Edit: the vulnerabilities mentioned below were all implementation-dependent; the protocol appears to be fine.
I haven’t been following Matrix development too closely, but last I heard, both the protocol and the reference implementation had serious flaws, including gaping security holes. As in, issues that couldn’t be overcome without a clean-slate redesign. Did they somehow manage to salvage something useable?
Got any more info on what you heard? There were problems in their Olm library (certain vulnerabilities with encryption that could be exploited) and they encouraged projects (servers + clients) to switch to a more secure library. Anything else you are thinking of?
Edit: the vulnerabilities mentioned below were all implementation-dependent; the protocol appears to be fine.
I haven’t been following Matrix development too closely, but last I heard, both the protocol and the reference implementation had serious flaws, including gaping security holes. As in, issues that couldn’t be overcome without a clean-slate redesign. Did they somehow manage to salvage something useable?Got any more info on what you heard? There were problems in their Olm library (certain vulnerabilities with encryption that could be exploited) and they encouraged projects (servers + clients) to switch to a more secure library. Anything else you are thinking of?
Okay, so on further research it looks like the vulnerabilities were all part of that library, and not inherent to the protocol itself.
Thank you for revisiting this. It’s hard to stay up-to-date with all projects and I want to avoid anything with known glaring issues.
Do you have the issue trackers?