A new security vulnerability was found in the matrix-appservice-irc bridge, for which we are releasing 0.35.1 as a fix. If you have the provisioning API enabled, this is potentially exploitable, so we advise you to upgrade immediately.
In case you cannot upgrade at the moment, we advise to update your IRC bridge configuration as a mitigation as follows:
- Change user permissions to prevent untrusted users from issuing !plumb commands.
- Disable provisioning if enabled.
You may revert these configuration changes after patching.