Merge tag 'v0.33.1'

Synapse 0.33.1 (2018-08-02) =========================== SECURITY FIXES -------------- - Fix a potential issue where servers could request events for rooms they have not joined. (`#3641 <https://github.com/matrix-org/synapse/issues/3641>`_) - Fix a potential issue where users could see events in private rooms before they joined. (`#3642 <https://github.com/matrix-org/synapse/issues/3642>`_)
author: Richard van der Hoff <richard@matrix.org> 2018-08-02 15:40:44 +0100
committer: Richard van der Hoff <richard@matrix.org> 2018-08-02 15:40:44 +0100
commit: 43ecfe0b1028fea5e4dda197f5631aed67182ee6 (patch)
tree: 46e83aa83aa98e2729a2b455bbb5555d35ff1888 /synapse/storage/event_federation.py
parent: Merge pull request #3594 from matrix-org/richvdh-patch-1 (diff)
parent: changelog: this is a security release (diff)
download: synapse-43ecfe0b1028fea5e4dda197f5631aed67182ee6.tar.xz
1 files changed, 1 insertions, 0 deletions
diff --git a/synapse/storage/event_federation.py b/synapse/storage/event_federation.py
index 8d366d1b91..7cd77c1c29 100644
--- a/synapse/storage/event_federation.py
+++ b/synapse/storage/event_federation.py
@@ -343,6 +343,7 @@ class EventFederationWorkerStore(EventsWorkerStore, SignatureWorkerStore,
                 table="events",
                 keyvalues={
                     "event_id": event_id,
+                    "room_id": room_id,
                 },
                 retcol="depth",
                 allow_none=True,
author	Richard van der Hoff <richard@matrix.org>	2018-08-02 15:40:44 +0100
committer	Richard van der Hoff <richard@matrix.org>	2018-08-02 15:40:44 +0100
commit	43ecfe0b1028fea5e4dda197f5631aed67182ee6 (patch)
tree	46e83aa83aa98e2729a2b455bbb5555d35ff1888 /synapse/storage/event_federation.py
parent	Merge pull request #3594 from matrix-org/richvdh-patch-1 (diff)
parent	changelog: this is a security release (diff)
download	synapse-43ecfe0b1028fea5e4dda197f5631aed67182ee6.tar.xz