diff options
| author | Erik Johnston <erik@matrix.org> | 2021-03-26 14:44:31 +0000 |
|---|---|---|
| committer | Erik Johnston <erik@matrix.org> | 2021-03-26 14:44:31 +0000 |
| commit | 2b8650547f452f6cd6ead134878fcb77bd6bf081 (patch) | |
| tree | 12b115ebe2daf5de64b83f5010ccfa93c33fc283 /synapse | |
| parent | Merge remote-tracking branch 'origin/develop' into matrix-org-hotfixes (diff) | |
| parent | Update cahngelog (diff) | |
| download | synapse-2b8650547f452f6cd6ead134878fcb77bd6bf081.tar.xz | |
Merge tag 'v1.30.1' into matrix-org-hotfixes
Synapse 1.30.1 (2021-03-26) =========================== This release is identical to Synapse 1.30.0, with the exception of explicitly setting a minimum version of Python's Cryptography library to ensure that users of Synapse are protected from the recent [OpenSSL security advisories](https://mta.openssl.org/pipermail/openssl-announce/2021-March/000198.html), especially CVE-2021-3449. Note that Cryptography defaults to bundling its own statically linked copy of OpenSSL, which means that you may not be protected by your operating system's security updates. It's also worth noting that Cryptography no longer supports Python 3.5, so admins deploying to older environments may not be protected against this or future vulnerabilities. Synapse will be dropping support for Python 3.5 at the end of March. Updates to the Docker image --------------------------- - Ensure that the docker container has up to date versions of openssl. ([\#9697](https://github.com/matrix-org/synapse/issues/9697)) Internal Changes ---------------- - Enforce that `cryptography` dependency is up to date to ensure it has the most recent openssl patches. ([\#9697](https://github.com/matrix-org/synapse/issues/9697))
Diffstat (limited to 'synapse')
| -rw-r--r-- | synapse/__init__.py | 2 | ||||
| -rw-r--r-- | synapse/python_dependencies.py | 3 |
2 files changed, 4 insertions, 1 deletions
diff --git a/synapse/__init__.py b/synapse/__init__.py index 8e57739cd2..c9bc8fb9e9 100644 --- a/synapse/__init__.py +++ b/synapse/__init__.py @@ -48,7 +48,7 @@ try: except ImportError: pass -__version__ = "1.30.0" +__version__ = "1.30.1" if bool(os.environ.get("SYNAPSE_TEST_PATCH_LOG_CONTEXTS", False)): # We import here so that we don't have to install a bunch of deps when diff --git a/synapse/python_dependencies.py b/synapse/python_dependencies.py index 321a333820..14ddaed026 100644 --- a/synapse/python_dependencies.py +++ b/synapse/python_dependencies.py @@ -82,6 +82,9 @@ REQUIREMENTS = [ "Jinja2>=2.9", "bleach>=1.4.3", "typing-extensions>=3.7.4", + # We enforce that we have a `cryptography` version that bundles an `openssl` + # with the latest security patches. + "cryptography>=3.4.7;python_version>='3.6'", ] CONDITIONAL_REQUIREMENTS = { |