Skip to content

automation: Update matrix-synapse Docker tag to v1.67.0

Botaniker (Bot) requested to merge renovate/matrix-synapse-1.x into master

This MR contains the following updates:

Package Update Change
matrix-synapse minor 1.60.0 -> 1.67.0

Release Notes

matrix-org/synapse

v1.67.0

Compare Source

===========================

This release removes using the deprecated direct TCP replication configuration for workers. Server admins should use Redis instead. See the upgrade notes.

The minimum version of poetry supported for managing source checkouts is now 1.2.0.

Notice: from the next major release (1.68.0) installing Synapse from a source checkout will require a recent Rust compiler. Those using packages or pip install matrix-synapse will not be affected. See the upgrade notes.

Notice: from the next major release (1.68.0), running Synapse with a SQLite database will require SQLite version 3.27.0 or higher. (The current minimum version is SQLite 3.22.0.) See #​12983 and the upgrade notes for more details.

No significant changes since 1.67.0rc1.

v1.66.0

Compare Source

===========================

No significant changes since 1.66.0rc2.

This release removes the ability for homeservers to delegate email ownership verification and password reset confirmation to identity servers. This removal was originally planned for Synapse 1.64, but was later deferred until now. See the upgrade notes for more details.

Deployments with multiple workers should note that the direct TCP replication configuration was deprecated in Synapse v1.18.0 and will be removed in Synapse v1.67.0. In particular, the TCP replication listener type (not to be confused with the replication resource on the http listener type) and the worker_replication_port config option will be removed .

To migrate to Redis, add the redis config, then remove the TCP replication listener from config of the master and worker_replication_port from worker config. Note that a HTTP listener with a replication resource is still required. See the worker documentation for more details.

v1.65.0

Compare Source

===========================

No significant changes since 1.65.0rc2.

v1.64.0

Compare Source

===========================

No significant changes since 1.64.0rc2.

Deprecation Warning

Synapse v1.66.0 will remove the ability to delegate the tasks of verifying email address ownership, and password reset confirmation, to an identity server.

If you require your homeserver to verify e-mail addresses or to support password resets via e-mail, please configure your homeserver with SMTP access so that it can send e-mails on its own behalf. Consult the configuration documentation for more information.

v1.63.1

Compare Source

===========================

Bugfixes

  • Fix a bug introduced in Synapse 1.63.0 where push actions were incorrectly calculated for appservice users. This caused performance issues on servers with large numbers of appservices. (#​13332)

v1.63.0

Compare Source

===========================

Improved Documentation

  • Clarify that homeserver server names are included in the reported data when the report_stats config option is enabled. (#​13321)

v1.62.0

Compare Source

===========================

No significant changes since 1.62.0rc3.

Authors of spam-checker plugins should consult the upgrade notes to learn about the enriched signatures for spam checker callbacks, which are supported with this release of Synapse.

Security advisory

The following issue is fixed in 1.62.0.

  • GHSA-jhjh-776m-4765 / CVE-2022-31152

    Synapse instances prior to 1.62.0 did not implement the Matrix event authorization rules correctly. An attacker could craft events which would be accepted by Synapse but not a spec-conformant server, potentially causing divergence in the room state between servers.

    Homeservers with federation disabled via the federation_domain_whitelist config option are unaffected.

    Administrators of homeservers with federation enabled are advised to upgrade to v1.62.0 or higher.

    Fixed by #​13087 and #​13088.

v1.61.1

Compare Source

===========================

This patch release fixes a security issue regarding URL previews, affecting all prior versions of Synapse. Server administrators are encouraged to update Synapse as soon as possible. We are not aware of these vulnerabilities being exploited in the wild.

Server administrators who are unable to update Synapse may use the workarounds described in the linked GitHub Security Advisory below.

Security advisory

The following issue is fixed in 1.61.1.

  • GHSA-22p3-qrh9-cx32 / CVE-2022-31052

    Synapse instances with the url_preview_enabled homeserver config option set to true are affected. URL previews of some web pages can lead to unbounded recursion, causing the request to either fail, or in some cases crash the running Synapse process.

    Requesting URL previews requires authentication. Nevertheless, it is possible to exploit this maliciously, either by malicious users on the homeserver, or by remote users sending URLs that a local user's client may automatically request a URL preview for.

    Homeservers with the url_preview_enabled configuration option set to false (the default) are unaffected. Instances with the enable_media_repo configuration option set to false are also unaffected, as this also disables URL preview functionality.

    Fixed by fa1308061802ac7b7d20e954ba7372c5ac292333.

v1.61.0

Compare Source

===========================

This release removes support for the non-standard feature known both as 'groups' and as 'communities', which have been superseded by Spaces.

See the upgrade notes for more details.

Improved Documentation


Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about this update again.


  • If you want to rebase/retry this MR, click this checkbox.

This MR has been generated by Renovate Bot. The local configuration can be found in the SI Renovate Bot repository.

Edited by Botaniker (Bot)

Merge request reports

Loading