Compare commits

...

7 Commits

Author SHA1 Message Date
Marcus Schopen d356588339
SAML: Document allowing a clock/time difference from IdP (#8731)
Updates the sample configuration with the pysaml2 configuration for
accepting clock skew/drift between the homeserver and IdP.
2020-11-18 07:36:28 -05:00
Erik Johnston b690542a34 Merge branch 'master' into develop 2020-11-18 12:13:38 +00:00
Erik Johnston 244bff4edd Update changelog 2020-11-18 12:04:08 +00:00
Erik Johnston 0285885bab Fix formatting in upgrades 2020-11-18 12:00:13 +00:00
Erik Johnston 59c8f4f0db Update changelog 2020-11-18 11:57:19 +00:00
Erik Johnston ef366720d5 1.23.0 2020-11-18 11:41:41 +00:00
Andrew Morgan c087f68053
Cap the version of prometheus_client to <v0.9.0 in the dockerfile (#8767)
Short-term fix for https://github.com/matrix-org/synapse/issues/8766.
2020-11-17 16:01:33 +00:00
9 changed files with 41 additions and 4 deletions

View File

@ -1,3 +1,16 @@
Synapse 1.23.0 (2020-11-18)
===========================
This release changes the way structured logging is configured. See the [upgrade notes](UPGRADE.rst#upgrading-to-v1230) for details.
**Note**: We are aware of a trivially exploitable denial of service vulnerability in versions of Synapse prior to 1.20.0. Complete details will be disclosed on Monday, November 23rd. If you have not upgraded recently, please do so.
Bugfixes
--------
- Fix a dependency versioning bug in the Dockerfile that prevented Synapse from starting. ([\#8767](https://github.com/matrix-org/synapse/issues/8767))
Synapse 1.23.0rc1 (2020-11-13) Synapse 1.23.0rc1 (2020-11-13)
============================== ==============================
@ -52,7 +65,7 @@ Internal Changes
---------------- ----------------
- Optimise `/createRoom` with multiple invited users. ([\#8559](https://github.com/matrix-org/synapse/issues/8559)) - Optimise `/createRoom` with multiple invited users. ([\#8559](https://github.com/matrix-org/synapse/issues/8559))
- Implement and use an @lru_cache decorator. ([\#8595](https://github.com/matrix-org/synapse/issues/8595)) - Implement and use an `@lru_cache` decorator. ([\#8595](https://github.com/matrix-org/synapse/issues/8595))
- Don't instansiate Requester directly. ([\#8614](https://github.com/matrix-org/synapse/issues/8614)) - Don't instansiate Requester directly. ([\#8614](https://github.com/matrix-org/synapse/issues/8614))
- Type hints for `RegistrationStore`. ([\#8615](https://github.com/matrix-org/synapse/issues/8615)) - Type hints for `RegistrationStore`. ([\#8615](https://github.com/matrix-org/synapse/issues/8615))
- Change schema to support access tokens belonging to one user but granting access to another. ([\#8616](https://github.com/matrix-org/synapse/issues/8616)) - Change schema to support access tokens belonging to one user but granting access to another. ([\#8616](https://github.com/matrix-org/synapse/issues/8616))

View File

@ -87,7 +87,7 @@ then it should be modified based on the `structured logging documentation
<https://github.com/matrix-org/synapse/blob/master/docs/structured_logging.md>`_. <https://github.com/matrix-org/synapse/blob/master/docs/structured_logging.md>`_.
The ``structured`` and ``drains`` logging options are now deprecated and should The ``structured`` and ``drains`` logging options are now deprecated and should
be replaced by standard logging configuration of ``handlers`` and ``formatters`. be replaced by standard logging configuration of ``handlers`` and ``formatters``.
A future will release of Synapse will make using ``structured: true`` an error. A future will release of Synapse will make using ``structured: true`` an error.

1
changelog.d/8731.misc Normal file
View File

@ -0,0 +1 @@
Add an example and documentation for clock skew to the SAML2 sample configuration to allow for clock/time difference between the homserver and IdP. Contributed by @localguru.

6
debian/changelog vendored
View File

@ -1,3 +1,9 @@
matrix-synapse-py3 (1.23.0) stable; urgency=medium
* New synapse release 1.23.0.
-- Synapse Packaging team <packages@matrix.org> Wed, 18 Nov 2020 11:41:28 +0000
matrix-synapse-py3 (1.22.1) stable; urgency=medium matrix-synapse-py3 (1.22.1) stable; urgency=medium
* New synapse release 1.22.1. * New synapse release 1.22.1.

View File

@ -36,7 +36,8 @@ RUN pip install --prefix="/install" --no-warn-script-location \
frozendict \ frozendict \
jaeger-client \ jaeger-client \
opentracing \ opentracing \
prometheus-client \ # Match the version constraints of Synapse
"prometheus_client>=0.4.0,<0.9.0" \
psycopg2 \ psycopg2 \
pycparser \ pycparser \
pyrsistent \ pyrsistent \

View File

@ -1546,6 +1546,12 @@ saml2_config:
# remote: # remote:
# - url: https://our_idp/metadata.xml # - url: https://our_idp/metadata.xml
# Allowed clock difference in seconds between the homeserver and IdP.
#
# Uncomment the below to increase the accepted time difference from 0 to 3 seconds.
#
#accepted_time_diff: 3
# By default, the user has to go to our login page first. If you'd like # By default, the user has to go to our login page first. If you'd like
# to allow IdP-initiated login, set 'allow_unsolicited: true' in a # to allow IdP-initiated login, set 'allow_unsolicited: true' in a
# 'service.sp' section: # 'service.sp' section:

View File

@ -48,7 +48,7 @@ try:
except ImportError: except ImportError:
pass pass
__version__ = "1.23.0rc1" __version__ = "1.23.0"
if bool(os.environ.get("SYNAPSE_TEST_PATCH_LOG_CONTEXTS", False)): if bool(os.environ.get("SYNAPSE_TEST_PATCH_LOG_CONTEXTS", False)):
# We import here so that we don't have to install a bunch of deps when # We import here so that we don't have to install a bunch of deps when

View File

@ -256,6 +256,12 @@ class SAML2Config(Config):
# remote: # remote:
# - url: https://our_idp/metadata.xml # - url: https://our_idp/metadata.xml
# Allowed clock difference in seconds between the homeserver and IdP.
#
# Uncomment the below to increase the accepted time difference from 0 to 3 seconds.
#
#accepted_time_diff: 3
# By default, the user has to go to our login page first. If you'd like # By default, the user has to go to our login page first. If you'd like
# to allow IdP-initiated login, set 'allow_unsolicited: true' in a # to allow IdP-initiated login, set 'allow_unsolicited: true' in a
# 'service.sp' section: # 'service.sp' section:

View File

@ -72,6 +72,10 @@ REQUIREMENTS = [
# prom-client has a history of breaking backwards compatibility between # prom-client has a history of breaking backwards compatibility between
# minor versions (https://github.com/prometheus/client_python/issues/317), # minor versions (https://github.com/prometheus/client_python/issues/317),
# so we also pin the minor version. # so we also pin the minor version.
#
# Note that we replicate these constraints in the Synapse Dockerfile while
# pre-installing dependencies. If these constraints are updated here, the
# same change should be made in the Dockerfile.
"prometheus_client>=0.4.0,<0.9.0", "prometheus_client>=0.4.0,<0.9.0",
# we use attr.validators.deep_iterable, which arrived in 19.1.0 (Note: # we use attr.validators.deep_iterable, which arrived in 19.1.0 (Note:
# Fedora 31 only has 19.1, so if we want to upgrade we should wait until 33 # Fedora 31 only has 19.1, so if we want to upgrade we should wait until 33