Commit Graph

99 Commits

Author SHA1 Message Date
Erik Johnston 320e8c8064 Synapse 1.23.1 (2020-12-09)
===========================
 
 Due to the two security issues highlighted below, server administrators are
 encouraged to update Synapse. We are not aware of these vulnerabilities being
 exploited in the wild.
 
 Security advisory
 -----------------
 
 The following issues are fixed in v1.23.1 and v1.24.0.
 
 - There is a denial of service attack
   ([CVE-2020-26257](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26257))
   against the federation APIs in which future events will not be correctly sent
   to other servers over federation. This affects all servers that participate in
   open federation. (Fixed in [#8776](https://github.com/matrix-org/synapse/pull/8776)).
 
 - Synapse may be affected by OpenSSL
   [CVE-2020-1971](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1971).
   Synapse administrators should ensure that they have the latest versions of
   the cryptography Python package installed.
 
 To upgrade Synapse along with the cryptography package:
 
 * Administrators using the [`matrix.org` Docker
   image](https://hub.docker.com/r/matrixdotorg/synapse/) or the [Debian/Ubuntu
   packages from
   `matrix.org`](https://github.com/matrix-org/synapse/blob/master/INSTALL.md#matrixorg-packages)
   should ensure that they have version 1.24.0 or 1.23.1 installed: these images include
   the updated packages.
 * Administrators who have [installed Synapse from
   source](https://github.com/matrix-org/synapse/blob/master/INSTALL.md#installing-from-source)
   should upgrade the cryptography package within their virtualenv by running:
   ```sh
   <path_to_virtualenv>/bin/pip install 'cryptography>=3.3'
   ```
 * Administrators who have installed Synapse from distribution packages should
   consult the information from their distributions.
 
 Bugfixes
 --------
 
 - Fix a bug in some federation APIs which could lead to unexpected behaviour if different parameters were set in the URI and the request body. ([\#8776](https://github.com/matrix-org/synapse/issues/8776))
 
 Internal Changes
 ----------------
 
 - Add a maximum version for pysaml2 on Python 3.5. ([\#8898](https://github.com/matrix-org/synapse/issues/8898))
 -----BEGIN PGP SIGNATURE-----
 
 iQFEBAABCgAuFiEEBTGR3/RnAzBGUif3pULk7RsPrAkFAl/QsOYQHGVyaWtAbWF0
 cml4Lm9yZwAKCRClQuTtGw+sCZTkCACEDbyMY/UCqJaUILxtYeBE7K4GvOqPPHyo
 2VLjyitI7XWVzB/paUOPxAtOtiwXS0GOrL+UsW6Lky2HIjafjLe1Z3LHzATQwF2I
 J2bZWTY1Y4v3y8B7noPmp7+QFIBIey++09BY+MwzT3EQYnXt6lvoHmEvPH/htzjg
 LfdZpSj4WrJr4S2/W0rVlkGSuIShN0Tnv6pTgbGRZMt1N4JH2mo65mCGt3xrMS7E
 us+xqStGh5Q+9g3F913iIJ8noUMeCvTT7hbr1eonhZ3MIKWG30z+zcXwmGb0t3B8
 zvTFXqdbZPSw+ZZdxaZwZuJzNCnYOu6t0JuzXqDoE0xsHb8RVUe9
 =Z9US
 -----END PGP SIGNATURE-----

Merge tag 'v1.23.1'

Synapse 1.23.1 (2020-12-09)
===========================

Due to the two security issues highlighted below, server administrators are
encouraged to update Synapse. We are not aware of these vulnerabilities being
exploited in the wild.

Security advisory
-----------------

The following issues are fixed in v1.23.1 and v1.24.0.

- There is a denial of service attack
  ([CVE-2020-26257](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26257))
  against the federation APIs in which future events will not be correctly sent
  to other servers over federation. This affects all servers that participate in
  open federation. (Fixed in [#8776](https://github.com/matrix-org/synapse/pull/8776)).

- Synapse may be affected by OpenSSL
  [CVE-2020-1971](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1971).
  Synapse administrators should ensure that they have the latest versions of
  the cryptography Python package installed.

To upgrade Synapse along with the cryptography package:

* Administrators using the [`matrix.org` Docker
  image](https://hub.docker.com/r/matrixdotorg/synapse/) or the [Debian/Ubuntu
  packages from
  `matrix.org`](https://github.com/matrix-org/synapse/blob/master/INSTALL.md#matrixorg-packages)
  should ensure that they have version 1.24.0 or 1.23.1 installed: these images include
  the updated packages.
* Administrators who have [installed Synapse from
  source](https://github.com/matrix-org/synapse/blob/master/INSTALL.md#installing-from-source)
  should upgrade the cryptography package within their virtualenv by running:
  ```sh
  <path_to_virtualenv>/bin/pip install 'cryptography>=3.3'
  ```
* Administrators who have installed Synapse from distribution packages should
  consult the information from their distributions.

Bugfixes
--------

- Fix a bug in some federation APIs which could lead to unexpected behaviour if different parameters were set in the URI and the request body. ([\#8776](https://github.com/matrix-org/synapse/issues/8776))

Internal Changes
----------------

- Add a maximum version for pysaml2 on Python 3.5. ([\#8898](https://github.com/matrix-org/synapse/issues/8898))
2020-12-09 11:29:56 +00:00
Erik Johnston 1cec3d1457 1.23.1 2020-12-09 11:07:41 +00:00
Erik Johnston 9b26a4ac87 1.24.0 2020-12-09 11:07:24 +00:00
Erik Johnston ef366720d5 1.23.0 2020-11-18 11:41:41 +00:00
Erik Johnston b4289795ea 1.22.1 2020-10-30 15:25:44 +00:00
Erik Johnston fedfdfd750 1.22.0 2020-10-27 12:07:19 +00:00
Patrick Cloke 9991aaa49c 1.21.2 2020-10-15 09:24:10 -04:00
Andrew Morgan 58e583eac1 1.21.1 2020-10-13 10:27:16 +01:00
Andrew Morgan a06b7a5d94
Explicitly install test dependencies when building deb packages (#8523)
After https://github.com/matrix-org/synapse/pull/8377, the deb packages no longer indirectly installed the `"test"` dependencies, causing debian packages to fail to build while carrying out the unit tests.

This PR installs `test` dependencies explicitly when building debian packages.
2020-10-12 17:44:11 +01:00
Andrew Morgan f76194a021 1.21.0 2020-10-12 15:50:27 +01:00
Andrew Morgan 920dd1083e 1.20.1 2020-09-24 16:25:33 +01:00
Andrew Morgan 55bb5fda33 1.20.0 2020-09-22 15:18:31 +01:00
Patrick Cloke 88e67d1adb 1.19.3
Synapse 1.19.3 (2020-09-18)
 ===========================
 
 Bugfixes
 --------
 
 - Partially mitigate bug where newly joined servers couldn't get past
 events in a room when there is a malformed event.
 ([\#8350](https://github.com/matrix-org/synapse/issues/8350))
 -----BEGIN PGP SIGNATURE-----
 
 iQJHBAABCAAxFiEEgQG31Z317NrSMt0QiISIDS7+X/QFAl9kxN4THGFuZHJld0Bh
 bW9yZ2FuLnh5egAKCRCIhIgNLv5f9LznEACSm7ZL0GjVDcDjGEu+QjKIi3KUiFq3
 i8EXEZWT3w5NNNER0Jey5BHxaBKtnPsvon0k3U4bp5KKOA6BGa9L4NDGZYJa3p0k
 A1uc3DCgGG1aVazpIzfhWRA0va13T+zRKdz52GdjzksH0WGl6w3UoJhloWOmHyxz
 K4UxGwOqJMSBxseBHOFcXdomPtsNYUqsrOcZYWjh3hWN0GMV6H+WrcbKVYl49V0F
 6aVHuaxit35iAGYER41mnTA34ZNuC1Qkp83mAaE+Z8i39qBWPMRErUNAyZQ/mCKz
 QrF98p7F2kFgSzDagtZiUPZj3w3XwfZf05bqnyd9cxBEQdIYFLAL0lokEXcoY1os
 q7gKwGuwicuvYEQrt+gSFlkoUaSvy7/b4cmFqvT0NGnBNZoYl6MX4MXP2CNHuaFk
 yljZoTecKEmhInY10S4uy+Hp0JNHuZWEOYGKy7CrQaqRo8MhBLk5LWBPjUOayPLP
 uvDNv6MShQ8SpCiKvsoCBiX9G3LEo1yHPo5oX57nOr+IHawH0PPkXVKL3b+K+7s0
 eXah/9n/wQYO5K+ReqTFd9ZCegN0/hW/NAT9aX/gEYASkS4ANvGALWwXbZSOG5IG
 2glXiewbJSOaVutPRpIVI3XGDSdm3/8VpO+cAKotZ+pR1V6nsxtVwLRmAhxqhNFD
 3AULCLMt2yKzDw==
 =a9VC
 -----END PGP SIGNATURE-----

Merge tag 'v1.19.3' into release-v1.20.0

1.19.3

Synapse 1.19.3 (2020-09-18)
===========================

Bugfixes
--------

- Partially mitigate bug where newly joined servers couldn't get past
events in a room when there is a malformed event.
([\#8350](https://github.com/matrix-org/synapse/issues/8350))
2020-09-18 10:53:01 -04:00
Andrew Morgan 5b70acb44c 1.19.3 2020-09-18 15:00:07 +01:00
Patrick Cloke ab165994db Merge remote-tracking branch 'origin/master' into release-v1.20.0 2020-09-16 08:52:21 -04:00
Erik Johnston 5ffd68dca1 1.19.2 2020-09-16 13:37:03 +01:00
Brendan Abolivier 9cfc120233
Merge branch 'master' into develop 2020-08-27 11:01:21 +01:00
Brendan Abolivier eadfda3ebc 1.19.1 2020-08-27 10:50:39 +01:00
Dexter Chua cf2f6c3d22
Update debian systemd service to use Type=notify (#8169)
This ensures systemctl start matrix-synapse returns only after synapse
is actually started, which is very useful for automated deployments.

Fixes #5761

Signed-off-by: Dexter Chua <dec41@srcf.net>
2020-08-27 10:39:13 +01:00
Olivier Wilkinson (reivilibre) ea4e4d2f0b 1.19.0 2020-08-17 14:12:46 +01:00
Olivier Wilkinson (reivilibre) 3aa36b782c Merge branch 'master' into develop 2020-07-30 15:18:36 +01:00
Olivier Wilkinson (reivilibre) a9631b7b4b 1.18.0 2020-07-30 10:56:54 +01:00
Aaron Raimist 2184f61fae
Various improvements to the docs (#7899) 2020-07-29 10:35:44 -04:00
Richard van der Hoff 29df3d0e9f 1.17.0 2020-07-13 10:20:36 +01:00
Richard van der Hoff 8ccb7f08d9 Merge branch 'master' into release-v1.17.0 2020-07-10 18:38:18 +01:00
Richard van der Hoff c9f7c683ae 1.16.1 2020-07-10 12:11:12 +01:00
Richard van der Hoff 43726783e4 1.17.0rc1 2020-07-09 16:53:19 +01:00
Richard van der Hoff 98894341e7 1.16.0 2020-07-08 11:03:55 +01:00
Patrick Cloke e8c36e527d 1.15.2 2020-07-02 10:35:59 -04:00
Brendan Abolivier 65eb078498
1.15.1 2020-06-16 10:28:58 +01:00
Brendan Abolivier 3b3f327a0d 1.15.0 2020-06-11 13:27:27 +01:00
Brendan Abolivier 76261fc59d
Update debian changelog 2020-05-28 12:39:09 +02:00
Brendan Abolivier b3b2038b6a
Remove the changes to the debian changelog
Since this is not a full release yet
2020-05-26 17:22:46 +02:00
Brendan Abolivier 3b19c17247 1.14.0 2020-05-26 16:45:37 +02:00
Patrick Cloke ac3264bf1e 1.13.0 2020-05-19 09:19:09 -04:00
Richard van der Hoff 1fc8914f76
update dh-virtualenv (#7526) 2020-05-19 13:48:41 +01:00
Patrick Cloke 68384d96fd Merge branch 'master' into develop 2020-04-23 12:04:50 -04:00
Patrick Cloke ce9b62e13f 1.12.4 2020-04-23 10:59:10 -04:00
Patrick Cloke 71953139d1
Add information about .well-known to Debian installation. (#7227) 2020-04-06 17:02:44 -04:00
Richard van der Hoff 29ce90358c 1.12.3 2020-04-03 10:57:07 +01:00
Richard van der Hoff 6d7cec7a57
Fix the debian build in a better way. (#7212) 2020-04-03 10:23:36 +01:00
Andrew Morgan 08edefe694 1.12.2 2020-04-02 19:02:45 +01:00
Andrew Morgan b730480abb 1.12.1 2020-04-02 18:57:31 +01:00
Richard van der Hoff 2fa55c0cc6 1.12.0 2020-03-23 12:13:09 +00:00
Brendan Abolivier 6b0ef34706
Update debian changelog 2020-03-03 15:01:43 +00:00
Richard van der Hoff 9c1b83b007 1.11.0 2020-02-21 08:56:04 +00:00
Richard van der Hoff fd6d83ed96 1.10.1 2020-02-17 16:27:33 +00:00
Brendan Abolivier fdb816713a 1.10.0 2020-02-12 12:19:19 +00:00
Erik Johnston 77d9357226 1.9.1 2020-01-28 13:09:36 +00:00
Brendan Abolivier f3eac2b3e9 1.9.0 2020-01-23 12:57:55 +00:00