Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Merge tag 'v1.23.1' | Erik Johnston | 2020-12-09 | 1 | -0/+6 |
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Synapse 1.23.1 (2020-12-09) =========================== Due to the two security issues highlighted below, server administrators are encouraged to update Synapse. We are not aware of these vulnerabilities being exploited in the wild. Security advisory ----------------- The following issues are fixed in v1.23.1 and v1.24.0. - There is a denial of service attack ([CVE-2020-26257](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26257)) against the federation APIs in which future events will not be correctly sent to other servers over federation. This affects all servers that participate in open federation. (Fixed in [#8776](https://github.com/matrix-org/synapse/pull/8776)). - Synapse may be affected by OpenSSL [CVE-2020-1971](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1971). Synapse administrators should ensure that they have the latest versions of the cryptography Python package installed. To upgrade Synapse along with the cryptography package: * Administrators using the [`matrix.org` Docker image](https://hub.docker.com/r/matrixdotorg/synapse/) or the [Debian/Ubuntu packages from `matrix.org`](https://github.com/matrix-org/synapse/blob/master/INSTALL.md#matrixorg-packages) should ensure that they have version 1.24.0 or 1.23.1 installed: these images include the updated packages. * Administrators who have [installed Synapse from source](https://github.com/matrix-org/synapse/blob/master/INSTALL.md#installing-from-source) should upgrade the cryptography package within their virtualenv by running: ```sh <path_to_virtualenv>/bin/pip install 'cryptography>=3.3' ``` * Administrators who have installed Synapse from distribution packages should consult the information from their distributions. Bugfixes -------- - Fix a bug in some federation APIs which could lead to unexpected behaviour if different parameters were set in the URI and the request body. ([\#8776](https://github.com/matrix-org/synapse/issues/8776)) Internal Changes ---------------- - Add a maximum version for pysaml2 on Python 3.5. ([\#8898](https://github.com/matrix-org/synapse/issues/8898)) | ||||
| * | 1.23.1 v1.23.1 github/release-v1.23.1 release-v1.23.1 | Erik Johnston | 2020-12-09 | 1 | -0/+6 |
| | | |||||
* | | 1.24.0 v1.24.0 | Erik Johnston | 2020-12-09 | 1 | -0/+6 |
|/ | |||||
* | 1.23.0 | Erik Johnston | 2020-11-18 | 1 | -0/+6 |
| | |||||
* | 1.22.1 | Erik Johnston | 2020-10-30 | 1 | -0/+6 |
| | |||||
* | 1.22.0 v1.22.0 github/release-v1.22.0 release-v1.22.0 | Erik Johnston | 2020-10-27 | 1 | -0/+6 |
| | |||||
* | 1.21.2 | Patrick Cloke | 2020-10-15 | 1 | -0/+7 |
| | |||||
* | 1.21.1 v1.21.1 github/release-v1.21.1 release-v1.21.1 | Andrew Morgan | 2020-10-13 | 1 | -2/+6 |
| | |||||
* | Explicitly install test dependencies when building deb packages (#8523) | Andrew Morgan | 2020-10-12 | 2 | -1/+7 |
| | | | | | After https://github.com/matrix-org/synapse/pull/8377, the deb packages no longer indirectly installed the `"test"` dependencies, causing debian packages to fail to build while carrying out the unit tests. This PR installs `test` dependencies explicitly when building debian packages. | ||||
* | 1.21.0 | Andrew Morgan | 2020-10-12 | 1 | -0/+6 |
| | |||||
* | 1.20.1 | Andrew Morgan | 2020-09-24 | 1 | -0/+6 |
| | |||||
* | 1.20.0 | Andrew Morgan | 2020-09-22 | 1 | -2/+6 |
| | |||||
* | Merge tag 'v1.19.3' into release-v1.20.0 | Patrick Cloke | 2020-09-18 | 1 | -0/+6 |
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | 1.19.3 Synapse 1.19.3 (2020-09-18) =========================== Bugfixes -------- - Partially mitigate bug where newly joined servers couldn't get past events in a room when there is a malformed event. ([\#8350](https://github.com/matrix-org/synapse/issues/8350)) | ||||
| * | 1.19.3 v1.19.3 github/release-v1.19.3 release-v1.19.3 | Andrew Morgan | 2020-09-18 | 1 | -0/+6 |
| | | |||||
* | | Merge remote-tracking branch 'origin/master' into release-v1.20.0 | Patrick Cloke | 2020-09-16 | 1 | -1/+7 |
|\| | |||||
| * | 1.19.2 v1.19.2 github/release-v1.19.2 release-v1.19.2 | Erik Johnston | 2020-09-16 | 1 | -0/+6 |
| | | |||||
* | | Merge branch 'master' into develop | Brendan Abolivier | 2020-08-27 | 1 | -0/+6 |
|\| | |||||
| * | 1.19.1 v1.19.1 github/release-v1.19.1 release-v1.19.1 | Brendan Abolivier | 2020-08-27 | 1 | -0/+6 |
| | | |||||
* | | Update debian systemd service to use Type=notify (#8169) | Dexter Chua | 2020-08-27 | 2 | -1/+7 |
|/ | | | | | | | | This ensures systemctl start matrix-synapse returns only after synapse is actually started, which is very useful for automated deployments. Fixes #5761 Signed-off-by: Dexter Chua <dec41@srcf.net> | ||||
* | 1.19.0 | Olivier Wilkinson (reivilibre) | 2020-08-17 | 1 | -3/+3 |
| | |||||
* | Merge branch 'master' into develop | Olivier Wilkinson (reivilibre) | 2020-07-30 | 1 | -0/+6 |
|\ | |||||
| * | 1.18.0 | Olivier Wilkinson (reivilibre) | 2020-07-30 | 1 | -0/+6 |
| | | |||||
* | | Various improvements to the docs (#7899) | Aaron Raimist | 2020-07-29 | 3 | -14/+25 |
|/ | |||||
* | 1.17.0 v1.17.0 github/release-v1.17.0 release-v1.17.0 | Richard van der Hoff | 2020-07-13 | 1 | -0/+6 |
| | |||||
* | Merge branch 'master' into release-v1.17.0 | Richard van der Hoff | 2020-07-10 | 1 | -0/+6 |
|\ | |||||
| * | 1.16.1 | Richard van der Hoff | 2020-07-10 | 1 | -0/+6 |
| | | |||||
* | | 1.17.0rc1 v1.17.0rc1 | Richard van der Hoff | 2020-07-09 | 1 | -0/+6 |
|/ | |||||
* | 1.16.0 | Richard van der Hoff | 2020-07-08 | 1 | -0/+6 |
| | |||||
* | 1.15.2 | Patrick Cloke | 2020-07-02 | 1 | -0/+6 |
| | |||||
* | 1.15.1 | Brendan Abolivier | 2020-06-16 | 1 | -0/+6 |
| | |||||
* | 1.15.0 v1.15.0 github/release-v1.15.0 release-v1.15.0 | Brendan Abolivier | 2020-06-11 | 1 | -0/+6 |
| | |||||
* | Update debian changelog v1.14.0 | Brendan Abolivier | 2020-05-28 | 1 | -0/+6 |
| | |||||
* | Remove the changes to the debian changelog v1.14.0rc1 | Brendan Abolivier | 2020-05-26 | 1 | -6/+0 |
| | | | | Since this is not a full release yet | ||||
* | 1.14.0 | Brendan Abolivier | 2020-05-26 | 1 | -0/+6 |
| | |||||
* | 1.13.0 | Patrick Cloke | 2020-05-19 | 1 | -2/+6 |
| | |||||
* | update dh-virtualenv (#7526) | Richard van der Hoff | 2020-05-19 | 2 | -4/+1 |
| | |||||
* | Merge branch 'master' into develop | Patrick Cloke | 2020-04-23 | 1 | -0/+8 |
|\ | |||||
| * | 1.12.4 v1.12.4 github/release-v1.12.4 release-v1.12.4 | Patrick Cloke | 2020-04-23 | 1 | -0/+6 |
| | | |||||
* | | Add information about .well-known to Debian installation. (#7227) | Patrick Cloke | 2020-04-06 | 3 | -7/+18 |
|/ | |||||
* | 1.12.3 | Richard van der Hoff | 2020-04-03 | 1 | -2/+6 |
| | |||||
* | Fix the debian build in a better way. (#7212) | Richard van der Hoff | 2020-04-03 | 2 | -6/+34 |
| | |||||
* | 1.12.2 | Andrew Morgan | 2020-04-02 | 1 | -0/+6 |
| | |||||
* | 1.12.1 | Andrew Morgan | 2020-04-02 | 1 | -0/+6 |
| | |||||
* | 1.12.0 | Richard van der Hoff | 2020-03-23 | 1 | -0/+6 |
| | |||||
* | Update debian changelog v1.11.1 github/release-v1.11.1 release-v1.11.1 | Brendan Abolivier | 2020-03-03 | 1 | -0/+6 |
| | |||||
* | 1.11.0 v1.11.0 github/release-v1.11.0 release-v1.11.0 | Richard van der Hoff | 2020-02-21 | 1 | -0/+6 |
| | |||||
* | 1.10.1 v1.10.1 github/release-v1.10.1 release-v1.10.1 | Richard van der Hoff | 2020-02-17 | 1 | -0/+6 |
| | |||||
* | 1.10.0 | Brendan Abolivier | 2020-02-12 | 1 | -0/+6 |
| | |||||
* | 1.9.1 v1.9.1 github/release-v1.9.1 release-v1.9.1 | Erik Johnston | 2020-01-28 | 1 | -0/+6 |
| | |||||
* | 1.9.0 | Brendan Abolivier | 2020-01-23 | 1 | -0/+6 |
| | |||||
* | 1.8.0 | Erik Johnston | 2020-01-09 | 1 | -2/+6 |
| | |||||
* | Automate generation of the sample and debian log configs (#6627) | Richard van der Hoff | 2020-01-03 | 4 | -37/+9 |
| | |||||
* | 1.7.3 v1.7.3 github/release-v1.7.3 release-v1.7.3 | Richard van der Hoff | 2019-12-31 | 1 | -0/+6 |
| | |||||
* | 1.7.2 v1.7.2 github/release-v1.7.2 release-v1.7.2 | Richard van der Hoff | 2019-12-20 | 1 | -0/+6 |
| | |||||
* | 1.7.1 | Richard van der Hoff | 2019-12-18 | 1 | -0/+6 |
| | |||||
* | 1.7.0 | Erik Johnston | 2019-12-13 | 1 | -0/+6 |
| | |||||
* | 1.6.1 v1.6.1 github/release-v1.6.1 release-v1.6.1 | Andrew Morgan | 2019-11-28 | 1 | -0/+6 |
| | |||||
* | 1.6.0 v1.6.0 github/release-v1.6.0 release-v1.6.0 | Andrew Morgan | 2019-11-26 | 1 | -0/+6 |
| | |||||
* | 1.5.1 v1.5.1 | Richard van der Hoff | 2019-11-06 | 1 | -0/+6 |
| | |||||
* | 1.5.0 v1.5.0 github/release-v1.5.0 release-v1.5.0 | Richard van der Hoff | 2019-10-29 | 1 | -0/+6 |
| | |||||
* | 1.4.1 | Brendan Abolivier | 2019-10-18 | 1 | -0/+6 |
| | |||||
* | 1.4.0 v1.4.0 github/release-v1.4.0 release-v1.4.0 | Andrew Morgan | 2019-10-03 | 1 | -0/+6 |
| | |||||
* | 1.3.1 v1.3.1 github/release-v1.3.1 release-v1.3.1 | Richard van der Hoff | 2019-08-17 | 1 | -2/+12 |
| | |||||
* | 1.3.0 v1.3.0 github/release-v1.3.0 release-v1.3.0 | Brendan Abolivier | 2019-08-15 | 1 | -2/+3 |
| | |||||
* | Remove libsqlite3-dev from required build dependencies. (#5766) | Andrew Morgan | 2019-08-15 | 2 | -5/+3 |
| | |||||
* | 1.2.1 | Richard van der Hoff | 2019-07-26 | 1 | -0/+6 |
| | |||||
* | 1.2.0 v1.2.0 github/release-v1.2.0 release-v1.2.0 | Andrew Morgan | 2019-07-25 | 1 | -2/+5 |
| | |||||
* | Improve `Depends` specs in debian package. (#5675) | Richard van der Hoff | 2019-07-17 | 3 | -0/+24 |
| | | | | | | | | | | | | | | | | | | | This is basically a contrived way of adding a `Recommends` on `libpq5`, to fix #5653. The way this is supposed to happen in debhelper is to run `dh_shlibdeps`, which in turn runs `dpkg-shlibdeps`, which spits things out into `debian/<package>.substvars` whence they can later be included by `control`. Previously, we had disabled `dh_shlibdeps`, mostly because `dpkg-shlibdeps` gets confused about PIL's interdependent objects, but that's not really the right thing to do and there is another way to work around that. Since we don't always use postgres, we don't necessarily want a hard Depends on libpq5, so I've actually ended up adding an explicit invocation of `dpkg-shlibdeps` for `psycopg2`. I've also updated the build-depends list for the package, which was missing a couple of entries. | ||||
* | Merge branch 'master' of github.com:matrix-org/synapse into develop | Erik Johnston | 2019-07-04 | 1 | -4/+11 |
|\ | |||||
| * | 1.1.0 | Erik Johnston | 2019-07-04 | 1 | -2/+5 |
| | | |||||
* | | Move logging utilities out of the side drawer of util/ and into logging/ (#5606) | Amber Brown | 2019-07-04 | 2 | -1/+4 |
|/ | |||||
* | Include systemd-python in Debian package to allow logging to journal (#5261) | Silke Hofstra | 2019-06-27 | 2 | -1/+8 |
| | | | Signed-off-by: Silke Hofstra <silke@slxh.eu> | ||||
* | 1.0.0 v1.0.0 | Erik Johnston | 2019-06-11 | 1 | -0/+6 |
| | |||||
* | 0.99.5.2 v0.99.5.2 github/release-v0.99.5 release-v0.99.5 | Erik Johnston | 2019-05-30 | 1 | -0/+6 |
| | |||||
* | 0.99.5.1 v0.99.5.1 | Neil Johnson | 2019-05-22 | 1 | -2/+4 |
| | |||||
* | Revert "0.99.5" | Neil Johnson | 2019-05-22 | 1 | -4/+2 |
| | | | | This reverts commit c31e375ade1b59a7fe38628337e9e1aa3de91feb. | ||||
* | 0.99.5 | Neil Johnson | 2019-05-22 | 1 | -2/+4 |
| | |||||
* | 0.99.5 v0.99.5 | Neil Johnson | 2019-05-22 | 1 | -0/+4 |
| | |||||
* | Some vagrant hackery for testing the debs | Richard van der Hoff | 2019-05-17 | 4 | -0/+48 |
| | |||||
* | 0.99.4 | Richard van der Hoff | 2019-05-15 | 1 | -2/+5 |
| | |||||
* | Set syslog identifiers in systemd units (#5023) | Christoph Müller | 2019-05-10 | 2 | -0/+8 |
| | |||||
* | 0.99.3.2 v0.99.3.2 github/release-v0.99.3.2 release-v0.99.3.2 | Richard van der Hoff | 2019-05-03 | 1 | -0/+6 |
| | |||||
* | 0.99.3.1 | Richard van der Hoff | 2019-05-03 | 1 | -0/+6 |
| | |||||
* | 0.99.3 v0.99.3 github/release-v0.99.3 release-v0.99.3 | Neil Johnson | 2019-04-01 | 1 | -2/+6 |
| | |||||
* | Debian package: fix warning during preconfiguration. | Richard van der Hoff | 2019-03-07 | 2 | -1/+11 |
| | |||||
* | 0.99.2 | Richard van der Hoff | 2019-03-01 | 1 | -3/+3 |
| | |||||
* | 0.99.2rc1 v0.99.2rc1 | Richard van der Hoff | 2019-02-27 | 1 | -2/+3 |
| | |||||
* | Debian: fix overwriting of config settings on upgrade (#4696) | Richard van der Hoff | 2019-02-22 | 5 | -8/+165 |
| | | | | | | Make sure that users' changes to the config files are preserved. Fixes #4440. | ||||
* | 0.99.1.1 v0.99.1.1 | Richard van der Hoff | 2019-02-14 | 1 | -0/+6 |
| | |||||
* | 0.99.1 v0.99.1 | Richard van der Hoff | 2019-02-14 | 1 | -2/+6 |
| | |||||
* | implement `reload` by sending the HUP signal (#4622) | Дамјан Георгиевски | 2019-02-14 | 2 | -0/+7 |
| | | | | | | | | | | | | | * implement `reload` by sending the HUP signal According to the 0.99 release info* synapse now uses the HUP signal to reload certificates: > Synapse will now reload TLS certificates from disk upon SIGHUP. (#4495, #4524) So the matrix-synapse.service unit file should include a reload directive. Signed-off-by: Дамјан Георгиевски <gdamjan@gmail.com> | ||||
* | v0.99.0 v0.99.0 | Richard van der Hoff | 2019-02-05 | 1 | -0/+6 |
| | |||||
* | Generate the debian config during build (#4444) | Richard van der Hoff | 2019-01-24 | 3 | -617/+32 |
| | | | | | | Rather than hardcoding a config which we always forget to update, generate it from the default config. | ||||
* | debian package: symlink to python-3.X (#4433) | Richard van der Hoff | 2019-01-23 | 2 | -2/+15 |
| | | | | | | | | | | In the debian package, make the virtualenv symlink python to /usr/bin/python3.X rather than /usr/bin/python3. Also make sure we depend on the right python3.x package. This might help a bit with subtle failures when people install a package from the wrong distro (https://github.com/matrix-org/synapse/issues/4431). | ||||
* | Require ECDH key exchange & remove dh_params (#4429) | Amber Brown | 2019-01-22 | 1 | -3/+0 |
| | | | * remove dh_params and set better cipher string | ||||
* | moar plusses! | Richard van der Hoff | 2019-01-12 | 1 | -2/+2 |
| | | | | | | | | | | | | | | | turns out that 0.34.1.1+1 comes before 0.34.1.1+bionic (etc). The version may only contain "~ 0-9 A-Z a-z + - ." (sorting in that order). Option 1: replace "+" with something that sorts after +. Options are "-" (but dpkg-source complains about that) or "." (but that would mean we couldn't distinguish packaging-only changes from real changes). Option 2: stick with + and just find something that sorts after 'xenial'. The only options there are "-", "." (same problems as before), "z", and "+". Hence, ++1. Sorry. | ||||
* | s/Breaks/Conflicts/ in debian/control | Richard van der Hoff | 2019-01-11 | 2 | -3/+9 |
| | | | | Otherwise people can't upgrade from matrix-synapse without removing it first | ||||
* | changelog, for debian | Amber Brown | 2019-01-11 | 1 | -0/+6 |
| | |||||
* | debian: Remove Breaks: matrix-synapse-ldap3 v0.34.1+1 | Richard van der Hoff | 2019-01-09 | 2 | -1/+8 |
| | |||||
* | 0.34.1 v0.34.1 | Richard van der Hoff | 2019-01-09 | 1 | -2/+3 |
| | |||||
* | Update debian Conflicts specifications (#4349) | Richard van der Hoff | 2019-01-04 | 2 | -2/+13 |
| | | | ... to allow installation alongside our matrix-synapse transitional package. | ||||
* | Avoid packaging _trial_temp directory (#4326) | Richard van der Hoff | 2019-01-02 | 1 | -2/+1 |
| | | | | | | Make sure we don't put the _trial_temp directory in the package target directory. Fixes https://github.com/matrix-org/synapse/issues/4322 | ||||
* | Install the optional dependencies into the debian package (#4325) | Richard van der Hoff | 2019-01-02 | 2 | -2/+3 |
| | | | | | | | | since #4298, the optional dependencies are no longer installed with a simple `pip install .`, which meant that they were not being included in the debian package. The easy fix to that is dh_virtualenv --extras, but that needs dh_virtualenv 1.1... | ||||
* | Mention updating extensions github/release-v0.34.0 release-v0.34.0 | Richard van der Hoff | 2018-12-20 | 1 | -2/+7 |
| | |||||
* | clarify that installing -py3 removes the old pkg | Richard van der Hoff | 2018-12-20 | 1 | -3/+4 |
| | |||||
* | Clarify that py2 packages will continue to exist v0.34.0 | Richard van der Hoff | 2018-12-20 | 1 | -0/+4 |
| | |||||
* | Update log config for debian packages | Richard van der Hoff | 2018-12-20 | 1 | -0/+1 |
| | | | | Better follow our own release notes. | ||||
* | Debian packaging via dh_virtualenv (#4285) | Richard van der Hoff | 2018-12-20 | 26 | -506/+181 |
| | |||||
* | import from package-debian-synapse | Amber Brown | 2018-12-20 | 38 | -0/+2678 |