diff --git a/CHANGELOG.md b/CHANGELOG.md index 02d5492a..a5bc6cda 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,19 @@ +Changes in [1.5.15](https://github.com/vector-im/riot-web/releases/tag/v1.5.15) (2020-04-01) +============================================================================================ +[Full Changelog](https://github.com/vector-im/riot-web/compare/v1.5.14...v1.5.15) + +## Security notice + +The `jitsi.html` widget wrapper introduced in Riot 1.5.14 could be used to extract user data by tricking the user into adding a custom widget or opening a link in the browser used to run Riot. Jitsi widgets created through Riot UI do not pose a risk and do not need to be recreated. + +It is important to purge any copies of Riot 1.5.14 so that the vulnerable `jitsi.html` wrapper from that version is no longer accessible. + +## All changes + + * Upgrade React SDK to 2.3.1 for Jitsi fixes + * Fix popout support for jitsi widgets + [\#12980](https://github.com/vector-im/riot-web/pull/12980) + Changes in [1.5.14](https://github.com/vector-im/riot-web/releases/tag/v1.5.14) (2020-03-30) ============================================================================================ [Full Changelog](https://github.com/vector-im/riot-web/compare/v1.5.14-rc.1...v1.5.14) diff --git a/electron_app/package.json b/electron_app/package.json index 4e014c96..390b61d8 100644 --- a/electron_app/package.json +++ b/electron_app/package.json @@ -2,7 +2,7 @@ "name": "riot-web", "productName": "Riot", "main": "src/electron-main.js", - "version": "1.5.14", + "version": "1.5.15", "description": "A feature-rich client for Matrix.org", "author": "New Vector Ltd.", "dependencies": { diff --git a/package.json b/package.json index d21bd7d6..c323431f 100644 --- a/package.json +++ b/package.json @@ -2,7 +2,7 @@ "name": "riot-web", "productName": "Riot", "main": "electron_app/src/electron-main.js", - "version": "1.5.14", + "version": "1.5.15", "description": "A feature-rich client for Matrix.org", "author": "New Vector Ltd.", "repository": { @@ -68,8 +68,8 @@ "favico.js": "^0.3.10", "gfm.css": "^1.1.2", "highlight.js": "^9.13.1", - "matrix-js-sdk": "github:matrix-org/matrix-js-sdk#develop", - "matrix-react-sdk": "github:matrix-org/matrix-react-sdk#develop", + "matrix-js-sdk": "5.2.0", + "matrix-react-sdk": "2.3.1", "olm": "https://packages.matrix.org/npm/olm/olm-3.1.4.tgz", "postcss-easings": "^2.0.0", "prop-types": "^15.7.2", diff --git a/yarn.lock b/yarn.lock index 9c5de662..de40bc5b 100644 --- a/yarn.lock +++ b/yarn.lock @@ -7472,9 +7472,10 @@ matrix-mock-request@^1.2.3: bluebird "^3.5.0" expect "^1.20.2" -"matrix-react-sdk@github:matrix-org/matrix-react-sdk#develop": - version "2.3.0" - resolved "https://codeload.github.com/matrix-org/matrix-react-sdk/tar.gz/78fd8e4569096043b22210821d20e085802bbcff" +matrix-react-sdk@2.3.1: + version "2.3.1" + resolved "https://registry.yarnpkg.com/matrix-react-sdk/-/matrix-react-sdk-2.3.1.tgz#76ac6f98dfa89d4ceb7c63b31e10b9779bca12fe" + integrity sha512-TIiiEIUa891eTdRFCaj18sAFJULBDgbFOvV4upaED/aNXxnHOLV5JjNuYzsmQMEJ6Fmrz5iM0DbWXaADnuZwpQ== dependencies: "@babel/runtime" "^7.8.3" blueimp-canvas-to-blob "^3.5.0"