Requiring everyone to upgrade their public rooms in three days will be...painful.
matrix.org/blog/2025/07/securi…
Pre-disclosure: Upcoming coordinated security fix for all Matrix server implementations
Matrix, the open protocol for secure decentralised communicationsMatthew Hodgson (matrix.org)
This entry was edited (1 month ago)
The Matrix.org Foundation
in reply to David • • •Histalek
in reply to The Matrix.org Foundation • • •@matrix This would be a useful info to have in the pre-disclosure announcement!
Setting expectations and whatnot, currently the announcement is super vague in that regard ... and reading between the lines could make one believe this to be an exceptionally critical and somewhat required upgrade.
The Matrix.org Foundation
in reply to Histalek • • •Histalek
in reply to The Matrix.org Foundation • • •@matrix You're right. I should have phrased it differently as i didn't mean 'critical' to be understood in a 'CVE severity level' way.
The important part though is about setting expectations. Addressing users/admins/operators about what they can or should do around tuesday.
e.g.
* users want to make sure they are running up-to-date clients
* operators should upgrade their servers, so that:
* room admins can decide to upgrade the room version (or not)
The Matrix.org Foundation
in reply to Histalek • • •Pre-disclosure: Upcoming coordinated security fix for all Matrix server implementations
Matthew Hodgson (matrix.org)Histalek
in reply to The Matrix.org Foundation • • •