Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

v1.85.0
Compare
Choose a tag to compare
@erikjohnston erikjohnston released this 06 Jun 09:47
· 776 commits to develop since this release
v1.85.0
This tag was signed with the committer’s verified signature.
erikjohnston Erik Johnston
GPG key ID: A542E4ED1B0FAC09
Learn about vigilant mode.
ec71214

Synapse 1.85.0 (2023-06-06)

No significant changes since 1.85.0rc2.

Security advisory

The following issues are fixed in 1.85.0 (and RCs).

  • GHSA-26c5-ppr8-f33p / CVE-2023-32682 — Low Severity

    It may be possible for a deactivated user to login when using uncommon configurations.

  • GHSA-98px-6486-j7qc / CVE-2023-32683 — Low Severity

    A discovered oEmbed or image URL can bypass the url_preview_url_blacklist setting potentially allowing server side request forgery or bypassing network policies. Impact is limited to IP addresses allowed by the url_preview_ip_range_blacklist setting (by default this only allows public IPs).

See the advisories for more details. If you have any questions, email security@matrix.org.

Synapse 1.85.0rc2 (2023-06-01)

Bugfixes

  • Fix a performance issue introduced in Synapse v1.83.0 which meant that purging rooms was very slow and database-intensive. (#15693)

Deprecations and Removals

  • Deprecate calling the /register endpoint with an unspecced user property for application services. (#15703)

Internal Changes

  • Speed up background jobs populate_full_user_id_user_filters and populate_full_user_id_profiles. (#15700)

Synapse 1.85.0rc1 (2023-05-30)

Features

Bugfixes

  • Fix a long-standing bug where setting the read marker could fail when using message retention. Contributed by Nick @ Beeper (@Fizzadar). (#15464)
  • Fix a long-standing bug where the url_preview_url_blacklist configuration setting was not applied to oEmbed or image URLs found while previewing a URL. (#15601)
  • Fix a long-standing bug where filters with multiple backslashes were rejected. (#15607)
  • Fix a bug introduced in Synapse 1.82.0 where the error message displayed when validation of the app_service_config_files config option fails would be incorrectly formatted. (#15614)
  • Fix a long-standing bug where deactivated users were still able to login using the custom org.matrix.login.jwt login type (if enabled). (#15624)
  • Fix a long-standing bug where deactivated users were able to login in uncommon situations. (#15634)

Improved Documentation

  • Warn users that at least 3.75GB of space is needed for the nix Synapse development environment. (#15613)
  • Remove outdated comment from the generated and sample homeserver log configs. (#15648)
  • Improve contributor docs to make it more clear that Rust is a necessary prerequisite. Contributed by @grantm. (#15668)

Deprecations and Removals

  • Remove the old version of the R30 (30-day retained users) phone-home metric. (#10428)

Internal Changes

  • Create dependabot changelogs at release time. (#15481)
  • Add not null constraint to column full_user_id of tables profiles and user_filters. (#15537)
  • Allow connecting to HTTP Replication Endpoints by using worker_name when constructing the request. (#15578)
  • Make the thread_id column on event_push_actions, event_push_actions_staging, and event_push_summary non-null. (#15597)
  • Run mypy type checking with the minimum supported Python version to catch new usage that isn't backwards-compatible. (#15602)
  • Fix subscriptable type usage in Python <3.9. (#15604)
  • Update internal terminology. (#15606, #15620)
  • Instrument state and state_group storage-related operations to better picture what's happening when tracing. (#15610, #15647)
  • Trace how many new events from the backfill response we need to process. (#15633)
  • Re-type config paths in ConfigErrors to be StrSequences instead of Iterable[str]s. (#15615)
  • Update Mutual Rooms (MSC2666) implementation to match new proposal text. (#15621)
  • Remove the unstable identifiers from faster joins (MSC3706). (#15625)
  • Fix the olddeps CI. (#15626)
  • Remove duplicate timestamp from test logs (_trial_temp/test.log). (#15636)
  • Fix two memory leaks in trial test runs. (#15630)
  • Limit the size of the HomeServerConfig cache in trial test runs. (#15646)
  • Improve type hints. (#15658, #15659)
  • Add requesting user id parameter to key claim methods in TransportLayerClient. (#15663)
  • Speed up rebuilding of the user directory for local users. (#15665)
  • Implement "option 2" for MSC3820: Room version 11. (#15666, #15678)

Updates to locked dependencies

  • Bump furo from 2023.3.27 to 2023.5.20. (#15642)
  • Bump log from 0.4.17 to 0.4.18. (#15681)
  • Bump prometheus-client from 0.16.0 to 0.17.0. (#15682)
  • Bump pydantic from 1.10.7 to 1.10.8. (#15685)
  • Bump pygithub from 1.58.1 to 1.58.2. (#15643)
  • Bump requests from 2.28.2 to 2.31.0. (#15651)
  • Bump sphinx from 6.1.3 to 6.2.1. (#15641)
  • Bump types-bleach from 6.0.0.1 to 6.0.0.3. (#15686)
  • Bump types-pillow from 9.5.0.2 to 9.5.0.4. (#15640)
  • Bump types-pyyaml from 6.0.12.9 to 6.0.12.10. (#15683)
  • Bump types-requests from 2.30.0.0 to 2.31.0.0. (#15684)
  • Bump types-setuptools from 67.7.0.2 to 67.8.0.0. (#15639)

Contributors

grantm and Fizzadar
Assets 18
Loading