Skip to content

v1.6.3
Compare
Choose a tag to compare
@RiotRobot RiotRobot released this 04 Jun 14:37
· 53728 commits to develop since this release
v1.6.3
This tag was signed with the committer’s verified signature. The key has expired.
RiotRobot ElementRobot
GPG key ID: F6151806032026F9
Expired
Learn about vigilant mode.
97f4572

Full Changelog

Security notice

Riot Web 1.6.3 fixes a vulnerability in single sign-on (SSO) deployments where Riot Web could be confused into sending authentication details to an attacker-controlled server. Thanks to Quentin Gliech for responsibly disclosing this via Matrix's Security Disclosure Policy.

All changes

  • Fix login loop where the sso flow returns to #/login to release
    #13915
Assets 5
Loading