Skip to content

automation: Update matrix-synapse Docker tag to v1.45.1

Botaniker (Bot) requested to merge renovate/matrix-synapse-1.x into deployment

This MR contains the following updates:

Package Update Change
matrix-synapse minor 1.38.0 -> 1.45.1

Release Notes

matrix-org/synapse

v1.45.1

Compare Source

===========================

Bugfixes

  • Revert change to counting of deactivated users towards the monthly active users limit, introduced in 1.45.0rc1. (#​11127)

v1.45.0

Compare Source

===========================

No functional changes since Synapse 1.45.0rc2.

Known Issues

  • A suspected performance regression which was first reported after the release of 1.44.0 remains unresolved.

    We have not been able to identify a probable cause. Affected users report that setting up a federation sender worker appears to alleviate symptoms of the regression.

Improved Documentation

  • Reword changelog to clarify concerns about a suspected performance regression in 1.44.0. (#​11117)

v1.44.0

Compare Source

===========================

No significant changes since 1.44.0rc3.

v1.43.0

Compare Source

===========================

This release drops support for the deprecated, unstable API for MSC2858 (Multiple SSO Identity Providers), as well as the undocumented experimental.msc2858_enabled config option. Client authors should update their clients to use the stable API, available since Synapse 1.30.

The documentation has been updated with configuration for routing /spaces, /hierarchy and /summary to workers. See the upgrade notes for more details.

No significant changes since 1.43.0rc2.

v1.42.0

Compare Source

===========================

This version of Synapse removes deprecated room-management admin APIs, removes out-of-date email pushers, and improves error handling for fallback templates for user-interactive authentication. For more information on these points, server administrators are encouraged to read the upgrade notes.

No significant changes since 1.42.0rc2.

v1.41.1

Compare Source

===========================

Due to the two security issues highlighted below, server administrators are encouraged to update Synapse. We are not aware of these vulnerabilities being exploited in the wild.

Security advisory

The following issues are fixed in v1.41.1.

  • GHSA-3x4c-pq33-4w3q / CVE-2021-39164: Enumerating a private room's list of members and their display names.

    If an unauthorized user both knows the Room ID of a private room and that room's history visibility is set to shared, then they may be able to enumerate the room's members, including their display names.

    The unauthorized user must be on the same homeserver as a user who is a member of the target room.

    Fixed by 52c7a51cf.

  • GHSA-jj53-8fmw-f2w2 / CVE-2021-39163: Disclosing a private room's name, avatar, topic, and number of members.

    If an unauthorized user knows the Room ID of a private room, then its name, avatar, topic, and number of members may be disclosed through Group / Community features.

    The unauthorized user must be on the same homeserver as a user who is a member of the target room, and their homeserver must allow non-administrators to create groups (enable_group_creation in the Synapse configuration; off by default).

    Fixed by cb35df940a, #​10723.

Bugfixes

  • Fix a regression introduced in Synapse 1.41 which broke email transmission on systems using older versions of the Twisted library. (#​10713)

v1.41.0

Compare Source

===========================

This release adds support for Debian 12 (Bookworm), but removes support for Ubuntu 20.10 (Groovy Gorilla), which reached End of Life last month.

Note that when using workers the /_synapse/admin/v1/users/{userId}/media must now be handled by media workers. See the upgrade notes for more information.

Features

  • Enable room capabilities (MSC3244) by default and set room version 8 as the preferred room version when creating restricted rooms. (#​10571)

v1.40.0

Compare Source

===========================

No significant changes.

v1.39.0

Compare Source

===========================

No significant changes.

v1.38.1

Compare Source

===========================

Bugfixes

  • Always include device_one_time_keys_count key in /sync response to work around a bug in Element Android that broke encryption for new devices. (#​10457)

Configuration

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about this update again.

  • If you want to rebase/retry this MR, click this checkbox.

This MR has been generated by Renovate Bot. The local configuration can be found in the SI Renovate Bot repository.

Edited by Botaniker (Bot)

Merge request reports