systems/infrastructure
1
Fork 0
Code Issues 1 Pull requests 17 Activity Actions

Update matrixdotorg/synapse Docker tag to v1.85.2 #32

Merged
jake merged 1 commit from renovate/matrixdotorg-synapse-1.x into master 2023-06-17 15:42:24 +01:00
Conversation 0 Commits 1 Files changed 1 +1 -1
renovate commented 2023-06-06 12:00:39 +01:00
Collaborator
Copy link

This PR contains the following updates:

Package Update Change
matrixdotorg/synapse minor v1.84.1 -> v1.85.2

Release Notes

matrix-org/synapse

v1.85.2

Compare Source

Synapse 1.85.2 (2023-06-08)

Bugfixes

  • Fix regression where using TLS for HTTP replication between workers did not work. Introduced in v1.85.0. (#​15746)

v1.85.1

Compare Source

Synapse 1.85.1 (2023-06-07)

Note: this release only fixes a bug that stopped some deployments from upgrading to v1.85.0. There is no need to upgrade to v1.85.1 if successfully running v1.85.0.

Bugfixes

  • Fix bug in schema delta that broke upgrades for some deployments. Introduced in v1.85.0. (#​15738, #​15739)

v1.85.0

Compare Source

Synapse 1.85.0 (2023-06-06)

No significant changes since 1.85.0rc2.

Security advisory

The following issues are fixed in 1.85.0 (and RCs).

  • GHSA-26c5-ppr8-f33p / CVE-2023-32682 — Low Severity

    It may be possible for a deactivated user to login when using uncommon configurations.

  • GHSA-98px-6486-j7qc / CVE-2023-32683 — Low Severity

    A discovered oEmbed or image URL can bypass the url_preview_url_blacklist setting potentially allowing server side request forgery or bypassing network policies. Impact is limited to IP addresses allowed by the url_preview_ip_range_blacklist setting (by default this only allows public IPs).

See the advisories for more details. If you have any questions, email security@matrix.org.

Synapse 1.85.0rc2 (2023-06-01)

Bugfixes

  • Fix a performance issue introduced in Synapse v1.83.0 which meant that purging rooms was very slow and database-intensive. (#​15693)

Deprecations and Removals

  • Deprecate calling the /register endpoint with an unspecced user property for application services. (#​15703)

Internal Changes

  • Speed up background jobs populate_full_user_id_user_filters and populate_full_user_id_profiles. (#​15700)

Synapse 1.85.0rc1 (2023-05-30)

Features

Bugfixes

  • Fix a long-standing bug where setting the read marker could fail when using message retention. Contributed by Nick @​ Beeper (@​fizzadar). (#​15464)
  • Fix a long-standing bug where the url_preview_url_blacklist configuration setting was not applied to oEmbed or image URLs found while previewing a URL. (#​15601)
  • Fix a long-standing bug where filters with multiple backslashes were rejected. (#​15607)
  • Fix a bug introduced in Synapse 1.82.0 where the error message displayed when validation of the app_service_config_files config option fails would be incorrectly formatted. (#​15614)
  • Fix a long-standing bug where deactivated users were still able to login using the custom org.matrix.login.jwt login type (if enabled). (#​15624)
  • Fix a long-standing bug where deactivated users were able to login in uncommon situations. (#​15634)

Improved Documentation

  • Warn users that at least 3.75GB of space is needed for the nix Synapse development environment. (#​15613)
  • Remove outdated comment from the generated and sample homeserver log configs. (#​15648)
  • Improve contributor docs to make it more clear that Rust is a necessary prerequisite. Contributed by @​grantm. (#​15668)

Deprecations and Removals

  • Remove the old version of the R30 (30-day retained users) phone-home metric. (#​10428)

Internal Changes

  • Create dependabot changelogs at release time. (#​15481)
  • Add not null constraint to column full_user_id of tables profiles and user_filters. (#​15537)
  • Allow connecting to HTTP Replication Endpoints by using worker_name when constructing the request. (#​15578)
  • Make the thread_id column on event_push_actions, event_push_actions_staging, and event_push_summary non-null. (#​15597)
  • Run mypy type checking with the minimum supported Python version to catch new usage that isn't backwards-compatible. (#​15602)
  • Fix subscriptable type usage in Python <3.9. (#​15604)
  • Update internal terminology. (#​15606, #​15620)
  • Instrument state and state_group storage-related operations to better picture what's happening when tracing. (#​15610, #​15647)
  • Trace how many new events from the backfill response we need to process. (#​15633)
  • Re-type config paths in ConfigErrors to be StrSequences instead of Iterable[str]s. (#​15615)
  • Update Mutual Rooms (MSC2666) implementation to match new proposal text. (#​15621)
  • Remove the unstable identifiers from faster joins (MSC3706). (#​15625)
  • Fix the olddeps CI. (#​15626)
  • Remove duplicate timestamp from test logs (_trial_temp/test.log). (#​15636)
  • Fix two memory leaks in trial test runs. (#​15630)
  • Limit the size of the HomeServerConfig cache in trial test runs. (#​15646)
  • Improve type hints. (#​15658, #​15659)
  • Add requesting user id parameter to key claim methods in TransportLayerClient. (#​15663)
  • Speed up rebuilding of the user directory for local users. (#​15665)
  • Implement "option 2" for MSC3820: Room version 11. (#​15666, #​15678)
Updates to locked dependencies
  • Bump furo from 2023.3.27 to 2023.5.20. (#​15642)
  • Bump log from 0.4.17 to 0.4.18. (#​15681)
  • Bump prometheus-client from 0.16.0 to 0.17.0. (#​15682)
  • Bump pydantic from 1.10.7 to 1.10.8. (#​15685)
  • Bump pygithub from 1.58.1 to 1.58.2. (#​15643)
  • Bump requests from 2.28.2 to 2.31.0. (#​15651)
  • Bump sphinx from 6.1.3 to 6.2.1. (#​15641)
  • Bump types-bleach from 6.0.0.1 to 6.0.0.3. (#​15686)
  • Bump types-pillow from 9.5.0.2 to 9.5.0.4. (#​15640)
  • Bump types-pyyaml from 6.0.12.9 to 6.0.12.10. (#​15683)
  • Bump types-requests from 2.30.0.0 to 2.31.0.0. (#​15684)
  • Bump types-setuptools from 67.7.0.2 to 67.8.0.0. (#​15639)

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Update | Change | |---|---|---| | [matrixdotorg/synapse](https://github.com/matrix-org/synapse) | minor | `v1.84.1` -> `v1.85.2` | --- ### Release Notes <details> <summary>matrix-org/synapse</summary> ### [`v1.85.2`](https://github.com/matrix-org/synapse/releases/tag/v1.85.2) [Compare Source](https://github.com/matrix-org/synapse/compare/v1.85.1...v1.85.2) # Synapse 1.85.2 (2023-06-08) ## Bugfixes - Fix regression where using TLS for HTTP replication between workers did not work. Introduced in v1.85.0. ([#&#8203;15746](https://github.com/matrix-org/synapse/issues/15746)) ### [`v1.85.1`](https://github.com/matrix-org/synapse/releases/tag/v1.85.1) [Compare Source](https://github.com/matrix-org/synapse/compare/v1.85.0...v1.85.1) # Synapse 1.85.1 (2023-06-07) Note: this release only fixes a bug that stopped some deployments from upgrading to v1.85.0. There is no need to upgrade to v1.85.1 if successfully running v1.85.0. ## Bugfixes - Fix bug in schema delta that broke upgrades for some deployments. Introduced in v1.85.0. ([#&#8203;15738](https://github.com/matrix-org/synapse/issues/15738), [#&#8203;15739](https://github.com/matrix-org/synapse/issues/15739)) ### [`v1.85.0`](https://github.com/matrix-org/synapse/releases/tag/v1.85.0) [Compare Source](https://github.com/matrix-org/synapse/compare/v1.84.1...v1.85.0) # Synapse 1.85.0 (2023-06-06) No significant changes since 1.85.0rc2. #### Security advisory The following issues are fixed in 1.85.0 (and RCs). - [GHSA-26c5-ppr8-f33p](https://github.com/matrix-org/synapse/security/advisories/GHSA-26c5-ppr8-f33p) / [CVE-2023-32682](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32682) — Low Severity It may be possible for a deactivated user to login when using uncommon configurations. - [GHSA-98px-6486-j7qc](https://github.com/matrix-org/synapse/security/advisories/GHSA-98px-6486-j7qc) / [CVE-2023-32683](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32683) — Low Severity A discovered oEmbed or image URL can bypass the `url_preview_url_blacklist` setting potentially allowing server side request forgery or bypassing network policies. Impact is limited to IP addresses allowed by the `url_preview_ip_range_blacklist` setting (by default this only allows public IPs). See the advisories for more details. If you have any questions, email security@matrix.org. # Synapse 1.85.0rc2 (2023-06-01) ## Bugfixes - Fix a performance issue introduced in Synapse v1.83.0 which meant that purging rooms was very slow and database-intensive. ([#&#8203;15693](https://github.com/matrix-org/synapse/issues/15693)) ## Deprecations and Removals - Deprecate calling the `/register` endpoint with an unspecced `user` property for application services. ([#&#8203;15703](https://github.com/matrix-org/synapse/issues/15703)) ## Internal Changes - Speed up background jobs `populate_full_user_id_user_filters` and `populate_full_user_id_profiles`. ([#&#8203;15700](https://github.com/matrix-org/synapse/issues/15700)) # Synapse 1.85.0rc1 (2023-05-30) ## Features - Improve performance of backfill requests by performing backfill of previously failed requests in the background. ([#&#8203;15585](https://github.com/matrix-org/synapse/issues/15585)) - Add a new [admin API](https://matrix-org.github.io/synapse/v1.85/usage/administration/admin_api/index.html) to [create a new device for a user](https://matrix-org.github.io/synapse/v1.85/admin_api/user_admin_api.html#create-a-device). ([#&#8203;15611](https://github.com/matrix-org/synapse/issues/15611)) - Add Unix socket support for Redis connections. Contributed by Jason Little. ([#&#8203;15644](https://github.com/matrix-org/synapse/issues/15644)) ## Bugfixes - Fix a long-standing bug where setting the read marker could fail when using message retention. Contributed by Nick @&#8203; Beeper ([@&#8203;fizzadar](https://github.com/fizzadar)). ([#&#8203;15464](https://github.com/matrix-org/synapse/issues/15464)) - Fix a long-standing bug where the `url_preview_url_blacklist` configuration setting was not applied to oEmbed or image URLs found while previewing a URL. ([#&#8203;15601](https://github.com/matrix-org/synapse/issues/15601)) - Fix a long-standing bug where filters with multiple backslashes were rejected. ([#&#8203;15607](https://github.com/matrix-org/synapse/issues/15607)) - Fix a bug introduced in Synapse 1.82.0 where the error message displayed when validation of the `app_service_config_files` config option fails would be incorrectly formatted. ([#&#8203;15614](https://github.com/matrix-org/synapse/issues/15614)) - Fix a long-standing bug where deactivated users were still able to login using the custom `org.matrix.login.jwt` login type (if enabled). ([#&#8203;15624](https://github.com/matrix-org/synapse/issues/15624)) - Fix a long-standing bug where deactivated users were able to login in uncommon situations. ([#&#8203;15634](https://github.com/matrix-org/synapse/issues/15634)) ## Improved Documentation - Warn users that at least 3.75GB of space is needed for the nix Synapse development environment. ([#&#8203;15613](https://github.com/matrix-org/synapse/issues/15613)) - Remove outdated comment from the generated and sample homeserver log configs. ([#&#8203;15648](https://github.com/matrix-org/synapse/issues/15648)) - Improve contributor docs to make it more clear that Rust is a necessary prerequisite. Contributed by [@&#8203;grantm](https://github.com/grantm). ([#&#8203;15668](https://github.com/matrix-org/synapse/issues/15668)) ## Deprecations and Removals - Remove the old version of the R30 (30-day retained users) phone-home metric. ([#&#8203;10428](https://github.com/matrix-org/synapse/issues/10428)) ## Internal Changes - Create dependabot changelogs at release time. ([#&#8203;15481](https://github.com/matrix-org/synapse/issues/15481)) - Add not null constraint to column `full_user_id` of tables `profiles` and `user_filters`. ([#&#8203;15537](https://github.com/matrix-org/synapse/issues/15537)) - Allow connecting to HTTP Replication Endpoints by using `worker_name` when constructing the request. ([#&#8203;15578](https://github.com/matrix-org/synapse/issues/15578)) - Make the `thread_id` column on `event_push_actions`, `event_push_actions_staging`, and `event_push_summary` non-null. ([#&#8203;15597](https://github.com/matrix-org/synapse/issues/15597)) - Run mypy type checking with the minimum supported Python version to catch new usage that isn't backwards-compatible. ([#&#8203;15602](https://github.com/matrix-org/synapse/issues/15602)) - Fix subscriptable type usage in Python <3.9. ([#&#8203;15604](https://github.com/matrix-org/synapse/issues/15604)) - Update internal terminology. ([#&#8203;15606](https://github.com/matrix-org/synapse/issues/15606), [#&#8203;15620](https://github.com/matrix-org/synapse/issues/15620)) - Instrument `state` and `state_group` storage-related operations to better picture what's happening when tracing. ([#&#8203;15610](https://github.com/matrix-org/synapse/issues/15610), [#&#8203;15647](https://github.com/matrix-org/synapse/issues/15647)) - Trace how many new events from the backfill response we need to process. ([#&#8203;15633](https://github.com/matrix-org/synapse/issues/15633)) - Re-type config paths in `ConfigError`s to be `StrSequence`s instead of `Iterable[str]`s. ([#&#8203;15615](https://github.com/matrix-org/synapse/issues/15615)) - Update Mutual Rooms ([MSC2666](https://github.com/matrix-org/matrix-spec-proposals/pull/2666)) implementation to match new proposal text. ([#&#8203;15621](https://github.com/matrix-org/synapse/issues/15621)) - Remove the unstable identifiers from faster joins ([MSC3706](https://github.com/matrix-org/matrix-spec-proposals/pull/3706)). ([#&#8203;15625](https://github.com/matrix-org/synapse/issues/15625)) - Fix the olddeps CI. ([#&#8203;15626](https://github.com/matrix-org/synapse/issues/15626)) - Remove duplicate timestamp from test logs (`_trial_temp/test.log`). ([#&#8203;15636](https://github.com/matrix-org/synapse/issues/15636)) - Fix two memory leaks in `trial` test runs. ([#&#8203;15630](https://github.com/matrix-org/synapse/issues/15630)) - Limit the size of the `HomeServerConfig` cache in trial test runs. ([#&#8203;15646](https://github.com/matrix-org/synapse/issues/15646)) - Improve type hints. ([#&#8203;15658](https://github.com/matrix-org/synapse/issues/15658), [#&#8203;15659](https://github.com/matrix-org/synapse/issues/15659)) - Add requesting user id parameter to key claim methods in `TransportLayerClient`. ([#&#8203;15663](https://github.com/matrix-org/synapse/issues/15663)) - Speed up rebuilding of the user directory for local users. ([#&#8203;15665](https://github.com/matrix-org/synapse/issues/15665)) - Implement "option 2" for [MSC3820](https://github.com/matrix-org/matrix-spec-proposals/pull/3820): Room version 11. ([#&#8203;15666](https://github.com/matrix-org/synapse/issues/15666), [#&#8203;15678](https://github.com/matrix-org/synapse/issues/15678)) ##### Updates to locked dependencies - Bump furo from 2023.3.27 to 2023.5.20. ([#&#8203;15642](https://github.com/matrix-org/synapse/issues/15642)) - Bump log from 0.4.17 to 0.4.18. ([#&#8203;15681](https://github.com/matrix-org/synapse/issues/15681)) - Bump prometheus-client from 0.16.0 to 0.17.0. ([#&#8203;15682](https://github.com/matrix-org/synapse/issues/15682)) - Bump pydantic from 1.10.7 to 1.10.8. ([#&#8203;15685](https://github.com/matrix-org/synapse/issues/15685)) - Bump pygithub from 1.58.1 to 1.58.2. ([#&#8203;15643](https://github.com/matrix-org/synapse/issues/15643)) - Bump requests from 2.28.2 to 2.31.0. ([#&#8203;15651](https://github.com/matrix-org/synapse/issues/15651)) - Bump sphinx from 6.1.3 to 6.2.1. ([#&#8203;15641](https://github.com/matrix-org/synapse/issues/15641)) - Bump types-bleach from 6.0.0.1 to 6.0.0.3. ([#&#8203;15686](https://github.com/matrix-org/synapse/issues/15686)) - Bump types-pillow from 9.5.0.2 to 9.5.0.4. ([#&#8203;15640](https://github.com/matrix-org/synapse/issues/15640)) - Bump types-pyyaml from 6.0.12.9 to 6.0.12.10. ([#&#8203;15683](https://github.com/matrix-org/synapse/issues/15683)) - Bump types-requests from 2.30.0.0 to 2.31.0.0. ([#&#8203;15684](https://github.com/matrix-org/synapse/issues/15684)) - Bump types-setuptools from 67.7.0.2 to 67.8.0.0. ([#&#8203;15639](https://github.com/matrix-org/synapse/issues/15639)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNS4xMTAuMSIsInVwZGF0ZWRJblZlciI6IjM1LjExMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIn0=-->
renovate force-pushed renovate/matrixdotorg-synapse-1.x from 88bccb6a67 to 583cc175bd 2023-06-07 14:00:30 +01:00 Compare
renovate changed title from Update matrixdotorg/synapse Docker tag to v1.85.0 to Update matrixdotorg/synapse Docker tag to v1.85.1 2023-06-07 14:00:41 +01:00
renovate force-pushed renovate/matrixdotorg-synapse-1.x from 583cc175bd to bd44a4adc0 2023-06-08 14:00:33 +01:00 Compare
renovate changed title from Update matrixdotorg/synapse Docker tag to v1.85.1 to Update matrixdotorg/synapse Docker tag to v1.85.2 2023-06-08 14:00:41 +01:00
jake merged commit 4d3aa3d67c into master 2023-06-17 15:42:24 +01:00
jake deleted branch renovate/matrixdotorg-synapse-1.x 2023-06-17 15:42:25 +01:00
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: systems/infrastructure#32
No description provided.
Delete branch "renovate/matrixdotorg-synapse-1.x"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?