MirrorHub/synapse
0
0
Fork 1
mirror of https://mau.dev/maunium/synapse.git synced 2024-06-28 23:48:19 +02:00
Code Issues Projects Releases Wiki Activity
synapse/changelog.d
History
Eric Eastwood db868db594
Fix access token leak to logs from proxyagent (#13855) 
This can happen specifically with an application service `/transactions/10722?access_token=leaked` request

Fix https://github.com/matrix-org/synapse/issues/13010

---

Saw an example leak in https://github.com/matrix-org/synapse/issues/13423#issuecomment-1205348482

```
2022-08-04 14:47:57,925 - synapse.http.client - 401 - DEBUG - as-sender-signal-1 - Sending request PUT http://localhost:29328/transactions/10722?access_token=<redacted>
2022-08-04 14:47:57,926 - synapse.http.proxyagent - 223 - DEBUG - as-sender-signal-1 - Requesting b'http://localhost:29328/transactions/10722?access_token=leaked' via <HostnameEndpoint localhost:29328>
```
2022-09-23 11:49:39 -05:00
..
.gitignore Correct attrs package name in requirements (#3492) 2018-07-07 10:46:59 +10:00
13667.feature Add cache invalidation across workers to module API (#13667) 2022-09-21 15:32:01 +02:00
13722.feature Implementation of MSC3882 login token request (#13722) 2022-09-21 15:12:29 +00:00
13768.misc Port the push rule classes to Rust. (#13768) 2022-09-20 12:10:31 +01:00
13772.doc Add worker_main_http_uri to the contrib bash script (#13772) 2022-09-21 15:58:46 +01:00
13782.feature Accept & store thread IDs for receipts (implement MSC3771). (#13782) 2022-09-23 14:33:28 +00:00
13792.misc Generate separate snapshots for logical databases (#13792) 2022-09-20 14:14:12 +01:00
13799.feature Support enabling/disabling pushers (from MSC3881) (#13799) 2022-09-21 14:39:01 +00:00
13809.misc Improve the synapse.api.auth.Auth mock used in unit tests. (#13809) 2022-09-21 12:40:34 +00:00
13823.misc Faster Remote Room Joins: tell remote homeservers that we are unable to authorise them if they query a room which has partial state on our server. (#13823) 2022-09-23 11:47:16 +01:00
13831.feature Track device IDs for pushers (#13831) 2022-09-21 15:31:53 +00:00
13832.feature Last batch of Pydantic for synapse/rest/client/account.py (#13832) 2022-09-21 22:23:44 +01:00
13836.doc Correct documentation for map_user_attributes of OpenID Mapping Providers (#13836) 2022-09-21 13:08:16 +00:00
13840.bugfix Properly paginate forward in the /relations API. (#13840) 2022-09-22 12:47:49 +00:00
13843.removal Remove the complete_sso_login method from the Module API which was deprecated in Synapse 1.13.0. (#13843) 2022-09-20 15:18:07 +02:00
13850.misc Fix the release script not publishing binary wheels. (#13850) 2022-09-21 09:43:08 +00:00
13855.bugfix Fix access token leak to logs from proxyagent (#13855) 2022-09-23 11:49:39 -05:00
13859.misc Raise issue if complement fails with latest deps (#13859) 2022-09-22 17:33:37 +01:00
13860.feature Add version flag for MSC3881 (#13860) 2022-09-21 18:18:44 +02:00
13870.doc Fix the cross-link from register admin API to config docs. (#13870) 2022-09-22 09:11:50 -04:00
13874.misc Send device list updates out to servers in partially joined rooms (#13874) 2022-09-23 13:44:03 +01:00
13876.misc Add comments to the Prometheus recording rules to make it clear which set of rules you need for Grafana or Prometheus Console. (#13876) 2022-09-23 11:46:45 +01:00
13889.misc Update Cargo.lock file. (#13889) 2022-09-23 11:59:39 -04:00