- Update to 1.92.3
This release does not affect openSUSE as we do not use the intree
libwebp
Upstream changes:
This is again a security update targeted at mitigating
CVE-2023-4863. It turns out that libwebp is bundled statically in
Pillow wheels so we need to update this dependency instead of
libwebp package at the OS level.
Unlike what was advertised in 1.92.2 changelog this release also
impacts PyPI wheels and Debian packages from matrix.org.
We encourage admins to upgrade as soon as possible.
Internal Changes
- Pillow 10.0.1 is now mandatory because of libwebp
CVE-2023-4863, since Pillow provides libwebp in the wheels.
(#16347)
- bump all the dependencies which are not available in tumbleweed.
- Update to 1.92.2
Only fix in this is actually changing the upstream docker
configuration to mitigate the webp security bug. Does not affect
our package.
- Update to 1.92.1
- Bugfixes
- Revert MSC3861 introspection cache, admin impersonation and
account lock. (#16258)
- Internal Changes
- Fix incorrect docstring for Ratelimiter. (#16255)
- Update the release script to work on macOS. (#16266)
- Stop building Ubuntu Kinetic since it is EOL and repos seem
OBS-URL: https://build.opensuse.org/request/show/1113560
OBS-URL: https://build.opensuse.org/package/show/network:messaging:matrix/matrix-synapse?expand=0&rev=287
- switch to _multibuild
- Update to 1.88.0
This release
- raises the minimum supported version of Python to 3.8, as
Python 3.7 is now end-of-life, and
- removes deprecated config options related to worker deployment.
See the upgrade notes for more information.
https://github.com/matrix-org/synapse/blob/release-v1.88/docs/upgrade.md#upgrading-to-v1880
- Features
- Add not_user_type param to the list accounts admin API.
(#15844)
- Bugfixes
- Revert "Stop writing to column user_id of tables profiles and
user_filters", which was introduced in Synapse 1.88.0rc1.
(#15953)
- Pin pydantic to ^=1.7.4 to avoid backwards-incompatible API
changes from the 2.0.0 release. Contributed by @PaarthShah.
(#15862)
- Correctly resize thumbnails with pillow version >=10.
(#15876)
- Improved Documentation
- Fixed header levels on the Admin API "Users" documentation
page. Contributed by @sumnerevans at @beeper. (#15852)
- Remove deprecated worker_replication_host,
worker_replication_http_port and worker_replication_http_tls
configuration options. (#15872)
- Deprecations and Removals
- Remove deprecated worker_replication_host,
worker_replication_http_port and worker_replication_http_tls
OBS-URL: https://build.opensuse.org/request/show/1101105
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/matrix-synapse?expand=0&rev=82
- Update to 1.85.2
- Bugfixes
- Fix regression where using TLS for HTTP replication between
workers did not work. Introduced in v1.85.0. (#15746)
- Update to 1.85.1
Note: this release only fixes a bug that stopped some deployments
from upgrading to v1.85.0. There is no need to upgrade to v1.85.1
if successfully running v1.85.0.
- Bugfixes
- Fix bug in schema delta that broke upgrades for some
deployments. Introduced in v1.85.0. (#15738, #15739)
- make use that the pythons define and use_python do not diverge by
moving them closer to each other.
- Update to 1.85.0
- Security
- GHSA-26c5-ppr8-f33p / CVE-2023-32682 — Low Severity It may be
possible for a deactivated user to login when using uncommon
configurations. (boo#1212055)
- GHSA-98px-6486-j7qc / CVE-2023-32683 — Low Severity A
discovered oEmbed or image URL can bypass the
url_preview_url_blacklist setting potentially allowing server
side request forgery or bypassing network policies. Impact is
limited to IP addresses allowed by the
url_preview_ip_range_blacklist setting (by default this only
allows public IPs). (boo#1212054)
- Features
- Improve performance of backfill requests by performing
OBS-URL: https://build.opensuse.org/request/show/1097110
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/matrix-synapse?expand=0&rev=81
- Update to 1.85.0
- Security
- GHSA-26c5-ppr8-f33p / CVE-2023-32682 — Low Severity It may be
possible for a deactivated user to login when using uncommon
configurations. (boo#1212055)
- GHSA-98px-6486-j7qc / CVE-2023-32683 — Low Severity A
discovered oEmbed or image URL can bypass the
url_preview_url_blacklist setting potentially allowing server
side request forgery or bypassing network policies. Impact is
limited to IP addresses allowed by the
url_preview_ip_range_blacklist setting (by default this only
allows public IPs). (boo#1212054)
OBS-URL: https://build.opensuse.org/request/show/1091083
OBS-URL: https://build.opensuse.org/package/show/network:messaging:matrix/matrix-synapse?expand=0&rev=273
- As 14221.patch is modified to skip the parts we dont need
(changelog snippets) remove the url from the spec file.
- All the shebang line fixing should skip the vendor directory so
that we do not break the checksum checks in cargo.
- Added https://patch-diff.githubusercontent.com/raw/matrix-org/synapse/pull/14221.patch
Same fix for the cache_memory as for url_preview
- python-six is not required
https://trello.com/c/MO53MocR/143-remove-python3-six
- Update to 1.69.0
Please note that legacy Prometheus metric names are now
deprecated and will be removed in Synapse 1.73.0. Server
administrators should update their dashboards and alerting rules
to avoid using the deprecated metric names. See the upgrade notes
for more details.
- Features
- Allow application services to set the origin_server_ts of a
state event by providing the query parameter ts in PUT
/_matrix/client/r0/rooms/{roomId}/state/{eventType}/{stateKey},
per MSC3316. Contributed by @lukasdenk. (#11866)
- Allow server admins to require a manual approval process
before new accounts can be used (using MSC3866). (#13556)
- Exponentially backoff from backfilling the same event over
and over. (#13635, #13936)
- Add cache invalidation across workers to module API. (#13667,
#13947)
- Experimental implementation of MSC3882 to allow an existing
OBS-URL: https://build.opensuse.org/request/show/1030137
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/matrix-synapse?expand=0&rev=72
