From 8810c93e828a9ed1dcb008d08be8aa9fcb4d28c3 Mon Sep 17 00:00:00 2001
From: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
Date: Thu, 24 Mar 2022 17:16:13 +0000
Subject: [PATCH 1/7] Replace instances of deprecated `Jinja2.Markup` with
 `markupsafe.Markup` (#12289)

Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>
---
 changelog.d/12289.misc         | 1 +
 synapse/push/mailer.py         | 9 +++++----
 synapse/python_dependencies.py | 1 +
 3 files changed, 7 insertions(+), 4 deletions(-)
 create mode 100644 changelog.d/12289.misc

diff --git a/changelog.d/12289.misc b/changelog.d/12289.misc
new file mode 100644
index 000000000000..f80ccf3284cd
--- /dev/null
+++ b/changelog.d/12289.misc
@@ -0,0 +1 @@
+Remove uses of the long-deprecated `Jinja2.Markup` which would prevent Synapse from starting with Jinja2 3.1.0 or above installed. This does not affect deployments of Synapse using our Docker images or Debian packages.
\ No newline at end of file
diff --git a/synapse/push/mailer.py b/synapse/push/mailer.py
index 649a4f49d024..5ccdd88364d7 100644
--- a/synapse/push/mailer.py
+++ b/synapse/push/mailer.py
@@ -18,6 +18,7 @@
 
 import bleach
 import jinja2
+from markupsafe import Markup
 
 from synapse.api.constants import EventTypes, Membership, RoomTypes
 from synapse.api.errors import StoreError
@@ -867,7 +868,7 @@ def _make_unsubscribe_link(
         )
 
 
-def safe_markup(raw_html: str) -> jinja2.Markup:
+def safe_markup(raw_html: str) -> Markup:
     """
     Sanitise a raw HTML string to a set of allowed tags and attributes, and linkify any bare URLs.
 
@@ -877,7 +878,7 @@ def safe_markup(raw_html: str) -> jinja2.Markup:
     Returns:
         A Markup object ready to safely use in a Jinja template.
     """
-    return jinja2.Markup(
+    return Markup(
         bleach.linkify(
             bleach.clean(
                 raw_html,
@@ -891,7 +892,7 @@ def safe_markup(raw_html: str) -> jinja2.Markup:
     )
 
 
-def safe_text(raw_text: str) -> jinja2.Markup:
+def safe_text(raw_text: str) -> Markup:
     """
     Sanitise text (escape any HTML tags), and then linkify any bare URLs.
 
@@ -901,7 +902,7 @@ def safe_text(raw_text: str) -> jinja2.Markup:
     Returns:
         A Markup object ready to safely use in a Jinja template.
     """
-    return jinja2.Markup(
+    return Markup(
         bleach.linkify(bleach.clean(raw_text, tags=[], attributes=[], strip=False))
     )
 
diff --git a/synapse/python_dependencies.py b/synapse/python_dependencies.py
index 1dd39f06cffb..232f9a959570 100644
--- a/synapse/python_dependencies.py
+++ b/synapse/python_dependencies.py
@@ -75,6 +75,7 @@
     "attrs>=19.2.0,!=21.1.0",
     "netaddr>=0.7.18",
     "Jinja2>=2.9",
+    "MarkupSafe>=2.0",
     "bleach>=1.4.3",
     # We use `ParamSpec`, which was added in `typing-extensions` 3.10.0.0.
     "typing-extensions>=3.10.0",

From 088f3ae1823f335b6fa6d470a49d55a4c3cfdf0a Mon Sep 17 00:00:00 2001
From: Andrew Morgan <andrewm@element.io>
Date: Thu, 24 Mar 2022 17:47:03 +0000
Subject: [PATCH 2/7] 1.55.1

---
 CHANGES.md             | 11 +++++++++++
 changelog.d/12289.misc |  1 -
 debian/changelog       |  6 ++++++
 synapse/__init__.py    |  2 +-
 4 files changed, 18 insertions(+), 2 deletions(-)
 delete mode 100644 changelog.d/12289.misc

diff --git a/CHANGES.md b/CHANGES.md
index 6618378c0608..58775e351940 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -1,3 +1,14 @@
+Synapse 1.55.1 (2022-03-24)
+===========================
+
+This is a patch release that fixes an incompatibility with version 3.1.0 of the Jinja2 library, released on March 24th, 2022. Deployments of Synapse using the official Docker images or Debian packages are not affected.
+
+Internal Changes
+----------------
+
+- Remove uses of the long-deprecated `Jinja2.Markup` which would prevent Synapse from starting with Jinja2 3.1.0 or above installed. ([\#12289](https://github.com/matrix-org/synapse/issues/12289))
+
+
 Synapse 1.55.0 (2022-03-22)
 ===========================
 
diff --git a/changelog.d/12289.misc b/changelog.d/12289.misc
deleted file mode 100644
index f80ccf3284cd..000000000000
--- a/changelog.d/12289.misc
+++ /dev/null
@@ -1 +0,0 @@
-Remove uses of the long-deprecated `Jinja2.Markup` which would prevent Synapse from starting with Jinja2 3.1.0 or above installed. This does not affect deployments of Synapse using our Docker images or Debian packages.
\ No newline at end of file
diff --git a/debian/changelog b/debian/changelog
index 7eed6c5b4a1a..f3ac279302fd 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+matrix-synapse-py3 (1.55.1) stable; urgency=medium
+
+  * New synapse release 1.55.1.
+
+ -- Synapse Packaging team <packages@matrix.org>  Thu, 24 Mar 2022 17:44:23 +0000
+
 matrix-synapse-py3 (1.55.0) stable; urgency=medium
 
   * New synapse release 1.55.0.
diff --git a/synapse/__init__.py b/synapse/__init__.py
index f0f224d0bb4e..70f56824f988 100644
--- a/synapse/__init__.py
+++ b/synapse/__init__.py
@@ -68,7 +68,7 @@
 except ImportError:
     pass
 
-__version__ = "1.55.0"
+__version__ = "1.55.1"
 
 if bool(os.environ.get("SYNAPSE_TEST_PATCH_LOG_CONTEXTS", False)):
     # We import here so that we don't have to install a bunch of deps when

From e689cae47dad3bb31b3b0a54d30ca60a0582fcfc Mon Sep 17 00:00:00 2001
From: Andrew Morgan <andrewm@element.io>
Date: Thu, 24 Mar 2022 17:54:43 +0000
Subject: [PATCH 3/7] update changelog for 1.55.1

---
 CHANGES.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/CHANGES.md b/CHANGES.md
index 58775e351940..05ca83df5d63 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -1,12 +1,12 @@
 Synapse 1.55.1 (2022-03-24)
 ===========================
 
-This is a patch release that fixes an incompatibility with version 3.1.0 of the Jinja2 library, released on March 24th, 2022. Deployments of Synapse using the official Docker images or Debian packages are not affected.
+This is a patch release that fixes an incompatibility with version 3.1.0 of the [Jinja](https://pypi.org/project/Jinja2/) library, released on March 24th, 2022. Deployments of Synapse using the `matrixdotorg/synapse` Docker image or Debian packages from packages.matrix.org are not affected.
 
 Internal Changes
 ----------------
 
-- Remove uses of the long-deprecated `Jinja2.Markup` which would prevent Synapse from starting with Jinja2 3.1.0 or above installed. ([\#12289](https://github.com/matrix-org/synapse/issues/12289))
+- Remove uses of the long-deprecated `jinja2.Markup` which would prevent Synapse from starting with Jinja 3.1.0 or above installed. ([\#12289](https://github.com/matrix-org/synapse/issues/12289))
 
 
 Synapse 1.55.0 (2022-03-22)

From 000426095224401649827d6cdc5a7d5e0ef4e17c Mon Sep 17 00:00:00 2001
From: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
Date: Thu, 24 Mar 2022 18:42:04 +0000
Subject: [PATCH 4/7] Revert "Replace instances of deprecated `Jinja2.Markup`
 with `markupsafe.Markup`" (#12296)

This reverts commit 8810c93e828a9ed1dcb008d08be8aa9fcb4d28c3.
---
 synapse/push/mailer.py         | 9 ++++-----
 synapse/python_dependencies.py | 1 -
 2 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/synapse/push/mailer.py b/synapse/push/mailer.py
index 5ccdd88364d7..649a4f49d024 100644
--- a/synapse/push/mailer.py
+++ b/synapse/push/mailer.py
@@ -18,7 +18,6 @@
 
 import bleach
 import jinja2
-from markupsafe import Markup
 
 from synapse.api.constants import EventTypes, Membership, RoomTypes
 from synapse.api.errors import StoreError
@@ -868,7 +867,7 @@ def _make_unsubscribe_link(
         )
 
 
-def safe_markup(raw_html: str) -> Markup:
+def safe_markup(raw_html: str) -> jinja2.Markup:
     """
     Sanitise a raw HTML string to a set of allowed tags and attributes, and linkify any bare URLs.
 
@@ -878,7 +877,7 @@ def safe_markup(raw_html: str) -> Markup:
     Returns:
         A Markup object ready to safely use in a Jinja template.
     """
-    return Markup(
+    return jinja2.Markup(
         bleach.linkify(
             bleach.clean(
                 raw_html,
@@ -892,7 +891,7 @@ def safe_markup(raw_html: str) -> Markup:
     )
 
 
-def safe_text(raw_text: str) -> Markup:
+def safe_text(raw_text: str) -> jinja2.Markup:
     """
     Sanitise text (escape any HTML tags), and then linkify any bare URLs.
 
@@ -902,7 +901,7 @@ def safe_text(raw_text: str) -> Markup:
     Returns:
         A Markup object ready to safely use in a Jinja template.
     """
-    return Markup(
+    return jinja2.Markup(
         bleach.linkify(bleach.clean(raw_text, tags=[], attributes=[], strip=False))
     )
 
diff --git a/synapse/python_dependencies.py b/synapse/python_dependencies.py
index 232f9a959570..1dd39f06cffb 100644
--- a/synapse/python_dependencies.py
+++ b/synapse/python_dependencies.py
@@ -75,7 +75,6 @@
     "attrs>=19.2.0,!=21.1.0",
     "netaddr>=0.7.18",
     "Jinja2>=2.9",
-    "MarkupSafe>=2.0",
     "bleach>=1.4.3",
     # We use `ParamSpec`, which was added in `typing-extensions` 3.10.0.0.
     "typing-extensions>=3.10.0",

From 84eb14c4d21315798048aed123c8222cfa96c566 Mon Sep 17 00:00:00 2001
From: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
Date: Thu, 24 Mar 2022 18:59:31 +0000
Subject: [PATCH 5/7] Pin Jinja to <3.1.0 (#12297)

as 3.1.0 removed the deprecated jinja2.Markup class which we still rely on.
---
 changelog.d/12297.misc         | 1 +
 synapse/python_dependencies.py | 3 ++-
 2 files changed, 3 insertions(+), 1 deletion(-)
 create mode 100644 changelog.d/12297.misc

diff --git a/changelog.d/12297.misc b/changelog.d/12297.misc
new file mode 100644
index 000000000000..7bf05305f6ec
--- /dev/null
+++ b/changelog.d/12297.misc
@@ -0,0 +1 @@
+Pin Jinja to <3.1.0, as Synapse fails to start with Jinja 3.1.0.
\ No newline at end of file
diff --git a/synapse/python_dependencies.py b/synapse/python_dependencies.py
index 1dd39f06cffb..79ae06ce5d07 100644
--- a/synapse/python_dependencies.py
+++ b/synapse/python_dependencies.py
@@ -74,7 +74,8 @@
     # Note: 21.1.0 broke `/sync`, see #9936
     "attrs>=19.2.0,!=21.1.0",
     "netaddr>=0.7.18",
-    "Jinja2>=2.9",
+    # Jinja2 3.1.0 removes the deprecated jinja2.Markup class, which we rely on.
+    "Jinja2<3.1.0",
     "bleach>=1.4.3",
     # We use `ParamSpec`, which was added in `typing-extensions` 3.10.0.0.
     "typing-extensions>=3.10.0",

From 1642abd77e43c4e7a69ebd5e1076593495488df1 Mon Sep 17 00:00:00 2001
From: Richard van der Hoff <richard@matrix.org>
Date: Thu, 24 Mar 2022 19:13:20 +0000
Subject: [PATCH 6/7] 1.55.2

---
 CHANGES.md             | 12 ++++++++++++
 changelog.d/12297.misc |  1 -
 debian/changelog       |  6 ++++++
 synapse/__init__.py    |  2 +-
 4 files changed, 19 insertions(+), 2 deletions(-)
 delete mode 100644 changelog.d/12297.misc

diff --git a/CHANGES.md b/CHANGES.md
index 05ca83df5d63..03807a0777ba 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -1,3 +1,15 @@
+Synapse 1.55.2 (2022-03-24)
+===========================
+
+This patch version reverts the earlier fixes from Synapse 1.55.1, which could cause problems in certain deployments, and instead adds a cap to the version of Jinja to be installed. Again, this is to fix an incompatibility with version 3.1.0 of the [Jinja](https://pypi.org/project/Jinja2/) library, and again, deployments of Synapse using the `matrixdotorg/synapse` Docker image or Debian packages from packages.matrix.org are not affected.
+
+Internal Changes
+----------------
+
+- Pin Jinja to <3.1.0, as Synapse fails to start with Jinja 3.1.0. ([\#12297](https://github.com/matrix-org/synapse/issues/12297))
+- Revert changes from 1.55.1 as they caused problems with older versions of Jinja.
+
+
 Synapse 1.55.1 (2022-03-24)
 ===========================
 
diff --git a/changelog.d/12297.misc b/changelog.d/12297.misc
deleted file mode 100644
index 7bf05305f6ec..000000000000
--- a/changelog.d/12297.misc
+++ /dev/null
@@ -1 +0,0 @@
-Pin Jinja to <3.1.0, as Synapse fails to start with Jinja 3.1.0.
\ No newline at end of file
diff --git a/debian/changelog b/debian/changelog
index f3ac279302fd..3c899e602447 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+matrix-synapse-py3 (1.55.2) stable; urgency=medium
+
+  * New synapse release 1.55.2.
+
+ -- Synapse Packaging team <packages@matrix.org>  Thu, 24 Mar 2022 19:07:11 +0000
+
 matrix-synapse-py3 (1.55.1) stable; urgency=medium
 
   * New synapse release 1.55.1.
diff --git a/synapse/__init__.py b/synapse/__init__.py
index 70f56824f988..88aef1889c83 100644
--- a/synapse/__init__.py
+++ b/synapse/__init__.py
@@ -68,7 +68,7 @@
 except ImportError:
     pass
 
-__version__ = "1.55.1"
+__version__ = "1.55.2"
 
 if bool(os.environ.get("SYNAPSE_TEST_PATCH_LOG_CONTEXTS", False)):
     # We import here so that we don't have to install a bunch of deps when

From 9925f9b8b0c5dd03fdb7ac78b49f75dfd51332f8 Mon Sep 17 00:00:00 2001
From: Richard van der Hoff <richard@matrix.org>
Date: Thu, 24 Mar 2022 19:18:55 +0000
Subject: [PATCH 7/7] changelog

---
 CHANGES.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CHANGES.md b/CHANGES.md
index 03807a0777ba..b0244a16f062 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -7,7 +7,7 @@ Internal Changes
 ----------------
 
 - Pin Jinja to <3.1.0, as Synapse fails to start with Jinja 3.1.0. ([\#12297](https://github.com/matrix-org/synapse/issues/12297))
-- Revert changes from 1.55.1 as they caused problems with older versions of Jinja.
+- Revert changes from 1.55.1 as they caused problems with older versions of Jinja ([\#12296](https://github.com/matrix-org/synapse/issues/12296))
 
 
 Synapse 1.55.1 (2022-03-24)