- Moved to Element maintained fork as matrix has archived their version
- Update to 1.103.0
- Features
- Add a new List Accounts v3 Admin API with improved deactivated
user filtering capabilities. (#16874)
- Include Retry-After header by default per MSC4041. Contributed
by @clokep. (#16947)
- Bugfixes
- Fix joining remote rooms when a module uses the on_new_event
callback. This callback may now pass partial state events
instead of the full state for remote rooms. Introduced in
v1.76.0. (#16973)
- Fix performance issue when joining very large rooms that can
cause the server to lock up. Introduced in v1.100.0.
Contributed by @ggogel. (#16968)
- Improved Documentation
- Add HAProxy example for single port operation to reverse proxy
documentation. Contributed by Georg Pfuetzenreuter (@tacerus).
(#16768)
- Improve the documentation around running Complement tests with
new configuration parameters. (#16946)
- Add docs on upgrading from a very old version. (#16951)
For changes in older version since 1.98.0, see
https://github.com/element-hq/synapse/releases
OBS-URL: https://build.opensuse.org/request/show/1162886
OBS-URL: https://build.opensuse.org/package/show/network:messaging:matrix/matrix-synapse?expand=0&rev=310
- Update to 1.92.3
This release does not affect openSUSE as we do not use the intree
libwebp
Upstream changes:
This is again a security update targeted at mitigating
CVE-2023-4863. It turns out that libwebp is bundled statically in
Pillow wheels so we need to update this dependency instead of
libwebp package at the OS level.
Unlike what was advertised in 1.92.2 changelog this release also
impacts PyPI wheels and Debian packages from matrix.org.
We encourage admins to upgrade as soon as possible.
Internal Changes
- Pillow 10.0.1 is now mandatory because of libwebp
CVE-2023-4863, since Pillow provides libwebp in the wheels.
(#16347)
- bump all the dependencies which are not available in tumbleweed.
- Update to 1.92.2
Only fix in this is actually changing the upstream docker
configuration to mitigate the webp security bug. Does not affect
our package.
- Update to 1.92.1
- Bugfixes
- Revert MSC3861 introspection cache, admin impersonation and
account lock. (#16258)
- Internal Changes
- Fix incorrect docstring for Ratelimiter. (#16255)
- Update the release script to work on macOS. (#16266)
- Stop building Ubuntu Kinetic since it is EOL and repos seem
OBS-URL: https://build.opensuse.org/request/show/1113560
OBS-URL: https://build.opensuse.org/package/show/network:messaging:matrix/matrix-synapse?expand=0&rev=287
- Update to 1.85.0
- Security
- GHSA-26c5-ppr8-f33p / CVE-2023-32682 — Low Severity It may be
possible for a deactivated user to login when using uncommon
configurations. (boo#1212055)
- GHSA-98px-6486-j7qc / CVE-2023-32683 — Low Severity A
discovered oEmbed or image URL can bypass the
url_preview_url_blacklist setting potentially allowing server
side request forgery or bypassing network policies. Impact is
limited to IP addresses allowed by the
url_preview_ip_range_blacklist setting (by default this only
allows public IPs). (boo#1212054)
OBS-URL: https://build.opensuse.org/request/show/1091083
OBS-URL: https://build.opensuse.org/package/show/network:messaging:matrix/matrix-synapse?expand=0&rev=273
