From c087f680531b2c40a4dc731da64b351a133c27fe Mon Sep 17 00:00:00 2001 From: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com> Date: Tue, 17 Nov 2020 16:01:33 +0000 Subject: [PATCH 1/5] Cap the version of prometheus_client to =0.4.0,<0.9.0" \ psycopg2 \ pycparser \ pyrsistent \ diff --git a/synapse/python_dependencies.py b/synapse/python_dependencies.py index 0ddead8a0f..aab77fc453 100644 --- a/synapse/python_dependencies.py +++ b/synapse/python_dependencies.py @@ -72,6 +72,10 @@ REQUIREMENTS = [ # prom-client has a history of breaking backwards compatibility between # minor versions (https://github.com/prometheus/client_python/issues/317), # so we also pin the minor version. + # + # Note that we replicate these constraints in the Synapse Dockerfile while + # pre-installing dependencies. If these constraints are updated here, the + # same change should be made in the Dockerfile. "prometheus_client>=0.4.0,<0.9.0", # we use attr.validators.deep_iterable, which arrived in 19.1.0 (Note: # Fedora 31 only has 19.1, so if we want to upgrade we should wait until 33 From ef366720d5745dac48a87802a40d5cb359b92e4b Mon Sep 17 00:00:00 2001 From: Erik Johnston Date: Wed, 18 Nov 2020 11:41:41 +0000 Subject: [PATCH 2/5] 1.23.0 --- CHANGES.md | 9 +++++++++ changelog.d/8767.bugfix | 1 - debian/changelog | 6 ++++++ synapse/__init__.py | 2 +- 4 files changed, 16 insertions(+), 2 deletions(-) delete mode 100644 changelog.d/8767.bugfix diff --git a/CHANGES.md b/CHANGES.md index 75871979c2..15d7d0aeea 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -1,3 +1,12 @@ +Synapse 1.23.0 (2020-11-18) +=========================== + +Bugfixes +-------- + +- Fix a dependency versioning bug in the Dockerfile that prevented Synapse from starting. ([\#8767](https://github.com/matrix-org/synapse/issues/8767)) + + Synapse 1.23.0rc1 (2020-11-13) ============================== diff --git a/changelog.d/8767.bugfix b/changelog.d/8767.bugfix deleted file mode 100644 index 9fe5107a5e..0000000000 --- a/changelog.d/8767.bugfix +++ /dev/null @@ -1 +0,0 @@ -Fix a dependency versioning bug in the Dockerfile that prevented Synapse from starting. diff --git a/debian/changelog b/debian/changelog index ae8948650f..4ea4feddd5 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +matrix-synapse-py3 (1.23.0) stable; urgency=medium + + * New synapse release 1.23.0. + + -- Synapse Packaging team Wed, 18 Nov 2020 11:41:28 +0000 + matrix-synapse-py3 (1.22.1) stable; urgency=medium * New synapse release 1.22.1. diff --git a/synapse/__init__.py b/synapse/__init__.py index 537f2239e5..65c1f5aa3f 100644 --- a/synapse/__init__.py +++ b/synapse/__init__.py @@ -48,7 +48,7 @@ try: except ImportError: pass -__version__ = "1.23.0rc1" +__version__ = "1.23.0" if bool(os.environ.get("SYNAPSE_TEST_PATCH_LOG_CONTEXTS", False)): # We import here so that we don't have to install a bunch of deps when From 59c8f4f0db904fa0560afcc20a70cbb76dfe752b Mon Sep 17 00:00:00 2001 From: Erik Johnston Date: Wed, 18 Nov 2020 11:57:19 +0000 Subject: [PATCH 3/5] Update changelog --- CHANGES.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGES.md b/CHANGES.md index 15d7d0aeea..d444259861 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -1,6 +1,10 @@ Synapse 1.23.0 (2020-11-18) =========================== +This release changes the way structured logging is configured. See the [upgrade notes](UPGRADE.rst#upgrading-to-v1230) for details. + +**Note**: We are aware of a trivially exploitable denial of service vulnerability in versions of Synapse prior to 1.20.0. Complete details will be disclosed on Monday, November 23rd. If you have not upgraded recently, please do so. + Bugfixes -------- From 0285885babdbff2930dbb617a0ddb4aaabad53fb Mon Sep 17 00:00:00 2001 From: Erik Johnston Date: Wed, 18 Nov 2020 12:00:13 +0000 Subject: [PATCH 4/5] Fix formatting in upgrades --- UPGRADE.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/UPGRADE.rst b/UPGRADE.rst index 960c2aeb2b..7c19cf2a70 100644 --- a/UPGRADE.rst +++ b/UPGRADE.rst @@ -87,7 +87,7 @@ then it should be modified based on the `structured logging documentation `_. The ``structured`` and ``drains`` logging options are now deprecated and should -be replaced by standard logging configuration of ``handlers`` and ``formatters`. +be replaced by standard logging configuration of ``handlers`` and ``formatters``. A future will release of Synapse will make using ``structured: true`` an error. From 244bff4edd620998abd033050922994e74294c16 Mon Sep 17 00:00:00 2001 From: Erik Johnston Date: Wed, 18 Nov 2020 12:04:08 +0000 Subject: [PATCH 5/5] Update changelog --- CHANGES.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGES.md b/CHANGES.md index d444259861..52b2fd6f8f 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -65,7 +65,7 @@ Internal Changes ---------------- - Optimise `/createRoom` with multiple invited users. ([\#8559](https://github.com/matrix-org/synapse/issues/8559)) -- Implement and use an @lru_cache decorator. ([\#8595](https://github.com/matrix-org/synapse/issues/8595)) +- Implement and use an `@lru_cache` decorator. ([\#8595](https://github.com/matrix-org/synapse/issues/8595)) - Don't instansiate Requester directly. ([\#8614](https://github.com/matrix-org/synapse/issues/8614)) - Type hints for `RegistrationStore`. ([\#8615](https://github.com/matrix-org/synapse/issues/8615)) - Change schema to support access tokens belonging to one user but granting access to another. ([\#8616](https://github.com/matrix-org/synapse/issues/8616))