automation: Update matrix-synapse Docker tag to v1.51.0
This MR contains the following updates:
| Package | Update | Change |
|---|---|---|
| matrix-synapse | minor |
1.45.1 -> 1.51.0
|
Release Notes
matrix-org/synapse
v1.51.0
===========================
No significant changes since 1.51.0rc2.
Synapse 1.51.0 deprecates webclient listeners and non-HTTP(S) web_client_locations. Support for these will be removed in Synapse 1.53.0, at which point Synapse will not be capable of directly serving a web client for Matrix. See the upgrade notes.
v1.50.2
===========================
This release includes the same bugfix as Synapse 1.51.0rc2.
Bugfixes
- Fix a bug introduced in Synapse 1.40.0 that caused Synapse to fail to process incoming federation traffic after handling a large amount of events in a v1 room. (#11806)
v1.50.1
===========================
This release fixes a bug in Synapse 1.50.0 that could prevent clients from being able to connect to Synapse if the webclient resource was enabled. Further details are available in this issue.
Bugfixes
- Fix a bug introduced in Synapse 1.50.0rc1 that could cause Matrix clients to be unable to connect to Synapse instances with the
webclientresource enabled. (#11764)
v1.50.0
===========================
This release contains a critical bug that may prevent clients from being able to connect. As such, it is not recommended to upgrade to 1.50.0. Instead, please upgrade straight to to 1.50.1. Further details are available in this issue.
Please note that we now only support Python 3.7+ and PostgreSQL 10+ (if applicable), because Python 3.6 and PostgreSQL 9.6 have reached end-of-life.
No significant changes since 1.50.0rc2.
v1.49.2
===========================
This release fixes a regression introduced in Synapse 1.49.0 which could cause /sync requests to take significantly longer. This would particularly affect "initial" syncs for users participating in a large number of rooms, and in extreme cases, could make it impossible for such users to log in on a new client.
Note: in line with our deprecation policy for platform dependencies, this will be the last release to support Python 3.6 and PostgreSQL 9.6, both of which have now reached upstream end-of-life. Synapse will require Python 3.7+ and PostgreSQL 10+.
Note: We will also stop producing packages for Ubuntu 18.04 (Bionic Beaver) after this release, as it uses Python 3.6.
Bugfixes
- Fix a performance regression in
/synchandling, introduced in 1.49.0. (#11583)
Internal Changes
- Work around a build problem on Debian Buster. (#11625)
v1.49.1
===========================
Not released due to problems building the debian packages.
v1.49.0
===========================
No significant changes since version 1.49.0rc1.
Support for Ubuntu 21.04 ends next month on the 20th of January
For users of Ubuntu 21.04 (Hirsute Hippo), please be aware that upstream support for this version of Ubuntu will end next month. We will stop producing packages for Ubuntu 21.04 after upstream support ends.
The wiki has been migrated to the documentation website
We've decided to move the existing, somewhat stagnant pages from the GitHub wiki to the documentation website.
This was done for two reasons. The first was to ensure that changes are checked by multiple authors before being committed (everyone makes mistakes!) and the second was visibility of the documentation. Not everyone knows that Synapse has some very useful information hidden away in its GitHub wiki pages. Bringing them to the documentation website should help with visibility, as well as keep all Synapse documentation in one, easily-searchable location.
Note that contributions to the documentation website happen through GitHub pull requests. Please visit #synapse-dev:matrix.org if you need help with the process!
v1.48.0
===========================
This release removes support for the long-deprecated trust_identity_server_for_password_resets configuration flag.
This release also fixes some performance issues with some background database updates introduced in Synapse 1.47.0.
No significant changes since 1.48.0rc1.
v1.47.1
===========================
This release fixes a security issue in the media store, affecting all prior releases of Synapse. Server administrators are encouraged to update Synapse as soon as possible. We are not aware of these vulnerabilities being exploited in the wild.
Server administrators who are unable to update Synapse may use the workarounds described in the linked GitHub Security Advisory below.
Security advisory
The following issue is fixed in 1.47.1.
-
GHSA-3hfw-x7gx-437c / CVE-2021-41281: Path traversal when downloading remote media.
Synapse instances with the media repository enabled can be tricked into downloading a file from a remote server into an arbitrary directory, potentially outside the media store directory.
The last two directories and file name of the path are chosen randomly by Synapse and cannot be controlled by an attacker, which limits the impact.
Homeservers with the media repository disabled are unaffected. Homeservers configured with a federation whitelist are also unaffected.
Fixed by 91f2bd090.
v1.47.0
===========================
No significant changes since 1.47.0rc3.
v1.46.0
===========================
The cause of the performance regression affecting Synapse 1.44 has been identified and fixed. (#11177)
Bugfixes
- Fix a bug introduced in v1.46.0rc1 where URL previews of some XML documents would fail. (#11196)
Configuration
-
If you want to rebase/retry this MR, click this checkbox.
This MR has been generated by Renovate Bot. The local configuration can be found in the SI Renovate Bot repository.