Merge tag 'v0.31.1'

Changes in synapse v0.31.1 (2018-06-08) ======================================= v0.31.1 fixes a security bug in the ``get_missing_events`` federation API where event visibility rules were not applied correctly. We are not aware of it being actively exploited but please upgrade asap. Bug Fixes: * Fix event filtering in get_missing_events handler (PR #3371)
author: Neil Johnson <neil@matrix.org> 2018-06-08 15:46:18 +0100
committer: Neil Johnson <neil@matrix.org> 2018-06-08 15:46:18 +0100
commit: 1032393dfb0c865fc540539dfe649e7b1a32037a (patch)
tree: c80da0170f841f1d05a781d73ada9e16ecbbb1be /synapse/handlers
parent: Merge tag 'v0.31.0' (diff)
parent: tweak changelog (diff)
download: synapse-1032393dfb0c865fc540539dfe649e7b1a32037a.tar.xz
1 files changed, 4 insertions, 0 deletions
diff --git a/synapse/handlers/federation.py b/synapse/handlers/federation.py
index fcf94befb7..495ac4c648 100644
--- a/synapse/handlers/federation.py
+++ b/synapse/handlers/federation.py
@@ -1794,6 +1794,10 @@ class FederationHandler(BaseHandler):
             min_depth=min_depth,
         )
 
+        missing_events = yield self._filter_events_for_server(
+            origin, room_id, missing_events,
+        )
+
         defer.returnValue(missing_events)
 
     @defer.inlineCallbacks
author	Neil Johnson <neil@matrix.org>	2018-06-08 15:46:18 +0100
committer	Neil Johnson <neil@matrix.org>	2018-06-08 15:46:18 +0100
commit	1032393dfb0c865fc540539dfe649e7b1a32037a (patch)
tree	c80da0170f841f1d05a781d73ada9e16ecbbb1be /synapse/handlers
parent	Merge tag 'v0.31.0' (diff)
parent	tweak changelog (diff)
download	synapse-1032393dfb0c865fc540539dfe649e7b1a32037a.tar.xz