8df71c82d8
- Update to 1.30.1
This release is identical to Synapse 1.30.0, with the exception
of explicitly setting a minimum version of Python's Cryptography
library to ensure that users of Synapse are protected from the
recent OpenSSL security advisories, especially CVE-2021-3449.
- Internal Changes
- Enforce that `cryptography` dependency is up to date to
ensure it has the most recent openssl patches. (#9697)
- Note: we do not bump the cryptography dependency in our package
as we use the system OpenSSL which gets the fix.
Add dont-bump-cryptography-with-system-openssl.patch to comment
out the dependency because otherwise the newer version
requirement is enforced on startup
OBS-URL: https://build.opensuse.org/request/show/881504
OBS-URL: https://build.opensuse.org/package/show/network:messaging:matrix/matrix-synapse?expand=0&rev=165
14 lines
513 B
Diff
14 lines
513 B
Diff
diff --git a/synapse/python_dependencies.py b/synapse/python_dependencies.py
|
|
index 14ddaed02..eb2137c93 100644
|
|
--- a/synapse/python_dependencies.py
|
|
+++ b/synapse/python_dependencies.py
|
|
@@ -84,7 +84,7 @@ REQUIREMENTS = [
|
|
"typing-extensions>=3.7.4",
|
|
# We enforce that we have a `cryptography` version that bundles an `openssl`
|
|
# with the latest security patches.
|
|
- "cryptography>=3.4.7;python_version>='3.6'",
|
|
+ # "cryptography>=3.4.7;python_version>='3.6'",
|
|
]
|
|
|
|
CONDITIONAL_REQUIREMENTS = {
|