From 9991aaa49c7c044c16c37e4a75ee2a9b8c2376b9 Mon Sep 17 00:00:00 2001
From: Patrick Cloke <patrickc@matrix.org>
Date: Thu, 15 Oct 2020 09:24:10 -0400
Subject: 1.21.2

---
 CHANGES.md              | 9 +++++++++
 changelog.d/8530.bugfix | 1 -
 debian/changelog        | 7 +++++++
 synapse/__init__.py     | 2 +-
 4 files changed, 17 insertions(+), 2 deletions(-)
 delete mode 100644 changelog.d/8530.bugfix

diff --git a/CHANGES.md b/CHANGES.md
index 75dc5fa893..6ef499bd9e 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -1,3 +1,12 @@
+Synapse 1.21.2 (2020-10-15)
+===========================
+
+Bugfixes
+--------
+
+- Fix rare bug where sending an event would fail due to a racey assertion. ([\#8530](https://github.com/matrix-org/synapse/issues/8530))
+
+
 Synapse 1.21.1 (2020-10-13)
 ===========================
 
diff --git a/changelog.d/8530.bugfix b/changelog.d/8530.bugfix
deleted file mode 100644
index 443d88424e..0000000000
--- a/changelog.d/8530.bugfix
+++ /dev/null
@@ -1 +0,0 @@
-Fix rare bug where sending an event would fail due to a racey assertion.
diff --git a/debian/changelog b/debian/changelog
index eeafd4f50a..8d873a4845 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+matrix-synapse-py3 (1.21.2) stable; urgency=medium
+
+  [ Synapse Packaging team ]
+  * New synapse release 1.21.2.
+
+ -- Synapse Packaging team <packages@matrix.org>  Thu, 15 Oct 2020 09:23:27 -0400
+
 matrix-synapse-py3 (1.21.1) stable; urgency=medium
 
   [ Synapse Packaging team ]
diff --git a/synapse/__init__.py b/synapse/__init__.py
index 722b53a67d..83b8e4897f 100644
--- a/synapse/__init__.py
+++ b/synapse/__init__.py
@@ -48,7 +48,7 @@ try:
 except ImportError:
     pass
 
-__version__ = "1.21.1"
+__version__ = "1.21.2"
 
 if bool(os.environ.get("SYNAPSE_TEST_PATCH_LOG_CONTEXTS", False)):
     # We import here so that we don't have to install a bunch of deps when
-- 
cgit 1.4.1


From f49708dee3c46be87a23a934ecba17e7e58d4b16 Mon Sep 17 00:00:00 2001
From: Patrick Cloke <patrickc@matrix.org>
Date: Thu, 15 Oct 2020 10:18:02 -0400
Subject: Add additional release notes.

---
 CHANGES.md | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/CHANGES.md b/CHANGES.md
index 6ef499bd9e..af5a9bafb8 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -1,10 +1,23 @@
 Synapse 1.21.2 (2020-10-15)
 ===========================
 
+Security advisory
+-----------------
+
+* HTML pages served via Synapse were vulernable to cross-site scripting (XSS)
+  attacks. All server administrators are encouraged to upgrade.
+  ([34ff8da8](https://github.com/matrix-org/synapse/commit/34ff8da83b54024289f515c6d73e6b486574d699))
+  ([CVE-2020-26891](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26891))
+
+  This fix was originally included in v1.21.0 but was missing a security advisory.
+
+  This was reported by [Denis Kasak](https://github.com/dkasak).
+
 Bugfixes
 --------
 
 - Fix rare bug where sending an event would fail due to a racey assertion. ([\#8530](https://github.com/matrix-org/synapse/issues/8530))
+- Fix issues introduced in the packaging of v1.21.1 when using OpenID Connect with the Docker or Debian packages by including an updated version of the authlib dependency.
 
 
 Synapse 1.21.1 (2020-10-13)
-- 
cgit 1.4.1


From f30f12a839a231eb9e57582b4a48a6ae38979de4 Mon Sep 17 00:00:00 2001
From: Patrick Cloke <patrickc@matrix.org>
Date: Thu, 15 Oct 2020 10:28:27 -0400
Subject: Fix typo.

---
 CHANGES.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CHANGES.md b/CHANGES.md
index af5a9bafb8..696f6bc6cc 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -4,7 +4,7 @@ Synapse 1.21.2 (2020-10-15)
 Security advisory
 -----------------
 
-* HTML pages served via Synapse were vulernable to cross-site scripting (XSS)
+* HTML pages served via Synapse were vulnerable to cross-site scripting (XSS)
   attacks. All server administrators are encouraged to upgrade.
   ([34ff8da8](https://github.com/matrix-org/synapse/commit/34ff8da83b54024289f515c6d73e6b486574d699))
   ([CVE-2020-26891](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26891))
-- 
cgit 1.4.1


From a7d4985a6b0a3c9e22c4f376a62e3d8664e779b8 Mon Sep 17 00:00:00 2001
From: Patrick Cloke <patrickc@matrix.org>
Date: Thu, 15 Oct 2020 10:28:53 -0400
Subject: Clarify authlib changes.

---
 CHANGES.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/CHANGES.md b/CHANGES.md
index 696f6bc6cc..e9ff374e4d 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -1,6 +1,8 @@
 Synapse 1.21.2 (2020-10-15)
 ===========================
 
+Debian packages and Docker images are rebuilt using the latest versions of dependency libraries, including authlib 0.15.1. Please see bugfixes below.
+
 Security advisory
 -----------------
 
@@ -17,7 +19,7 @@ Bugfixes
 --------
 
 - Fix rare bug where sending an event would fail due to a racey assertion. ([\#8530](https://github.com/matrix-org/synapse/issues/8530))
-- Fix issues introduced in the packaging of v1.21.1 when using OpenID Connect with the Docker or Debian packages by including an updated version of the authlib dependency.
+- An updated version of the authlib dependency is included in the Docker and Debian release to fix an issue using OpenID Connect.
 
 
 Synapse 1.21.1 (2020-10-13)
-- 
cgit 1.4.1


From 9b8a53c7b9e1a3ca5f46e417b9fa705f8bacb494 Mon Sep 17 00:00:00 2001
From: Patrick Cloke <patrickc@matrix.org>
Date: Thu, 15 Oct 2020 10:33:43 -0400
Subject: Additional tweaks.

---
 CHANGES.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/CHANGES.md b/CHANGES.md
index e9ff374e4d..38a0814bbf 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -1,14 +1,14 @@
 Synapse 1.21.2 (2020-10-15)
 ===========================
 
-Debian packages and Docker images are rebuilt using the latest versions of dependency libraries, including authlib 0.15.1. Please see bugfixes below.
+Debian packages and Docker images have been rebuilt using the latest versions of dependency libraries, including authlib 0.15.1. Please see bugfixes below.
 
 Security advisory
 -----------------
 
 * HTML pages served via Synapse were vulnerable to cross-site scripting (XSS)
   attacks. All server administrators are encouraged to upgrade.
-  ([34ff8da8](https://github.com/matrix-org/synapse/commit/34ff8da83b54024289f515c6d73e6b486574d699))
+  ([\#8444](https://github.com/matrix-org/synapse/pull/8444))
   ([CVE-2020-26891](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26891))
 
   This fix was originally included in v1.21.0 but was missing a security advisory.
@@ -19,7 +19,7 @@ Bugfixes
 --------
 
 - Fix rare bug where sending an event would fail due to a racey assertion. ([\#8530](https://github.com/matrix-org/synapse/issues/8530))
-- An updated version of the authlib dependency is included in the Docker and Debian release to fix an issue using OpenID Connect.
+- An updated version of the authlib dependency is included in the Docker and Debian images to fix an issue using OpenID Connect. See [\#8534](https://github.com/matrix-org/synapse/issues/8534) for details.
 
 
 Synapse 1.21.1 (2020-10-13)
-- 
cgit 1.4.1