yo if y'all use Matrix with the Element client (or any other client implemented using the same libraries), y'all should update.

https://nebuchadnezzar-megolm.github.io/ and https://matrix.org/blog/2022/09/28/upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients describe some vulnerabilities that could be exploited by a malicious homeserver (some in the protocol itself, some just in Element) and the fixes (or, for the protocol issues that haven't yet been fixed, how users can mitigate them)