New upstream version 1.21.2
Andrej Shadura
3 years ago
|
0 |
Synapse 1.21.2 (2020-10-15)
|
|
1 |
===========================
|
|
2 |
|
|
3 |
Debian packages and Docker images have been rebuilt using the latest versions of dependency libraries, including authlib 0.15.1. Please see bugfixes below.
|
|
4 |
|
|
5 |
Security advisory
|
|
6 |
-----------------
|
|
7 |
|
|
8 |
* HTML pages served via Synapse were vulnerable to cross-site scripting (XSS)
|
|
9 |
attacks. All server administrators are encouraged to upgrade.
|
|
10 |
([\#8444](https://github.com/matrix-org/synapse/pull/8444))
|
|
11 |
([CVE-2020-26891](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26891))
|
|
12 |
|
|
13 |
This fix was originally included in v1.21.0 but was missing a security advisory.
|
|
14 |
|
|
15 |
This was reported by [Denis Kasak](https://github.com/dkasak).
|
|
16 |
|
|
17 |
Bugfixes
|
|
18 |
--------
|
|
19 |
|
|
20 |
- Fix rare bug where sending an event would fail due to a racey assertion. ([\#8530](https://github.com/matrix-org/synapse/issues/8530))
|
|
21 |
- An updated version of the authlib dependency is included in the Docker and Debian images to fix an issue using OpenID Connect. See [\#8534](https://github.com/matrix-org/synapse/issues/8534) for details.
|
|
22 |
|
|
23 |
|
0 | 24 |
Synapse 1.21.1 (2020-10-13)
|
1 | 25 |
===========================
|
2 | 26 |
|
|
0 |
matrix-synapse-py3 (1.21.2) stable; urgency=medium
|
|
1 |
|
|
2 |
[ Synapse Packaging team ]
|
|
3 |
* New synapse release 1.21.2.
|
|
4 |
|
|
5 |
-- Synapse Packaging team <packages@matrix.org> Thu, 15 Oct 2020 09:23:27 -0400
|
|
6 |
|
0 | 7 |
matrix-synapse-py3 (1.21.1) stable; urgency=medium
|
1 | 8 |
|
2 | 9 |
[ Synapse Packaging team ]
|
47 | 47 |
except ImportError:
|
48 | 48 |
pass
|
49 | 49 |
|
50 | |
__version__ = "1.21.1"
|
|
50 |
__version__ = "1.21.2"
|
51 | 51 |
|
52 | 52 |
if bool(os.environ.get("SYNAPSE_TEST_PATCH_LOG_CONTEXTS", False)):
|
53 | 53 |
# We import here so that we don't have to install a bunch of deps when
|
611 | 611 |
db_autocommit=True,
|
612 | 612 |
)
|
613 | 613 |
|
614 | |
# Assert the fetched ID is actually greater than any ID we've already
|
615 | |
# seen. If not, then the sequence and table have got out of sync
|
616 | |
# somehow.
|
617 | 614 |
with self.id_gen._lock:
|
618 | |
assert max(self.id_gen._current_positions.values(), default=0) < min(
|
619 | |
self.stream_ids
|
620 | |
)
|
621 | |
|
622 | 615 |
self.id_gen._unfinished_ids.update(self.stream_ids)
|
623 | 616 |
|
624 | 617 |
if self.multiple_ids is None:
|