Matrix developers report:
This release fixes a vulnerability with Synapse's URL preview feature. URL previews
of some web pages can lead to unbounded recursion, causing the request to either fail,
or in some cases crash the running Synapse process.
Note that:
- Homeservers with the url_preview_enabled configuration option set to false
(the default value) are unaffected.
- Instances with the enable_media_repo configuration option set to false are
also unaffected, as this also disables the URL preview functionality.