New upstream version 1.21.2
Andrej Shadura
3 years ago
|
0 |
Synapse 1.21.2 (2020-10-15)
|
|
1 |
===========================
|
|
2 |
|
|
3 |
Debian packages and Docker images have been rebuilt using the latest versions of dependency libraries, including authlib 0.15.1. Please see bugfixes below.
|
|
4 |
|
|
5 |
Security advisory
|
|
6 |
-----------------
|
|
7 |
|
|
8 |
* HTML pages served via Synapse were vulnerable to cross-site scripting (XSS)
|
|
9 |
attacks. All server administrators are encouraged to upgrade.
|
|
10 |
([\#8444](https://github.com/matrix-org/synapse/pull/8444))
|
|
11 |
([CVE-2020-26891](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26891))
|
|
12 |
|
|
13 |
This fix was originally included in v1.21.0 but was missing a security advisory.
|
|
14 |
|
|
15 |
This was reported by [Denis Kasak](https://github.com/dkasak).
|
|
16 |
|
|
17 |
Bugfixes
|
|
18 |
--------
|
|
19 |
|
|
20 |
- Fix rare bug where sending an event would fail due to a racey assertion. ([\#8530](https://github.com/matrix-org/synapse/issues/8530))
|
|
21 |
- An updated version of the authlib dependency is included in the Docker and Debian images to fix an issue using OpenID Connect. See [\#8534](https://github.com/matrix-org/synapse/issues/8534) for details.
|
|
22 |
|
|
23 |
|
| 0 | 24 |
Synapse 1.21.1 (2020-10-13)
|
| 1 | 25 |
===========================
|
| 2 | 26 |
|
|
0 |
matrix-synapse-py3 (1.21.2) stable; urgency=medium
|
|
1 |
|
|
2 |
[ Synapse Packaging team ]
|
|
3 |
* New synapse release 1.21.2.
|
|
4 |
|
|
5 |
-- Synapse Packaging team <packages@matrix.org> Thu, 15 Oct 2020 09:23:27 -0400
|
|
6 |
|
| 0 | 7 |
matrix-synapse-py3 (1.21.1) stable; urgency=medium
|
| 1 | 8 |
|
| 2 | 9 |
[ Synapse Packaging team ]
|
| 47 | 47 |
except ImportError:
|
| 48 | 48 |
pass
|
| 49 | 49 |
|
| 50 | |
__version__ = "1.21.1"
|
|
50 |
__version__ = "1.21.2"
|
| 51 | 51 |
|
| 52 | 52 |
if bool(os.environ.get("SYNAPSE_TEST_PATCH_LOG_CONTEXTS", False)):
|
| 53 | 53 |
# We import here so that we don't have to install a bunch of deps when
|
| 611 | 611 |
db_autocommit=True,
|
| 612 | 612 |
)
|
| 613 | 613 |
|
| 614 | |
# Assert the fetched ID is actually greater than any ID we've already
|
| 615 | |
# seen. If not, then the sequence and table have got out of sync
|
| 616 | |
# somehow.
|
| 617 | 614 |
with self.id_gen._lock:
|
| 618 | |
assert max(self.id_gen._current_positions.values(), default=0) < min(
|
| 619 | |
self.stream_ids
|
| 620 | |
)
|
| 621 | |
|
| 622 | 615 |
self.id_gen._unfinished_ids.update(self.stream_ids)
|
| 623 | 616 |
|
| 624 | 617 |
if self.multiple_ids is None:
|