[Bug 1190038] New: VUL-0: CVE-2021-39164: matrix-synapse: Improper authorisation of /members discloses room membership to non-members