There is a denial of service attack (CVE-2020-26257) against the
federation APIs in which future events will not be correctly sent to
other servers over federation. This affects all servers that participate
in open federation. (Fixed in #8776).
Synapse may be affected by OpenSSL CVE-2020-1971. Synapse
administrators should ensure that they have the latest versions of the
cryptography Python package installed.
ok abieber@
d4841d2621