IMPORTANT: After the upgrade, all rooms with untrusted users must be upgraded to version 12. You can usually upgrade a room by typing the command below in the room as an administrator. The administrator who executes this command will be considered the creator of the room, so it may be a good idea to do this from a long-term account (not linked to a specific person?).
/upgraderoom 12
Une faille de sécurité importante a été découverte dans Matrix.
Merci de mettre à jour dès lors que vous le pouvez:
IMPORTANT: Après la mise à niveau, tous les salons avec des utilisateurs non fiables doivent être mis à niveau vers la version 12. Vous pouvez généralement mettre à niveau un salon en écrivant la commande ci-dessous dans la salle en tant qu’administrateur. L’administrateur qui exécute cette commande sera considéré comme le créateur de la salle, il peut être intérressant de le faire à partir d’un compte à long terme (non lié à une personne ?).
Thanks for the information. One thing I am not sure about is whether I should upgrade all rooms of my server given that it’s only shared with some friends (some registered to my servers and some from matrix.org) but the rooms are public (for now). Do you think I should upgrade rooms (I would avoid that if possible to not confuse people with new rooms, but it depends on the actual security risks that this represents) or at least make them invite only?
No rush necessary for room upgrades (but you should hurry to upgrade servers), as the implementation details weren’t shared, you can wait for some weeks/a month before upgrading the room.
Upgrading a room means users on old homeserver/clients version won’t be able to join until they upgrade, so you must balance the risk of vulnerability exploit vs the possibility users won’t be able to join if upgraded right now.
The Matrix foundation itself doesn’t plan on upgrading its rooms before september.
Obviously if a room contains sensitive information or if you’re sure everyone in it is on a homeserver/client on the latest version you should upgrade your room asap.
as a quite new matrix (conduit server) user: how do you upgrade a room? i thought that this is a software update - and simply everything is updated once i update conduit (+element)
It depends on your client. Please check this page for more information, as whichever account performs the upgrade will end up with a higher power level (150) than normal (100).
On Element, you can run /upgraderoom 12, while on Cinny there should be a button in the room’s settings. You can even use the server’s API to trigger the upgrade.
A serious vulnerability has been discovered in Matrix and has been fixed.
Une faille de sécurité importante a été découverte dans Matrix.