Revisions of matrix-synapse
Dominique Leuenberger (dimstar_suse)
accepted
request 1171009
from
Marcus Rueckert (darix)
(revision 99)
- Update to 1.106.0
Ana Guerrero (anag+factory)
accepted
request 1169911
from
Marcus Rueckert (darix)
(revision 98)
- Update to 1.105.1 (boo#1223319) - Security - GHSA-3h7q-rfh9-xm4v / CVE-2024-31208 — High Severity Weakness in auth chain indexing allows DoS from remote room members through disk fill and high CPU usage. See the advisories for more details. If you have any questions, email security@element.io.
Ana Guerrero (anag+factory)
accepted
request 1132776
from
Marcus Rueckert (darix)
(revision 94)
1.98.0
Ana Guerrero (anag+factory)
accepted
request 1129637
from
Marcus Rueckert (darix)
(revision 93)
- Update to 1.97.0
Ana Guerrero (anag+factory)
accepted
request 1127380
from
Marcus Rueckert (darix)
(revision 92)
- Update to 1.96.0
Ana Guerrero (anag+factory)
accepted
request 1122657
from
Marcus Rueckert (darix)
(revision 90)
add missing bugnumber
Dominique Leuenberger (dimstar_suse)
accepted
request 1121497
from
Marcus Rueckert (darix)
(revision 89)
- Update to 1.95.1 - Security: - GHSA-mp92-3jfm-3575 / CVE-2023-43796 — Moderate Severity Cached device information of remote users can be queried from Synapse. This can be used to enumerate the remote users known to a homeserver.
Ana Guerrero (anag+factory)
accepted
request 1120125
from
Marcus Rueckert (darix)
(revision 88)
- Update to 1.95.0
Ana Guerrero (anag+factory)
accepted
request 1116889
from
Marcus Rueckert (darix)
(revision 87)
- Update to 1.94.0 (boo#1216126 CVE-2023-45129) GHSA-5chr-wjw5-3gq4 / CVE-2023-45129 — Moderate Severity A malicious server ACL event can impact performance temporarily or permanently leading to a persistent denial of service. Homeservers running on a closed federation (which presumably do not need to use server ACLs) are not affected.
Ana Guerrero (anag+factory)
accepted
request 1116700
from
Marcus Rueckert (darix)
(revision 86)
- Update to 1.94.0 (forwarded request 1116682 from darix)
Dominique Leuenberger (dimstar_suse)
accepted
request 1113708
from
Marcus Rueckert (darix)
(revision 85)
- Update to 1.93.0 The following issues are fixed in 1.93.0 (and RCs). GHSA-4f74-84v3-j9q5 / CVE-2023-41335 — Low Severity https://github.com/matrix-org/synapse/security/advisories/GHSA-4f74-84v3-j9q5 Temporary storage of plaintext passwords during password changes. GHSA-7565-cq32-vx2x / CVE-2023-42453 — Low Severity https://github.com/matrix-org/synapse/security/advisories/GHSA-7565-cq32-vx2x Improper validation of receipts allows forged read receipts. See the advisories for more details. If you have any questions, email security@matrix.org.
Ana Guerrero (anag+factory)
accepted
request 1109346
from
Marcus Rueckert (darix)
(revision 84)
- Update to 1.91.2
Dominique Leuenberger (dimstar_suse)
accepted
request 1101105
from
Dirk Mueller (dirkmueller)
(revision 82)
- switch to _multibuild - Update to 1.88.0 This release - raises the minimum supported version of Python to 3.8, as Python 3.7 is now end-of-life, and - removes deprecated config options related to worker deployment. See the upgrade notes for more information. https://github.com/matrix-org/synapse/blob/release-v1.88/docs/upgrade.md#upgrading-to-v1880 - Features - Add not_user_type param to the list accounts admin API. (#15844) - Bugfixes - Revert "Stop writing to column user_id of tables profiles and user_filters", which was introduced in Synapse 1.88.0rc1. (#15953) - Pin pydantic to ^=1.7.4 to avoid backwards-incompatible API changes from the 2.0.0 release. Contributed by @PaarthShah. (#15862) - Correctly resize thumbnails with pillow version >=10. (#15876) - Improved Documentation - Fixed header levels on the Admin API "Users" documentation page. Contributed by @sumnerevans at @beeper. (#15852) - Remove deprecated worker_replication_host, worker_replication_http_port and worker_replication_http_tls configuration options. (#15872) - Deprecations and Removals - Remove deprecated worker_replication_host, worker_replication_http_port and worker_replication_http_tls
Dominique Leuenberger (dimstar_suse)
accepted
request 1097110
from
Dirk Mueller (dirkmueller)
(revision 81)
- Update to 1.85.2 - Bugfixes - Fix regression where using TLS for HTTP replication between workers did not work. Introduced in v1.85.0. (#15746) - Update to 1.85.1 Note: this release only fixes a bug that stopped some deployments from upgrading to v1.85.0. There is no need to upgrade to v1.85.1 if successfully running v1.85.0. - Bugfixes - Fix bug in schema delta that broke upgrades for some deployments. Introduced in v1.85.0. (#15738, #15739) - make use that the pythons define and use_python do not diverge by moving them closer to each other. - Update to 1.85.0 - Security - GHSA-26c5-ppr8-f33p / CVE-2023-32682 — Low Severity It may be possible for a deactivated user to login when using uncommon configurations. (boo#1212055) - GHSA-98px-6486-j7qc / CVE-2023-32683 — Low Severity A discovered oEmbed or image URL can bypass the url_preview_url_blacklist setting potentially allowing server side request forgery or bypassing network policies. Impact is limited to IP addresses allowed by the url_preview_ip_range_blacklist setting (by default this only allows public IPs). (boo#1212054) - Features - Improve performance of backfill requests by performing
Dominique Leuenberger (dimstar_suse)
accepted
request 1066823
from
Marcus Rueckert (darix)
(revision 80)
- lock matrix-synapse until frozendict can enable python 3.11 support
Displaying revisions 1 - 20 of 99