Update matrixdotorg/synapse Docker tag to v1.85.2 #32

Merged
jake merged 1 commit from renovate/matrixdotorg-synapse-1.x into master 2023-06-17 15:42:24 +01:00
Collaborator

This PR contains the following updates:

Package Update Change
matrixdotorg/synapse minor v1.84.1 -> v1.85.2

Release Notes

matrix-org/synapse

v1.85.2

Compare Source

Synapse 1.85.2 (2023-06-08)

Bugfixes

  • Fix regression where using TLS for HTTP replication between workers did not work. Introduced in v1.85.0. (#​15746)

v1.85.1

Compare Source

Synapse 1.85.1 (2023-06-07)

Note: this release only fixes a bug that stopped some deployments from upgrading to v1.85.0. There is no need to upgrade to v1.85.1 if successfully running v1.85.0.

Bugfixes

  • Fix bug in schema delta that broke upgrades for some deployments. Introduced in v1.85.0. (#​15738, #​15739)

v1.85.0

Compare Source

Synapse 1.85.0 (2023-06-06)

No significant changes since 1.85.0rc2.

Security advisory

The following issues are fixed in 1.85.0 (and RCs).

  • GHSA-26c5-ppr8-f33p / CVE-2023-32682 — Low Severity

    It may be possible for a deactivated user to login when using uncommon configurations.

  • GHSA-98px-6486-j7qc / CVE-2023-32683 — Low Severity

    A discovered oEmbed or image URL can bypass the url_preview_url_blacklist setting potentially allowing server side request forgery or bypassing network policies. Impact is limited to IP addresses allowed by the url_preview_ip_range_blacklist setting (by default this only allows public IPs).

See the advisories for more details. If you have any questions, email security@matrix.org.

Synapse 1.85.0rc2 (2023-06-01)

Bugfixes

  • Fix a performance issue introduced in Synapse v1.83.0 which meant that purging rooms was very slow and database-intensive. (#​15693)

Deprecations and Removals

  • Deprecate calling the /register endpoint with an unspecced user property for application services. (#​15703)

Internal Changes

  • Speed up background jobs populate_full_user_id_user_filters and populate_full_user_id_profiles. (#​15700)

Synapse 1.85.0rc1 (2023-05-30)

Features

Bugfixes

  • Fix a long-standing bug where setting the read marker could fail when using message retention. Contributed by Nick @​ Beeper (@​fizzadar). (#​15464)
  • Fix a long-standing bug where the url_preview_url_blacklist configuration setting was not applied to oEmbed or image URLs found while previewing a URL. (#​15601)
  • Fix a long-standing bug where filters with multiple backslashes were rejected. (#​15607)
  • Fix a bug introduced in Synapse 1.82.0 where the error message displayed when validation of the app_service_config_files config option fails would be incorrectly formatted. (#​15614)
  • Fix a long-standing bug where deactivated users were still able to login using the custom org.matrix.login.jwt login type (if enabled). (#​15624)
  • Fix a long-standing bug where deactivated users were able to login in uncommon situations. (#​15634)

Improved Documentation

  • Warn users that at least 3.75GB of space is needed for the nix Synapse development environment. (#​15613)
  • Remove outdated comment from the generated and sample homeserver log configs. (#​15648)
  • Improve contributor docs to make it more clear that Rust is a necessary prerequisite. Contributed by @​grantm. (#​15668)

Deprecations and Removals

  • Remove the old version of the R30 (30-day retained users) phone-home metric. (#​10428)

Internal Changes

  • Create dependabot changelogs at release time. (#​15481)
  • Add not null constraint to column full_user_id of tables profiles and user_filters. (#​15537)
  • Allow connecting to HTTP Replication Endpoints by using worker_name when constructing the request. (#​15578)
  • Make the thread_id column on event_push_actions, event_push_actions_staging, and event_push_summary non-null. (#​15597)
  • Run mypy type checking with the minimum supported Python version to catch new usage that isn't backwards-compatible. (#​15602)
  • Fix subscriptable type usage in Python <3.9. (#​15604)
  • Update internal terminology. (#​15606, #​15620)
  • Instrument state and state_group storage-related operations to better picture what's happening when tracing. (#​15610, #​15647)
  • Trace how many new events from the backfill response we need to process. (#​15633)
  • Re-type config paths in ConfigErrors to be StrSequences instead of Iterable[str]s. (#​15615)
  • Update Mutual Rooms (MSC2666) implementation to match new proposal text. (#​15621)
  • Remove the unstable identifiers from faster joins (MSC3706). (#​15625)
  • Fix the olddeps CI. (#​15626)
  • Remove duplicate timestamp from test logs (_trial_temp/test.log). (#​15636)
  • Fix two memory leaks in trial test runs. (#​15630)
  • Limit the size of the HomeServerConfig cache in trial test runs. (#​15646)
  • Improve type hints. (#​15658, #​15659)
  • Add requesting user id parameter to key claim methods in TransportLayerClient. (#​15663)
  • Speed up rebuilding of the user directory for local users. (#​15665)
  • Implement "option 2" for MSC3820: Room version 11. (#​15666, #​15678)
Updates to locked dependencies
  • Bump furo from 2023.3.27 to 2023.5.20. (#​15642)
  • Bump log from 0.4.17 to 0.4.18. (#​15681)
  • Bump prometheus-client from 0.16.0 to 0.17.0. (#​15682)
  • Bump pydantic from 1.10.7 to 1.10.8. (#​15685)
  • Bump pygithub from 1.58.1 to 1.58.2. (#​15643)
  • Bump requests from 2.28.2 to 2.31.0. (#​15651)
  • Bump sphinx from 6.1.3 to 6.2.1. (#​15641)
  • Bump types-bleach from 6.0.0.1 to 6.0.0.3. (#​15686)
  • Bump types-pillow from 9.5.0.2 to 9.5.0.4. (#​15640)
  • Bump types-pyyaml from 6.0.12.9 to 6.0.12.10. (#​15683)
  • Bump types-requests from 2.30.0.0 to 2.31.0.0. (#​15684)
  • Bump types-setuptools from 67.7.0.2 to 67.8.0.0. (#​15639)

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Update | Change | |---|---|---| | [matrixdotorg/synapse](https://github.com/matrix-org/synapse) | minor | `v1.84.1` -> `v1.85.2` | --- ### Release Notes <details> <summary>matrix-org/synapse</summary> ### [`v1.85.2`](https://github.com/matrix-org/synapse/releases/tag/v1.85.2) [Compare Source](https://github.com/matrix-org/synapse/compare/v1.85.1...v1.85.2) # Synapse 1.85.2 (2023-06-08) ## Bugfixes - Fix regression where using TLS for HTTP replication between workers did not work. Introduced in v1.85.0. ([#&#8203;15746](https://github.com/matrix-org/synapse/issues/15746)) ### [`v1.85.1`](https://github.com/matrix-org/synapse/releases/tag/v1.85.1) [Compare Source](https://github.com/matrix-org/synapse/compare/v1.85.0...v1.85.1) # Synapse 1.85.1 (2023-06-07) Note: this release only fixes a bug that stopped some deployments from upgrading to v1.85.0. There is no need to upgrade to v1.85.1 if successfully running v1.85.0. ## Bugfixes - Fix bug in schema delta that broke upgrades for some deployments. Introduced in v1.85.0. ([#&#8203;15738](https://github.com/matrix-org/synapse/issues/15738), [#&#8203;15739](https://github.com/matrix-org/synapse/issues/15739)) ### [`v1.85.0`](https://github.com/matrix-org/synapse/releases/tag/v1.85.0) [Compare Source](https://github.com/matrix-org/synapse/compare/v1.84.1...v1.85.0) # Synapse 1.85.0 (2023-06-06) No significant changes since 1.85.0rc2. #### Security advisory The following issues are fixed in 1.85.0 (and RCs). - [GHSA-26c5-ppr8-f33p](https://github.com/matrix-org/synapse/security/advisories/GHSA-26c5-ppr8-f33p) / [CVE-2023-32682](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32682) — Low Severity It may be possible for a deactivated user to login when using uncommon configurations. - [GHSA-98px-6486-j7qc](https://github.com/matrix-org/synapse/security/advisories/GHSA-98px-6486-j7qc) / [CVE-2023-32683](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32683) — Low Severity A discovered oEmbed or image URL can bypass the `url_preview_url_blacklist` setting potentially allowing server side request forgery or bypassing network policies. Impact is limited to IP addresses allowed by the `url_preview_ip_range_blacklist` setting (by default this only allows public IPs). See the advisories for more details. If you have any questions, email security@matrix.org. # Synapse 1.85.0rc2 (2023-06-01) ## Bugfixes - Fix a performance issue introduced in Synapse v1.83.0 which meant that purging rooms was very slow and database-intensive. ([#&#8203;15693](https://github.com/matrix-org/synapse/issues/15693)) ## Deprecations and Removals - Deprecate calling the `/register` endpoint with an unspecced `user` property for application services. ([#&#8203;15703](https://github.com/matrix-org/synapse/issues/15703)) ## Internal Changes - Speed up background jobs `populate_full_user_id_user_filters` and `populate_full_user_id_profiles`. ([#&#8203;15700](https://github.com/matrix-org/synapse/issues/15700)) # Synapse 1.85.0rc1 (2023-05-30) ## Features - Improve performance of backfill requests by performing backfill of previously failed requests in the background. ([#&#8203;15585](https://github.com/matrix-org/synapse/issues/15585)) - Add a new [admin API](https://matrix-org.github.io/synapse/v1.85/usage/administration/admin_api/index.html) to [create a new device for a user](https://matrix-org.github.io/synapse/v1.85/admin_api/user_admin_api.html#create-a-device). ([#&#8203;15611](https://github.com/matrix-org/synapse/issues/15611)) - Add Unix socket support for Redis connections. Contributed by Jason Little. ([#&#8203;15644](https://github.com/matrix-org/synapse/issues/15644)) ## Bugfixes - Fix a long-standing bug where setting the read marker could fail when using message retention. Contributed by Nick @&#8203; Beeper ([@&#8203;fizzadar](https://github.com/fizzadar)). ([#&#8203;15464](https://github.com/matrix-org/synapse/issues/15464)) - Fix a long-standing bug where the `url_preview_url_blacklist` configuration setting was not applied to oEmbed or image URLs found while previewing a URL. ([#&#8203;15601](https://github.com/matrix-org/synapse/issues/15601)) - Fix a long-standing bug where filters with multiple backslashes were rejected. ([#&#8203;15607](https://github.com/matrix-org/synapse/issues/15607)) - Fix a bug introduced in Synapse 1.82.0 where the error message displayed when validation of the `app_service_config_files` config option fails would be incorrectly formatted. ([#&#8203;15614](https://github.com/matrix-org/synapse/issues/15614)) - Fix a long-standing bug where deactivated users were still able to login using the custom `org.matrix.login.jwt` login type (if enabled). ([#&#8203;15624](https://github.com/matrix-org/synapse/issues/15624)) - Fix a long-standing bug where deactivated users were able to login in uncommon situations. ([#&#8203;15634](https://github.com/matrix-org/synapse/issues/15634)) ## Improved Documentation - Warn users that at least 3.75GB of space is needed for the nix Synapse development environment. ([#&#8203;15613](https://github.com/matrix-org/synapse/issues/15613)) - Remove outdated comment from the generated and sample homeserver log configs. ([#&#8203;15648](https://github.com/matrix-org/synapse/issues/15648)) - Improve contributor docs to make it more clear that Rust is a necessary prerequisite. Contributed by [@&#8203;grantm](https://github.com/grantm). ([#&#8203;15668](https://github.com/matrix-org/synapse/issues/15668)) ## Deprecations and Removals - Remove the old version of the R30 (30-day retained users) phone-home metric. ([#&#8203;10428](https://github.com/matrix-org/synapse/issues/10428)) ## Internal Changes - Create dependabot changelogs at release time. ([#&#8203;15481](https://github.com/matrix-org/synapse/issues/15481)) - Add not null constraint to column `full_user_id` of tables `profiles` and `user_filters`. ([#&#8203;15537](https://github.com/matrix-org/synapse/issues/15537)) - Allow connecting to HTTP Replication Endpoints by using `worker_name` when constructing the request. ([#&#8203;15578](https://github.com/matrix-org/synapse/issues/15578)) - Make the `thread_id` column on `event_push_actions`, `event_push_actions_staging`, and `event_push_summary` non-null. ([#&#8203;15597](https://github.com/matrix-org/synapse/issues/15597)) - Run mypy type checking with the minimum supported Python version to catch new usage that isn't backwards-compatible. ([#&#8203;15602](https://github.com/matrix-org/synapse/issues/15602)) - Fix subscriptable type usage in Python <3.9. ([#&#8203;15604](https://github.com/matrix-org/synapse/issues/15604)) - Update internal terminology. ([#&#8203;15606](https://github.com/matrix-org/synapse/issues/15606), [#&#8203;15620](https://github.com/matrix-org/synapse/issues/15620)) - Instrument `state` and `state_group` storage-related operations to better picture what's happening when tracing. ([#&#8203;15610](https://github.com/matrix-org/synapse/issues/15610), [#&#8203;15647](https://github.com/matrix-org/synapse/issues/15647)) - Trace how many new events from the backfill response we need to process. ([#&#8203;15633](https://github.com/matrix-org/synapse/issues/15633)) - Re-type config paths in `ConfigError`s to be `StrSequence`s instead of `Iterable[str]`s. ([#&#8203;15615](https://github.com/matrix-org/synapse/issues/15615)) - Update Mutual Rooms ([MSC2666](https://github.com/matrix-org/matrix-spec-proposals/pull/2666)) implementation to match new proposal text. ([#&#8203;15621](https://github.com/matrix-org/synapse/issues/15621)) - Remove the unstable identifiers from faster joins ([MSC3706](https://github.com/matrix-org/matrix-spec-proposals/pull/3706)). ([#&#8203;15625](https://github.com/matrix-org/synapse/issues/15625)) - Fix the olddeps CI. ([#&#8203;15626](https://github.com/matrix-org/synapse/issues/15626)) - Remove duplicate timestamp from test logs (`_trial_temp/test.log`). ([#&#8203;15636](https://github.com/matrix-org/synapse/issues/15636)) - Fix two memory leaks in `trial` test runs. ([#&#8203;15630](https://github.com/matrix-org/synapse/issues/15630)) - Limit the size of the `HomeServerConfig` cache in trial test runs. ([#&#8203;15646](https://github.com/matrix-org/synapse/issues/15646)) - Improve type hints. ([#&#8203;15658](https://github.com/matrix-org/synapse/issues/15658), [#&#8203;15659](https://github.com/matrix-org/synapse/issues/15659)) - Add requesting user id parameter to key claim methods in `TransportLayerClient`. ([#&#8203;15663](https://github.com/matrix-org/synapse/issues/15663)) - Speed up rebuilding of the user directory for local users. ([#&#8203;15665](https://github.com/matrix-org/synapse/issues/15665)) - Implement "option 2" for [MSC3820](https://github.com/matrix-org/matrix-spec-proposals/pull/3820): Room version 11. ([#&#8203;15666](https://github.com/matrix-org/synapse/issues/15666), [#&#8203;15678](https://github.com/matrix-org/synapse/issues/15678)) ##### Updates to locked dependencies - Bump furo from 2023.3.27 to 2023.5.20. ([#&#8203;15642](https://github.com/matrix-org/synapse/issues/15642)) - Bump log from 0.4.17 to 0.4.18. ([#&#8203;15681](https://github.com/matrix-org/synapse/issues/15681)) - Bump prometheus-client from 0.16.0 to 0.17.0. ([#&#8203;15682](https://github.com/matrix-org/synapse/issues/15682)) - Bump pydantic from 1.10.7 to 1.10.8. ([#&#8203;15685](https://github.com/matrix-org/synapse/issues/15685)) - Bump pygithub from 1.58.1 to 1.58.2. ([#&#8203;15643](https://github.com/matrix-org/synapse/issues/15643)) - Bump requests from 2.28.2 to 2.31.0. ([#&#8203;15651](https://github.com/matrix-org/synapse/issues/15651)) - Bump sphinx from 6.1.3 to 6.2.1. ([#&#8203;15641](https://github.com/matrix-org/synapse/issues/15641)) - Bump types-bleach from 6.0.0.1 to 6.0.0.3. ([#&#8203;15686](https://github.com/matrix-org/synapse/issues/15686)) - Bump types-pillow from 9.5.0.2 to 9.5.0.4. ([#&#8203;15640](https://github.com/matrix-org/synapse/issues/15640)) - Bump types-pyyaml from 6.0.12.9 to 6.0.12.10. ([#&#8203;15683](https://github.com/matrix-org/synapse/issues/15683)) - Bump types-requests from 2.30.0.0 to 2.31.0.0. ([#&#8203;15684](https://github.com/matrix-org/synapse/issues/15684)) - Bump types-setuptools from 67.7.0.2 to 67.8.0.0. ([#&#8203;15639](https://github.com/matrix-org/synapse/issues/15639)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNS4xMTAuMSIsInVwZGF0ZWRJblZlciI6IjM1LjExMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIn0=-->
renovate force-pushed renovate/matrixdotorg-synapse-1.x from 88bccb6a67 to 583cc175bd 2023-06-07 14:00:30 +01:00 Compare
renovate changed title from Update matrixdotorg/synapse Docker tag to v1.85.0 to Update matrixdotorg/synapse Docker tag to v1.85.1 2023-06-07 14:00:41 +01:00
renovate force-pushed renovate/matrixdotorg-synapse-1.x from 583cc175bd to bd44a4adc0 2023-06-08 14:00:33 +01:00 Compare
renovate changed title from Update matrixdotorg/synapse Docker tag to v1.85.1 to Update matrixdotorg/synapse Docker tag to v1.85.2 2023-06-08 14:00:41 +01:00
jake merged commit 4d3aa3d67c into master 2023-06-17 15:42:24 +01:00
jake deleted branch renovate/matrixdotorg-synapse-1.x 2023-06-17 15:42:25 +01:00
Sign in to join this conversation.
No reviewers
No labels
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: systems/infrastructure#32
No description provided.