Commit Graph

384 Commits (7b06f85c0e18b62775f12789fdf4adb6a0a47a4b)

Author SHA1 Message Date
Patrick Cloke bde6705ad1 Some manual tweaks to the changes file. 2021-01-06 07:20:12 -05:00
Patrick Cloke 2fe0fb21f6 1.25.0rc1 2021-01-06 07:08:13 -05:00
Dirk Klimpel a5f7aff5e5
Deprecate Shutdown Room and Purge Room Admin API (#8829)
Deprecate both APIs in favour of the Delete Room API.

Related: #8663 and #8810
2020-12-10 11:42:48 +00:00
Erik Johnston 320e8c8064 Synapse 1.23.1 (2020-12-09)
===========================
 
 Due to the two security issues highlighted below, server administrators are
 encouraged to update Synapse. We are not aware of these vulnerabilities being
 exploited in the wild.
 
 Security advisory
 -----------------
 
 The following issues are fixed in v1.23.1 and v1.24.0.
 
 - There is a denial of service attack
   ([CVE-2020-26257](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26257))
   against the federation APIs in which future events will not be correctly sent
   to other servers over federation. This affects all servers that participate in
   open federation. (Fixed in [#8776](https://github.com/matrix-org/synapse/pull/8776)).
 
 - Synapse may be affected by OpenSSL
   [CVE-2020-1971](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1971).
   Synapse administrators should ensure that they have the latest versions of
   the cryptography Python package installed.
 
 To upgrade Synapse along with the cryptography package:
 
 * Administrators using the [`matrix.org` Docker
   image](https://hub.docker.com/r/matrixdotorg/synapse/) or the [Debian/Ubuntu
   packages from
   `matrix.org`](https://github.com/matrix-org/synapse/blob/master/INSTALL.md#matrixorg-packages)
   should ensure that they have version 1.24.0 or 1.23.1 installed: these images include
   the updated packages.
 * Administrators who have [installed Synapse from
   source](https://github.com/matrix-org/synapse/blob/master/INSTALL.md#installing-from-source)
   should upgrade the cryptography package within their virtualenv by running:
   ```sh
   <path_to_virtualenv>/bin/pip install 'cryptography>=3.3'
   ```
 * Administrators who have installed Synapse from distribution packages should
   consult the information from their distributions.
 
 Bugfixes
 --------
 
 - Fix a bug in some federation APIs which could lead to unexpected behaviour if different parameters were set in the URI and the request body. ([\#8776](https://github.com/matrix-org/synapse/issues/8776))
 
 Internal Changes
 ----------------
 
 - Add a maximum version for pysaml2 on Python 3.5. ([\#8898](https://github.com/matrix-org/synapse/issues/8898))
 -----BEGIN PGP SIGNATURE-----
 
 iQFEBAABCgAuFiEEBTGR3/RnAzBGUif3pULk7RsPrAkFAl/QsOYQHGVyaWtAbWF0
 cml4Lm9yZwAKCRClQuTtGw+sCZTkCACEDbyMY/UCqJaUILxtYeBE7K4GvOqPPHyo
 2VLjyitI7XWVzB/paUOPxAtOtiwXS0GOrL+UsW6Lky2HIjafjLe1Z3LHzATQwF2I
 J2bZWTY1Y4v3y8B7noPmp7+QFIBIey++09BY+MwzT3EQYnXt6lvoHmEvPH/htzjg
 LfdZpSj4WrJr4S2/W0rVlkGSuIShN0Tnv6pTgbGRZMt1N4JH2mo65mCGt3xrMS7E
 us+xqStGh5Q+9g3F913iIJ8noUMeCvTT7hbr1eonhZ3MIKWG30z+zcXwmGb0t3B8
 zvTFXqdbZPSw+ZZdxaZwZuJzNCnYOu6t0JuzXqDoE0xsHb8RVUe9
 =Z9US
 -----END PGP SIGNATURE-----

Merge tag 'v1.23.1'

Synapse 1.23.1 (2020-12-09)
===========================

Due to the two security issues highlighted below, server administrators are
encouraged to update Synapse. We are not aware of these vulnerabilities being
exploited in the wild.

Security advisory
-----------------

The following issues are fixed in v1.23.1 and v1.24.0.

- There is a denial of service attack
  ([CVE-2020-26257](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26257))
  against the federation APIs in which future events will not be correctly sent
  to other servers over federation. This affects all servers that participate in
  open federation. (Fixed in [#8776](https://github.com/matrix-org/synapse/pull/8776)).

- Synapse may be affected by OpenSSL
  [CVE-2020-1971](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1971).
  Synapse administrators should ensure that they have the latest versions of
  the cryptography Python package installed.

To upgrade Synapse along with the cryptography package:

* Administrators using the [`matrix.org` Docker
  image](https://hub.docker.com/r/matrixdotorg/synapse/) or the [Debian/Ubuntu
  packages from
  `matrix.org`](https://github.com/matrix-org/synapse/blob/master/INSTALL.md#matrixorg-packages)
  should ensure that they have version 1.24.0 or 1.23.1 installed: these images include
  the updated packages.
* Administrators who have [installed Synapse from
  source](https://github.com/matrix-org/synapse/blob/master/INSTALL.md#installing-from-source)
  should upgrade the cryptography package within their virtualenv by running:
  ```sh
  <path_to_virtualenv>/bin/pip install 'cryptography>=3.3'
  ```
* Administrators who have installed Synapse from distribution packages should
  consult the information from their distributions.

Bugfixes
--------

- Fix a bug in some federation APIs which could lead to unexpected behaviour if different parameters were set in the URI and the request body. ([\#8776](https://github.com/matrix-org/synapse/issues/8776))

Internal Changes
----------------

- Add a maximum version for pysaml2 on Python 3.5. ([\#8898](https://github.com/matrix-org/synapse/issues/8898))
2020-12-09 11:29:56 +00:00
Erik Johnston 1cec3d1457 1.23.1 2020-12-09 11:07:41 +00:00
Erik Johnston 9b26a4ac87 1.24.0 2020-12-09 11:07:24 +00:00
Patrick Cloke 2602514f34 Minor update to CHANGES. 2020-12-04 09:00:32 -05:00
Patrick Cloke 693dab487c 1.24.0rc2 2020-12-04 08:48:04 -05:00
Patrick Cloke e41720d85f Minor changes to the CHANGES doc. 2020-12-02 09:17:42 -05:00
Patrick Cloke c67af840aa Minor fixes to changelog. 2020-12-02 09:03:12 -05:00
Patrick Cloke 53b12688dd 1.24.0rc1 2020-12-02 08:57:51 -05:00
Matthew Hodgson 476b8c0ae6 fix MD 2020-11-22 00:30:13 +00:00
Matthew Hodgson 1091bcea3e fix ancient changelog to be MD 2020-11-22 00:29:05 +00:00
Erik Johnston 244bff4edd Update changelog 2020-11-18 12:04:08 +00:00
Erik Johnston 59c8f4f0db Update changelog 2020-11-18 11:57:19 +00:00
Erik Johnston ef366720d5 1.23.0 2020-11-18 11:41:41 +00:00
Erik Johnston 34226ec761 Fix changelog 2020-11-13 14:14:09 +00:00
Erik Johnston 0a5185495b Fix changelog 2020-11-13 14:06:52 +00:00
Erik Johnston 4a54b821bb 1.23.0rc1 2020-11-13 13:59:58 +00:00
Erik Johnston b176f1036a Fix changelog 2020-10-30 15:33:33 +00:00
Erik Johnston aef8514193 use correct version 2020-10-30 15:27:58 +00:00
Erik Johnston b4289795ea 1.22.1 2020-10-30 15:25:44 +00:00
Erik Johnston fedfdfd750 1.22.0 2020-10-27 12:07:19 +00:00
Erik Johnston 191f2e5d5d Fixup changelog 2020-10-26 15:17:31 +00:00
Erik Johnston f40a4ba08e Expand changelog entry 2020-10-26 15:15:49 +00:00
Erik Johnston 7a3adbd7af 1.22.0rc2 2020-10-26 15:11:03 +00:00
Erik Johnston 5065048110 Fixup changelog even more 2020-10-22 13:25:22 +01:00
Erik Johnston 88b8b8403c Fixup changelog some more 2020-10-22 13:19:37 +01:00
Erik Johnston a622e1ed9f Fixup changelog 2020-10-22 13:12:22 +01:00
Erik Johnston ec0e9c4695 1.22.0rc1 2020-10-22 13:08:42 +01:00
Patrick Cloke 9b8a53c7b9 Additional tweaks. 2020-10-15 10:33:43 -04:00
Patrick Cloke a7d4985a6b Clarify authlib changes. 2020-10-15 10:28:53 -04:00
Patrick Cloke f30f12a839 Fix typo. 2020-10-15 10:28:27 -04:00
Patrick Cloke f49708dee3 Add additional release notes. 2020-10-15 10:18:02 -04:00
Patrick Cloke 9991aaa49c 1.21.2 2020-10-15 09:24:10 -04:00
Andrew Morgan 58e583eac1 1.21.1 2020-10-13 10:27:16 +01:00
Andrew Morgan cd0f65d2c7 Reverse proxies are not the only thing to change;be explicit w/ new endpoint 2020-10-12 16:19:53 +01:00
Andrew Morgan 4aa027ea70 Add deprecation warning for admin api under client api prefixes 2020-10-12 16:07:08 +01:00
Andrew Morgan f76194a021 1.21.0 2020-10-12 15:50:27 +01:00
Erik Johnston b9c253a724 Update change log 2020-10-08 11:30:11 +01:00
Erik Johnston 31fe46e0a3 1.21.0rc3 2020-10-08 11:19:22 +01:00
Richard van der Hoff 9de6e9e249 move #8444 to 'feature' 2020-10-02 12:56:40 +01:00
Richard van der Hoff 8672642225 linkify changelog 2020-10-02 12:54:53 +01:00
Richard van der Hoff 6a8fd03acb 1.21.0rc2 2020-10-02 12:48:33 +01:00
Richard van der Hoff f6c526ce67 1.21.0rc2 2020-10-02 12:46:58 +01:00
Richard van der Hoff 2eb947e0ee update changelog 2020-10-01 13:38:26 +01:00
Richard van der Hoff 50e5174e86 changelog fixes 2020-10-01 13:27:01 +01:00
Richard van der Hoff c501c80e46 fix version number
we're not doing a final release yet!
2020-10-01 13:17:59 +01:00
Richard van der Hoff cc40a59b4a 1.21.0 2020-10-01 13:14:56 +01:00
Andrew Morgan ab903e7337 s/URLs/variables in changelog 2020-09-24 16:35:31 +01:00
Andrew Morgan 271086ebda s/accidentally/incorrectly in changelog 2020-09-24 16:33:49 +01:00
Andrew Morgan 5ce5a9f144 Update changelog wording 2020-09-24 16:26:57 +01:00
Andrew Morgan 920dd1083e 1.20.1 2020-09-24 16:25:33 +01:00
Andrew Morgan d191dbdaa6 Fix wording of deprecation notice in changelog 2020-09-22 15:42:53 +01:00
Andrew Morgan 012736ff07 Deprecation warning for synapse admin api being accessible under /_matrix 2020-09-22 15:30:44 +01:00
Andrew Morgan 55bb5fda33 1.20.0 2020-09-22 15:18:31 +01:00
Patrick Cloke c7e060bfee Add a note about including the changes from 1.19.3. 2020-09-18 11:10:59 -04:00
Patrick Cloke c4e8b18c72 Tweak wording in the changelog. 2020-09-18 10:57:29 -04:00
Patrick Cloke d5f7182ba1 1.20.0rc5 2020-09-18 10:56:50 -04:00
Patrick Cloke 88e67d1adb 1.19.3
Synapse 1.19.3 (2020-09-18)
 ===========================
 
 Bugfixes
 --------
 
 - Partially mitigate bug where newly joined servers couldn't get past
 events in a room when there is a malformed event.
 ([\#8350](https://github.com/matrix-org/synapse/issues/8350))
 -----BEGIN PGP SIGNATURE-----
 
 iQJHBAABCAAxFiEEgQG31Z317NrSMt0QiISIDS7+X/QFAl9kxN4THGFuZHJld0Bh
 bW9yZ2FuLnh5egAKCRCIhIgNLv5f9LznEACSm7ZL0GjVDcDjGEu+QjKIi3KUiFq3
 i8EXEZWT3w5NNNER0Jey5BHxaBKtnPsvon0k3U4bp5KKOA6BGa9L4NDGZYJa3p0k
 A1uc3DCgGG1aVazpIzfhWRA0va13T+zRKdz52GdjzksH0WGl6w3UoJhloWOmHyxz
 K4UxGwOqJMSBxseBHOFcXdomPtsNYUqsrOcZYWjh3hWN0GMV6H+WrcbKVYl49V0F
 6aVHuaxit35iAGYER41mnTA34ZNuC1Qkp83mAaE+Z8i39qBWPMRErUNAyZQ/mCKz
 QrF98p7F2kFgSzDagtZiUPZj3w3XwfZf05bqnyd9cxBEQdIYFLAL0lokEXcoY1os
 q7gKwGuwicuvYEQrt+gSFlkoUaSvy7/b4cmFqvT0NGnBNZoYl6MX4MXP2CNHuaFk
 yljZoTecKEmhInY10S4uy+Hp0JNHuZWEOYGKy7CrQaqRo8MhBLk5LWBPjUOayPLP
 uvDNv6MShQ8SpCiKvsoCBiX9G3LEo1yHPo5oX57nOr+IHawH0PPkXVKL3b+K+7s0
 eXah/9n/wQYO5K+ReqTFd9ZCegN0/hW/NAT9aX/gEYASkS4ANvGALWwXbZSOG5IG
 2glXiewbJSOaVutPRpIVI3XGDSdm3/8VpO+cAKotZ+pR1V6nsxtVwLRmAhxqhNFD
 3AULCLMt2yKzDw==
 =a9VC
 -----END PGP SIGNATURE-----

Merge tag 'v1.19.3' into release-v1.20.0

1.19.3

Synapse 1.19.3 (2020-09-18)
===========================

Bugfixes
--------

- Partially mitigate bug where newly joined servers couldn't get past
events in a room when there is a malformed event.
([\#8350](https://github.com/matrix-org/synapse/issues/8350))
2020-09-18 10:53:01 -04:00
Andrew Morgan 5b70acb44c 1.19.3 2020-09-18 15:00:07 +01:00
Patrick Cloke 7141057e85 1.20.0rc4 2020-09-16 08:54:30 -04:00
Patrick Cloke ab165994db Merge remote-tracking branch 'origin/master' into release-v1.20.0 2020-09-16 08:52:21 -04:00
Erik Johnston 5ffd68dca1 1.19.2 2020-09-16 13:37:03 +01:00
Patrick Cloke 08837bb58c Clarify changelog. 2020-09-11 08:21:57 -04:00
Patrick Cloke 2832ef5bb7 1.20.0rc3 2020-09-11 08:14:15 -04:00
Richard van der Hoff 536f4a2482 1.20.0rc2 2020-09-09 17:08:33 +01:00
Richard van der Hoff 6d01eb0c74 fix typo 2020-09-08 13:27:07 +01:00
Richard van der Hoff bbe2e6b38b s/fixes/fix/ 2020-09-08 13:05:06 +01:00
Richard van der Hoff 525efab612 1.20.0rc1 2020-09-08 12:58:37 +01:00
Brendan Abolivier 9cfc120233
Merge branch 'master' into develop 2020-08-27 11:01:21 +01:00
Brendan Abolivier eadfda3ebc 1.19.1 2020-08-27 10:50:39 +01:00
Brendan Abolivier 6e1c64a668 Synapse 1.19.1rc1 (2020-08-25)
==============================
 
 Bugfixes
 --------
 
 - Fix a bug introduced in v1.19.0 where appservices with ratelimiting disabled would still be ratelimited when joining rooms. ([\#8139](https://github.com/matrix-org/synapse/issues/8139))
 - Fix a bug introduced in v1.19.0 that would cause e.g. profile updates to fail due to incorrect application of rate limits on join requests. ([\#8153](https://github.com/matrix-org/synapse/issues/8153))
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEdVkXOgzrGzds0jtrHgFcFF8ZFs0FAl9FIKkACgkQHgFcFF8Z
 Fs3zIw/9H40ieb73Iay6ecQeOSfHiMVMzvJqYbKgho/a6h5JDHir+NGpwuLFdeGM
 eHR07QkQgUU9+dLNTMOQpCKTIsU70wvzH1vTDINS3ChjnRBdrHKqhAG6ZyEt1dJx
 kxYX54zsQUwiwshMKbJ+DPclHaBFnL+SY5OFfqCNjvaNob59DbHAL3tlSktPc2go
 tGmj81q0dWY6maMCGI3IIYcrW7oLi+4TwosZual5Hz/xgRBiGaKHXRIJnInvkXpl
 R+rSOmpYraapfDPHzPyQgLN4Dt7aAccGho843tt7dAVfd2GRSaUkLGXVXCdoruQG
 CRjY1P3BRBzRBx6o80Uw7Ah0hsoVgpJTSzY008KigJce+IiRWG5sgPjoubhfK0MA
 BqzmCa3/lrR+/WUOf4+w6HSfRncKawgAp7Y7wVj4nQF5fc8mwpFLz4pA/C2YOyjp
 nYXCHf60/KSBDhnr0ZRAhAby4MJoYSf03djFG1oef5SVzOzHD7zho9oBnEz15Tab
 XXkg1iJ7AhNFiQjsY4H1sl2onoF4T7B53NOnUEwD0oll+nXIYGe6hlNuq6x4j6l9
 39ZlMoe9zK28LoKKWa1RDug8z+PmarKRJ2zATlHIb2RGeVX+oFfaKVsIbJtupJVC
 8HSFt7gcgLCdUazk6taKpOHeVyGxK6WUkLnCMHzD2rzPhzpSyws=
 =0rHM
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEdVkXOgzrGzds0jtrHgFcFF8ZFs0FAl9FJK4ACgkQHgFcFF8Z
 Fs0O2xAAgxqCfAHylVuwunRppwV49Bvq6H0mMM29hYBogGB5cmh1vRnUm5GsPQt0
 9vTKlwMz6XKjLs3TLqYsnZfXqK+lyaN0xFXd7xWCNzFtEXoIvDnq+u3h5WGaKOC9
 PcXb2LSZoHC5yECBpoh58ZQEPKtYILEjo+OSDboIqHz4N5HSjMSPGPvMkUn6xMNG
 roWTAWKPd9juyE2dPzZxIoBWwJGn3D8EMkeTQDlExTTvmnDPyPvJ5MVUY/xaHLgy
 XV8lapFu/SzWAKotc5+9qkVN64obaxwovYTU9JnlqEc5+WlD+Jl+g0258Q1bV1H9
 341aQQJX08iYw3xw13xVgT0zLPRbp82O3/SHC3S1nz27HUWKXqUtsm6woDbgHIz5
 UPvKFQsp2dEN4tFXxkEHiossIVNGuXdRYwEjFQrxOwayCuS4cQwDADhqnzDU4hio
 LSVhtxs9rgLps4iKpcaRAqK8kifTrsomlQfh/7axPJQ43pmBR2PiItetlBW/9Le6
 KTH90ghLQzJwKFkIcFcvPhFMVqSyXI32+g5++YAPmNVy9M/7LdJxuEc9ifTWgwds
 LtV3/F8xlqd0qwl5IbwC6Wf19N06jdlRv/q1zL/Hb6qu3FLQeGd+/1aiC0rsbq15
 grdHVZkZi1iVF/zrOx24ctxQvgLyGHA+M7n/oIaIgxlT1S6+FUI=
 =49ZC
 -----END PGP SIGNATURE-----

Merge tag 'v1.19.1rc1' into develop

Synapse 1.19.1rc1 (2020-08-25)
==============================

Bugfixes
--------

- Fix a bug introduced in v1.19.0 where appservices with ratelimiting disabled would still be ratelimited when joining rooms. ([\#8139](https://github.com/matrix-org/synapse/issues/8139))
- Fix a bug introduced in v1.19.0 that would cause e.g. profile updates to fail due to incorrect application of rate limits on join requests. ([\#8153](https://github.com/matrix-org/synapse/issues/8153))
2020-08-25 15:48:11 +01:00
Brendan Abolivier 0a4e541dc5
Changelog fixes 2020-08-25 15:29:57 +01:00
Brendan Abolivier b79d69796c 1.19.1rc1 2020-08-25 15:24:39 +01:00
Andrew Morgan 5cf7c12995
Remove : from allowed client_secret chars (#8101)
Closes: https://github.com/matrix-org/synapse/issues/6766

Equivalent Sydent PR: https://github.com/matrix-org/sydent/pull/309

I believe it's now time to remove the extra allowed `:` from `client_secret` parameters.
2020-08-18 14:14:27 +01:00
Olivier Wilkinson (reivilibre) 3234d5c305 Changelog changes
Signed-off-by: Olivier Wilkinson (reivilibre) <olivier@librepush.net>
2020-08-17 14:21:20 +01:00
Olivier Wilkinson (reivilibre) ea4e4d2f0b 1.19.0 2020-08-17 14:12:46 +01:00
Olivier Wilkinson (reivilibre) 93848f3c89 More changelog tweaks
Signed-off-by: Olivier Wilkinson (reivilibre) <olivier@librepush.net>
2020-08-13 17:57:46 +01:00
Olivier Wilkinson (reivilibre) 4550b77312 More changelog tweaks
Signed-off-by: Olivier Wilkinson (reivilibre) <olivier@librepush.net>
2020-08-13 17:46:22 +01:00
Olivier Wilkinson (reivilibre) a69ba6f457 Remove unwanted changelog line
Signed-off-by: Olivier Wilkinson (reivilibre) <olivier@librepush.net>
2020-08-13 17:17:37 +01:00
Olivier Wilkinson (reivilibre) 091ca3910d 1.19.0rc1 2020-08-13 17:12:21 +01:00
Olivier Wilkinson (reivilibre) 320ef98852 Fix formatting of changelog and upgrade notes
Signed-off-by: Olivier Wilkinson (reivilibre) <olivier@librepush.net>
2020-07-30 11:59:11 +01:00
Olivier Wilkinson (reivilibre) fc0ef72d9c Add deprecation warnings
Signed-off-by: Olivier Wilkinson (reivilibre) <olivier@librepush.net>
2020-07-30 11:55:04 +01:00
Olivier Wilkinson (reivilibre) a9631b7b4b 1.18.0 2020-07-30 10:56:54 +01:00
Richard van der Hoff 7000a215e6 1.18.0rc2 2020-07-28 11:22:32 +01:00
Richard van der Hoff 7c2e2c2077 update changelog 2020-07-27 17:08:41 +01:00
Richard van der Hoff f88c48f3b8 1.18.0rc1 2020-07-27 16:57:40 +01:00
Richard van der Hoff 29df3d0e9f 1.17.0 2020-07-13 10:20:36 +01:00
Richard van der Hoff 8ccb7f08d9 Merge branch 'master' into release-v1.17.0 2020-07-10 18:38:18 +01:00
Richard van der Hoff e66e38bbd7 update changelog 2020-07-10 12:20:52 +01:00
Richard van der Hoff e6fbb0c121 fix changelog 2020-07-10 12:11:46 +01:00
Richard van der Hoff c9f7c683ae 1.16.1 2020-07-10 12:11:12 +01:00
Richard van der Hoff 43726783e4 1.17.0rc1 2020-07-09 16:53:19 +01:00
Richard van der Hoff e7f880ce7e shuffle changelog slightly 2020-07-08 11:09:28 +01:00
Richard van der Hoff 98894341e7 1.16.0 2020-07-08 11:03:55 +01:00
Patrick Cloke 6f238a7074 Fix a typo. 2020-07-02 11:14:28 -04:00
Patrick Cloke 1a76cdf8d4 Move 1.15.2 after 1.16.0rc2. 2020-07-02 11:14:00 -04:00
Patrick Cloke 1319e53251 1.16.0rc2 2020-07-02 11:06:35 -04:00
Patrick Cloke f2bcc6ecbf Merge branch 'master' into release-v1.16.0 2020-07-02 11:02:42 -04:00