Package: matrix-synapse Severity: important Dear Maintainer,
Synapse up to 1.47.0 contains a security problem which allows to write files outside of the configured directory for downloads. See https://github.com/matrix-org/synapse/commits/v1.47.1 and in the future also https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41281 Regards, Benedikt Wildenhain