summary refs log tree commit diff
diff options
context:
space:
mode:
authorRichard van der Hoff <richard@matrix.org>2020-02-10 10:15:32 +0000
committerRichard van der Hoff <richard@matrix.org>2020-02-10 10:15:32 +0000
commitdb0fee738dde328c52810613f77126f25b472063 (patch)
tree6c92a9e74c77bcd24d513ab4d1b3d46ca58acc29
parentMerge remote-tracking branch 'origin/release-v1.10.0' into develop (diff)
parent1.10.0rc3 (diff)
downloadsynapse-db0fee738dde328c52810613f77126f25b472063.tar.xz
Merge tag 'v1.10.0rc3' into develop
Synapse 1.10.0rc3 (2020-02-10)
==============================

Features
--------

- Filter out m.room.aliases from the CS API to mitigate abuse while a better solution is specced. ([\#6878](https://github.com/matrix-org/synapse/issues/6878))

Internal Changes
----------------

- Fix continuous integration failures with old versions of `pip`, which were introduced by a release of the `zipp` library. ([\#6880](https://github.com/matrix-org/synapse/issues/6880))
Diffstat
-rw-r--r--CHANGES.md15
-rw-r--r--changelog.d/6880.misc1
-rw-r--r--synapse/__init__.py2
-rw-r--r--synapse/visibility.py7
4 files changed, 23 insertions, 2 deletions
diff --git a/CHANGES.md b/CHANGES.md

index c2aa735908..4a81a04627 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -1,3 +1,18 @@
+Synapse 1.10.0rc3 (2020-02-10)
+==============================
+
+Features
+--------
+
+- Filter out m.room.aliases from the CS API to mitigate abuse while a better solution is specced. ([\#6878](https://github.com/matrix-org/synapse/issues/6878))
+
+
+Internal Changes
+----------------
+
+- Fix continuous integration failures with old versions of `pip`, which were introduced by a release of the `zipp` library. ([\#6880](https://github.com/matrix-org/synapse/issues/6880))
+
+
 Synapse 1.10.0rc2 (2020-02-06)
 ==============================
 
diff --git a/changelog.d/6880.misc b/changelog.d/6880.misc
deleted file mode 100644

index 8344a6ed1e..0000000000
--- a/changelog.d/6880.misc
+++ /dev/null
@@ -1 +0,0 @@
-Fix continuous integration failures with old versions of `pip`, which were introduced by a release of the `zipp` library.
diff --git a/synapse/__init__.py b/synapse/__init__.py

index 4f1859bd57..36c0cf557a 100644
--- a/synapse/__init__.py
+++ b/synapse/__init__.py
@@ -36,7 +36,7 @@ try:
 except ImportError:
     pass
 
-__version__ = "1.10.0rc2"
+__version__ = "1.10.0rc3"
 
 if bool(os.environ.get("SYNAPSE_TEST_PATCH_LOG_CONTEXTS", False)):
     # We import here so that we don't have to install a bunch of deps when
diff --git a/synapse/visibility.py b/synapse/visibility.py

index 100dc47a8a..d0abd8f04f 100644
--- a/synapse/visibility.py
+++ b/synapse/visibility.py
@@ -122,6 +122,13 @@ def filter_events_for_client(
         if not event.is_state() and event.sender in ignore_list:
             return None
 
+        # Until MSC2261 has landed we can't redact malicious alias events, so for
+        # now we temporarily filter out m.room.aliases entirely to mitigate
+        # abuse, while we spec a better solution to advertising aliases
+        # on rooms.
+        if event.type == EventTypes.Aliases:
+            return None
+
         # Don't try to apply the room's retention policy if the event is a state event, as
         # MSC1763 states that retention is only considered for non-state events.
         if apply_retention_policies and not event.is_state():
generated by cgit-magenta 1.5.1 (git 2.48.1) at 2025-03-14 09:00:10 +0000