File tree Expand file tree Collapse file tree 4 files changed +24
-7
lines changed
Expand file tree Collapse file tree 4 files changed +24
-7
lines changed Original file line number Diff line number Diff line change 1+ Changes in [ 1.5.15] ( https://github.com/vector-im/riot-web/releases/tag/v1.5.15 ) (2020-04-01)
2+ ============================================================================================
3+ [ Full Changelog] ( https://github.com/vector-im/riot-web/compare/v1.5.14...v1.5.15 )
4+
5+ ## Security notice
6+
7+ The ` jitsi.html ` widget wrapper introduced in Riot 1.5.14 could be used to extract user data by tricking the user into adding a custom widget or opening a link in the browser used to run Riot. Jitsi widgets created through Riot UI do not pose a risk and do not need to be recreated.
8+
9+ It is important to purge any copies of Riot 1.5.14 so that the vulnerable ` jitsi.html ` wrapper from that version is no longer accessible.
10+
11+ ## All changes
12+
13+ * Upgrade React SDK to 2.3.1 for Jitsi fixes
14+ * Fix popout support for jitsi widgets
15+ [ \# 12980] ( https://github.com/vector-im/riot-web/pull/12980 )
16+
117Changes in [ 1.5.14] ( https://github.com/vector-im/riot-web/releases/tag/v1.5.14 ) (2020-03-30)
218============================================================================================
319[ Full Changelog] ( https://github.com/vector-im/riot-web/compare/v1.5.14-rc.1...v1.5.14 )
Original file line number Diff line number Diff line change 22 "name" : " riot-web"
33 "productName" : " Riot"
44 "main" : " src/electron-main.js"
5- "version" : " 1.5.14 "
5+ "version" : " 1.5.15 "
66 "description" : " A feature-rich client for Matrix.org"
77 "author" : " New Vector Ltd."
88 "dependencies" : {
Original file line number Diff line number Diff line change 22 "name" : " riot-web"
33 "productName" : " Riot"
44 "main" : " electron_app/src/electron-main.js"
5- "version" : " 1.5.14 "
5+ "version" : " 1.5.15 "
66 "description" : " A feature-rich client for Matrix.org"
77 "author" : " New Vector Ltd."
88 "repository" : {
6868 "favico.js" : " ^0.3.10"
6969 "gfm.css" : " ^1.1.2"
7070 "highlight.js" : " ^9.13.1"
71- "matrix-js-sdk" : " github:matrix-org/matrix-js-sdk#develop "
72- "matrix-react-sdk" : " github:matrix-org/matrix-react-sdk#develop "
71+ "matrix-js-sdk" : " 5.2.0 "
72+ "matrix-react-sdk" : " 2.3.1 "
7373 "olm" : " https://packages.matrix.org/npm/olm/olm-3.1.4.tgz"
7474 "postcss-easings" : " ^2.0.0"
7575 "prop-types" : " ^15.7.2"
Original file line number Diff line number Diff line change @@ -7472,9 +7472,10 @@ matrix-mock-request@^1.2.3:
74727472 bluebird "^3.5.0"
74737473 expect "^1.20.2"
74747474
7475- "matrix-react-sdk@github:matrix-org/matrix-react-sdk#develop":
7476- version "2.3.0"
7477- resolved "https://codeload.github.com/matrix-org/matrix-react-sdk/tar.gz/78fd8e4569096043b22210821d20e085802bbcff"
7475+ matrix-react-sdk@2.3.1:
7476+ version "2.3.1"
7477+ resolved "https://registry.yarnpkg.com/matrix-react-sdk/-/matrix-react-sdk-2.3.1.tgz#76ac6f98dfa89d4ceb7c63b31e10b9779bca12fe"
7478+ integrity sha512-TIiiEIUa891eTdRFCaj18sAFJULBDgbFOvV4upaED/aNXxnHOLV5JjNuYzsmQMEJ6Fmrz5iM0DbWXaADnuZwpQ==
74787479 dependencies:
74797480 "@babel/runtime" "^7.8.3"
74807481 blueimp-canvas-to-blob "^3.5.0"
You can’t perform that action at this time.
0 commit comments