -08:00
Cargo.lock Bump ruma to c4f467781a7ef330dc0b7eb5d0d0cad77ebc3337 (refactor Capabilities) 2025-08-30 18:38:08 +02:00
Cargo.toml Bump ruma to c4f467781a7ef330dc0b7eb5d0d0cad77ebc3337 (refactor Capabilities) 2025-08-30 18:38:08 +02:00
clippy.toml enable doc_markdown lint 2024-05-14 16:34:10 -07:00
default.nix feat: support non-flake users 2024-02-01 19:19:56 -08:00
engage.toml remove all-features devshell 2025-07-24 15:00:02 -07:00
flake.lock Upgrade rust-rocksdb 2025-08-09 01:18:51 +02:00
flake.nix Upgrade rust-rocksdb 2025-08-09 01:18:51 +02:00
LICENSE.md convert license to markdown 2024-04-30 21:54:56 -07:00
README.md update docs link in the readme 2024-12-06 11:37:17 -08:00
rust-toolchain.toml update rust to 1.88.0 2025-08-06 12:27:45 -07:00
rustfmt.toml enable error_on_line_overflow and fix errors 2024-05-16 19:11:40 -07:00

README.md

Grapevine

A Matrix homeserver.

Read the book

Click here to read the latest version.