From 7fe53eac169dbdb28cab31192fe7dd8579476e47 Mon Sep 17 00:00:00 2001
From: RiotRobot <releases@riot.im>
Date: Tue, 10 Jun 2025 12:02:15 +0000
Subject: [PATCH 1/2] Upgrade dependency to matrix-js-sdk@37.8.0

---
 package.json | 2 +-
 yarn.lock    | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package.json b/package.json
index eb67519293..c3ac726d21 100644
--- a/package.json
+++ b/package.json
@@ -130,7 +130,7 @@
         "maplibre-gl": "^5.0.0",
         "matrix-encrypt-attachment": "^1.0.3",
         "matrix-events-sdk": "0.0.1",
-        "matrix-js-sdk": "37.7.0",
+        "matrix-js-sdk": "37.8.0",
         "matrix-widget-api": "^1.10.0",
         "memoize-one": "^6.0.0",
         "mime": "^4.0.4",
diff --git a/yarn.lock b/yarn.lock
index 1dc9e36eea..7b303650f0 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -9126,10 +9126,10 @@ matrix-events-sdk@0.0.1:
   resolved "https://registry.yarnpkg.com/matrix-events-sdk/-/matrix-events-sdk-0.0.1.tgz#c8c38911e2cb29023b0bbac8d6f32e0de2c957dd"
   integrity sha512-1QEOsXO+bhyCroIe2/A5OwaxHvBm7EsSQ46DEDn8RBIfQwN5HWBpFvyWWR4QY0KHPPnnJdI99wgRiAl7Ad5qaA==
 
-matrix-js-sdk@37.7.0:
-  version "37.7.0"
-  resolved "https://registry.yarnpkg.com/matrix-js-sdk/-/matrix-js-sdk-37.7.0.tgz#8106de841188c0b293f05978eab7043ddfd1b5ef"
-  integrity sha512-Lq4k/pbMwHsjsPHavVkiwyX0eId/XdNzYZlSvynwCTOU8VfN+i7/9fQFK0MqYD/95CgeWSI2o7h1bq1vDAzbYw==
+matrix-js-sdk@37.8.0:
+  version "37.8.0"
+  resolved "https://registry.yarnpkg.com/matrix-js-sdk/-/matrix-js-sdk-37.8.0.tgz#c320380ac9bc414eb16b41d71a3033e8daee679d"
+  integrity sha512-so0ugG0j5ufPbiWUARN4DbRJ91le+0ARrQsn8Z1zl5P84RsiYV3qgt2SJF0aQBjuJCfFA5/Ozcri0W/lHN+0WA==
   dependencies:
     "@babel/runtime" "^7.12.5"
     "@matrix-org/matrix-sdk-crypto-wasm" "^14.2.0"

From eb7359403fdc52a6499e5929d0e91c5733f7a824 Mon Sep 17 00:00:00 2001
From: RiotRobot <releases@riot.im>
Date: Tue, 10 Jun 2025 12:07:31 +0000
Subject: [PATCH 2/2] v1.11.103

---
 CHANGELOG.md | 7 +++++++
 package.json | 2 +-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index ace25bc10f..b3a18c5396 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,10 @@
+Changes in [1.11.103](https://github.com/element-hq/element-web/releases/tag/v1.11.103) (2025-06-10)
+====================================================================================================
+## 🐛 Bug Fixes
+
++ Check the sender of an event matches owner of session, preventing sender spoofing by homeserver owners.
+[13c1d20](https://github.com/matrix-org/matrix-rust-sdk/commit/13c1d2048286bbabf5e7bc6b015aafee98f04d55) (High, [GHSA-x958-rvg6-956w](https://github.com/matrix-org/matrix-rust-sdk/security/advisories/GHSA-x958-rvg6-956w)).
+
 Changes in [1.11.102](https://github.com/element-hq/element-web/releases/tag/v1.11.102) (2025-06-03)
 ====================================================================================================
 ## ✨ Features
diff --git a/package.json b/package.json
index c3ac726d21..ccf9bcb3f9 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
     "name": "element-web",
-    "version": "1.11.102",
+    "version": "1.11.103",
     "description": "Element: the future of secure communication",
     "author": "New Vector Ltd.",
     "repository": {