MirrorHub
/
synapse
mirror of https://mau.dev/maunium/synapse.git
0
0
Fork 1
Code Issues Projects Releases Wiki Activity
synapse/tests
History
Erik Johnston 55b0aa847a Fix GHSA-3h7q-rfh9-xm4v 
Weakness in auth chain indexing allows DoS from remote room members
through disk fill and high CPU usage.

A remote Matrix user with malicious intent, sharing a room with Synapse
instances before 1.104.1, can dispatch specially crafted events to
exploit a weakness in how the auth chain cover index is calculated. This
can induce high CPU consumption and accumulate excessive data in the
database of such instances, resulting in a denial of service.

Servers in private federations, or those that do not federate, are not
affected.
 		2024-04-23 15:25:49 +01:00
..
api Specify IP subnet literals in canonical form (#16953) 2024-03-19 17:19:12 +00:00
app Correctly mention previous copyright (#16820) 2024-01-23 11:26:48 +00:00
appservice Correctly mention previous copyright (#16820) 2024-01-23 11:26:48 +00:00
config Correctly mention previous copyright (#16820) 2024-01-23 11:26:48 +00:00
crypto Correctly mention previous copyright (#16820) 2024-01-23 11:26:48 +00:00
events Correctly mention previous copyright (#16820) 2024-01-23 11:26:48 +00:00
federation Correctly mention previous copyright (#16820) 2024-01-23 11:26:48 +00:00
handlers Also check if first event matches the last in prev batch (#17066) 2024-04-09 14:01:12 +00:00
http Correctly mention previous copyright (#16820) 2024-01-23 11:26:48 +00:00
logging Correctly mention previous copyright (#16820) 2024-01-23 11:26:48 +00:00
media Correctly mention previous copyright (#16820) 2024-01-23 11:26:48 +00:00
metrics Correctly mention previous copyright (#16820) 2024-01-23 11:26:48 +00:00
module_api Correctly mention previous copyright (#16820) 2024-01-23 11:26:48 +00:00
push Correctly mention previous copyright (#16820) 2024-01-23 11:26:48 +00:00
replication Bump black from 23.10.1 to 24.2.0 (#16936) 2024-03-13 16:46:44 +00:00
rest Stabliize support for MSC3981: recurse /relations (#17023) 2024-04-09 17:11:08 +01:00
scripts Update license headers 2023-11-21 15:29:58 -05:00
server_notices Update license headers 2023-11-21 15:29:58 -05:00
state Update license headers 2023-11-21 15:29:58 -05:00
storage Fix GHSA-3h7q-rfh9-xm4v 2024-04-23 15:25:49 +01:00
test_utils Correctly mention previous copyright (#16820) 2024-01-23 11:26:48 +00:00
types Use immutabledict instead of frozendict (#15113) 2023-03-22 17:15:34 +00:00
util Bump black from 23.10.1 to 24.2.0 (#16936) 2024-03-13 16:46:44 +00:00
__init__.py Correctly mention previous copyright (#16820) 2024-01-23 11:26:48 +00:00
server.py Patch the db conn pool sooner in tests (#17017) 2024-03-21 17:48:16 +00:00
test_distributor.py Correctly mention previous copyright (#16820) 2024-01-23 11:26:48 +00:00
test_event_auth.py Correctly mention previous copyright (#16820) 2024-01-23 11:26:48 +00:00
test_federation.py Correctly mention previous copyright (#16820) 2024-01-23 11:26:48 +00:00
test_mau.py Update license headers 2023-11-21 15:29:58 -05:00
test_phone_home.py Correctly mention previous copyright (#16820) 2024-01-23 11:26:48 +00:00
test_rust.py Add missing type hints to tests. (#15027) 2023-02-08 19:52:37 +00:00
test_server.py Update license headers 2023-11-21 15:29:58 -05:00
test_state.py Correctly mention previous copyright (#16820) 2024-01-23 11:26:48 +00:00
test_terms_auth.py Update license headers 2023-11-21 15:29:58 -05:00
test_test_utils.py Correctly mention previous copyright (#16820) 2024-01-23 11:26:48 +00:00
test_types.py Correctly mention previous copyright (#16820) 2024-01-23 11:26:48 +00:00
test_visibility.py Update license headers 2023-11-21 15:29:58 -05:00
unittest.py Bump black from 23.10.1 to 24.2.0 (#16936) 2024-03-13 16:46:44 +00:00
utils.py Improve lock performance when a lot of locks are waiting (#16840) 2024-03-14 13:49:54 +00:00