Overview Repositories Revisions Requests Users Attributes Meta

Revisions of matrix-synapse

Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1169911 from Marcus Rueckert's avatar Marcus Rueckert (darix) (revision 98) 
- Update to 1.105.1 (boo#1223319)
  - Security
    - GHSA-3h7q-rfh9-xm4v / CVE-2024-31208 — High Severity
      Weakness in auth chain indexing allows DoS from remote room
      members through disk fill and high CPU usage.
      See the advisories for more details. If you have any
      questions, email security@element.io.
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1122657 from Marcus Rueckert's avatar Marcus Rueckert (darix) (revision 90) 
add missing bugnumber
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 1121497 from Marcus Rueckert's avatar Marcus Rueckert (darix) (revision 89) 
- Update to 1.95.1
  - Security:
    - GHSA-mp92-3jfm-3575 / CVE-2023-43796 — Moderate Severity
      Cached device information of remote users can be queried from
      Synapse. This can be used to enumerate the remote users known
      to a homeserver.
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1116889 from Marcus Rueckert's avatar Marcus Rueckert (darix) (revision 87) 
- Update to 1.94.0 (boo#1216126 CVE-2023-45129)
  GHSA-5chr-wjw5-3gq4 / CVE-2023-45129 — Moderate Severity
  A malicious server ACL event can impact performance temporarily
  or permanently leading to a persistent denial of service.
  Homeservers running on a closed federation (which presumably do
  not need to use server ACLs) are not affected.
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1116700 from Marcus Rueckert's avatar Marcus Rueckert (darix) (revision 86) 
- Update to 1.94.0 (forwarded request 1116682 from darix)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 1113708 from Marcus Rueckert's avatar Marcus Rueckert (darix) (revision 85) 
- Update to 1.93.0
  The following issues are fixed in 1.93.0 (and RCs).
  GHSA-4f74-84v3-j9q5 / CVE-2023-41335 — Low Severity
  https://github.com/matrix-org/synapse/security/advisories/GHSA-4f74-84v3-j9q5
  Temporary storage of plaintext passwords during password changes.
  GHSA-7565-cq32-vx2x / CVE-2023-42453 — Low Severity
  https://github.com/matrix-org/synapse/security/advisories/GHSA-7565-cq32-vx2x
  Improper validation of receipts allows forged read receipts.
  See the advisories for more details. If you have any questions, email security@matrix.org.
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 1101105 from Dirk Mueller's avatar Dirk Mueller (dirkmueller) (revision 82) 
- switch to _multibuild

- Update to 1.88.0
  This release
  - raises the minimum supported version of Python to 3.8, as
    Python 3.7 is now end-of-life, and
  - removes deprecated config options related to worker deployment.
  See the upgrade notes for more information.
  https://github.com/matrix-org/synapse/blob/release-v1.88/docs/upgrade.md#upgrading-to-v1880
  - Features
    - Add not_user_type param to the list accounts admin API.
      (#15844)
  - Bugfixes
    - Revert "Stop writing to column user_id of tables profiles and
      user_filters", which was introduced in Synapse 1.88.0rc1.
      (#15953)
    - Pin pydantic to ^=1.7.4 to avoid backwards-incompatible API
      changes from the 2.0.0 release. Contributed by @PaarthShah.
      (#15862)
    - Correctly resize thumbnails with pillow version >=10.
      (#15876)
  - Improved Documentation
    - Fixed header levels on the Admin API "Users" documentation
      page. Contributed by @sumnerevans at @beeper. (#15852)
    - Remove deprecated worker_replication_host,
      worker_replication_http_port and worker_replication_http_tls
      configuration options. (#15872)
  - Deprecations and Removals
    - Remove deprecated worker_replication_host,
      worker_replication_http_port and worker_replication_http_tls
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 1097110 from Dirk Mueller's avatar Dirk Mueller (dirkmueller) (revision 81) 
- Update to 1.85.2
  - Bugfixes
    - Fix regression where using TLS for HTTP replication between
      workers did not work. Introduced in v1.85.0. (#15746)

- Update to 1.85.1
  Note: this release only fixes a bug that stopped some deployments
  from upgrading to v1.85.0. There is no need to upgrade to v1.85.1
  if successfully running v1.85.0.
  - Bugfixes
    - Fix bug in schema delta that broke upgrades for some
      deployments. Introduced in v1.85.0. (#15738, #15739)

- make use that the pythons define and use_python do not diverge by
  moving them closer to each other.

- Update to 1.85.0
  - Security
    - GHSA-26c5-ppr8-f33p / CVE-2023-32682 — Low Severity It may be
      possible for a deactivated user to login when using uncommon
      configurations. (boo#1212055)
    - GHSA-98px-6486-j7qc / CVE-2023-32683 — Low Severity A
      discovered oEmbed or image URL can bypass the
      url_preview_url_blacklist setting potentially allowing server
      side request forgery or bypassing network policies. Impact is
      limited to IP addresses allowed by the
      url_preview_ip_range_blacklist setting (by default this only
      allows public IPs). (boo#1212054) 
  - Features
    - Improve performance of backfill requests by performing
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 1066823 from Marcus Rueckert's avatar Marcus Rueckert (darix) (revision 80) 
- lock matrix-synapse until frozendict can enable python 3.11
  support
Displaying revisions 1 - 20 of 98
openSUSE Build Service is sponsored by
Places