diff --git a/CHANGES.md b/CHANGES.md
index 15d7d0aeea..52b2fd6f8f 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -1,6 +1,10 @@
Synapse 1.23.0 (2020-11-18)
===========================
+This release changes the way structured logging is configured. See the [upgrade notes](UPGRADE.rst#upgrading-to-v1230) for details.
+
+**Note**: We are aware of a trivially exploitable denial of service vulnerability in versions of Synapse prior to 1.20.0. Complete details will be disclosed on Monday, November 23rd. If you have not upgraded recently, please do so.
+
Bugfixes
--------
@@ -61,7 +65,7 @@ Internal Changes
----------------
- Optimise `/createRoom` with multiple invited users. ([\#8559](https://github.com/matrix-org/synapse/issues/8559))
-- Implement and use an @lru_cache decorator. ([\#8595](https://github.com/matrix-org/synapse/issues/8595))
+- Implement and use an `@lru_cache` decorator. ([\#8595](https://github.com/matrix-org/synapse/issues/8595))
- Don't instansiate Requester directly. ([\#8614](https://github.com/matrix-org/synapse/issues/8614))
- Type hints for `RegistrationStore`. ([\#8615](https://github.com/matrix-org/synapse/issues/8615))
- Change schema to support access tokens belonging to one user but granting access to another. ([\#8616](https://github.com/matrix-org/synapse/issues/8616))
diff --git a/UPGRADE.rst b/UPGRADE.rst
index 960c2aeb2b..7c19cf2a70 100644
--- a/UPGRADE.rst
+++ b/UPGRADE.rst
@@ -87,7 +87,7 @@ then it should be modified based on the `structured logging documentation
<https://github.com/matrix-org/synapse/blob/master/docs/structured_logging.md>`_.
The ``structured`` and ``drains`` logging options are now deprecated and should
-be replaced by standard logging configuration of ``handlers`` and ``formatters`.
+be replaced by standard logging configuration of ``handlers`` and ``formatters``.
A future will release of Synapse will make using ``structured: true`` an error.
diff --git a/changelog.d/8731.misc b/changelog.d/8731.misc
new file mode 100644
index 0000000000..df5882e960
--- /dev/null
+++ b/changelog.d/8731.misc
@@ -0,0 +1 @@
+Add an example and documentation for clock skew to the SAML2 sample configuration to allow for clock/time difference between the homserver and IdP. Contributed by @localguru.
diff --git a/changelog.d/8777.misc b/changelog.d/8777.misc
new file mode 100644
index 0000000000..e6da7d038d
--- /dev/null
+++ b/changelog.d/8777.misc
@@ -0,0 +1 @@
+ Refactor test utilities for injecting HTTP requests.
diff --git a/docs/sample_config.yaml b/docs/sample_config.yaml
index 7d318638ac..853e551980 100644
--- a/docs/sample_config.yaml
+++ b/docs/sample_config.yaml
@@ -1724,6 +1724,12 @@ saml2_config:
# remote:
# - url: https://our_idp/metadata.xml
+ # Allowed clock difference in seconds between the homeserver and IdP.
+ #
+ # Uncomment the below to increase the accepted time difference from 0 to 3 seconds.
+ #
+ #accepted_time_diff: 3
+
# By default, the user has to go to our login page first. If you'd like
# to allow IdP-initiated login, set 'allow_unsolicited: true' in a
# 'service.sp' section:
diff --git a/synapse/config/saml2_config.py b/synapse/config/saml2_config.py
index 2ff7dfb311..f233854941 100644
--- a/synapse/config/saml2_config.py
+++ b/synapse/config/saml2_config.py
@@ -256,6 +256,12 @@ class SAML2Config(Config):
# remote:
# - url: https://our_idp/metadata.xml
+ # Allowed clock difference in seconds between the homeserver and IdP.
+ #
+ # Uncomment the below to increase the accepted time difference from 0 to 3 seconds.
+ #
+ #accepted_time_diff: 3
+
# By default, the user has to go to our login page first. If you'd like
# to allow IdP-initiated login, set 'allow_unsolicited: true' in a
# 'service.sp' section:
|
