Reivilibre

**Name of the Vulnerable Software and Affected Versions** Synapse versions prior to 1.94.0 **Description** The issue is related to a malicious server ACL event that can impact performance temporarily or permanently, leading to a persistent denial of service. Homeservers running on a closed federation are not affected. The vulnerability is associated with unregulated resource distribution. **Recommendations** For Synapse versions prior to 1.94.0, upgrade to Synapse 1.94.0 or later. As a temporary workaround, rooms with malicious server ACL events can be purged and blocked using the `admin API`.