diff options
author | Richard van der Hoff <1389908+richvdh@users.noreply.github.com> | 2018-07-04 07:13:38 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-07-04 07:13:38 +0100 |
commit | a4ab49137192e7994b231c6a8204baa452c9a8d6 (patch) | |
tree | 680f11091640bf6dedeb75922f2a90bafcc27d9f /CHANGES.rst | |
parent | Remove event re-signing hacks (diff) | |
parent | Reject invalid server names (#3480) (diff) | |
download | synapse-a4ab49137192e7994b231c6a8204baa452c9a8d6.tar.xz |
Merge branch 'develop' into rav/drop_re_signing_hacks
Diffstat (limited to 'CHANGES.rst')
-rw-r--r-- | CHANGES.rst | 28 |
1 files changed, 24 insertions, 4 deletions
diff --git a/CHANGES.rst b/CHANGES.rst index f2b7f04097..70fc5af4c1 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -1,15 +1,36 @@ +Changes in synapse v0.31.2 (2018-06-14) +======================================= + +SECURITY UPDATE: Prevent unauthorised users from setting state events in a room +when there is no ``m.room.power_levels`` event in force in the room. (PR #3397) + +Discussion around the Matrix Spec change proposal for this change can be +followed at https://github.com/matrix-org/matrix-doc/issues/1304. + +Changes in synapse v0.31.1 (2018-06-08) +======================================= + +v0.31.1 fixes a security bug in the ``get_missing_events`` federation API +where event visibility rules were not applied correctly. + +We are not aware of it being actively exploited but please upgrade asap. + +Bug Fixes: + +* Fix event filtering in get_missing_events handler (PR #3371) + Changes in synapse v0.31.0 (2018-06-06) ======================================= -Most notable change from v0.30.0 is to switch to python prometheus library to improve system -stats reporting. WARNING this changes a number of prometheus metrics in a +Most notable change from v0.30.0 is to switch to the python prometheus library to improve system +stats reporting. WARNING: this changes a number of prometheus metrics in a backwards-incompatible manner. For more details, see `docs/metrics-howto.rst <docs/metrics-howto.rst#removal-of-deprecated-metrics--time-based-counters-becoming-histograms-in-0310>`_. Bug Fixes: * Fix metric documentation tables (PR #3341) -* Fix LaterGuage error handling (694968f) +* Fix LaterGauge error handling (694968f) * Fix replication metrics (b7e7fd2) Changes in synapse v0.31.0-rc1 (2018-06-04) @@ -29,7 +50,6 @@ Changes: * Remove users from user directory on deactivate (PR #3277) * Avoid sending consent notice to guest users (PR #3288) * disable CPUMetrics if no /proc/self/stat (PR #3299) -* Add local and loopback IPv6 addresses to url_preview_ip_range_blacklist (PR #3312) Thanks to @thegcat! * Consistently use six's iteritems and wrap lazy keys/values in list() if they're not meant to be lazy (PR #3307) * Add private IPv6 addresses to example config for url preview blacklist (PR #3317) Thanks to @thegcat! * Reduce stuck read-receipts: ignore depth when updating (PR #3318) |