diff --git a/CHANGES.md b/CHANGES.md
index 5a0988d7cc..df477df4d4 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -1,3 +1,20 @@
+Changes in Element v1.6.12 (2024-02-16)
+=======================================
+
+This update provides important security fixes, please update now.
+
+Security fixes 🔐
+-----------------
+ - Add a check on incoming intent. ([#1506 internal](https://github.com/matrix-org/internal-config/issues/1506))
+ - Store temporary files created for Camera in the media folder. ([#1505 internal](https://github.com/matrix-org/internal-config/issues/1505))
+
+Bugfixes 🐛
+----------
+ - Switch the position and styles of the 'already have an account' and 'create account' buttons in the login splash screen. Also changes the 'already have an account one' to just say 'sign in'. ([#+update-login-splash-screen](https://github.com/element-hq/element-android/issues/+update-login-splash-screen))
+ - Improve `Event.getClearContent()` and fix assignment issue that may help to decrypt last Event in the room list. ([#8744](https://github.com/element-hq/element-android/issues/8744))
+ - Fix issues about location Event avatar rendering. ([#8749](https://github.com/element-hq/element-android/issues/8749))
+
+
Changes in Element v1.6.10 (2024-01-09)
=======================================
diff --git a/changelog.d/+update-login-splash-screen.bugfix b/changelog.d/+update-login-splash-screen.bugfix
deleted file mode 100644
index 1ea90a7eab..0000000000
--- a/changelog.d/+update-login-splash-screen.bugfix
+++ /dev/null
@@ -1 +0,0 @@
-Switch the position and styles of the 'already have an account' and 'create account' buttons in the login splash screen. Also changes the 'already have an account one' to just say 'sign in'.
diff --git a/changelog.d/8744.bugfix b/changelog.d/8744.bugfix
deleted file mode 100644
index 3ce7637059..0000000000
--- a/changelog.d/8744.bugfix
+++ /dev/null
@@ -1 +0,0 @@
-Improve `Event.getClearContent()` and fix assignment issue that may help to decrypt last Event in the room list.
diff --git a/changelog.d/8749.bugfix b/changelog.d/8749.bugfix
deleted file mode 100644
index d9166791bd..0000000000
--- a/changelog.d/8749.bugfix
+++ /dev/null
@@ -1 +0,0 @@
-Fix issues about location Event avatar rendering.
diff --git a/fastlane/metadata/android/en-US/changelogs/40106120.txt b/fastlane/metadata/android/en-US/changelogs/40106120.txt
new file mode 100644
index 0000000000..4b10f5fdc0
--- /dev/null
+++ b/fastlane/metadata/android/en-US/changelogs/40106120.txt
@@ -0,0 +1,2 @@
+Main changes in this version: Security release.
+Full changelog: https://github.com/element-hq/element-android/releases
diff --git a/library/multipicker/src/main/java/im/vector/lib/multipicker/utils/MediaFileUtils.kt b/library/multipicker/src/main/java/im/vector/lib/multipicker/utils/MediaFileUtils.kt
index a029d5e6b1..5b40c4a789 100644
--- a/library/multipicker/src/main/java/im/vector/lib/multipicker/utils/MediaFileUtils.kt
+++ b/library/multipicker/src/main/java/im/vector/lib/multipicker/utils/MediaFileUtils.kt
@@ -24,7 +24,7 @@ import java.util.Locale
internal fun createTemporaryMediaFile(context: Context, mediaType: MediaType): File {
val timeStamp: String = SimpleDateFormat("yyyyMMdd_HHmmss", Locale.getDefault()).format(Date())
- val storageDir: File = context.filesDir.also { it.mkdirs() }
+ val storageDir: File = File(context.filesDir, "media").also { it.mkdirs() }
val fileSuffix = when (mediaType) {
MediaType.IMAGE -> ".jpg"
MediaType.VIDEO -> ".mp4"
diff --git a/library/multipicker/src/main/res/xml/multipicker_provider_paths.xml b/library/multipicker/src/main/res/xml/multipicker_provider_paths.xml
index ff9b81ce98..fd5f866c2b 100644
--- a/library/multipicker/src/main/res/xml/multipicker_provider_paths.xml
+++ b/library/multipicker/src/main/res/xml/multipicker_provider_paths.xml
@@ -2,5 +2,5 @@
-
\ No newline at end of file
+ path="media" />
+
diff --git a/vector/src/main/java/im/vector/app/features/MainActivity.kt b/vector/src/main/java/im/vector/app/features/MainActivity.kt
index c8aa108ccb..0f0ac83903 100644
--- a/vector/src/main/java/im/vector/app/features/MainActivity.kt
+++ b/vector/src/main/java/im/vector/app/features/MainActivity.kt
@@ -39,6 +39,9 @@ import im.vector.app.features.analytics.VectorAnalytics
import im.vector.app.features.analytics.plan.ViewRoom
import im.vector.app.features.home.HomeActivity
import im.vector.app.features.home.ShortcutsHandler
+import im.vector.app.features.home.room.detail.RoomDetailActivity
+import im.vector.app.features.home.room.threads.ThreadsActivity
+import im.vector.app.features.location.live.map.LiveLocationMapViewActivity
import im.vector.app.features.notifications.NotificationDrawerManager
import im.vector.app.features.pin.UnlockedActivity
import im.vector.app.features.pin.lockscreen.crypto.LockScreenKeyRepository
@@ -115,6 +118,14 @@ class MainActivity : VectorBaseActivity(), UnlockedActivity
putExtra(EXTRA_ROOM_ID, roomId)
}
}
+
+ val allowList = listOf(
+ HomeActivity::class.java.name,
+ MainActivity::class.java.name,
+ RoomDetailActivity::class.java.name,
+ ThreadsActivity::class.java.name,
+ LiveLocationMapViewActivity::class.java.name,
+ )
}
private val startAppViewModel: StartAppViewModel by viewModel()
@@ -186,6 +197,7 @@ class MainActivity : VectorBaseActivity(), UnlockedActivity
// Start the next Activity
startSyncing()
val nextIntent = intent.getParcelableExtraCompat(EXTRA_NEXT_INTENT)
+ ?.takeIf { it.isValid() }
startIntentAndFinish(nextIntent)
} else if (intent.hasExtra(EXTRA_INIT_SESSION)) {
startSyncing()
@@ -380,4 +392,11 @@ class MainActivity : VectorBaseActivity(), UnlockedActivity
intent?.let { startActivity(it) }
finish()
}
+
+ private fun Intent.isValid(): Boolean {
+ val componentName = resolveActivity(packageManager) ?: return false
+ val packageName = componentName.packageName
+ val className = componentName.className
+ return packageName == buildMeta.applicationId && className in allowList
+ }
}