From ec9331f85145aadb227e1030cf3de20ffe9a336c Mon Sep 17 00:00:00 2001 From: Matthew Hodgson Date: Fri, 8 Apr 2016 18:54:18 +0100 Subject: [PATCH] Add doc --- README.rst | 16 +++++++++++++++- UPGRADE.rst | 8 ++++++++ 2 files changed, 23 insertions(+), 1 deletion(-) diff --git a/README.rst b/README.rst index 6136e0c1f..9d0124492 100644 --- a/README.rst +++ b/README.rst @@ -104,7 +104,7 @@ Installing prerequisites on Ubuntu or Debian:: sudo apt-get install build-essential python2.7-dev libffi-dev \ python-pip python-setuptools sqlite3 \ - libssl-dev python-virtualenv libjpeg-dev + libssl-dev python-virtualenv libjpeg-dev libxslt1-dev Installing prerequisites on ArchLinux:: @@ -557,6 +557,20 @@ as the primary means of identity and E2E encryption is not complete. As such, we are running a single identity server (https://matrix.org) at the current time. + +URL Previews +============ + +Synapse 0.15.0 introduces an experimental new API for previewing URLs at +/_matrix/media/r0/preview_url. This is disabled by default. To turn it on +you must enable the `url_preview_enabled: True` config parameter and explicitly +specify the IP ranges that Synapse is not allowed to spider for previewing in +the `url_preview_ip_range_blacklist` configuration parameter. This is critical +from a security perspective to stop arbitrary Matrix users spidering 'internal' +URLs on your network. At the very least we recommend that your loopback and +RFC1918 IP addresses are blacklisted. + + Password reset ============== diff --git a/UPGRADE.rst b/UPGRADE.rst index 4f08cbb96..554bed2be 100644 --- a/UPGRADE.rst +++ b/UPGRADE.rst @@ -30,6 +30,14 @@ running: python synapse/python_dependencies.py | xargs -n1 pip install +Upgrading to v0.15.0 +==================== + +If you want to use the new URL previewing API (/_matrix/media/r0/preview_url) +then you have to explicitly enable it in the config and install the optional +dependencies. See README.rst for details. + + Upgrading to v0.11.0 ====================