automation: Update matrix-synapse Docker tag to v1.67.0
This MR contains the following updates:
| Package | Update | Change |
|---|---|---|
| matrix-synapse | minor |
1.60.0 -> 1.67.0
|
Release Notes
matrix-org/synapse
v1.67.0
===========================
This release removes using the deprecated direct TCP replication configuration for workers. Server admins should use Redis instead. See the upgrade notes.
The minimum version of poetry supported for managing source checkouts is now
1.2.0.
Notice: from the next major release (1.68.0) installing Synapse from a source
checkout will require a recent Rust compiler. Those using packages or
pip install matrix-synapse will not be affected. See the upgrade
notes.
Notice: from the next major release (1.68.0), running Synapse with a SQLite database will require SQLite version 3.27.0 or higher. (The current minimum version is SQLite 3.22.0.) See #12983 and the upgrade notes for more details.
No significant changes since 1.67.0rc1.
v1.66.0
===========================
No significant changes since 1.66.0rc2.
This release removes the ability for homeservers to delegate email ownership verification and password reset confirmation to identity servers. This removal was originally planned for Synapse 1.64, but was later deferred until now. See the upgrade notes for more details.
Deployments with multiple workers should note that the direct TCP replication
configuration was deprecated in Synapse v1.18.0 and will be removed in Synapse
v1.67.0. In particular, the TCP replication listener
type (not to be confused with the replication resource on the http listener
type) and the worker_replication_port config option will be removed .
To migrate to Redis, add the redis config,
then remove the TCP replication listener from config of the master and
worker_replication_port from worker config. Note that a HTTP listener with a
replication resource is still required. See the
worker documentation
for more details.
v1.65.0
===========================
No significant changes since 1.65.0rc2.
v1.64.0
===========================
No significant changes since 1.64.0rc2.
Deprecation Warning
Synapse v1.66.0 will remove the ability to delegate the tasks of verifying email address ownership, and password reset confirmation, to an identity server.
If you require your homeserver to verify e-mail addresses or to support password resets via e-mail, please configure your homeserver with SMTP access so that it can send e-mails on its own behalf. Consult the configuration documentation for more information.
v1.63.1
===========================
Bugfixes
- Fix a bug introduced in Synapse 1.63.0 where push actions were incorrectly calculated for appservice users. This caused performance issues on servers with large numbers of appservices. (#13332)
v1.63.0
===========================
Improved Documentation
- Clarify that homeserver server names are included in the reported data when the
report_statsconfig option is enabled. (#13321)
v1.62.0
===========================
No significant changes since 1.62.0rc3.
Authors of spam-checker plugins should consult the upgrade notes to learn about the enriched signatures for spam checker callbacks, which are supported with this release of Synapse.
Security advisory
The following issue is fixed in 1.62.0.
-
GHSA-jhjh-776m-4765 / CVE-2022-31152
Synapse instances prior to 1.62.0 did not implement the Matrix event authorization rules correctly. An attacker could craft events which would be accepted by Synapse but not a spec-conformant server, potentially causing divergence in the room state between servers.
Homeservers with federation disabled via the
federation_domain_whitelistconfig option are unaffected.Administrators of homeservers with federation enabled are advised to upgrade to v1.62.0 or higher.
v1.61.1
===========================
This patch release fixes a security issue regarding URL previews, affecting all prior versions of Synapse. Server administrators are encouraged to update Synapse as soon as possible. We are not aware of these vulnerabilities being exploited in the wild.
Server administrators who are unable to update Synapse may use the workarounds described in the linked GitHub Security Advisory below.
Security advisory
The following issue is fixed in 1.61.1.
-
GHSA-22p3-qrh9-cx32 / CVE-2022-31052
Synapse instances with the
url_preview_enabledhomeserver config option set totrueare affected. URL previews of some web pages can lead to unbounded recursion, causing the request to either fail, or in some cases crash the running Synapse process.Requesting URL previews requires authentication. Nevertheless, it is possible to exploit this maliciously, either by malicious users on the homeserver, or by remote users sending URLs that a local user's client may automatically request a URL preview for.
Homeservers with the
url_preview_enabledconfiguration option set tofalse(the default) are unaffected. Instances with theenable_media_repoconfiguration option set tofalseare also unaffected, as this also disables URL preview functionality.Fixed by fa1308061802ac7b7d20e954ba7372c5ac292333.
v1.61.0
===========================
This release removes support for the non-standard feature known both as 'groups' and as 'communities', which have been superseded by Spaces.
See the upgrade notes for more details.
Improved Documentation
- Mention removed community/group worker endpoints in the upgrade notes. Contributed by @olmari. (#13023)
Configuration
-
If you want to rebase/retry this MR, click this checkbox.
This MR has been generated by Renovate Bot. The local configuration can be found in the SI Renovate Bot repository.