NodeJS/matrix-react-sdk/3.32.0-rc.1


SDK for matrix.org using React

https://www.npmjs.com/package/matrix-react-sdk
Apache-2.0

5 Security Vulnerabilities

matrix-react-sdk Prototype pollution vulnerability

Published date: 2023-03-28T19:57:57Z
CVE: CVE-2022-36060
Links:

Impact

Events sent with special strings in key places can temporarily disrupt or impede the matrix-react-sdk from functioning properly, such as by causing room or event tile crashes. The remainder of the application can appear functional, though certain rooms/events will not be rendered.

Patches

This is fixed in matrix-react-sdk 3.53.0

Workarounds

There are no workarounds. Please upgrade immediately.

References

https://learn.snyk.io/lessons/prototype-pollution/javascript/

For more information

If you have any questions or comments about this advisory please email us at security at matrix.org.

Affected versions: ["0.0.1", "0.0.2", "0.1.0", "0.2.0", "0.3.0", "0.3.1", "0.4.0", "0.5.0", "0.5.1", "0.5.2", "0.6.0", "0.6.1", "0.6.2", "0.6.3", "0.6.4", "0.6.4-r1", "0.6.5", "0.6.5-r1", "0.6.5-r2", "0.6.5-r3", "0.7.1", "0.7.2", "0.7.3", "0.7.4", "0.7.5-rc.1", "0.7.5", "0.8.0", "0.8.1-rc.1", "0.8.1-rc.2", "0.8.1", "0.8.2", "0.8.3", "0.8.3-electron", "0.8.4", "0.8.5-rc.1", "0.8.5", "0.8.6-rc.1", "0.8.6-rc.2", "0.8.6-rc.3", "0.8.6", "0.8.7-rc.1", "0.8.7-rc.2", "0.8.7-rc.3", "0.8.7-rc.4", "0.8.7", "0.8.8-rc.1", "0.8.8-rc.2", "0.8.8", "0.8.9-rc.1", "0.8.9", "0.9.0-rc.1", "0.9.0-rc.2", "0.9.0", "0.9.1", "0.9.2", "0.9.3-rc.1", "0.9.3-rc.2", "0.9.3", "0.9.4", "0.9.5-rc.1", "0.9.5-rc.2", "0.9.5", "0.9.6", "0.9.7", "0.10.0-rc.1", "0.10.0-rc.2", "0.10.1-rc.1", "0.10.1", "0.10.2", "0.10.3-rc.1", "0.10.3-rc.2", "0.10.3", "0.10.4-rc.1", "0.10.4", "0.10.5", "0.10.6", "0.10.7-rc.1", "0.10.7-rc.2", "0.10.7-rc.3", "0.10.7", "0.11.0-rc.1", "0.11.0-rc.2", "0.11.0-rc.3", "0.11.0", "0.11.1", "0.11.2", "0.11.3", "0.11.4", "0.12.0-rc.1", "0.12.0-rc.2", "0.12.0-rc.3", "0.12.0-rc.4", "0.11.4-cryptowarning.1", "0.11.4-cryptowarning.2", "0.12.0-rc.5", "0.12.0-rc.6", "0.12.0-rc.7", "0.12.0", "0.12.1", "0.12.2", "0.12.3-rc.1", "0.12.3-rc.2", "0.12.3-rc.3", "0.12.3", "0.12.4-rc.1", "0.12.4-rc.2", "0.12.4-rc.3", "0.12.4-rc.4", "0.12.4-rc.5", "0.12.4-rc.6", "0.12.4", "0.12.5", "0.12.6-rc.1", "0.12.6", "0.12.7-rc.1", "0.12.7", "0.12.8-rc.1", "0.12.8-rc.2", "0.12.8", "0.12.9-rc.1", "0.12.9-rc.2", "0.12.9", "0.13.0-rc.1", "0.13.0-rc.2", "0.13.0", "0.13.1-rc.1", "0.13.1", "0.13.2", "0.13.3-rc.1", "0.13.3-rc.2", "0.13.3", "0.13.4-rc.1", "0.13.4", "0.13.5-rc.1", "0.13.5", "0.13.6", "0.14.0-rc.1", "0.14.0", "0.14.1", "0.14.2-rc.1", "0.14.2", "0.14.3", "0.14.4", "0.14.5-rc.1", "0.14.5-rc.2", "0.14.5", "0.14.6", "0.14.7-rc.1", "0.14.7-rc.2", "0.14.7", "0.14.8-rc.1", "0.14.8", "1.0.0-rc.1", "1.0.0-rc.2", "1.0.0", "1.0.1", "1.0.2-rc.1", "1.0.2-rc.2", "1.0.2-rc.3", "1.0.2-rc.4", "1.0.2", "1.0.3", "1.0.4-rc.1", "1.0.4", "1.0.5", "1.0.6-rc.1", "1.0.6", "1.0.7", "1.1.0-rc.1", "1.1.0", "1.1.1", "1.1.2", "1.2.0-rc.1", "1.2.0", "1.2.1", "1.2.2-rc.1", "1.2.2-rc.2", "1.2.2", "1.3.0-rc.1", "1.3.0", "1.3.1", "1.4.0-rc.1", "1.4.0-rc.2", "1.4.0-rc.3", "1.4.0", "1.5.0-rc.1", "1.5.0", "1.5.1", "1.5.2-rc.1", "1.5.2", "1.5.3-rc.1", "1.5.3-rc.2", "1.5.3-rc.3", "1.5.3", "1.6.0-rc.1", "1.6.0-rc.2", "1.6.0", "1.6.1", "1.6.2-rc.1", "1.6.2", "1.7.0-rc.1", "1.7.0", "1.7.1-rc.1", "1.7.1-rc.2", "1.7.1", "1.7.2", "1.7.3-rc.1", "1.7.3-rc.2", "1.7.3", "1.7.4", "1.7.5-rc.1", "1.7.5", "1.7.6-rc.1", "1.7.6-rc.2", "1.7.6", "2.0.0-rc.2", "2.0.0", "2.1.0-rc.1", "2.1.0-rc.2", "2.1.0", "2.1.1", "2.2.0-rc.1", "2.2.0", "2.2.1", "2.2.2", "2.2.3-rc.1", "2.2.3", "2.3.0-rc.1", "2.3.0", "2.3.1", "2.4.0-rc.1", "2.5.0-rc.1", "2.5.0-rc.2", "2.5.0-rc.3", "2.5.0-rc.4", "2.5.0-rc.5", "2.5.0-rc.6", "2.5.0", "2.6.0-rc.1", "2.6.0", "2.6.1", "2.7.0-rc.1", "2.7.0-rc.2", "2.7.0", "2.7.1", "2.7.2", "2.8.0-rc.1", "2.8.0", "2.8.1", "2.9.0-rc.1", "2.9.0", "2.10.0", "2.10.1", "3.0.0", "3.1.0-rc.1", "3.1.0", "3.2.0-rc.1", "3.2.0", "3.3.0-rc.1", "3.3.0", "3.4.0-rc.1", "3.4.0", "3.4.1", "3.5.0-rc.1", "3.5.0", "3.6.0-rc.1", "3.6.0", "3.6.1", "3.7.0-rc.1", "3.7.0-rc.2", "3.7.0", "3.7.1", "3.8.0-rc.1", "3.8.0", "3.9.0-rc.1", "3.9.0", "3.10.0-rc.1", "3.10.0", "3.11.0-rc.1", "3.11.0-rc.2", "3.11.0", "3.11.1", "3.12.0-rc.1", "3.12.0", "3.12.1", "3.13.0-rc.1", "3.13.0", "3.13.1", "3.14.0-rc.1", "3.14.0", "3.15.0-rc.1", "3.15.0", "3.16.0-rc.1", "3.16.0-rc.2", "3.16.0", "3.17.0-rc.1", "3.17.0", "3.18.0-rc.1", "3.18.0", "3.19.0-rc.1", "3.19.0", "3.20.0-rc.1", "3.20.0", "3.21.0-rc.1", "3.21.0", "3.22.0-rc.1", "3.22.0", "3.23.0-rc.1", "3.23.0", "3.24.0-rc.1", "3.24.0", "3.25.0-rc.1", "3.25.0", "3.26.0-rc.1", "3.26.0", "3.27.0-rc.1", "3.27.0", "3.28.0-rc.1", "3.28.0", "3.28.1", "3.29.0-rc.1", "3.29.0-rc.2", "3.29.0-rc.3", "3.29.0", "3.30.0-rc.1", "3.30.0-rc.2", "3.29.1", "3.30.0", "3.31.0-rc.1", "3.31.0-rc.2", "3.31.0", "3.32.0-rc.1", "3.32.0-rc.2", "3.32.0", "3.32.1", "3.33.0-rc.1", "3.33.0-rc.2", "3.33.0", "3.34.0-rc.1", "3.34.0", "3.35.0-rc.1", "3.35.1", "3.36.0-rc.1", "3.36.0", "3.36.1", "3.37.0-rc.1", "3.37.0", "3.38.0-rc.1", "3.38.0", "3.39.0-rc.1", "3.39.0-rc.2", "3.39.0", "3.39.1", "3.40.0-rc.1", "3.40.0-rc.2", "3.40.0", "3.40.1", "3.41.0-rc.1", "3.41.0", "3.41.1", "3.42.0-rc.1", "3.42.0", "3.42.1-rc.1", "3.42.1", "3.42.2-rc.1", "3.42.2-rc.2", "3.42.2-rc.3", "3.42.2-rc.4", "3.42.3", "3.42.4", "3.43.0-rc.1", "3.43.0", "3.44.0-rc.1", "3.44.0-rc.2", "3.44.0", "3.45.0-rc.2", "3.45.0-rc.3", "3.45.0", "3.46.0-rc.1", "3.46.0", "3.47.0", "3.48.0-rc.1", "3.48.0", "3.49.0-rc.1", "3.49.0-rc.2", "3.49.0", "3.50.0", "3.51.0-rc.1", "3.51.0", "3.52.0-rc.1", "3.52.0-rc.2", "3.52.0", "3.53.0-rc.1", "3.53.0-rc.2"]
Secure versions: [3.105.1, 3.106.0-rc.1, 3.106.0, 3.107.0, 3.108.0-rc.0, 3.108.0, 3.109.0-rc.0, 3.109.0, 3.110.0-rc.1, 3.110.0, 3.111.0, 3.112.0-rc.0, 3.112.0, 3.113.0, 3.114.0-rc.0, 3.114.0]
Recommendation: Update to version 3.114.0.

Prototype pollution in matrix-react-sdk

Published date: 2023-03-29T19:34:25Z
CVE: CVE-2023-28103
Links:

Impact

In certain configurations, data sent by remote servers containing special strings in key locations could cause modifications of the Object.prototype, disrupting matrix-react-sdk functionality, causing denial of service and potentially affecting program logic.

(This is part 2, where CVE-2022-36060 / GHSA-2x9c-qwgf-94xr is part 1. Part 2 covers remaining vectors not covered by part 1, found in a codebase audit scheduled after part 1.)

Patches

This is fixed in matrix-react-sdk 3.69.0

Workarounds

None.

References

  • Release blog post
  • The advisory GHSA-2x9c-qwgf-94xr (CVE-2022-36060) refers to an initial set of vulnerable locations discovered and patched in matrix-react-sdk 3.53.0. We opted not to disclose that advisory while we performed an audit of the codebase and are now disclosing it jointly with this one.

For more information

If you have any questions or comments about this advisory please email us at security at matrix.org.

Affected versions: ["0.0.1", "0.0.2", "0.1.0", "0.2.0", "0.3.0", "0.3.1", "0.4.0", "0.5.0", "0.5.1", "0.5.2", "0.6.0", "0.6.1", "0.6.2", "0.6.3", "0.6.4", "0.6.4-r1", "0.6.5", "0.6.5-r1", "0.6.5-r2", "0.6.5-r3", "0.7.1", "0.7.2", "0.7.3", "0.7.4", "0.7.5-rc.1", "0.7.5", "0.8.0", "0.8.1-rc.1", "0.8.1-rc.2", "0.8.1", "0.8.2", "0.8.3", "0.8.3-electron", "0.8.4", "0.8.5-rc.1", "0.8.5", "0.8.6-rc.1", "0.8.6-rc.2", "0.8.6-rc.3", "0.8.6", "0.8.7-rc.1", "0.8.7-rc.2", "0.8.7-rc.3", "0.8.7-rc.4", "0.8.7", "0.8.8-rc.1", "0.8.8-rc.2", "0.8.8", "0.8.9-rc.1", "0.8.9", "0.9.0-rc.1", "0.9.0-rc.2", "0.9.0", "0.9.1", "0.9.2", "0.9.3-rc.1", "0.9.3-rc.2", "0.9.3", "0.9.4", "0.9.5-rc.1", "0.9.5-rc.2", "0.9.5", "0.9.6", "0.9.7", "0.10.0-rc.1", "0.10.0-rc.2", "0.10.1-rc.1", "0.10.1", "0.10.2", "0.10.3-rc.1", "0.10.3-rc.2", "0.10.3", "0.10.4-rc.1", "0.10.4", "0.10.5", "0.10.6", "0.10.7-rc.1", "0.10.7-rc.2", "0.10.7-rc.3", "0.10.7", "0.11.0-rc.1", "0.11.0-rc.2", "0.11.0-rc.3", "0.11.0", "0.11.1", "0.11.2", "0.11.3", "0.11.4", "0.12.0-rc.1", "0.12.0-rc.2", "0.12.0-rc.3", "0.12.0-rc.4", "0.11.4-cryptowarning.1", "0.11.4-cryptowarning.2", "0.12.0-rc.5", "0.12.0-rc.6", "0.12.0-rc.7", "0.12.0", "0.12.1", "0.12.2", "0.12.3-rc.1", "0.12.3-rc.2", "0.12.3-rc.3", "0.12.3", "0.12.4-rc.1", "0.12.4-rc.2", "0.12.4-rc.3", "0.12.4-rc.4", "0.12.4-rc.5", "0.12.4-rc.6", "0.12.4", "0.12.5", "0.12.6-rc.1", "0.12.6", "0.12.7-rc.1", "0.12.7", "0.12.8-rc.1", "0.12.8-rc.2", "0.12.8", "0.12.9-rc.1", "0.12.9-rc.2", "0.12.9", "0.13.0-rc.1", "0.13.0-rc.2", "0.13.0", "0.13.1-rc.1", "0.13.1", "0.13.2", "0.13.3-rc.1", "0.13.3-rc.2", "0.13.3", "0.13.4-rc.1", "0.13.4", "0.13.5-rc.1", "0.13.5", "0.13.6", "0.14.0-rc.1", "0.14.0", "0.14.1", "0.14.2-rc.1", "0.14.2", "0.14.3", "0.14.4", "0.14.5-rc.1", "0.14.5-rc.2", "0.14.5", "0.14.6", "0.14.7-rc.1", "0.14.7-rc.2", "0.14.7", "0.14.8-rc.1", "0.14.8", "1.0.0-rc.1", "1.0.0-rc.2", "1.0.0", "1.0.1", "1.0.2-rc.1", "1.0.2-rc.2", "1.0.2-rc.3", "1.0.2-rc.4", "1.0.2", "1.0.3", "1.0.4-rc.1", "1.0.4", "1.0.5", "1.0.6-rc.1", "1.0.6", "1.0.7", "1.1.0-rc.1", "1.1.0", "1.1.1", "1.1.2", "1.2.0-rc.1", "1.2.0", "1.2.1", "1.2.2-rc.1", "1.2.2-rc.2", "1.2.2", "1.3.0-rc.1", "1.3.0", "1.3.1", "1.4.0-rc.1", "1.4.0-rc.2", "1.4.0-rc.3", "1.4.0", "1.5.0-rc.1", "1.5.0", "1.5.1", "1.5.2-rc.1", "1.5.2", "1.5.3-rc.1", "1.5.3-rc.2", "1.5.3-rc.3", "1.5.3", "1.6.0-rc.1", "1.6.0-rc.2", "1.6.0", "1.6.1", "1.6.2-rc.1", "1.6.2", "1.7.0-rc.1", "1.7.0", "1.7.1-rc.1", "1.7.1-rc.2", "1.7.1", "1.7.2", "1.7.3-rc.1", "1.7.3-rc.2", "1.7.3", "1.7.4", "1.7.5-rc.1", "1.7.5", "1.7.6-rc.1", "1.7.6-rc.2", "1.7.6", "2.0.0-rc.2", "2.0.0", "2.1.0-rc.1", "2.1.0-rc.2", "2.1.0", "2.1.1", "2.2.0-rc.1", "2.2.0", "2.2.1", "2.2.2", "2.2.3-rc.1", "2.2.3", "2.3.0-rc.1", "2.3.0", "2.3.1", "2.4.0-rc.1", "2.5.0-rc.1", "2.5.0-rc.2", "2.5.0-rc.3", "2.5.0-rc.4", "2.5.0-rc.5", "2.5.0-rc.6", "2.5.0", "2.6.0-rc.1", "2.6.0", "2.6.1", "2.7.0-rc.1", "2.7.0-rc.2", "2.7.0", "2.7.1", "2.7.2", "2.8.0-rc.1", "2.8.0", "2.8.1", "2.9.0-rc.1", "2.9.0", "2.10.0", "2.10.1", "3.0.0", "3.1.0-rc.1", "3.1.0", "3.2.0-rc.1", "3.2.0", "3.3.0-rc.1", "3.3.0", "3.4.0-rc.1", "3.4.0", "3.4.1", "3.5.0-rc.1", "3.5.0", "3.6.0-rc.1", "3.6.0", "3.6.1", "3.7.0-rc.1", "3.7.0-rc.2", "3.7.0", "3.7.1", "3.8.0-rc.1", "3.8.0", "3.9.0-rc.1", "3.9.0", "3.10.0-rc.1", "3.10.0", "3.11.0-rc.1", "3.11.0-rc.2", "3.11.0", "3.11.1", "3.12.0-rc.1", "3.12.0", "3.12.1", "3.13.0-rc.1", "3.13.0", "3.13.1", "3.14.0-rc.1", "3.14.0", "3.15.0-rc.1", "3.15.0", "3.16.0-rc.1", "3.16.0-rc.2", "3.16.0", "3.17.0-rc.1", "3.17.0", "3.18.0-rc.1", "3.18.0", "3.19.0-rc.1", "3.19.0", "3.20.0-rc.1", "3.20.0", "3.21.0-rc.1", "3.21.0", "3.22.0-rc.1", "3.22.0", "3.23.0-rc.1", "3.23.0", "3.24.0-rc.1", "3.24.0", "3.25.0-rc.1", "3.25.0", "3.26.0-rc.1", "3.26.0", "3.27.0-rc.1", "3.27.0", "3.28.0-rc.1", "3.28.0", "3.28.1", "3.29.0-rc.1", "3.29.0-rc.2", "3.29.0-rc.3", "3.29.0", "3.30.0-rc.1", "3.30.0-rc.2", "3.29.1", "3.30.0", "3.31.0-rc.1", "3.31.0-rc.2", "3.31.0", "3.32.0-rc.1", "3.32.0-rc.2", "3.32.0", "3.32.1", "3.33.0-rc.1", "3.33.0-rc.2", "3.33.0", "3.34.0-rc.1", "3.34.0", "3.35.0-rc.1", "3.35.1", "3.36.0-rc.1", "3.36.0", "3.36.1", "3.37.0-rc.1", "3.37.0", "3.38.0-rc.1", "3.38.0", "3.39.0-rc.1", "3.39.0-rc.2", "3.39.0", "3.39.1", "3.40.0-rc.1", "3.40.0-rc.2", "3.40.0", "3.40.1", "3.41.0-rc.1", "3.41.0", "3.41.1", "3.42.0-rc.1", "3.42.0", "3.42.1-rc.1", "3.42.1", "3.42.2-rc.1", "3.42.2-rc.2", "3.42.2-rc.3", "3.42.2-rc.4", "3.42.3", "3.42.4", "3.43.0-rc.1", "3.43.0", "3.44.0-rc.1", "3.44.0-rc.2", "3.44.0", "3.45.0-rc.2", "3.45.0-rc.3", "3.45.0", "3.46.0-rc.1", "3.46.0", "3.47.0", "3.48.0-rc.1", "3.48.0", "3.49.0-rc.1", "3.49.0-rc.2", "3.49.0", "3.50.0", "3.51.0-rc.1", "3.51.0", "3.52.0-rc.1", "3.52.0-rc.2", "3.52.0", "3.53.0-rc.1", "3.53.0-rc.2", "3.53.0", "3.54.0-rc.1", "3.54.0", "3.55.0-rc.1", "3.55.0", "3.56.0", "3.57.0", "3.58.0-rc.1", "3.58.0-rc.2", "3.58.0", "3.58.1", "3.59.0-rc.1", "3.59.0-rc.2", "3.59.0", "3.59.1", "3.60.0-rc.1", "3.60.0-rc.2", "3.60.0", "3.61.0-rc.1", "3.61.0", "3.62.0-rc.1", "3.62.0-rc.2", "3.62.0", "3.63.0-rc.2", "3.63.0", "3.64.0-rc.1", "3.64.0-rc.2", "3.64.0-rc.3", "3.64.0-rc.4", "3.64.0", "3.64.1", "3.64.2", "3.65.0-rc.1", "3.65.0", "3.66.0-rc.1", "3.66.0", "3.67.0-rc.1", "3.67.0-rc.2", "3.67.0", "3.68.0-rc.1", "3.68.0-rc.2", "3.68.0-rc.3", "3.68.0"]
Secure versions: [3.105.1, 3.106.0-rc.1, 3.106.0, 3.107.0, 3.108.0-rc.0, 3.108.0, 3.109.0-rc.0, 3.109.0, 3.110.0-rc.1, 3.110.0, 3.111.0, 3.112.0-rc.0, 3.112.0, 3.113.0, 3.114.0-rc.0, 3.114.0]
Recommendation: Update to version 3.114.0.

Matrix SDK for React's URL preview setting for a room is controllable by the homeserver

Published date: 2024-08-06T14:12:45Z
CVE: CVE-2024-42347
Links:

Impact

A malicious homeserver could manipulate a user's account data to cause the client to enable URL previews in end-to-end encrypted rooms, in which case any URLs in encrypted messages would be sent to the server.

Even if the CVSS score would be 4.1 (AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N) the maintainer classifies this as High severity issue.

Patches

This was patched in matrix-react-sdk 3.105.1.

Workarounds

Deployments that trust their homeservers, as well as closed federations of trusted servers, are not affected.

References

N/A.

Affected versions: ["0.0.1", "0.0.2", "0.1.0", "0.2.0", "0.3.0", "0.3.1", "0.4.0", "0.5.0", "0.5.1", "0.5.2", "0.6.0", "0.6.1", "0.6.2", "0.6.3", "0.6.4", "0.6.4-r1", "0.6.5", "0.6.5-r1", "0.6.5-r2", "0.6.5-r3", "0.7.1", "0.7.2", "0.7.3", "0.7.4", "0.7.5-rc.1", "0.7.5", "0.8.0", "0.8.1-rc.1", "0.8.1-rc.2", "0.8.1", "0.8.2", "0.8.3", "0.8.3-electron", "0.8.4", "0.8.5-rc.1", "0.8.5", "0.8.6-rc.1", "0.8.6-rc.2", "0.8.6-rc.3", "0.8.6", "0.8.7-rc.1", "0.8.7-rc.2", "0.8.7-rc.3", "0.8.7-rc.4", "0.8.7", "0.8.8-rc.1", "0.8.8-rc.2", "0.8.8", "0.8.9-rc.1", "0.8.9", "0.9.0-rc.1", "0.9.0-rc.2", "0.9.0", "0.9.1", "0.9.2", "0.9.3-rc.1", "0.9.3-rc.2", "0.9.3", "0.9.4", "0.9.5-rc.1", "0.9.5-rc.2", "0.9.5", "0.9.6", "0.9.7", "0.10.0-rc.1", "0.10.0-rc.2", "0.10.1-rc.1", "0.10.1", "0.10.2", "0.10.3-rc.1", "0.10.3-rc.2", "0.10.3", "0.10.4-rc.1", "0.10.4", "0.10.5", "0.10.6", "0.10.7-rc.1", "0.10.7-rc.2", "0.10.7-rc.3", "0.10.7", "0.11.0-rc.1", "0.11.0-rc.2", "0.11.0-rc.3", "0.11.0", "0.11.1", "0.11.2", "0.11.3", "0.11.4", "0.12.0-rc.1", "0.12.0-rc.2", "0.12.0-rc.3", "0.12.0-rc.4", "0.11.4-cryptowarning.1", "0.11.4-cryptowarning.2", "0.12.0-rc.5", "0.12.0-rc.6", "0.12.0-rc.7", "0.12.0", "0.12.1", "0.12.2", "0.12.3-rc.1", "0.12.3-rc.2", "0.12.3-rc.3", "0.12.3", "0.12.4-rc.1", "0.12.4-rc.2", "0.12.4-rc.3", "0.12.4-rc.4", "0.12.4-rc.5", "0.12.4-rc.6", "0.12.4", "0.12.5", "0.12.6-rc.1", "0.12.6", "0.12.7-rc.1", "0.12.7", "0.12.8-rc.1", "0.12.8-rc.2", "0.12.8", "0.12.9-rc.1", "0.12.9-rc.2", "0.12.9", "0.13.0-rc.1", "0.13.0-rc.2", "0.13.0", "0.13.1-rc.1", "0.13.1", "0.13.2", "0.13.3-rc.1", "0.13.3-rc.2", "0.13.3", "0.13.4-rc.1", "0.13.4", "0.13.5-rc.1", "0.13.5", "0.13.6", "0.14.0-rc.1", "0.14.0", "0.14.1", "0.14.2-rc.1", "0.14.2", "0.14.3", "0.14.4", "0.14.5-rc.1", "0.14.5-rc.2", "0.14.5", "0.14.6", "0.14.7-rc.1", "0.14.7-rc.2", "0.14.7", "0.14.8-rc.1", "0.14.8", "1.0.0-rc.1", "1.0.0-rc.2", "1.0.0", "1.0.1", "1.0.2-rc.1", "1.0.2-rc.2", "1.0.2-rc.3", "1.0.2-rc.4", "1.0.2", "1.0.3", "1.0.4-rc.1", "1.0.4", "1.0.5", "1.0.6-rc.1", "1.0.6", "1.0.7", "1.1.0-rc.1", "1.1.0", "1.1.1", "1.1.2", "1.2.0-rc.1", "1.2.0", "1.2.1", "1.2.2-rc.1", "1.2.2-rc.2", "1.2.2", "1.3.0-rc.1", "1.3.0", "1.3.1", "1.4.0-rc.1", "1.4.0-rc.2", "1.4.0-rc.3", "1.4.0", "1.5.0-rc.1", "1.5.0", "1.5.1", "1.5.2-rc.1", "1.5.2", "1.5.3-rc.1", "1.5.3-rc.2", "1.5.3-rc.3", "1.5.3", "1.6.0-rc.1", "1.6.0-rc.2", "1.6.0", "1.6.1", "1.6.2-rc.1", "1.6.2", "1.7.0-rc.1", "1.7.0", "1.7.1-rc.1", "1.7.1-rc.2", "1.7.1", "1.7.2", "1.7.3-rc.1", "1.7.3-rc.2", "1.7.3", "1.7.4", "1.7.5-rc.1", "1.7.5", "1.7.6-rc.1", "1.7.6-rc.2", "1.7.6", "2.0.0-rc.2", "2.0.0", "2.1.0-rc.1", "2.1.0-rc.2", "2.1.0", "2.1.1", "2.2.0-rc.1", "2.2.0", "2.2.1", "2.2.2", "2.2.3-rc.1", "2.2.3", "2.3.0-rc.1", "2.3.0", "2.3.1", "2.4.0-rc.1", "2.5.0-rc.1", "2.5.0-rc.2", "2.5.0-rc.3", "2.5.0-rc.4", "2.5.0-rc.5", "2.5.0-rc.6", "2.5.0", "2.6.0-rc.1", "2.6.0", "2.6.1", "2.7.0-rc.1", "2.7.0-rc.2", "2.7.0", "2.7.1", "2.7.2", "2.8.0-rc.1", "2.8.0", "2.8.1", "2.9.0-rc.1", "2.9.0", "2.10.0", "2.10.1", "3.0.0", "3.1.0-rc.1", "3.1.0", "3.2.0-rc.1", "3.2.0", "3.3.0-rc.1", "3.3.0", "3.4.0-rc.1", "3.4.0", "3.4.1", "3.5.0-rc.1", "3.5.0", "3.6.0-rc.1", "3.6.0", "3.6.1", "3.7.0-rc.1", "3.7.0-rc.2", "3.7.0", "3.7.1", "3.8.0-rc.1", "3.8.0", "3.9.0-rc.1", "3.9.0", "3.10.0-rc.1", "3.10.0", "3.11.0-rc.1", "3.11.0-rc.2", "3.11.0", "3.11.1", "3.12.0-rc.1", "3.12.0", "3.12.1", "3.13.0-rc.1", "3.13.0", "3.13.1", "3.14.0-rc.1", "3.14.0", "3.15.0-rc.1", "3.15.0", "3.16.0-rc.1", "3.16.0-rc.2", "3.16.0", "3.17.0-rc.1", "3.17.0", "3.18.0-rc.1", "3.18.0", "3.19.0-rc.1", "3.19.0", "3.20.0-rc.1", "3.20.0", "3.21.0-rc.1", "3.21.0", "3.22.0-rc.1", "3.22.0", "3.23.0-rc.1", "3.23.0", "3.24.0-rc.1", "3.24.0", "3.25.0-rc.1", "3.25.0", "3.26.0-rc.1", "3.26.0", "3.27.0-rc.1", "3.27.0", "3.28.0-rc.1", "3.28.0", "3.28.1", "3.29.0-rc.1", "3.29.0-rc.2", "3.29.0-rc.3", "3.29.0", "3.30.0-rc.1", "3.30.0-rc.2", "3.29.1", "3.30.0", "3.31.0-rc.1", "3.31.0-rc.2", "3.31.0", "3.32.0-rc.1", "3.32.0-rc.2", "3.32.0", "3.32.1", "3.33.0-rc.1", "3.33.0-rc.2", "3.33.0", "3.34.0-rc.1", "3.34.0", "3.35.0-rc.1", "3.35.1", "3.36.0-rc.1", "3.36.0", "3.36.1", "3.37.0-rc.1", "3.37.0", "3.38.0-rc.1", "3.38.0", "3.39.0-rc.1", "3.39.0-rc.2", "3.39.0", "3.39.1", "3.40.0-rc.1", "3.40.0-rc.2", "3.40.0", "3.40.1", "3.41.0-rc.1", "3.41.0", "3.41.1", "3.42.0-rc.1", "3.42.0", "3.42.1-rc.1", "3.42.1", "3.42.2-rc.1", "3.42.2-rc.2", "3.42.2-rc.3", "3.42.2-rc.4", "3.42.3", "3.42.4", "3.43.0-rc.1", "3.43.0", "3.44.0-rc.1", "3.44.0-rc.2", "3.44.0", "3.45.0-rc.2", "3.45.0-rc.3", "3.45.0", "3.46.0-rc.1", "3.46.0", "3.47.0", "3.48.0-rc.1", "3.48.0", "3.49.0-rc.1", "3.49.0-rc.2", "3.49.0", "3.50.0", "3.51.0-rc.1", "3.51.0", "3.52.0-rc.1", "3.52.0-rc.2", "3.52.0", "3.53.0-rc.1", "3.53.0-rc.2", "3.53.0", "3.54.0-rc.1", "3.54.0", "3.55.0-rc.1", "3.55.0", "3.56.0", "3.57.0", "3.58.0-rc.1", "3.58.0-rc.2", "3.58.0", "3.58.1", "3.59.0-rc.1", "3.59.0-rc.2", "3.59.0", "3.59.1", "3.60.0-rc.1", "3.60.0-rc.2", "3.60.0", "3.61.0-rc.1", "3.61.0", "3.62.0-rc.1", "3.62.0-rc.2", "3.62.0", "3.63.0-rc.2", "3.63.0", "3.64.0-rc.1", "3.64.0-rc.2", "3.64.0-rc.3", "3.64.0-rc.4", "3.64.0", "3.64.1", "3.64.2", "3.65.0-rc.1", "3.65.0", "3.66.0-rc.1", "3.66.0", "3.67.0-rc.1", "3.67.0-rc.2", "3.67.0", "3.68.0-rc.1", "3.68.0-rc.2", "3.68.0-rc.3", "3.68.0", "3.69.0", "3.69.1", "3.70.0-rc.1", "3.70.0", "3.71.0-rc.1", "3.71.0", "3.71.1", "3.72.0-rc.1", "3.72.0-rc.2", "3.72.0", "3.73.0-rc.1", "3.73.0-rc.2", "3.73.0-rc.3", "3.73.0", "3.73.1", "3.74.0-rc1", "3.74.0", "3.75.0-rc.1", "3.75.0", "3.76.0-rc.1", "3.76.0-rc.2", "3.76.0", "3.77.0-rc.1", "3.77.0", "3.77.1", "3.78.0-rc.1", "3.78.0", "3.79.0-rc.2", "3.79.0", "3.80.0-rc.1", "3.80.0-rc.2", "3.80.0", "3.80.1", "3.81.0-rc.1", "3.81.0", "3.81.1", "3.82.0-rc.1", "3.82.0", "3.83.0-rc.1", "3.83.0", "3.84.0-rc.1", "3.84.0", "3.84.1", "3.85.0-rc.0", "3.85.0-rc.1", "3.85.0", "3.86.0-rc.2", "3.86.0", "3.87.0-rc.0", "3.87.0", "3.88.0", "3.89.0-rc.0", "3.89.0", "3.90.0", "3.91.0-rc.0", "3.91.0-rc.1", "3.91.0", "3.92.0-rc.0", "3.92.0-rc.1", "3.92.0", "3.93.0-rc.0", "3.93.0", "3.94.0-rc.0", "3.94.0", "3.95.0-rc.0", "3.95.0", "3.96.0-rc.0", "3.96.0", "3.96.1", "3.97.0-rc.0", "3.97.0", "3.98.0-rc.0", "3.98.0", "3.99.0-rc.0", "3.99.0-rc.1", "3.99.0", "3.100.0-rc.0", "3.100.0-rc.1", "3.100.0", "3.101.0-rc.0", "3.101.0-rc.1", "3.101.0", "3.102.0-rc.0", "3.102.0-rc.1", "3.102.0", "3.103.0-rc.1", "3.103.0", "3.104.0-rc.0", "3.104.0-rc.1", "3.104.0"]
Secure versions: [3.105.1, 3.106.0-rc.1, 3.106.0, 3.107.0, 3.108.0-rc.0, 3.108.0, 3.109.0-rc.0, 3.109.0, 3.110.0-rc.1, 3.110.0, 3.111.0, 3.112.0-rc.0, 3.112.0, 3.113.0, 3.114.0-rc.0, 3.114.0]
Recommendation: Update to version 3.114.0.

Malicious homeservers can steal message keys when the matrix-react-sdk user invites another user to a room

Published date: 2024-10-15T18:11:51Z
CVE: CVE-2024-47824
Links:

Impact

matrix-react-sdk before 3.102.0 allows a malicious homeserver to potentially steal message keys for a room when a user invites another user to that room, via injection of a malicious device controlled by the homeserver. This is possible because matrix-react-sdk before 3.102.0 shared historical message keys on invite.

Patches

matrix-react-sdk 3.102.0 disables sharing message keys on invite by removing calls to the vulnerable functionality.

Workarounds

None.

References

The vulnerability in matrix-react-sdk is caused by calling MatrixClient.sendSharedHistoryKeys in matrix-js-sdk, which is inherently vulnerable to this sort of attack. This matrix-js-sdk vulnerability is tracked as CVE-2024-47080 / GHSA-4jf8-g8wp-cx7c. Given that this functionality is not specific to sharing message keys on invite, is optional, has to be explicitly called by the caller and has been independently patched in matrix-react-sdk by removing the offending calls, we believe it is proper to treat the matrix-react-sdk vulnerability as a separate one, with its own advisory and CVE.

The matrix-org/matrix-react-sdk repository has recently been archived and the project was moved to element-hq/matrix-react-sdk. Given that this happened after the first patched release, no releases of the project on element-hq/matrix-react-sdk were ever vulnerable to this vulnerability.

Patching pull request: https://github.com/matrix-org/matrix-react-sdk/pull/12618.

For more information

If you have any questions or comments about this advisory, please email us at security at security at matrix.org.

Affected versions: ["3.18.0", "3.19.0-rc.1", "3.19.0", "3.20.0-rc.1", "3.20.0", "3.21.0-rc.1", "3.21.0", "3.22.0-rc.1", "3.22.0", "3.23.0-rc.1", "3.23.0", "3.24.0-rc.1", "3.24.0", "3.25.0-rc.1", "3.25.0", "3.26.0-rc.1", "3.26.0", "3.27.0-rc.1", "3.27.0", "3.28.0-rc.1", "3.28.0", "3.28.1", "3.29.0-rc.1", "3.29.0-rc.2", "3.29.0-rc.3", "3.29.0", "3.30.0-rc.1", "3.30.0-rc.2", "3.29.1", "3.30.0", "3.31.0-rc.1", "3.31.0-rc.2", "3.31.0", "3.32.0-rc.1", "3.32.0-rc.2", "3.32.0", "3.32.1", "3.33.0-rc.1", "3.33.0-rc.2", "3.33.0", "3.34.0-rc.1", "3.34.0", "3.35.0-rc.1", "3.35.1", "3.36.0-rc.1", "3.36.0", "3.36.1", "3.37.0-rc.1", "3.37.0", "3.38.0-rc.1", "3.38.0", "3.39.0-rc.1", "3.39.0-rc.2", "3.39.0", "3.39.1", "3.40.0-rc.1", "3.40.0-rc.2", "3.40.0", "3.40.1", "3.41.0-rc.1", "3.41.0", "3.41.1", "3.42.0-rc.1", "3.42.0", "3.42.1-rc.1", "3.42.1", "3.42.2-rc.1", "3.42.2-rc.2", "3.42.2-rc.3", "3.42.2-rc.4", "3.42.3", "3.42.4", "3.43.0-rc.1", "3.43.0", "3.44.0-rc.1", "3.44.0-rc.2", "3.44.0", "3.45.0-rc.2", "3.45.0-rc.3", "3.45.0", "3.46.0-rc.1", "3.46.0", "3.47.0", "3.48.0-rc.1", "3.48.0", "3.49.0-rc.1", "3.49.0-rc.2", "3.49.0", "3.50.0", "3.51.0-rc.1", "3.51.0", "3.52.0-rc.1", "3.52.0-rc.2", "3.52.0", "3.53.0-rc.1", "3.53.0-rc.2", "3.53.0", "3.54.0-rc.1", "3.54.0", "3.55.0-rc.1", "3.55.0", "3.56.0", "3.57.0", "3.58.0-rc.1", "3.58.0-rc.2", "3.58.0", "3.58.1", "3.59.0-rc.1", "3.59.0-rc.2", "3.59.0", "3.59.1", "3.60.0-rc.1", "3.60.0-rc.2", "3.60.0", "3.61.0-rc.1", "3.61.0", "3.62.0-rc.1", "3.62.0-rc.2", "3.62.0", "3.63.0-rc.2", "3.63.0", "3.64.0-rc.1", "3.64.0-rc.2", "3.64.0-rc.3", "3.64.0-rc.4", "3.64.0", "3.64.1", "3.64.2", "3.65.0-rc.1", "3.65.0", "3.66.0-rc.1", "3.66.0", "3.67.0-rc.1", "3.67.0-rc.2", "3.67.0", "3.68.0-rc.1", "3.68.0-rc.2", "3.68.0-rc.3", "3.68.0", "3.69.0", "3.69.1", "3.70.0-rc.1", "3.70.0", "3.71.0-rc.1", "3.71.0", "3.71.1", "3.72.0-rc.1", "3.72.0-rc.2", "3.72.0", "3.73.0-rc.1", "3.73.0-rc.2", "3.73.0-rc.3", "3.73.0", "3.73.1", "3.74.0-rc1", "3.74.0", "3.75.0-rc.1", "3.75.0", "3.76.0-rc.1", "3.76.0-rc.2", "3.76.0", "3.77.0-rc.1", "3.77.0", "3.77.1", "3.78.0-rc.1", "3.78.0", "3.79.0-rc.2", "3.79.0", "3.80.0-rc.1", "3.80.0-rc.2", "3.80.0", "3.80.1", "3.81.0-rc.1", "3.81.0", "3.81.1", "3.82.0-rc.1", "3.82.0", "3.83.0-rc.1", "3.83.0", "3.84.0-rc.1", "3.84.0", "3.84.1", "3.85.0-rc.0", "3.85.0-rc.1", "3.85.0", "3.86.0-rc.2", "3.86.0", "3.87.0-rc.0", "3.87.0", "3.88.0", "3.89.0-rc.0", "3.89.0", "3.90.0", "3.91.0-rc.0", "3.91.0-rc.1", "3.91.0", "3.92.0-rc.0", "3.92.0-rc.1", "3.92.0", "3.93.0-rc.0", "3.93.0", "3.94.0-rc.0", "3.94.0", "3.95.0-rc.0", "3.95.0", "3.96.0-rc.0", "3.96.0", "3.96.1", "3.97.0-rc.0", "3.97.0", "3.98.0-rc.0", "3.98.0", "3.99.0-rc.0", "3.99.0-rc.1", "3.99.0", "3.100.0-rc.0", "3.100.0-rc.1", "3.100.0", "3.101.0-rc.0", "3.101.0-rc.1", "3.101.0", "3.102.0-rc.0", "3.102.0-rc.1"]
Secure versions: [3.105.1, 3.106.0-rc.1, 3.106.0, 3.107.0, 3.108.0-rc.0, 3.108.0, 3.109.0-rc.0, 3.109.0, 3.110.0-rc.1, 3.110.0, 3.111.0, 3.112.0-rc.0, 3.112.0, 3.113.0, 3.114.0-rc.0, 3.114.0]
Recommendation: Update to version 3.114.0.

HTML injection in search results via plaintext message highlighting

Published date: 2023-04-25T19:48:11Z
CVE: CVE-2023-30609
Links:

Impact

Plain text messages containing HTML tags are rendered as HTML in the search results. To exploit this, an attacker needs to trick a user into searching for a specific message containing an HTML injection payload.

Cross-site scripting is possible by including resources from recaptcha.net and gstatic.com which are included in the default CSP.

Thanks to Cadence Ember for finding the injection and to S1m for finding possible XSS vectors.

Patches

Version 3.71.0 of the SDK fixes the issue.

Workarounds

Restarting the client will clear the injection.

Affected versions: ["0.0.1", "0.0.2", "0.1.0", "0.2.0", "0.3.0", "0.3.1", "0.4.0", "0.5.0", "0.5.1", "0.5.2", "0.6.0", "0.6.1", "0.6.2", "0.6.3", "0.6.4", "0.6.4-r1", "0.6.5", "0.6.5-r1", "0.6.5-r2", "0.6.5-r3", "0.7.1", "0.7.2", "0.7.3", "0.7.4", "0.7.5-rc.1", "0.7.5", "0.8.0", "0.8.1-rc.1", "0.8.1-rc.2", "0.8.1", "0.8.2", "0.8.3", "0.8.3-electron", "0.8.4", "0.8.5-rc.1", "0.8.5", "0.8.6-rc.1", "0.8.6-rc.2", "0.8.6-rc.3", "0.8.6", "0.8.7-rc.1", "0.8.7-rc.2", "0.8.7-rc.3", "0.8.7-rc.4", "0.8.7", "0.8.8-rc.1", "0.8.8-rc.2", "0.8.8", "0.8.9-rc.1", "0.8.9", "0.9.0-rc.1", "0.9.0-rc.2", "0.9.0", "0.9.1", "0.9.2", "0.9.3-rc.1", "0.9.3-rc.2", "0.9.3", "0.9.4", "0.9.5-rc.1", "0.9.5-rc.2", "0.9.5", "0.9.6", "0.9.7", "0.10.0-rc.1", "0.10.0-rc.2", "0.10.1-rc.1", "0.10.1", "0.10.2", "0.10.3-rc.1", "0.10.3-rc.2", "0.10.3", "0.10.4-rc.1", "0.10.4", "0.10.5", "0.10.6", "0.10.7-rc.1", "0.10.7-rc.2", "0.10.7-rc.3", "0.10.7", "0.11.0-rc.1", "0.11.0-rc.2", "0.11.0-rc.3", "0.11.0", "0.11.1", "0.11.2", "0.11.3", "0.11.4", "0.12.0-rc.1", "0.12.0-rc.2", "0.12.0-rc.3", "0.12.0-rc.4", "0.11.4-cryptowarning.1", "0.11.4-cryptowarning.2", "0.12.0-rc.5", "0.12.0-rc.6", "0.12.0-rc.7", "0.12.0", "0.12.1", "0.12.2", "0.12.3-rc.1", "0.12.3-rc.2", "0.12.3-rc.3", "0.12.3", "0.12.4-rc.1", "0.12.4-rc.2", "0.12.4-rc.3", "0.12.4-rc.4", "0.12.4-rc.5", "0.12.4-rc.6", "0.12.4", "0.12.5", "0.12.6-rc.1", "0.12.6", "0.12.7-rc.1", "0.12.7", "0.12.8-rc.1", "0.12.8-rc.2", "0.12.8", "0.12.9-rc.1", "0.12.9-rc.2", "0.12.9", "0.13.0-rc.1", "0.13.0-rc.2", "0.13.0", "0.13.1-rc.1", "0.13.1", "0.13.2", "0.13.3-rc.1", "0.13.3-rc.2", "0.13.3", "0.13.4-rc.1", "0.13.4", "0.13.5-rc.1", "0.13.5", "0.13.6", "0.14.0-rc.1", "0.14.0", "0.14.1", "0.14.2-rc.1", "0.14.2", "0.14.3", "0.14.4", "0.14.5-rc.1", "0.14.5-rc.2", "0.14.5", "0.14.6", "0.14.7-rc.1", "0.14.7-rc.2", "0.14.7", "0.14.8-rc.1", "0.14.8", "1.0.0-rc.1", "1.0.0-rc.2", "1.0.0", "1.0.1", "1.0.2-rc.1", "1.0.2-rc.2", "1.0.2-rc.3", "1.0.2-rc.4", "1.0.2", "1.0.3", "1.0.4-rc.1", "1.0.4", "1.0.5", "1.0.6-rc.1", "1.0.6", "1.0.7", "1.1.0-rc.1", "1.1.0", "1.1.1", "1.1.2", "1.2.0-rc.1", "1.2.0", "1.2.1", "1.2.2-rc.1", "1.2.2-rc.2", "1.2.2", "1.3.0-rc.1", "1.3.0", "1.3.1", "1.4.0-rc.1", "1.4.0-rc.2", "1.4.0-rc.3", "1.4.0", "1.5.0-rc.1", "1.5.0", "1.5.1", "1.5.2-rc.1", "1.5.2", "1.5.3-rc.1", "1.5.3-rc.2", "1.5.3-rc.3", "1.5.3", "1.6.0-rc.1", "1.6.0-rc.2", "1.6.0", "1.6.1", "1.6.2-rc.1", "1.6.2", "1.7.0-rc.1", "1.7.0", "1.7.1-rc.1", "1.7.1-rc.2", "1.7.1", "1.7.2", "1.7.3-rc.1", "1.7.3-rc.2", "1.7.3", "1.7.4", "1.7.5-rc.1", "1.7.5", "1.7.6-rc.1", "1.7.6-rc.2", "1.7.6", "2.0.0-rc.2", "2.0.0", "2.1.0-rc.1", "2.1.0-rc.2", "2.1.0", "2.1.1", "2.2.0-rc.1", "2.2.0", "2.2.1", "2.2.2", "2.2.3-rc.1", "2.2.3", "2.3.0-rc.1", "2.3.0", "2.3.1", "2.4.0-rc.1", "2.5.0-rc.1", "2.5.0-rc.2", "2.5.0-rc.3", "2.5.0-rc.4", "2.5.0-rc.5", "2.5.0-rc.6", "2.5.0", "2.6.0-rc.1", "2.6.0", "2.6.1", "2.7.0-rc.1", "2.7.0-rc.2", "2.7.0", "2.7.1", "2.7.2", "2.8.0-rc.1", "2.8.0", "2.8.1", "2.9.0-rc.1", "2.9.0", "2.10.0", "2.10.1", "3.0.0", "3.1.0-rc.1", "3.1.0", "3.2.0-rc.1", "3.2.0", "3.3.0-rc.1", "3.3.0", "3.4.0-rc.1", "3.4.0", "3.4.1", "3.5.0-rc.1", "3.5.0", "3.6.0-rc.1", "3.6.0", "3.6.1", "3.7.0-rc.1", "3.7.0-rc.2", "3.7.0", "3.7.1", "3.8.0-rc.1", "3.8.0", "3.9.0-rc.1", "3.9.0", "3.10.0-rc.1", "3.10.0", "3.11.0-rc.1", "3.11.0-rc.2", "3.11.0", "3.11.1", "3.12.0-rc.1", "3.12.0", "3.12.1", "3.13.0-rc.1", "3.13.0", "3.13.1", "3.14.0-rc.1", "3.14.0", "3.15.0-rc.1", "3.15.0", "3.16.0-rc.1", "3.16.0-rc.2", "3.16.0", "3.17.0-rc.1", "3.17.0", "3.18.0-rc.1", "3.18.0", "3.19.0-rc.1", "3.19.0", "3.20.0-rc.1", "3.20.0", "3.21.0-rc.1", "3.21.0", "3.22.0-rc.1", "3.22.0", "3.23.0-rc.1", "3.23.0", "3.24.0-rc.1", "3.24.0", "3.25.0-rc.1", "3.25.0", "3.26.0-rc.1", "3.26.0", "3.27.0-rc.1", "3.27.0", "3.28.0-rc.1", "3.28.0", "3.28.1", "3.29.0-rc.1", "3.29.0-rc.2", "3.29.0-rc.3", "3.29.0", "3.30.0-rc.1", "3.30.0-rc.2", "3.29.1", "3.30.0", "3.31.0-rc.1", "3.31.0-rc.2", "3.31.0", "3.32.0-rc.1", "3.32.0-rc.2", "3.32.0", "3.32.1", "3.33.0-rc.1", "3.33.0-rc.2", "3.33.0", "3.34.0-rc.1", "3.34.0", "3.35.0-rc.1", "3.35.1", "3.36.0-rc.1", "3.36.0", "3.36.1", "3.37.0-rc.1", "3.37.0", "3.38.0-rc.1", "3.38.0", "3.39.0-rc.1", "3.39.0-rc.2", "3.39.0", "3.39.1", "3.40.0-rc.1", "3.40.0-rc.2", "3.40.0", "3.40.1", "3.41.0-rc.1", "3.41.0", "3.41.1", "3.42.0-rc.1", "3.42.0", "3.42.1-rc.1", "3.42.1", "3.42.2-rc.1", "3.42.2-rc.2", "3.42.2-rc.3", "3.42.2-rc.4", "3.42.3", "3.42.4", "3.43.0-rc.1", "3.43.0", "3.44.0-rc.1", "3.44.0-rc.2", "3.44.0", "3.45.0-rc.2", "3.45.0-rc.3", "3.45.0", "3.46.0-rc.1", "3.46.0", "3.47.0", "3.48.0-rc.1", "3.48.0", "3.49.0-rc.1", "3.49.0-rc.2", "3.49.0", "3.50.0", "3.51.0-rc.1", "3.51.0", "3.52.0-rc.1", "3.52.0-rc.2", "3.52.0", "3.53.0-rc.1", "3.53.0-rc.2", "3.53.0", "3.54.0-rc.1", "3.54.0", "3.55.0-rc.1", "3.55.0", "3.56.0", "3.57.0", "3.58.0-rc.1", "3.58.0-rc.2", "3.58.0", "3.58.1", "3.59.0-rc.1", "3.59.0-rc.2", "3.59.0", "3.59.1", "3.60.0-rc.1", "3.60.0-rc.2", "3.60.0", "3.61.0-rc.1", "3.61.0", "3.62.0-rc.1", "3.62.0-rc.2", "3.62.0", "3.63.0-rc.2", "3.63.0", "3.64.0-rc.1", "3.64.0-rc.2", "3.64.0-rc.3", "3.64.0-rc.4", "3.64.0", "3.64.1", "3.64.2", "3.65.0-rc.1", "3.65.0", "3.66.0-rc.1", "3.66.0", "3.67.0-rc.1", "3.67.0-rc.2", "3.67.0", "3.68.0-rc.1", "3.68.0-rc.2", "3.68.0-rc.3", "3.68.0", "3.69.0", "3.69.1", "3.70.0-rc.1", "3.70.0", "3.71.0-rc.1"]
Secure versions: [3.105.1, 3.106.0-rc.1, 3.106.0, 3.107.0, 3.108.0-rc.0, 3.108.0, 3.109.0-rc.0, 3.109.0, 3.110.0-rc.1, 3.110.0, 3.111.0, 3.112.0-rc.0, 3.112.0, 3.113.0, 3.114.0-rc.0, 3.114.0]
Recommendation: Update to version 3.114.0.

543 Other Versions

Version License Security Released
3.36.0-rc.1 Apache-2.0 6 2021-11-30 - 18:23 almost 3 years
3.35.1 Apache-2.0 6 2021-11-22 - 14:27 almost 3 years
3.35.0-rc.1 Apache-2.0 6 2021-11-17 - 14:08 almost 3 years
3.34.0 Apache-2.0 6 2021-11-08 - 17:45 about 3 years
3.34.0-rc.1 Apache-2.0 6 2021-11-02 - 14:20 about 3 years
3.33.0 Apache-2.0 6 2021-10-25 - 10:31 about 3 years
3.33.0-rc.2 Apache-2.0 6 2021-10-20 - 07:41 about 3 years
3.33.0-rc.1 Apache-2.0 6 2021-10-19 - 10:00 about 3 years
3.32.1 Apache-2.0 6 2021-10-12 - 07:44 about 3 years
3.32.0 Apache-2.0 6 2021-10-11 - 10:58 about 3 years
3.32.0-rc.2 Apache-2.0 5 2021-10-08 - 07:34 about 3 years
3.32.0-rc.1 Apache-2.0 5 2021-10-04 - 11:05 about 3 years
3.31.0 Apache-2.0 5 2021-09-27 - 13:33 about 3 years
3.31.0-rc.2 Apache-2.0 5 2021-09-22 - 13:36 about 3 years
3.31.0-rc.1 Apache-2.0 5 2021-09-21 - 08:43 about 3 years
3.30.0 Apache-2.0 5 2021-09-14 - 14:57 about 3 years
3.30.0-rc.2 Apache-2.0 5 2021-09-09 - 17:30 about 3 years
3.30.0-rc.1 Apache-2.0 5 2021-09-07 - 18:02 about 3 years
3.29.1 Apache-2.0 5 2021-09-13 - 11:58 about 3 years
3.29.0 Apache-2.0 5 2021-08-31 - 12:54 about 3 years
3.29.0-rc.3 Apache-2.0 5 2021-08-26 - 13:20 about 3 years
3.29.0-rc.2 Apache-2.0 5 2021-08-25 - 10:47 about 3 years
3.29.0-rc.1 Apache-2.0 5 2021-08-24 - 16:55 about 3 years
3.28.1 Apache-2.0 5 2021-08-17 - 08:41 about 3 years
3.28.0 Apache-2.0 5 2021-08-16 - 13:48 about 3 years
3.28.0-rc.1 Apache-2.0 5 2021-08-11 - 15:03 over 3 years
3.27.0 Apache-2.0 5 2021-08-02 - 12:07 over 3 years
3.27.0-rc.1 Apache-2.0 5 2021-07-27 - 15:03 over 3 years
3.26.0 Apache-2.0 5 2021-07-19 - 15:10 over 3 years
3.26.0-rc.1 Apache-2.0 5 2021-07-14 - 16:11 over 3 years
3.25.0 Apache-2.0 5 2021-07-05 - 14:30 over 3 years
3.25.0-rc.1 Apache-2.0 5 2021-06-29 - 13:44 over 3 years
3.24.0 Apache-2.0 5 2021-06-21 - 15:54 over 3 years
3.24.0-rc.1 Apache-2.0 5 2021-06-15 - 15:23 over 3 years
3.23.0 Apache-2.0 5 2021-06-07 - 16:42 over 3 years
3.23.0-rc.1 Apache-2.0 5 2021-06-01 - 15:19 over 3 years
3.22.0 Apache-2.0 5 2021-05-24 - 16:21 over 3 years
3.22.0-rc.1 Apache-2.0 5 2021-05-19 - 13:41 over 3 years
3.21.0 Apache-2.0 5 2021-05-17 - 12:50 over 3 years
3.21.0-rc.1 Apache-2.0 7 2021-05-11 - 15:37 over 3 years
3.20.0 Apache-2.0 7 2021-05-10 - 14:19 over 3 years
3.20.0-rc.1 Apache-2.0 7 2021-05-04 - 14:54 over 3 years
3.19.0 Apache-2.0 7 2021-04-26 - 16:48 over 3 years
3.19.0-rc.1 Apache-2.0 7 2021-04-21 - 15:54 over 3 years
3.18.0 Apache-2.0 7 2021-04-12 - 13:51 over 3 years
3.18.0-rc.1 Apache-2.0 6 2021-04-07 - 12:05 over 3 years
3.17.0 Apache-2.0 6 2021-03-29 - 12:36 over 3 years
3.17.0-rc.1 Apache-2.0 6 2021-03-25 - 12:21 over 3 years
3.16.0 Apache-2.0 6 2021-03-15 - 14:46 over 3 years
3.16.0-rc.2 Apache-2.0 6 2021-03-10 - 18:10 over 3 years
3.16.0-rc.1 Apache-2.0 6 2021-03-10 - 17:32 over 3 years
3.15.0 Apache-2.0 6 2021-03-01 - 13:10 over 3 years
3.15.0-rc.1 Apache-2.0 7 2021-02-24 - 17:33 over 3 years
3.14.0 Apache-2.0 7 2021-02-16 - 11:06 over 3 years
3.14.0-rc.1 Apache-2.0 7 2021-02-10 - 16:52 almost 4 years
3.13.1 Apache-2.0 7 2021-02-04 - 12:05 almost 4 years
3.13.0 Apache-2.0 7 2021-02-03 - 12:08 almost 4 years
3.13.0-rc.1 Apache-2.0 7 2021-01-29 - 17:29 almost 4 years
3.12.1 Apache-2.0 7 2021-01-26 - 12:05 almost 4 years
3.12.0 Apache-2.0 7 2021-01-18 - 15:15 almost 4 years
3.12.0-rc.1 Apache-2.0 7 2021-01-13 - 13:07 almost 4 years
3.11.1 Apache-2.0 7 2020-12-21 - 17:38 almost 4 years
3.11.0 Apache-2.0 7 2020-12-21 - 17:07 almost 4 years
3.11.0-rc.2 Apache-2.0 7 2020-12-16 - 16:28 almost 4 years
3.11.0-rc.1 Apache-2.0 7 2020-12-16 - 14:35 almost 4 years
3.10.0 Apache-2.0 7 2020-12-07 - 12:32 almost 4 years
3.10.0-rc.1 Apache-2.0 7 2020-12-02 - 14:39 almost 4 years
3.9.0 Apache-2.0 7 2020-11-23 - 16:36 almost 4 years
3.9.0-rc.1 Apache-2.0 7 2020-11-18 - 16:28 almost 4 years
3.8.0 Apache-2.0 7 2020-11-09 - 16:32 about 4 years
3.8.0-rc.1 Apache-2.0 7 2020-11-04 - 14:17 about 4 years
3.7.1 Apache-2.0 7 2020-10-28 - 14:26 about 4 years
3.7.0 Apache-2.0 7 2020-10-26 - 16:56 about 4 years
3.7.0-rc.2 Apache-2.0 7 2020-10-21 - 14:22 about 4 years
3.7.0-rc.1 Apache-2.0 7 2020-10-21 - 13:45 about 4 years
3.6.1 Apache-2.0 7 2020-10-20 - 10:24 about 4 years
3.6.0 Apache-2.0 7 2020-10-12 - 12:37 about 4 years
3.6.0-rc.1 Apache-2.0 7 2020-10-07 - 13:31 about 4 years
3.5.0 Apache-2.0 7 2020-09-28 - 15:19 about 4 years
3.5.0-rc.1 Apache-2.0 7 2020-09-23 - 14:33 about 4 years
3.4.1 Apache-2.0 7 2020-09-14 - 14:50 about 4 years
3.4.0 Apache-2.0 7 2020-09-14 - 12:37 about 4 years
3.4.0-rc.1 Apache-2.0 7 2020-09-09 - 14:54 about 4 years
3.3.0 Apache-2.0 7 2020-09-01 - 16:37 about 4 years
3.3.0-rc.1 Apache-2.0 7 2020-08-26 - 11:03 about 4 years
3.2.0 Apache-2.0 7 2020-08-17 - 12:01 about 4 years
3.2.0-rc.1 Apache-2.0 7 2020-08-13 - 11:19 over 4 years
3.1.0 Apache-2.0 7 2020-08-05 - 15:06 over 4 years
3.1.0-rc.1 Apache-2.0 7 2020-07-31 - 12:31 over 4 years
3.0.0 Apache-2.0 7 2020-07-27 - 20:19 over 4 years
2.10.1 Apache-2.0 7 2020-07-16 - 15:10 over 4 years
2.10.0 Apache-2.0 7 2020-07-15 - 10:57 over 4 years
2.9.0 Apache-2.0 7 2020-07-03 - 12:28 over 4 years
2.9.0-rc.1 Apache-2.0 7 2020-07-01 - 13:33 over 4 years
2.8.1 Apache-2.0 7 2020-06-29 - 15:00 over 4 years
2.8.0 Apache-2.0 7 2020-06-23 - 14:07 over 4 years
2.8.0-rc.1 Apache-2.0 7 2020-06-17 - 20:47 over 4 years
2.7.2 Apache-2.0 7 2020-06-16 - 10:36 over 4 years
2.7.1 Apache-2.0 7 2020-06-05 - 14:44 over 4 years
2.7.0 Apache-2.0 7 2020-06-04 - 14:13 over 4 years