From fa6deb298ba5e56a000acfdccaf63ccfa8632805 Mon Sep 17 00:00:00 2001 From: Dan Callahan Date: Tue, 12 Jan 2021 14:15:04 +0000 Subject: [PATCH 1/8] Fix failures in Debian packaging (#9079) Debian package builds were failing for two reasons: 1. Python versions prior to 3.7 throw exceptions when attempting to print Unicode characters under a "C" locale. (#9076) 2. We depended on `dh-systemd` which no longer exists in Debian Bullseye, but is necessary in Ubuntu Xenial. (#9073) Setting `LANG="C.UTF-8"` in the build environment fixes the first issue. See also: https://bugs.python.org/issue19846 The second issue is a bit trickier. The dh-systemd package was merged into debhelper version 9.20160709 and a transitional package left in its wake. The transitional dh-systemd package was removed in Debian Bullseye. However, Ubuntu Xenial ships an older debhelper, and still needs dh-systemd. Thus, builds were failing on Bullseye since we depended on a package which had ceased existing, but we couldn't remove it from the debian/control file and our build scripts because we still needed it for Ubuntu Xenial. We can fix the debian/control issue by listing dh-systemd as an alternative to the newer versions of debhelper. Since dh-systemd declares that it depends on debhelper, Ubuntu Xenial will select its older dh-systemd which will in turn pull in its older debhelper, resulting in no change from the status quo. All other supported releases will satisfy the debhelper dependency constraint and skip the dh-systemd alternative. Build scripts were fixed by unconditionally attempting to install dh-systemd on all releases and suppressing failures. Once we drop support for Ubuntu Xenial, we can revert most of this commit and rely on the version constraint on debhelper in debian/control. Fixes #9076 Fixes #9073 Signed-off-by: Dan Callahan --- debian/changelog | 7 +++++++ debian/control | 6 ++++-- docker/Dockerfile-dhvirtualenv | 12 ++++++++++-- 3 files changed, 21 insertions(+), 4 deletions(-) diff --git a/debian/changelog b/debian/changelog index 6b819d201..601036ef5 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +matrix-synapse-py3 (1.24.0+nmu1) UNRELEASED; urgency=medium + + * Update dependencies to account for the removal of the transitional + dh-systemd package from Debian Bullseye. + + -- Dan Callahan Tue, 12 Jan 2021 12:08:33 +0000 + matrix-synapse-py3 (1.24.0) stable; urgency=medium * New synapse release 1.24.0. diff --git a/debian/control b/debian/control index bae14b41e..b10401be4 100644 --- a/debian/control +++ b/debian/control @@ -3,9 +3,11 @@ Section: contrib/python Priority: extra Maintainer: Synapse Packaging team # keep this list in sync with the build dependencies in docker/Dockerfile-dhvirtualenv. +# TODO: Remove the dependency on dh-systemd after dropping support for Ubuntu xenial +# On all other supported releases, it's merely a transitional package which +# does nothing but depends on debhelper (> 9.20160709) Build-Depends: - debhelper (>= 9), - dh-systemd, + debhelper (>= 9.20160709) | dh-systemd, dh-virtualenv (>= 1.1), libsystemd-dev, libpq-dev, diff --git a/docker/Dockerfile-dhvirtualenv b/docker/Dockerfile-dhvirtualenv index 2b7f01f7f..e52929380 100644 --- a/docker/Dockerfile-dhvirtualenv +++ b/docker/Dockerfile-dhvirtualenv @@ -50,17 +50,22 @@ FROM ${distro} ARG distro="" ENV distro ${distro} +# Python < 3.7 assumes LANG="C" means ASCII-only and throws on printing unicode +# http://bugs.python.org/issue19846 +ENV LANG C.UTF-8 + # Install the build dependencies # # NB: keep this list in sync with the list of build-deps in debian/control # TODO: it would be nice to do that automatically. +# TODO: Remove the dh-systemd stanza after dropping support for Ubuntu xenial +# it's a transitional package on all other, more recent releases RUN apt-get update -qq -o Acquire::Languages=none \ && env DEBIAN_FRONTEND=noninteractive apt-get install \ -yqq --no-install-recommends -o Dpkg::Options::=--force-unsafe-io \ build-essential \ debhelper \ devscripts \ - dh-systemd \ libsystemd-dev \ lsb-release \ pkg-config \ @@ -70,7 +75,10 @@ RUN apt-get update -qq -o Acquire::Languages=none \ python3-venv \ sqlite3 \ libpq-dev \ - xmlsec1 + xmlsec1 \ + && ( env DEBIAN_FRONTEND=noninteractive apt-get install \ + -yqq --no-install-recommends -o Dpkg::Options::=--force-unsafe-io \ + dh-systemd || true ) COPY --from=builder /dh-virtualenv_1.2~dev-1_all.deb / From e385c8b4734b95c0738d6f4022d7bbb1621167db Mon Sep 17 00:00:00 2001 From: Marcus Date: Tue, 12 Jan 2021 18:20:30 +0100 Subject: [PATCH 2/8] Don't apply the IP range blacklist to proxy connections (#9084) It is expected that the proxy would be on a private IP address so the configured proxy should be connected to regardless of the IP range blacklist. --- changelog.d/9084.bugfix | 1 + synapse/http/client.py | 1 + synapse/http/proxyagent.py | 16 ++++- tests/http/test_proxyagent.py | 130 ++++++++++++++++++++++++++++++++++ 4 files changed, 145 insertions(+), 3 deletions(-) create mode 100644 changelog.d/9084.bugfix diff --git a/changelog.d/9084.bugfix b/changelog.d/9084.bugfix new file mode 100644 index 000000000..415dd8b25 --- /dev/null +++ b/changelog.d/9084.bugfix @@ -0,0 +1 @@ +Don't blacklist connections to the configured proxy. Contributed by @Bubu. diff --git a/synapse/http/client.py b/synapse/http/client.py index 29f40ddf5..5f74ee114 100644 --- a/synapse/http/client.py +++ b/synapse/http/client.py @@ -341,6 +341,7 @@ class SimpleHttpClient: self.agent = ProxyAgent( self.reactor, + hs.get_reactor(), connectTimeout=15, contextFactory=self.hs.get_http_client_context_factory(), pool=pool, diff --git a/synapse/http/proxyagent.py b/synapse/http/proxyagent.py index e32d3f43e..b730d2c63 100644 --- a/synapse/http/proxyagent.py +++ b/synapse/http/proxyagent.py @@ -39,6 +39,10 @@ class ProxyAgent(_AgentBase): reactor: twisted reactor to place outgoing connections. + proxy_reactor: twisted reactor to use for connections to the proxy server + reactor might have some blacklisting applied (i.e. for DNS queries), + but we need unblocked access to the proxy. + contextFactory (IPolicyForHTTPS): A factory for TLS contexts, to control the verification parameters of OpenSSL. The default is to use a `BrowserLikePolicyForHTTPS`, so unless you have special @@ -59,6 +63,7 @@ class ProxyAgent(_AgentBase): def __init__( self, reactor, + proxy_reactor=None, contextFactory=BrowserLikePolicyForHTTPS(), connectTimeout=None, bindAddress=None, @@ -68,6 +73,11 @@ class ProxyAgent(_AgentBase): ): _AgentBase.__init__(self, reactor, pool) + if proxy_reactor is None: + self.proxy_reactor = reactor + else: + self.proxy_reactor = proxy_reactor + self._endpoint_kwargs = {} if connectTimeout is not None: self._endpoint_kwargs["timeout"] = connectTimeout @@ -75,11 +85,11 @@ class ProxyAgent(_AgentBase): self._endpoint_kwargs["bindAddress"] = bindAddress self.http_proxy_endpoint = _http_proxy_endpoint( - http_proxy, reactor, **self._endpoint_kwargs + http_proxy, self.proxy_reactor, **self._endpoint_kwargs ) self.https_proxy_endpoint = _http_proxy_endpoint( - https_proxy, reactor, **self._endpoint_kwargs + https_proxy, self.proxy_reactor, **self._endpoint_kwargs ) self._policy_for_https = contextFactory @@ -137,7 +147,7 @@ class ProxyAgent(_AgentBase): request_path = uri elif parsed_uri.scheme == b"https" and self.https_proxy_endpoint: endpoint = HTTPConnectProxyEndpoint( - self._reactor, + self.proxy_reactor, self.https_proxy_endpoint, parsed_uri.host, parsed_uri.port, diff --git a/tests/http/test_proxyagent.py b/tests/http/test_proxyagent.py index 22abf7651..9a56e1c14 100644 --- a/tests/http/test_proxyagent.py +++ b/tests/http/test_proxyagent.py @@ -15,12 +15,14 @@ import logging import treq +from netaddr import IPSet from twisted.internet import interfaces # noqa: F401 from twisted.internet.protocol import Factory from twisted.protocols.tls import TLSMemoryBIOFactory from twisted.web.http import HTTPChannel +from synapse.http.client import BlacklistingReactorWrapper from synapse.http.proxyagent import ProxyAgent from tests.http import TestServerTLSConnectionFactory, get_test_https_policy @@ -292,6 +294,134 @@ class MatrixFederationAgentTests(TestCase): body = self.successResultOf(treq.content(resp)) self.assertEqual(body, b"result") + def test_http_request_via_proxy_with_blacklist(self): + # The blacklist includes the configured proxy IP. + agent = ProxyAgent( + BlacklistingReactorWrapper( + self.reactor, ip_whitelist=None, ip_blacklist=IPSet(["1.0.0.0/8"]) + ), + self.reactor, + http_proxy=b"proxy.com:8888", + ) + + self.reactor.lookups["proxy.com"] = "1.2.3.5" + d = agent.request(b"GET", b"http://test.com") + + # there should be a pending TCP connection + clients = self.reactor.tcpClients + self.assertEqual(len(clients), 1) + (host, port, client_factory, _timeout, _bindAddress) = clients[0] + self.assertEqual(host, "1.2.3.5") + self.assertEqual(port, 8888) + + # make a test server, and wire up the client + http_server = self._make_connection( + client_factory, _get_test_protocol_factory() + ) + + # the FakeTransport is async, so we need to pump the reactor + self.reactor.advance(0) + + # now there should be a pending request + self.assertEqual(len(http_server.requests), 1) + + request = http_server.requests[0] + self.assertEqual(request.method, b"GET") + self.assertEqual(request.path, b"http://test.com") + self.assertEqual(request.requestHeaders.getRawHeaders(b"host"), [b"test.com"]) + request.write(b"result") + request.finish() + + self.reactor.advance(0) + + resp = self.successResultOf(d) + body = self.successResultOf(treq.content(resp)) + self.assertEqual(body, b"result") + + def test_https_request_via_proxy_with_blacklist(self): + # The blacklist includes the configured proxy IP. + agent = ProxyAgent( + BlacklistingReactorWrapper( + self.reactor, ip_whitelist=None, ip_blacklist=IPSet(["1.0.0.0/8"]) + ), + self.reactor, + contextFactory=get_test_https_policy(), + https_proxy=b"proxy.com", + ) + + self.reactor.lookups["proxy.com"] = "1.2.3.5" + d = agent.request(b"GET", b"https://test.com/abc") + + # there should be a pending TCP connection + clients = self.reactor.tcpClients + self.assertEqual(len(clients), 1) + (host, port, client_factory, _timeout, _bindAddress) = clients[0] + self.assertEqual(host, "1.2.3.5") + self.assertEqual(port, 1080) + + # make a test HTTP server, and wire up the client + proxy_server = self._make_connection( + client_factory, _get_test_protocol_factory() + ) + + # fish the transports back out so that we can do the old switcheroo + s2c_transport = proxy_server.transport + client_protocol = s2c_transport.other + c2s_transport = client_protocol.transport + + # the FakeTransport is async, so we need to pump the reactor + self.reactor.advance(0) + + # now there should be a pending CONNECT request + self.assertEqual(len(proxy_server.requests), 1) + + request = proxy_server.requests[0] + self.assertEqual(request.method, b"CONNECT") + self.assertEqual(request.path, b"test.com:443") + + # tell the proxy server not to close the connection + proxy_server.persistent = True + + # this just stops the http Request trying to do a chunked response + # request.setHeader(b"Content-Length", b"0") + request.finish() + + # now we can replace the proxy channel with a new, SSL-wrapped HTTP channel + ssl_factory = _wrap_server_factory_for_tls(_get_test_protocol_factory()) + ssl_protocol = ssl_factory.buildProtocol(None) + http_server = ssl_protocol.wrappedProtocol + + ssl_protocol.makeConnection( + FakeTransport(client_protocol, self.reactor, ssl_protocol) + ) + c2s_transport.other = ssl_protocol + + self.reactor.advance(0) + + server_name = ssl_protocol._tlsConnection.get_servername() + expected_sni = b"test.com" + self.assertEqual( + server_name, + expected_sni, + "Expected SNI %s but got %s" % (expected_sni, server_name), + ) + + # now there should be a pending request + self.assertEqual(len(http_server.requests), 1) + + request = http_server.requests[0] + self.assertEqual(request.method, b"GET") + self.assertEqual(request.path, b"/abc") + self.assertEqual(request.requestHeaders.getRawHeaders(b"host"), [b"test.com"]) + request.write(b"result") + request.finish() + + self.reactor.advance(0) + + resp = self.successResultOf(d) + body = self.successResultOf(treq.content(resp)) + self.assertEqual(body, b"result") + def _wrap_server_factory_for_tls(factory, sanlist=None): """Wrap an existing Protocol Factory with a test TLSMemoryBIOFactory From 6d91e6ca5f75720b5d594fc960b1208ddd50e148 Mon Sep 17 00:00:00 2001 From: Dan Callahan Date: Tue, 12 Jan 2021 20:11:15 +0000 Subject: [PATCH 3/8] Announce Python / PostgreSQL deprecation policies (#9085) Fixes #8782 --- CHANGES.md | 28 ++++++++++++++++++++++++++++ UPGRADE.rst | 22 ++++++++++++++++++++++ 2 files changed, 50 insertions(+) diff --git a/CHANGES.md b/CHANGES.md index 2aebe92ca..9135c4f71 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -1,3 +1,31 @@ +Synapse 1.25.0 (2021-01-13) +============================== + +Ending Support for Python 3.5 and Postgres 9.5 +---------------------------------------------- + +With this release, the Synapse team is announcing a formal deprecation policy for our platform dependencies, like Python and PostgreSQL: + +All future releases of Synapse will follow the upstream end-of-life schedules. + +Which means: + +* This is the last release which guarantees support for Python 3.5. +* We will end support for PostgreSQL 9.5 early next month. +* We will end support for Python 3.6 and PostgreSQL 9.6 near the end of the year. + +Crucially, this means __we will not produce .deb packages for Debian 9 (Stretch) or Ubuntu 16.04 (Xenial)__ beyond the transition period described below. + +The website https://endoflife.date/ has convenient summaries of the support schedules for projects like [Python](https://endoflife.date/python) and [PostgreSQL](https://endoflife.date/postgresql). + +If you are unable to upgrade your environment to a supported version of Python or Postgres, we encourage you to consider using the [Synapse Docker images](../INSTALL.md#docker-images-and-ansible-playbooks) instead. + +### Transition Period + +We will make a good faith attempt to avoid breaking compatibility in all releases through the end of March 2021. However, critical security vulnerabilities in dependencies or other unanticipated circumstances may arise which necessitate breaking compatibility earlier. + +We intend to continue producing .deb packages for Debian 9 (Stretch) and Ubuntu 16.04 (Xenial) through the transition period. + Synapse 1.25.0rc1 (2021-01-06) ============================== diff --git a/UPGRADE.rst b/UPGRADE.rst index 54a40bd42..f750d17da 100644 --- a/UPGRADE.rst +++ b/UPGRADE.rst @@ -5,6 +5,16 @@ Before upgrading check if any special steps are required to upgrade from the version you currently have installed to the current version of Synapse. The extra instructions that may be required are listed later in this document. +* Check that your versions of Python and PostgreSQL are still supported. + + Synapse follows upstream lifecycles for `Python`_ and `PostgreSQL`_, and + removes support for versions which are no longer maintained. + + The website https://endoflife.date also offers convenient summaries. + + .. _Python: https://devguide.python.org/devcycle/#end-of-life-branches + .. _PostgreSQL: https://www.postgresql.org/support/versioning/ + * If Synapse was installed using `prebuilt packages `_, you will need to follow the normal process for upgrading those packages. @@ -78,6 +88,18 @@ for example: Upgrading to v1.25.0 ==================== +Last release supporting Python 3.5 +---------------------------------- + +This is the last release of Synapse which guarantees support with Python 3.5, +which passed its upstream End of Life date several months ago. + +We will attempt to maintain support through March 2021, but without guarantees. + +In the future, Synapse will follow upstream schedules for ending support of +older versions of Python and PostgreSQL. Please upgrade to at least Python 3.6 +and PostgreSQL 9.6 as soon as possible. + Blacklisting IP ranges ---------------------- From 3dd6ba135ea37655b70b4099d9c3e0cadada9e1d Mon Sep 17 00:00:00 2001 From: Erik Johnston Date: Wed, 13 Jan 2021 10:19:12 +0000 Subject: [PATCH 4/8] 1.25.0 --- CHANGES.md | 9 +++++++++ changelog.d/9084.bugfix | 1 - debian/changelog | 8 ++++++-- synapse/__init__.py | 2 +- 4 files changed, 16 insertions(+), 4 deletions(-) delete mode 100644 changelog.d/9084.bugfix diff --git a/CHANGES.md b/CHANGES.md index 9135c4f71..aaded5bd2 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -1,3 +1,12 @@ +Synapse 1.25.0 (2021-01-13) +=========================== + +Bugfixes +-------- + +- Fix HTTP proxy support when using a proxy that is on a blacklisted IP. Introduced in v1.25.0rc1. Contributed by @Bubu. ([\#9084](https://github.com/matrix-org/synapse/issues/9084)) + + Synapse 1.25.0 (2021-01-13) ============================== diff --git a/changelog.d/9084.bugfix b/changelog.d/9084.bugfix deleted file mode 100644 index 415dd8b25..000000000 --- a/changelog.d/9084.bugfix +++ /dev/null @@ -1 +0,0 @@ -Don't blacklist connections to the configured proxy. Contributed by @Bubu. diff --git a/debian/changelog b/debian/changelog index 601036ef5..609436bf7 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,9 +1,13 @@ -matrix-synapse-py3 (1.24.0+nmu1) UNRELEASED; urgency=medium +matrix-synapse-py3 (1.25.0) stable; urgency=medium + [ Dan Callahan ] * Update dependencies to account for the removal of the transitional dh-systemd package from Debian Bullseye. - -- Dan Callahan Tue, 12 Jan 2021 12:08:33 +0000 + [ Synapse Packaging team ] + * New synapse release 1.25.0. + + -- Synapse Packaging team Wed, 13 Jan 2021 10:14:55 +0000 matrix-synapse-py3 (1.24.0) stable; urgency=medium diff --git a/synapse/__init__.py b/synapse/__init__.py index 99fb67574..193adca62 100644 --- a/synapse/__init__.py +++ b/synapse/__init__.py @@ -48,7 +48,7 @@ try: except ImportError: pass -__version__ = "1.25.0rc1" +__version__ = "1.25.0" if bool(os.environ.get("SYNAPSE_TEST_PATCH_LOG_CONTEXTS", False)): # We import here so that we don't have to install a bunch of deps when From 429c339de8ba988088eacf9143f6e1c6de431efe Mon Sep 17 00:00:00 2001 From: Erik Johnston Date: Wed, 13 Jan 2021 10:23:16 +0000 Subject: [PATCH 5/8] Fixup changelog --- CHANGES.md | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index aaded5bd2..583a391ba 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -1,15 +1,6 @@ Synapse 1.25.0 (2021-01-13) =========================== -Bugfixes --------- - -- Fix HTTP proxy support when using a proxy that is on a blacklisted IP. Introduced in v1.25.0rc1. Contributed by @Bubu. ([\#9084](https://github.com/matrix-org/synapse/issues/9084)) - - -Synapse 1.25.0 (2021-01-13) -============================== - Ending Support for Python 3.5 and Postgres 9.5 ---------------------------------------------- @@ -35,6 +26,12 @@ We will make a good faith attempt to avoid breaking compatibility in all release We intend to continue producing .deb packages for Debian 9 (Stretch) and Ubuntu 16.04 (Xenial) through the transition period. +Bugfixes +-------- + +- Fix HTTP proxy support when using a proxy that is on a blacklisted IP. Introduced in v1.25.0rc1. Contributed by @Bubu. ([\#9084](https://github.com/matrix-org/synapse/issues/9084)) + + Synapse 1.25.0rc1 (2021-01-06) ============================== From f7478d5cc6ef91c210d866378474b7dab6d5d623 Mon Sep 17 00:00:00 2001 From: Erik Johnston Date: Wed, 13 Jan 2021 10:26:20 +0000 Subject: [PATCH 6/8] Fix link in changelog --- CHANGES.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGES.md b/CHANGES.md index 583a391ba..ff5a6d257 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -18,7 +18,7 @@ Crucially, this means __we will not produce .deb packages for Debian 9 (Stretch) The website https://endoflife.date/ has convenient summaries of the support schedules for projects like [Python](https://endoflife.date/python) and [PostgreSQL](https://endoflife.date/postgresql). -If you are unable to upgrade your environment to a supported version of Python or Postgres, we encourage you to consider using the [Synapse Docker images](../INSTALL.md#docker-images-and-ansible-playbooks) instead. +If you are unable to upgrade your environment to a supported version of Python or Postgres, we encourage you to consider using the [Synapse Docker images](./INSTALL.md#docker-images-and-ansible-playbooks) instead. ### Transition Period From 891c925b8806726aa87d71de8258646983776632 Mon Sep 17 00:00:00 2001 From: Erik Johnston Date: Wed, 13 Jan 2021 10:28:03 +0000 Subject: [PATCH 7/8] Link to GH profile and fix tense --- CHANGES.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGES.md b/CHANGES.md index ff5a6d257..653e1a6ed 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -95,7 +95,7 @@ Improved Documentation - Combine related media admin API docs. ([\#8839](https://github.com/matrix-org/synapse/issues/8839)) - Fix an error in the documentation for the SAML username mapping provider. ([\#8873](https://github.com/matrix-org/synapse/issues/8873)) - Clarify comments around template directories in `sample_config.yaml`. ([\#8891](https://github.com/matrix-org/synapse/issues/8891)) -- Moved instructions for database setup, adjusted heading levels and improved syntax highlighting in [INSTALL.md](../INSTALL.md). Contributed by fossterer. ([\#8987](https://github.com/matrix-org/synapse/issues/8987)) +- Move instructions for database setup, adjusted heading levels and improved syntax highlighting in [INSTALL.md](../INSTALL.md). Contributed by @fossterer. ([\#8987](https://github.com/matrix-org/synapse/issues/8987)) - Update the example value of `group_creation_prefix` in the sample configuration. ([\#8992](https://github.com/matrix-org/synapse/issues/8992)) - Link the Synapse developer room to the development section in the docs. ([\#9002](https://github.com/matrix-org/synapse/issues/9002)) From ebd534b58d9d53dc5086a9dd9cb176868c7b93ef Mon Sep 17 00:00:00 2001 From: Erik Johnston Date: Wed, 13 Jan 2021 10:31:23 +0000 Subject: [PATCH 8/8] Move removal warning up changelog --- CHANGES.md | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 653e1a6ed..db11de0e8 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -26,15 +26,6 @@ We will make a good faith attempt to avoid breaking compatibility in all release We intend to continue producing .deb packages for Debian 9 (Stretch) and Ubuntu 16.04 (Xenial) through the transition period. -Bugfixes --------- - -- Fix HTTP proxy support when using a proxy that is on a blacklisted IP. Introduced in v1.25.0rc1. Contributed by @Bubu. ([\#9084](https://github.com/matrix-org/synapse/issues/9084)) - - -Synapse 1.25.0rc1 (2021-01-06) -============================== - Removal warning --------------- @@ -46,6 +37,15 @@ are deprecated and will be removed in a future release. They will be replaced by `POST /_synapse/admin/v1/rooms//delete` replaces `POST /_synapse/admin/v1/purge_room` and `POST /_synapse/admin/v1/shutdown_room/`. +Bugfixes +-------- + +- Fix HTTP proxy support when using a proxy that is on a blacklisted IP. Introduced in v1.25.0rc1. Contributed by @Bubu. ([\#9084](https://github.com/matrix-org/synapse/issues/9084)) + + +Synapse 1.25.0rc1 (2021-01-06) +============================== + Features --------