From 000426095224401649827d6cdc5a7d5e0ef4e17c Mon Sep 17 00:00:00 2001 From: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com> Date: Thu, 24 Mar 2022 18:42:04 +0000 Subject: [PATCH 1/4] Revert "Replace instances of deprecated `Jinja2.Markup` with `markupsafe.Markup`" (#12296) This reverts commit 8810c93e828a9ed1dcb008d08be8aa9fcb4d28c3. --- synapse/push/mailer.py | 9 ++++----- synapse/python_dependencies.py | 1 - 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/synapse/push/mailer.py b/synapse/push/mailer.py index 5ccdd88364..649a4f49d0 100644 --- a/synapse/push/mailer.py +++ b/synapse/push/mailer.py @@ -18,7 +18,6 @@ from typing import TYPE_CHECKING, Dict, Iterable, List, Optional, TypeVar import bleach import jinja2 -from markupsafe import Markup from synapse.api.constants import EventTypes, Membership, RoomTypes from synapse.api.errors import StoreError @@ -868,7 +867,7 @@ class Mailer: ) -def safe_markup(raw_html: str) -> Markup: +def safe_markup(raw_html: str) -> jinja2.Markup: """ Sanitise a raw HTML string to a set of allowed tags and attributes, and linkify any bare URLs. @@ -878,7 +877,7 @@ def safe_markup(raw_html: str) -> Markup: Returns: A Markup object ready to safely use in a Jinja template. """ - return Markup( + return jinja2.Markup( bleach.linkify( bleach.clean( raw_html, @@ -892,7 +891,7 @@ def safe_markup(raw_html: str) -> Markup: ) -def safe_text(raw_text: str) -> Markup: +def safe_text(raw_text: str) -> jinja2.Markup: """ Sanitise text (escape any HTML tags), and then linkify any bare URLs. @@ -902,7 +901,7 @@ def safe_text(raw_text: str) -> Markup: Returns: A Markup object ready to safely use in a Jinja template. """ - return Markup( + return jinja2.Markup( bleach.linkify(bleach.clean(raw_text, tags=[], attributes=[], strip=False)) ) diff --git a/synapse/python_dependencies.py b/synapse/python_dependencies.py index 232f9a9595..1dd39f06cf 100644 --- a/synapse/python_dependencies.py +++ b/synapse/python_dependencies.py @@ -75,7 +75,6 @@ REQUIREMENTS = [ "attrs>=19.2.0,!=21.1.0", "netaddr>=0.7.18", "Jinja2>=2.9", - "MarkupSafe>=2.0", "bleach>=1.4.3", # We use `ParamSpec`, which was added in `typing-extensions` 3.10.0.0. "typing-extensions>=3.10.0", From 84eb14c4d21315798048aed123c8222cfa96c566 Mon Sep 17 00:00:00 2001 From: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com> Date: Thu, 24 Mar 2022 18:59:31 +0000 Subject: [PATCH 2/4] Pin Jinja to <3.1.0 (#12297) as 3.1.0 removed the deprecated jinja2.Markup class which we still rely on. --- changelog.d/12297.misc | 1 + synapse/python_dependencies.py | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) create mode 100644 changelog.d/12297.misc diff --git a/changelog.d/12297.misc b/changelog.d/12297.misc new file mode 100644 index 0000000000..7bf05305f6 --- /dev/null +++ b/changelog.d/12297.misc @@ -0,0 +1 @@ +Pin Jinja to <3.1.0, as Synapse fails to start with Jinja 3.1.0. \ No newline at end of file diff --git a/synapse/python_dependencies.py b/synapse/python_dependencies.py index 1dd39f06cf..79ae06ce5d 100644 --- a/synapse/python_dependencies.py +++ b/synapse/python_dependencies.py @@ -74,7 +74,8 @@ REQUIREMENTS = [ # Note: 21.1.0 broke `/sync`, see #9936 "attrs>=19.2.0,!=21.1.0", "netaddr>=0.7.18", - "Jinja2>=2.9", + # Jinja2 3.1.0 removes the deprecated jinja2.Markup class, which we rely on. + "Jinja2<3.1.0", "bleach>=1.4.3", # We use `ParamSpec`, which was added in `typing-extensions` 3.10.0.0. "typing-extensions>=3.10.0", From 1642abd77e43c4e7a69ebd5e1076593495488df1 Mon Sep 17 00:00:00 2001 From: Richard van der Hoff Date: Thu, 24 Mar 2022 19:13:20 +0000 Subject: [PATCH 3/4] 1.55.2 --- CHANGES.md | 12 ++++++++++++ changelog.d/12297.misc | 1 - debian/changelog | 6 ++++++ synapse/__init__.py | 2 +- 4 files changed, 19 insertions(+), 2 deletions(-) delete mode 100644 changelog.d/12297.misc diff --git a/CHANGES.md b/CHANGES.md index 05ca83df5d..03807a0777 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -1,3 +1,15 @@ +Synapse 1.55.2 (2022-03-24) +=========================== + +This patch version reverts the earlier fixes from Synapse 1.55.1, which could cause problems in certain deployments, and instead adds a cap to the version of Jinja to be installed. Again, this is to fix an incompatibility with version 3.1.0 of the [Jinja](https://pypi.org/project/Jinja2/) library, and again, deployments of Synapse using the `matrixdotorg/synapse` Docker image or Debian packages from packages.matrix.org are not affected. + +Internal Changes +---------------- + +- Pin Jinja to <3.1.0, as Synapse fails to start with Jinja 3.1.0. ([\#12297](https://github.com/matrix-org/synapse/issues/12297)) +- Revert changes from 1.55.1 as they caused problems with older versions of Jinja. + + Synapse 1.55.1 (2022-03-24) =========================== diff --git a/changelog.d/12297.misc b/changelog.d/12297.misc deleted file mode 100644 index 7bf05305f6..0000000000 --- a/changelog.d/12297.misc +++ /dev/null @@ -1 +0,0 @@ -Pin Jinja to <3.1.0, as Synapse fails to start with Jinja 3.1.0. \ No newline at end of file diff --git a/debian/changelog b/debian/changelog index f3ac279302..3c899e6024 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +matrix-synapse-py3 (1.55.2) stable; urgency=medium + + * New synapse release 1.55.2. + + -- Synapse Packaging team Thu, 24 Mar 2022 19:07:11 +0000 + matrix-synapse-py3 (1.55.1) stable; urgency=medium * New synapse release 1.55.1. diff --git a/synapse/__init__.py b/synapse/__init__.py index 70f56824f9..88aef1889c 100644 --- a/synapse/__init__.py +++ b/synapse/__init__.py @@ -68,7 +68,7 @@ try: except ImportError: pass -__version__ = "1.55.1" +__version__ = "1.55.2" if bool(os.environ.get("SYNAPSE_TEST_PATCH_LOG_CONTEXTS", False)): # We import here so that we don't have to install a bunch of deps when From 9925f9b8b0c5dd03fdb7ac78b49f75dfd51332f8 Mon Sep 17 00:00:00 2001 From: Richard van der Hoff Date: Thu, 24 Mar 2022 19:18:55 +0000 Subject: [PATCH 4/4] changelog --- CHANGES.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGES.md b/CHANGES.md index 03807a0777..b0244a16f0 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -7,7 +7,7 @@ Internal Changes ---------------- - Pin Jinja to <3.1.0, as Synapse fails to start with Jinja 3.1.0. ([\#12297](https://github.com/matrix-org/synapse/issues/12297)) -- Revert changes from 1.55.1 as they caused problems with older versions of Jinja. +- Revert changes from 1.55.1 as they caused problems with older versions of Jinja ([\#12296](https://github.com/matrix-org/synapse/issues/12296)) Synapse 1.55.1 (2022-03-24)