From 7d56b6c083d7d2eb683795d482453923c3e8be15 Mon Sep 17 00:00:00 2001 From: Brendan Abolivier Date: Tue, 8 Feb 2022 11:35:05 +0000 Subject: 1.52.0 --- CHANGES.md | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'CHANGES.md') diff --git a/CHANGES.md b/CHANGES.md index 36707db03b..cee0549036 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -1,3 +1,9 @@ +Synapse 1.52.0 (2022-02-08) +=========================== + +No significant changes. + + Synapse 1.52.0rc1 (2022-02-01) ============================== -- cgit 1.4.1 From 5cdd4913100961f943f6432d9fbdaa20907142c2 Mon Sep 17 00:00:00 2001 From: Brendan Abolivier Date: Tue, 8 Feb 2022 11:47:35 +0000 Subject: Add words about the Twisted security fix --- CHANGES.md | 11 +++++++++-- docs/upgrade.md | 11 +++++++++++ 2 files changed, 20 insertions(+), 2 deletions(-) (limited to 'CHANGES.md') diff --git a/CHANGES.md b/CHANGES.md index cee0549036..9bccf3f5ec 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -1,7 +1,14 @@ Synapse 1.52.0 (2022-02-08) =========================== -No significant changes. +No significant changes since 1.52.0rc1. + +During the making of this release, the developers of Twisted have released +[Twisted 22.1.0](https://github.com/twisted/twisted/releases/tag/twisted-22.1.0), which +fixes [a security issue](https://github.com/twisted/twisted/security/advisories/GHSA-92x2-jw7w-xvvx) +within Twisted. We do not believe Synapse to be vulnerable to any security problem caused +by this issue, though we advise server administrators to update their local version of +Twisted if they can. Synapse 1.52.0rc1 (2022-02-01) @@ -13,7 +20,7 @@ Features - Remove account data (including client config, push rules and ignored users) upon user deactivation. ([\#11621](https://github.com/matrix-org/synapse/issues/11621), [\#11788](https://github.com/matrix-org/synapse/issues/11788), [\#11789](https://github.com/matrix-org/synapse/issues/11789)) - Add an admin API to reset connection timeouts for remote server. ([\#11639](https://github.com/matrix-org/synapse/issues/11639)) - Add an admin API to get a list of rooms that federate with a given remote homeserver. ([\#11658](https://github.com/matrix-org/synapse/issues/11658)) -- Add a config flag to inhibit M_USER_IN_USE during registration. ([\#11743](https://github.com/matrix-org/synapse/issues/11743)) +- Add a config flag to inhibit `M_USER_IN_USE` during registration. ([\#11743](https://github.com/matrix-org/synapse/issues/11743)) - Add a module callback to set username at registration. ([\#11790](https://github.com/matrix-org/synapse/issues/11790)) - Allow configuring a maximum file size as well as a list of allowed content types for avatars. ([\#11846](https://github.com/matrix-org/synapse/issues/11846)) diff --git a/docs/upgrade.md b/docs/upgrade.md index f455d257ba..913f97385d 100644 --- a/docs/upgrade.md +++ b/docs/upgrade.md @@ -85,6 +85,17 @@ process, for example: dpkg -i matrix-synapse-py3_1.3.0+stretch1_amd64.deb ``` +# Upgrading to v1.52.0 + +## Twisted security release + +During the making of this release, the developers of Twisted have released +[Twisted 22.1.0](https://github.com/twisted/twisted/releases/tag/twisted-22.1.0), which +fixes [a security issue](https://github.com/twisted/twisted/security/advisories/GHSA-92x2-jw7w-xvvx) +within Twisted. We do not believe Synapse to be vulnerable to any security problem caused +by this issue, though we advise server administrators to update their local version of +Twisted if they can. + # Upgrading to v1.51.0 ## Deprecation of `webclient` listeners and non-HTTP(S) `web_client_location` -- cgit 1.4.1 From 1aa2231e271f1b0b08757fc6f94c7c69c2993b25 Mon Sep 17 00:00:00 2001 From: Brendan Abolivier Date: Tue, 8 Feb 2022 11:55:46 +0000 Subject: Fix wording --- CHANGES.md | 13 +++++++------ docs/upgrade.md | 13 +++++++------ 2 files changed, 14 insertions(+), 12 deletions(-) (limited to 'CHANGES.md') diff --git a/CHANGES.md b/CHANGES.md index 9bccf3f5ec..958024ff0c 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -3,12 +3,13 @@ Synapse 1.52.0 (2022-02-08) No significant changes since 1.52.0rc1. -During the making of this release, the developers of Twisted have released -[Twisted 22.1.0](https://github.com/twisted/twisted/releases/tag/twisted-22.1.0), which -fixes [a security issue](https://github.com/twisted/twisted/security/advisories/GHSA-92x2-jw7w-xvvx) -within Twisted. We do not believe Synapse to be vulnerable to any security problem caused -by this issue, though we advise server administrators to update their local version of -Twisted if they can. +Note that [Twisted 22.1.0](https://github.com/twisted/twisted/releases/tag/twisted-22.1.0) +has recently been released, which fixes a [security issue](https://github.com/twisted/twisted/security/advisories/GHSA-92x2-jw7w-xvvx) +within the Twisted library. We do not believe Synapse is affected by this vulnerability, +though we advise server administrators who installed Synapse via pip to upgrade Twisted +with `pip install --upgrade Twisted` as a matter of good practice. The Docker image +`matrixdotorg/synapse` and the Debian packages from `packages.matrix.org` are using the +updated library. Synapse 1.52.0rc1 (2022-02-01) diff --git a/docs/upgrade.md b/docs/upgrade.md index 913f97385d..0105f87f90 100644 --- a/docs/upgrade.md +++ b/docs/upgrade.md @@ -89,12 +89,13 @@ process, for example: ## Twisted security release -During the making of this release, the developers of Twisted have released -[Twisted 22.1.0](https://github.com/twisted/twisted/releases/tag/twisted-22.1.0), which -fixes [a security issue](https://github.com/twisted/twisted/security/advisories/GHSA-92x2-jw7w-xvvx) -within Twisted. We do not believe Synapse to be vulnerable to any security problem caused -by this issue, though we advise server administrators to update their local version of -Twisted if they can. +Note that [Twisted 22.1.0](https://github.com/twisted/twisted/releases/tag/twisted-22.1.0) +has recently been released, which fixes a [security issue](https://github.com/twisted/twisted/security/advisories/GHSA-92x2-jw7w-xvvx) +within the Twisted library. We do not believe Synapse is affected by this vulnerability, +though we advise server administrators who installed Synapse via pip to upgrade Twisted +with `pip install --upgrade Twisted` as a matter of good practice. The Docker image +`matrixdotorg/synapse` and the Debian packages from `packages.matrix.org` are using the +updated library. # Upgrading to v1.51.0 -- cgit 1.4.1