Hello,
Please make sure you upgrade Element immediately to address a critical security update.
The update resolves two critical severity vulnerabilities in end-to-end encryption - that were responsibly disclosed by researchers at Royal Holloway University London, University of Sheffield and Brave Software - found in the SDKs which power Element, Beeper, Cinny, SchildiChat, Circuli, Synod.im and any other clients based on matrix-js-sdk, matrix-ios-sdk or matrix-android-sdk2.
The issues are fixed by the upgrade. Neither Element or Matrix have seen any evidence of them being exploited in the wild.
To make sure you are updated, please make sure you are on the following versions:
- Element Web/Desktop 1.11.8 or later
- Element Android 1.5.1 or later
- Element iOS 1.9.7 or later
For the full background on the update, visit the Matrix blog post.
We apologise for the inconvenience, and we’d like to thank the researchers for helping make Element and Matrix safer for everyone.
