Skip to content

automation: Update matrix-synapse to version 1.62.0

Botaniker (Bot) requested to merge renovate/matrix-synapse-1.x into main

This MR contains the following updates:

Package Update Change
matrix-synapse minor 1.58.1 -> 1.62.0

Release Notes

matrix-org/synapse

v1.62.0

Compare Source

===========================

No significant changes since 1.62.0rc3.

Authors of spam-checker plugins should consult the upgrade notes to learn about the enriched signatures for spam checker callbacks, which are supported with this release of Synapse.

v1.61.1

Compare Source

===========================

This patch release fixes a security issue regarding URL previews, affecting all prior versions of Synapse. Server administrators are encouraged to update Synapse as soon as possible. We are not aware of these vulnerabilities being exploited in the wild.

Server administrators who are unable to update Synapse may use the workarounds described in the linked GitHub Security Advisory below.

Security advisory

The following issue is fixed in 1.61.1.

  • GHSA-22p3-qrh9-cx32 / CVE-2022-31052

    Synapse instances with the url_preview_enabled homeserver config option set to true are affected. URL previews of some web pages can lead to unbounded recursion, causing the request to either fail, or in some cases crash the running Synapse process.

    Requesting URL previews requires authentication. Nevertheless, it is possible to exploit this maliciously, either by malicious users on the homeserver, or by remote users sending URLs that a local user's client may automatically request a URL preview for.

    Homeservers with the url_preview_enabled configuration option set to false (the default) are unaffected. Instances with the enable_media_repo configuration option set to false are also unaffected, as this also disables URL preview functionality.

    Fixed by fa1308061802ac7b7d20e954ba7372c5ac292333.

v1.61.0

Compare Source

===========================

This release removes support for the non-standard feature known both as 'groups' and as 'communities', which have been superseded by Spaces.

See the upgrade notes for more details.

Improved Documentation

v1.60.0

Compare Source

===========================

This release of Synapse adds a unique index to the state_group_edges table, in order to prevent accidentally introducing duplicate information (for example, because a database backup was restored multiple times). If your Synapse database already has duplicate rows in this table, this could fail with an error and require manual remediation.

Additionally, the signature of the check_event_for_spam module callback has changed. The previous signature has been deprecated and remains working for now. Module authors should update their modules to use the new signature where possible.

See the upgrade notes for more details.

Bugfixes

  • Fix a bug introduced in Synapse 1.60.0rc1 that would break some imports from synapse.module_api. (#​12918)

v1.59.1

Compare Source

===========================

This release fixes a long-standing issue which could prevent Synapse's user directory for updating properly.

Bugfixes

  • Fix a long-standing bug where the user directory background process would fail to make forward progress if a user included a null codepoint in their display name or avatar. Contributed by Nick @​ Beeper. (#​12762)

v1.59.0

Compare Source

===========================

Synapse 1.59 makes several changes that server administrators should be aware of:

  • Device name lookup over federation is now disabled by default. (#​12616)
  • The synapse.app.appservice and synapse.app.user_dir worker application types are now deprecated. (#​12452, #​12654)

See the upgrade notes for more details.

Additionally, this release removes the non-standard m.login.jwt login type from Synapse. It can be replaced with org.matrix.login.jwt for identical behaviour. This is only used if jwt_config.enabled is set to true in the configuration. (#​12597)

Bugfixes

  • Fix DB performance regression introduced in Synapse 1.59.0rc2. (#​12745)

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about this update again.

  • If you want to rebase/retry this MR, click this checkbox.

This MR has been generated by Renovate Bot. The local configuration can be found in the SI Renovate Bot repository.

Edited by Botaniker (Bot)

Merge request reports