diff options
author | Patrick Cloke <patrickc@matrix.org> | 2020-07-02 11:25:56 -0400 |
---|---|---|
committer | Patrick Cloke <patrickc@matrix.org> | 2020-07-02 11:25:56 -0400 |
commit | f3e0f162401cb3644c32abe4df7b173dcb681845 (patch) | |
tree | ffabee4a72e1f67a1c06c2cadce5c8f4acef6869 | |
parent | Merge branch 'master' into develop (diff) | |
parent | Fix a typo. (diff) | |
download | synapse-f3e0f162401cb3644c32abe4df7b173dcb681845.tar.xz |
Merge tag 'v1.16.0rc2' into develop
Synapse 1.16.0rc2 (2020-07-02) ============================== Synapse 1.16.0rc2 includes the security fixes released with Synapse 1.15.2. Please see [below](https://github.com/matrix-org/synapse/blob/master/CHANGES.md#synapse-1152-2020-07-02) for more details. Improved Documentation ---------------------- - Update postgres image in example `docker-compose.yaml` to tag `12-alpine`. ([\#7696](https://github.com/matrix-org/synapse/issues/7696)) Internal Changes ---------------- - Add some metrics for inbound and outbound federation latencies: `synapse_federation_server_pdu_process_time` and `synapse_event_processing_lag_by_event`. ([\#7771](https://github.com/matrix-org/synapse/issues/7771))
-rw-r--r-- | CHANGES.md | 58 | ||||
-rw-r--r-- | changelog.d/7696.doc | 1 | ||||
-rw-r--r-- | synapse/__init__.py | 2 | ||||
-rw-r--r-- | synapse/federation/sender/__init__.py | 2 | ||||
-rw-r--r-- | synapse/handlers/appservice.py | 2 |
5 files changed, 41 insertions, 24 deletions
diff --git a/CHANGES.md b/CHANGES.md index 2c21169bca..ff924604cb 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -1,3 +1,41 @@ +Synapse 1.16.0rc2 (2020-07-02) +============================== + +Synapse 1.16.0rc2 includes the security fixes released with Synapse 1.15.2. +Please see [below](#synapse-1152-2020-07-02) for more details. + +Improved Documentation +---------------------- + +- Update postgres image in example `docker-compose.yaml` to tag `12-alpine`. ([\#7696](https://github.com/matrix-org/synapse/issues/7696)) + + +Internal Changes +---------------- + +- Add some metrics for inbound and outbound federation latencies: `synapse_federation_server_pdu_process_time` and `synapse_event_processing_lag_by_event`. ([\#7771](https://github.com/matrix-org/synapse/issues/7771)) + + +Synapse 1.15.2 (2020-07-02) +=========================== + +Due to the two security issues highlighted below, server administrators are +encouraged to update Synapse. We are not aware of these vulnerabilities being +exploited in the wild. + +Security advisory +----------------- + +* A malicious homeserver could force Synapse to reset the state in a room to a + small subset of the correct state. This affects all Synapse deployments which + federate with untrusted servers. ([96e9afe6](https://github.com/matrix-org/synapse/commit/96e9afe62500310977dc3cbc99a8d16d3d2fa15c)) +* HTML pages served via Synapse were vulnerable to clickjacking attacks. This + predominantly affects homeservers with single-sign-on enabled, but all server + administrators are encouraged to upgrade. ([ea26e9a9](https://github.com/matrix-org/synapse/commit/ea26e9a98b0541fc886a1cb826a38352b7599dbe)) + + This was reported by [Quentin Gliech](https://sandhose.fr/). + + Synapse 1.16.0rc1 (2020-07-01) ============================== @@ -72,26 +110,6 @@ Internal Changes - Add some metrics for inbound and outbound federation latencies: `synapse_federation_server_pdu_process_time` and `synapse_event_processing_lag_by_event`. ([\#7755](https://github.com/matrix-org/synapse/issues/7755)) -Synapse 1.15.2 (2020-07-02) -=========================== - -Due to the two security issues highlighted below, server administrators are -encouraged to update Synapse. We are not aware of these vulnerabilities being -exploited in the wild. - -Security advisory ------------------ - -* A malicious homeserver could force Synapse to reset the state in a room to a - small subset of the correct state. This affects all Synapse deployments which - federate with untrusted servers. ([96e9afe6](https://github.com/matrix-org/synapse/commit/96e9afe62500310977dc3cbc99a8d16d3d2fa15c)) -* HTML pages served via Synapse were vulnerable to clickjacking attacks. This - predominantly affects homeservers with single-sign-on enabled, but all server - administrators are encouraged to upgrade. ([ea26e9a9](https://github.com/matrix-org/synapse/commit/ea26e9a98b0541fc886a1cb826a38352b7599dbe)) - - This was reported by [Quentin Gliech](https://sandhose.fr/). - - Synapse 1.15.1 (2020-06-16) =========================== diff --git a/changelog.d/7696.doc b/changelog.d/7696.doc deleted file mode 100644 index d448bedc0b..0000000000 --- a/changelog.d/7696.doc +++ /dev/null @@ -1 +0,0 @@ -Update postgres image in example `docker-compose.yaml` to tag `12-alpine`. diff --git a/synapse/__init__.py b/synapse/__init__.py index f5cd8271a6..0ffbcae502 100644 --- a/synapse/__init__.py +++ b/synapse/__init__.py @@ -36,7 +36,7 @@ try: except ImportError: pass -__version__ = "1.16.0rc1" +__version__ = "1.16.0rc2" if bool(os.environ.get("SYNAPSE_TEST_PATCH_LOG_CONTEXTS", False)): # We import here so that we don't have to install a bunch of deps when diff --git a/synapse/federation/sender/__init__.py b/synapse/federation/sender/__init__.py index 23fb515683..464d7a41de 100644 --- a/synapse/federation/sender/__init__.py +++ b/synapse/federation/sender/__init__.py @@ -209,7 +209,7 @@ class FederationSender(object): synapse.metrics.event_processing_lag_by_event.labels( "federation_sender" - ).observe(now - ts) + ).observe((now - ts) / 1000) async def handle_room_events(events: Iterable[EventBase]) -> None: with Measure(self.clock, "handle_room_events"): diff --git a/synapse/handlers/appservice.py b/synapse/handlers/appservice.py index f7d9fd621e..904c96eeec 100644 --- a/synapse/handlers/appservice.py +++ b/synapse/handlers/appservice.py @@ -118,7 +118,7 @@ class ApplicationServicesHandler(object): ts = yield self.store.get_received_ts(event.event_id) synapse.metrics.event_processing_lag_by_event.labels( "appservice_sender" - ).observe(now - ts) + ).observe((now - ts) / 1000) @defer.inlineCallbacks def handle_room_events(events): |