kaslo/synapse
1
0
Fork 0
Code Wiki Activity
Files
b8d9726b96918a13b0a2da3799c317006be64310
synapse/changelog.d
History
Brendan Abolivier 6355ca39ad Merge tag 'v1.41.1' into babolivier/dinsic_1.41.0 
Synapse 1.41.1 (2021-08-31)
===========================

Due to the two security issues highlighted below, server administrators are encouraged to update Synapse. We are not aware of these vulnerabilities being exploited in the wild.

Security advisory
-----------------

The following issues are fixed in v1.41.1.

- **[GHSA-3x4c-pq33-4w3q](https://github.com/matrix-org/synapse/security/advisories/GHSA-3x4c-pq33-4w3q) / [CVE-2021-39164](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39164): Enumerating a private room's list of members and their display names.**

  If an unauthorized user both knows the Room ID of a private room *and* that room's history visibility is set to `shared`, then they may be able to enumerate the room's members, including their display names.

  The unauthorized user must be on the same homeserver as a user who is a member of the target room.

  Fixed by [52c7a51cf](https://github.com/matrix-org/synapse/commit/52c7a51cf).

- **[GHSA-jj53-8fmw-f2w2](https://github.com/matrix-org/synapse/security/advisories/GHSA-jj53-8fmw-f2w2) / [CVE-2021-39163](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39163): Disclosing a private room's name, avatar, topic, and number of members.**

  If an unauthorized user knows the Room ID of a private room, then its name, avatar, topic, and number of members may be disclosed through Group / Community features.

  The unauthorized user must be on the same homeserver as a user who is a member of the target room, and their homeserver must allow non-administrators to create groups (`enable_group_creation` in the Synapse configuration; off by default).

  Fixed by [cb35df940a](https://github.com/matrix-org/synapse/commit/cb35df940a), [\#10723](https://github.com/matrix-org/synapse/issues/10723).

Bugfixes
--------

- Fix a regression introduced in Synapse 1.41 which broke email transmission on systems using older versions of the Twisted library. ([\#10713](https://github.com/matrix-org/synapse/issues/10713))
2021-09-02 17:43:22 +01:00
..
.gitignore
1.feature
2.bugfix
3.bugfix
4.bugfix
5.bugfix
6.bugfix
9.misc
10.bugfix
11.feature
12.feature
13.feature
14.feature
15.misc
17.misc
18.feature
19.feature
20.bugfix
21.bugfix
28.bugfix
29.misc
30.misc
32.bugfix
39.feature
Add changelog
2020-05-14 12:06:59 +01:00
45.feature
Add changelog
2020-06-10 17:40:28 +01:00
46.feature
Add a bulk user info endpoint and deprecate the old one (#46)
2020-06-19 16:17:13 +01:00
47.misc
Performance improvements to marking expired users as inactive (#47)
2020-06-19 16:14:37 +01:00
48.feature
Prevent M_USER_IN_USE from being raised by registration methods until after email has been verified (#48)
2020-06-22 12:47:09 +01:00
50.feature
Changelog
2020-06-24 13:13:59 +01:00
51.feature
Add option to autobind user's email on registration (#51)
2020-07-02 11:01:02 +01:00
53.feature
Changelog
2020-08-03 18:44:01 -07:00
56.misc
Update changelog.d/56.misc
2020-08-18 11:41:23 +01:00
57.misc
TO REVERT: add user_id to presence response in client worker (#57)
2020-08-18 19:17:57 +02:00
58.misc
Don't push if an user account has expired (#58)
2020-09-18 16:49:36 +01:00
59.feature
"Freeze" a room when the last admin of that room leaves (#59)
2020-10-13 15:49:50 +01:00
60.misc
Make all rooms noisy by default (#60)
2020-09-18 11:35:41 +01:00
61.misc
Override the power levels defaults, enforce mod requirement for invites, admin requirements for unknown state events (#61)
2020-09-11 15:47:09 +01:00
62.misc
RoomAccessRules cleanup (#62)
2020-09-10 19:04:34 +01:00
63.feature
Make AccessRules use the public rooms directory instead of checking a room's join rules on rule change (#63)
2020-09-18 11:30:36 +01:00
64.bugfix
Swap method calls in RoomAccessTestCase.test_change_rules (#64)
2020-09-18 11:37:21 +01:00
65.bugfix
Only assert valid next_link params when provided (#65)
2020-09-29 12:02:21 +01:00
66.bugfix
Remember mappings when we bind a 3pid using the internal sydent bind API (#66)
2020-10-14 11:18:29 +01:00
67.misc
Changelog
2020-10-21 15:46:43 +01:00
68.misc
Override any missing default power level keys with DINUM's defaults when creating a room (#68)
2020-10-29 10:48:29 +00:00
71.bugfix
Fix users info for remote users (#71)
2020-12-11 14:41:02 +00:00
72.bugfix
Update mypy to 0.790 to resolve mypy CI errors (#72)
2020-12-11 12:32:49 +00:00
5083.feature
5098.misc
5214.feature
5416.misc
5420.feature
5610.feature
5702.bugfix
5760.feature
6739.feature
1.37.0rc1
2021-06-23 09:38:27 +01:00
9084.bugfix
Port "Add support for no_proxy and case insensitive env variables" from mainline to dinsic (#93)
2021-03-22 17:48:42 +00:00
10713.bugfix
Fix incompatibility with Twisted < 21. (#10713)
2021-08-27 16:33:41 +01:00
10723.bugfix
Fix up unit tests (#10723)
2021-08-31 12:56:22 +01:00