mirror of
https://mau.dev/maunium/synapse.git
synced 2024-12-14 07:53:47 +01:00
Merge branch 'master' into develop
This commit is contained in:
commit
adfc9cb53d
4 changed files with 58 additions and 2 deletions
46
CHANGES.md
46
CHANGES.md
|
@ -1,3 +1,49 @@
|
||||||
|
Synapse 1.24.0 (2020-12-09)
|
||||||
|
===========================
|
||||||
|
|
||||||
|
Due to the two security issues highlighted below, server administrators are
|
||||||
|
encouraged to update Synapse. We are not aware of these vulnerabilities being
|
||||||
|
exploited in the wild.
|
||||||
|
|
||||||
|
Security advisory
|
||||||
|
-----------------
|
||||||
|
|
||||||
|
The following issues are fixed in v1.23.1 and v1.24.0.
|
||||||
|
|
||||||
|
- There is a denial of service attack
|
||||||
|
([CVE-2020-26257](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26257))
|
||||||
|
against the federation APIs in which future events will not be correctly sent
|
||||||
|
to other servers over federation. This affects all servers that participate in
|
||||||
|
open federation. (Fixed in [#8776](https://github.com/matrix-org/synapse/pull/8776)).
|
||||||
|
|
||||||
|
- Synapse may be affected by OpenSSL
|
||||||
|
[CVE-2020-1971](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1971).
|
||||||
|
Synapse administrators should ensure that they have the latest versions of
|
||||||
|
the cryptography Python package installed.
|
||||||
|
|
||||||
|
To upgrade Synapse along with the cryptography package:
|
||||||
|
|
||||||
|
* Administrators using the [`matrix.org` Docker
|
||||||
|
image](https://hub.docker.com/r/matrixdotorg/synapse/) or the [Debian/Ubuntu
|
||||||
|
packages from
|
||||||
|
`matrix.org`](https://github.com/matrix-org/synapse/blob/master/INSTALL.md#matrixorg-packages)
|
||||||
|
should ensure that they have version 1.24.0 or 1.23.1 installed: these images include
|
||||||
|
the updated packages.
|
||||||
|
* Administrators who have [installed Synapse from
|
||||||
|
source](https://github.com/matrix-org/synapse/blob/master/INSTALL.md#installing-from-source)
|
||||||
|
should upgrade the cryptography package within their virtualenv by running:
|
||||||
|
```sh
|
||||||
|
<path_to_virtualenv>/bin/pip install 'cryptography>=3.3'
|
||||||
|
```
|
||||||
|
* Administrators who have installed Synapse from distribution packages should
|
||||||
|
consult the information from their distributions.
|
||||||
|
|
||||||
|
Internal Changes
|
||||||
|
----------------
|
||||||
|
|
||||||
|
- Add a maximum version for pysaml2 on Python 3.5. ([\#8898](https://github.com/matrix-org/synapse/issues/8898))
|
||||||
|
|
||||||
|
|
||||||
Synapse 1.24.0rc2 (2020-12-04)
|
Synapse 1.24.0rc2 (2020-12-04)
|
||||||
==============================
|
==============================
|
||||||
|
|
||||||
|
|
6
debian/changelog
vendored
6
debian/changelog
vendored
|
@ -1,3 +1,9 @@
|
||||||
|
matrix-synapse-py3 (1.24.0) stable; urgency=medium
|
||||||
|
|
||||||
|
* New synapse release 1.24.0.
|
||||||
|
|
||||||
|
-- Synapse Packaging team <packages@matrix.org> Wed, 09 Dec 2020 10:14:30 +0000
|
||||||
|
|
||||||
matrix-synapse-py3 (1.23.0) stable; urgency=medium
|
matrix-synapse-py3 (1.23.0) stable; urgency=medium
|
||||||
|
|
||||||
* New synapse release 1.23.0.
|
* New synapse release 1.23.0.
|
||||||
|
|
|
@ -48,7 +48,7 @@ try:
|
||||||
except ImportError:
|
except ImportError:
|
||||||
pass
|
pass
|
||||||
|
|
||||||
__version__ = "1.24.0rc2"
|
__version__ = "1.24.0"
|
||||||
|
|
||||||
if bool(os.environ.get("SYNAPSE_TEST_PATCH_LOG_CONTEXTS", False)):
|
if bool(os.environ.get("SYNAPSE_TEST_PATCH_LOG_CONTEXTS", False)):
|
||||||
# We import here so that we don't have to install a bunch of deps when
|
# We import here so that we don't have to install a bunch of deps when
|
||||||
|
|
|
@ -96,7 +96,11 @@ CONDITIONAL_REQUIREMENTS = {
|
||||||
# python 3.5.2, as per https://github.com/itamarst/eliot/issues/418
|
# python 3.5.2, as per https://github.com/itamarst/eliot/issues/418
|
||||||
'eliot<1.8.0;python_version<"3.5.3"',
|
'eliot<1.8.0;python_version<"3.5.3"',
|
||||||
],
|
],
|
||||||
"saml2": ["pysaml2>=4.5.0"],
|
"saml2": [
|
||||||
|
# pysaml2 6.4.0 is incompatible with Python 3.5 (see https://github.com/IdentityPython/pysaml2/issues/749)
|
||||||
|
"pysaml2>=4.5.0,<6.4.0;python_version<'3.6'",
|
||||||
|
"pysaml2>=4.5.0;python_version>='3.6'",
|
||||||
|
],
|
||||||
"oidc": ["authlib>=0.14.0"],
|
"oidc": ["authlib>=0.14.0"],
|
||||||
"systemd": ["systemd-python>=231"],
|
"systemd": ["systemd-python>=231"],
|
||||||
"url_preview": ["lxml>=3.5.0"],
|
"url_preview": ["lxml>=3.5.0"],
|
||||||
|
|
Loading…
Reference in a new issue