diff options
author | Richard van der Hoff <richard@matrix.org> | 2020-02-10 10:15:32 +0000 |
---|---|---|
committer | Richard van der Hoff <richard@matrix.org> | 2020-02-10 10:15:32 +0000 |
commit | db0fee738dde328c52810613f77126f25b472063 (patch) | |
tree | 6c92a9e74c77bcd24d513ab4d1b3d46ca58acc29 /synapse/visibility.py | |
parent | Merge remote-tracking branch 'origin/release-v1.10.0' into develop (diff) | |
parent | 1.10.0rc3 (diff) | |
download | synapse-db0fee738dde328c52810613f77126f25b472063.tar.xz |
Merge tag 'v1.10.0rc3' into develop
Synapse 1.10.0rc3 (2020-02-10) ============================== Features -------- - Filter out m.room.aliases from the CS API to mitigate abuse while a better solution is specced. ([\#6878](https://github.com/matrix-org/synapse/issues/6878)) Internal Changes ---------------- - Fix continuous integration failures with old versions of `pip`, which were introduced by a release of the `zipp` library. ([\#6880](https://github.com/matrix-org/synapse/issues/6880))
Diffstat (limited to 'synapse/visibility.py')
-rw-r--r-- | synapse/visibility.py | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/synapse/visibility.py b/synapse/visibility.py index 100dc47a8a..d0abd8f04f 100644 --- a/synapse/visibility.py +++ b/synapse/visibility.py @@ -122,6 +122,13 @@ def filter_events_for_client( if not event.is_state() and event.sender in ignore_list: return None + # Until MSC2261 has landed we can't redact malicious alias events, so for + # now we temporarily filter out m.room.aliases entirely to mitigate + # abuse, while we spec a better solution to advertising aliases + # on rooms. + if event.type == EventTypes.Aliases: + return None + # Don't try to apply the room's retention policy if the event is a state event, as # MSC1763 states that retention is only considered for non-state events. if apply_retention_policies and not event.is_state(): |