MirrorHub/synapse
0
0
Fork 1
mirror of https://mau.dev/maunium/synapse.git synced 2024-06-03 03:09:02 +02:00
Code Issues Projects Releases Wiki Activity
synapse/synapse/storage/databases/main
History
Erik Johnston 55b0aa847a Fix GHSA-3h7q-rfh9-xm4v 
Weakness in auth chain indexing allows DoS from remote room members
through disk fill and high CPU usage.

A remote Matrix user with malicious intent, sharing a room with Synapse
instances before 1.104.1, can dispatch specially crafted events to
exploit a weakness in how the auth chain cover index is calculated. This
can induce high CPU consumption and accumulate excessive data in the
database of such instances, resulting in a denial of service.

Servers in private federations, or those that do not federate, are not
affected.
2024-04-23 15:25:49 +01:00
..
__init__.py Add support for moving /push_rules off of main process (#17037) 2024-03-28 15:44:07 +00:00
account_data.py Correctly mention previous copyright (#16820) 2024-01-23 11:26:48 +00:00
appservice.py Correctly mention previous copyright (#16820) 2024-01-23 11:26:48 +00:00
cache.py Don't invalidate the entire event cache when we purge history (#16905) 2024-02-13 13:24:11 +00:00
censor_events.py Correctly mention previous copyright (#16820) 2024-01-23 11:26:48 +00:00
client_ips.py Correctly mention previous copyright (#16820) 2024-01-23 11:26:48 +00:00
deviceinbox.py Correctly mention previous copyright (#16820) 2024-01-23 11:26:48 +00:00
devices.py Bump black from 23.10.1 to 24.2.0 (#16936) 2024-03-13 16:46:44 +00:00
directory.py Correctly mention previous copyright (#16820) 2024-01-23 11:26:48 +00:00
e2e_room_keys.py Correctly mention previous copyright (#16820) 2024-01-23 11:26:48 +00:00
end_to_end_keys.py Bump black from 23.10.1 to 24.2.0 (#16936) 2024-03-13 16:46:44 +00:00
event_federation.py Refactor chain fetching (#17044) 2024-04-02 15:33:56 +01:00
event_push_actions.py Pull out fewer receipts from DB when doing push (#17049) 2024-04-05 12:46:34 +01:00
events.py Fix GHSA-3h7q-rfh9-xm4v 2024-04-23 15:25:49 +01:00
events_bg_updates.py Correctly mention previous copyright (#16820) 2024-01-23 11:26:48 +00:00
events_forward_extremities.py Correctly mention previous copyright (#16820) 2024-01-23 11:26:48 +00:00
events_worker.py Do not refuse to set read_marker if previous event_id is in wrong room (#16990) 2024-03-21 18:43:07 +00:00
experimental_features.py Correctly mention previous copyright (#16820) 2024-01-23 11:26:48 +00:00
filtering.py Correctly mention previous copyright (#16820) 2024-01-23 11:26:48 +00:00
keys.py Correctly mention previous copyright (#16820) 2024-01-23 11:26:48 +00:00
lock.py Bump black from 23.10.1 to 24.2.0 (#16936) 2024-03-13 16:46:44 +00:00
media_repository.py Bump black from 23.10.1 to 24.2.0 (#16936) 2024-03-13 16:46:44 +00:00
metrics.py Correctly mention previous copyright (#16820) 2024-01-23 11:26:48 +00:00
monthly_active_users.py Update license headers 2023-11-21 15:29:58 -05:00
openid.py Correctly mention previous copyright (#16820) 2024-01-23 11:26:48 +00:00
presence.py Correctly mention previous copyright (#16820) 2024-01-23 11:26:48 +00:00
profile.py Correctly mention previous copyright (#16820) 2024-01-23 11:26:48 +00:00
purge_events.py Correctly mention previous copyright (#16820) 2024-01-23 11:26:48 +00:00
push_rule.py Fixups to new push stream (#17038) 2024-03-28 16:29:23 +00:00
pusher.py Correctly mention previous copyright (#16820) 2024-01-23 11:26:48 +00:00
receipts.py Bump black from 23.10.1 to 24.2.0 (#16936) 2024-03-13 16:46:44 +00:00
registration.py Add forgotten schema delta (#17054) 2024-04-09 13:03:41 +01:00
rejections.py Correctly mention previous copyright (#16820) 2024-01-23 11:26:48 +00:00
relations.py Update license headers 2023-11-21 15:29:58 -05:00
room.py Correctly mention previous copyright (#16820) 2024-01-23 11:26:48 +00:00
roommember.py Fix reject knocks on deactivating account (#17010) 2024-03-21 18:05:54 +00:00
search.py Correctly mention previous copyright (#16820) 2024-01-23 11:26:48 +00:00
session.py Correctly mention previous copyright (#16820) 2024-01-23 11:26:48 +00:00
signatures.py Correctly mention previous copyright (#16820) 2024-01-23 11:26:48 +00:00
state.py Bump black from 23.10.1 to 24.2.0 (#16936) 2024-03-13 16:46:44 +00:00
state_deltas.py Correctly mention previous copyright (#16820) 2024-01-23 11:26:48 +00:00
stats.py Correctly mention previous copyright (#16820) 2024-01-23 11:26:48 +00:00
stream.py Bump black from 23.10.1 to 24.2.0 (#16936) 2024-03-13 16:46:44 +00:00
tags.py Correctly mention previous copyright (#16820) 2024-01-23 11:26:48 +00:00
task_scheduler.py Bump black from 23.10.1 to 24.2.0 (#16936) 2024-03-13 16:46:44 +00:00
transactions.py Ensure that pending to-device events are sent over federation at startup (#16925) 2024-03-22 13:24:11 +00:00
ui_auth.py Correctly mention previous copyright (#16820) 2024-01-23 11:26:48 +00:00
user_directory.py Bump black from 23.10.1 to 24.2.0 (#16936) 2024-03-13 16:46:44 +00:00
user_erasure_store.py Update license headers 2023-11-21 15:29:58 -05:00