Merge tag 'v1.15.2'

Synapse 1.15.2 (2020-07-02) =========================== Due to the two security issues highlighted below, server administrators are encouraged to update Synapse. We are not aware of these vulnerabilities being exploited in the wild. Security advisory ----------------- * A malicious homeserver could force Synapse to reset the state in a room to a small subset of the correct state. This affects all Synapse deployments which federate with untrusted servers. ([96e9afe6](https://github.com/matrix-org/synapse/commit/96e9afe62500310977dc3cbc99a8d16d3d2fa15c)) * HTML pages served via Synapse were vulnerable to clickjacking attacks. This predominantly affects homeservers with single-sign-on enabled, but all server administrators are encouraged to upgrade. ([ea26e9a9](https://github.com/matrix-org/synapse/commit/ea26e9a98b0541fc886a1cb826a38352b7599dbe)) This was reported by [Quentin Gliech](https://sandhose.fr/).
author: Patrick Cloke <patrickc@matrix.org> 2020-07-02 10:54:29 -0400
committer: Patrick Cloke <patrickc@matrix.org> 2020-07-02 10:54:29 -0400
commit: fedb632d0a22e4bad179a9b48be28a3a552315c9 (patch)
tree: 9f05e09e55851f8e272a5e1f722472f5aef04050 /synapse/handlers/federation.py
parent: Update postgres in the Docker compose example to 12-alpine. (#7696) (diff)
parent: Remove an extraneous space. (diff)
download: synapse-fedb632d0a22e4bad179a9b48be28a3a552315c9.tar.xz
1 files changed, 3 insertions, 3 deletions
diff --git a/synapse/handlers/federation.py b/synapse/handlers/federation.py
index 3e60774b33..d0b62f4cf2 100644
--- a/synapse/handlers/federation.py
+++ b/synapse/handlers/federation.py
@@ -238,7 +238,7 @@ class FederationHandler(BaseHandler):
             logger.debug("[%s %s] min_depth: %d", room_id, event_id, min_depth)
 
             prevs = set(pdu.prev_event_ids())
-            seen = await self.store.have_seen_events(prevs)
+            seen = await self.store.have_events_in_timeline(prevs)
 
             if min_depth is not None and pdu.depth < min_depth:
                 # This is so that we don't notify the user about this
@@ -278,7 +278,7 @@ class FederationHandler(BaseHandler):
 
                         # Update the set of things we've seen after trying to
                         # fetch the missing stuff
-                        seen = await self.store.have_seen_events(prevs)
+                        seen = await self.store.have_events_in_timeline(prevs)
 
                         if not prevs - seen:
                             logger.info(
@@ -423,7 +423,7 @@ class FederationHandler(BaseHandler):
         room_id = pdu.room_id
         event_id = pdu.event_id
 
-        seen = await self.store.have_seen_events(prevs)
+        seen = await self.store.have_events_in_timeline(prevs)
 
         if not prevs - seen:
             return
author	Patrick Cloke <patrickc@matrix.org>	2020-07-02 10:54:29 -0400
committer	Patrick Cloke <patrickc@matrix.org>	2020-07-02 10:54:29 -0400
commit	fedb632d0a22e4bad179a9b48be28a3a552315c9 (patch)
tree	9f05e09e55851f8e272a5e1f722472f5aef04050 /synapse/handlers/federation.py
parent	Update postgres in the Docker compose example to 12-alpine. (#7696) (diff)
parent	Remove an extraneous space. (diff)
download	synapse-fedb632d0a22e4bad179a9b48be28a3a552315c9.tar.xz