MatrixSynapse/changelog.d
Sean Quah 4f4f27e57f
Mitigate a race where /make_join could 403 for restricted rooms (#15080)
Previously, when creating a join event in /make_join, we would decide
whether to include additional fields to satisfy restricted room checks
based on the current state of the room. Then, when building the event,
we would capture the forward extremities of the room to use as prev
events.

This is subject to race conditions. For example, when leaving and
rejoining a room, the following sequence of events leads to a misleading
403 response:
1. /make_join reads the current state of the room and sees that the user
   is still in the room. It decides to omit the field required for
   restricted room joins.
2. The leave event is persisted and the room's forward extremities are
   updated.
3. /make_join builds the event, using the post-leave forward extremities.
   The event then fails the restricted room checks.

To mitigate the race, we move the read of the forward extremities closer
to the read of the current state. Ideally, we would compute the state
based off the chosen prev events, but that can involve state resolution,
which is expensive.

Signed-off-by: Sean Quah <seanq@matrix.org>
2023-02-17 09:40:32 +00:00
..
.gitignore
13755.misc Return read-only collections from `@cached` methods (#13755) 2023-02-10 23:29:00 +00:00
13779.bugfix Prevent clients from reporting nonexistent events. (#13779) 2023-02-14 15:50:59 +00:00
14605.bugfix
14606.misc Faster joins: don't stall when a user joins during a fast join (#14606) 2023-02-10 23:31:05 +00:00
14675.misc
14742.misc Add check to ensure locked dependencies have source distributions available. (#14742) 2023-02-13 18:15:38 +00:00
14834.misc Tweak comment on `_is_local_room_accessible` as part of room visibility in `/hierarchy` to clarify the condition for a room being visible. (#14834) 2023-02-13 16:30:58 +00:00
14840.misc
14892.doc Document how to start Synapse with Poetry (#14892) 2023-02-16 18:20:02 +00:00
14929.misc Change collection[str] to StrCollection in event_auth code (#14929) 2023-02-14 09:37:08 +00:00
14959.doc
14964.feature Support for MSC3758: exact_event_match push condition (#14964) 2023-02-10 12:37:07 -05:00
14973.misc
14977.misc
14980.misc Skip calculating unread push actions in `/sync` when `enable_push` is false. (#14980) 2023-02-14 11:10:29 +00:00
14982.misc Make it easier to use DataGrip w/ Synapse's schema (#14982) 2023-02-15 13:51:37 +00:00
15004.feature
15008.misc
15020.misc
15022.doc
15026.misc
15027.misc
15028.misc
15031.misc
15033.misc
15034.feature Support for selecting the Redis logical database. (#15034) 2023-02-15 07:39:31 -05:00
15035.misc
15037.misc Update intentional mentions (MSC3952) to depend on `exact_event_match` (MSC3758). (#15037) 2023-02-16 09:51:22 -05:00
15038.bugfix
15040.misc
15041.misc
15042.feature
15043.misc Update pyo3-log to v0.8.1 (#15043) 2023-02-13 12:25:56 +00:00
15045.feature Implement MSC3966: Add a push rule condition to search for a value in an array. (#15045) 2023-02-14 14:02:19 -05:00
15047.misc
15052.misc Use mypy 1.0 (#15052) 2023-02-16 16:09:11 +00:00
15053.misc Refactor arguments of `try_unbind_threepid(_with_id_server)` from dict to separate args (#15053) 2023-02-13 12:12:48 +00:00
15054.misc Apply logging from hotfixes branch to develop (#15054) 2023-02-13 11:49:20 +00:00
15059.misc Bump bleach from 5.0.1 to 6.0.0 (#15059) 2023-02-13 09:18:07 +00:00
15060.misc Bump dtolnay/rust-toolchain from 9cd00a88a73addc8617065438eff914dd08d0955 to 25dc93b901a87e864900a8aec6c12e9aa794c0c3 (#15060) 2023-02-13 09:18:26 +00:00
15061.misc Bump systemd-python from 234 to 235 (#15061) 2023-02-13 09:18:50 +00:00
15062.misc Bump serde_json from 1.0.92 to 1.0.93 (#15062) 2023-02-13 09:19:18 +00:00
15063.misc Bump types-requests from 2.28.11.8 to 2.28.11.12 (#15063) 2023-02-13 09:19:28 +00:00
15064.misc Bump types-pillow from 9.4.0.5 to 9.4.0.10 (#15064) 2023-02-13 09:19:39 +00:00
15065.misc Bump sentry-sdk from 1.13.0 to 1.15.0 (#15065) 2023-02-13 09:19:56 +00:00
15068.bugfix Fix order of partial state tables when purging (#15068) 2023-02-14 23:42:29 +00:00
15069.misc Faster joins: Omit device list updates from partial state rooms in /sync (#15069) 2023-02-14 12:32:19 +00:00
15070.misc Fix clashing DB txn name (#15070) 2023-02-14 11:20:25 +00:00
15072.misc Add final type hint to tests.unittest. (#15072) 2023-02-14 14:03:35 -05:00
15073.feature Remove spurious `dont_notify` action from `.m.rule.reaction` (#15073) 2023-02-14 18:19:58 +00:00
15074.bugfix Fix federated joins when the first server in the list is not in the room (#15074) 2023-02-15 13:59:06 +00:00
15075.feature Update the error code for duplicate annotation (#15075) 2023-02-15 11:47:57 +00:00
15078.doc Fix a mistake in registration_shared_secret_path docs (#15078) 2023-02-15 19:51:58 +00:00
15080.bugfix Mitigate a race where /make_join could 403 for restricted rooms (#15080) 2023-02-17 09:40:32 +00:00