From 61b37ddd37dbe6c54576a97be7f85ad9735252c0 Mon Sep 17 00:00:00 2001
From: Patrick Cloke <clokep@users.noreply.github.com>
Date: Wed, 31 Aug 2022 05:43:00 -0400
Subject: [PATCH 1/9] Remind people that direct TCP replication is disabled.
 (#13674)

---
 CHANGES.md | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/CHANGES.md b/CHANGES.md
index a39fe661c..0f822556e 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -1,3 +1,11 @@
+Synapse 1.66.0
+==============
+
+Deployments with multiple workers should note that the direct TCP replication
+configuration was deprecated in Synapse v1.18.0 and will be removed in Synapse
+v1.67.0. See [docs/workers.md](https://github.com/matrix-org/synapse/blob/release-v1.18.0/docs/workers.md)
+for more details.
+
 Synapse 1.66.0rc2 (2022-08-30)
 ==============================
 

From d48b70fd37888346fc6a4c800ecfaa6a2395d087 Mon Sep 17 00:00:00 2001
From: Sean Quah <seanq@matrix.org>
Date: Wed, 31 Aug 2022 11:18:56 +0100
Subject: [PATCH 2/9] Update changelog for v1.62.0

---
 CHANGES.md | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/CHANGES.md b/CHANGES.md
index 0f822556e..9ba949834 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -398,6 +398,20 @@ No significant changes since 1.62.0rc3.
 
 Authors of spam-checker plugins should consult the [upgrade notes](https://github.com/matrix-org/synapse/blob/release-v1.62/docs/upgrade.md#upgrading-to-v1620) to learn about the enriched signatures for spam checker callbacks, which are supported with this release of Synapse.
 
+## Security advisory
+
+The following issue is fixed in 1.62.0.
+
+* [GHSA-jhjh-776m-4765](https://github.com/matrix-org/synapse/security/advisories/GHSA-jhjh-776m-4765) / [CVE-2022-31152](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31152)
+
+  Synapse instances prior to 1.62.0 did not implement the Matrix [event authorization rules](https://spec.matrix.org/v1.3/rooms/v10/#authorization-rules) correctly. An attacker could craft events which would be accepted by Synapse but not a spec-conformant server, potentially causing divergence in the room state between servers.
+
+  Homeservers with federation disabled via the [`federation_domain_whitelist`](https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#federation_domain_whitelist) config option are unaffected.
+
+  Administrators of homeservers with federation enabled are advised to upgrade to v1.62.0 or higher.
+
+  Fixed by [#13087](https://github.com/matrix-org/synapse/pull/13087) and [#13088](https://github.com/matrix-org/synapse/pull/13088).
+
 Synapse 1.62.0rc3 (2022-07-04)
 ==============================
 

From ef88bc0775b7c01dc3abfbfca3e8aaa566b1871d Mon Sep 17 00:00:00 2001
From: Sean Quah <seanq@matrix.org>
Date: Wed, 31 Aug 2022 11:21:09 +0100
Subject: [PATCH 3/9] 1.66.0

---
 CHANGES.md       | 7 +++++--
 debian/changelog | 6 ++++++
 pyproject.toml   | 2 +-
 3 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/CHANGES.md b/CHANGES.md
index 9ba949834..c890f64d2 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -1,11 +1,14 @@
-Synapse 1.66.0
-==============
+Synapse 1.66.0 (2022-08-31)
+===========================
+
+No significant changes since 1.66.0rc2.
 
 Deployments with multiple workers should note that the direct TCP replication
 configuration was deprecated in Synapse v1.18.0 and will be removed in Synapse
 v1.67.0. See [docs/workers.md](https://github.com/matrix-org/synapse/blob/release-v1.18.0/docs/workers.md)
 for more details.
 
+
 Synapse 1.66.0rc2 (2022-08-30)
 ==============================
 
diff --git a/debian/changelog b/debian/changelog
index b42c99d81..7ff142884 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+matrix-synapse-py3 (1.66.0) stable; urgency=medium
+
+  * New Synapse release 1.66.0.
+
+ -- Synapse Packaging team <packages@matrix.org>  Wed, 31 Aug 2022 11:20:17 +0100
+
 matrix-synapse-py3 (1.66.0~rc2) stable; urgency=medium
 
   * New Synapse release 1.66.0rc2.
diff --git a/pyproject.toml b/pyproject.toml
index 714689783..a41d88ea7 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -54,7 +54,7 @@ skip_gitignore = true
 
 [tool.poetry]
 name = "matrix-synapse"
-version = "1.66.0rc2"
+version = "1.66.0"
 description = "Homeserver for the Matrix decentralised comms protocol"
 authors = ["Matrix.org Team and Contributors <packages@matrix.org>"]
 license = "Apache-2.0"

From 5634267d33fd55131dfb0789e5510247a0b6e8f2 Mon Sep 17 00:00:00 2001
From: Sean Quah <seanq@matrix.org>
Date: Wed, 31 Aug 2022 11:31:51 +0100
Subject: [PATCH 4/9] Update changelog to link to the Synapse docs instead of
 markdown

---
 CHANGES.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CHANGES.md b/CHANGES.md
index c890f64d2..f502866f7 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -5,7 +5,7 @@ No significant changes since 1.66.0rc2.
 
 Deployments with multiple workers should note that the direct TCP replication
 configuration was deprecated in Synapse v1.18.0 and will be removed in Synapse
-v1.67.0. See [docs/workers.md](https://github.com/matrix-org/synapse/blob/release-v1.18.0/docs/workers.md)
+v1.67.0. See the [worker documentation](https://matrix-org.github.io/synapse/v1.66/workers.html)
 for more details.
 
 

From 90c99fb3aab2d371039cf4aaa61305928e77230d Mon Sep 17 00:00:00 2001
From: Sean Quah <seanq@matrix.org>
Date: Wed, 31 Aug 2022 11:53:30 +0100
Subject: [PATCH 5/9] Fix dead link in 1.18.0 upgrade notes

---
 docs/upgrade.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/upgrade.md b/docs/upgrade.md
index 0ab5bfeaf..51719f8c7 100644
--- a/docs/upgrade.md
+++ b/docs/upgrade.md
@@ -1200,7 +1200,7 @@ updated.
 When setting up worker processes, we now recommend the use of a Redis
 server for replication. **The old direct TCP connection method is
 deprecated and will be removed in a future release.** See
-[workers](workers.md) for more details.
+the [worker documentation](https://matrix-org.github.io/synapse/v1.66/workers.html) for more details.
 
 # Upgrading to v1.14.0
 

From d1fb46fbc987fc0f2672780e373db83c7dacb6cf Mon Sep 17 00:00:00 2001
From: Sean Quah <seanq@matrix.org>
Date: Wed, 31 Aug 2022 12:19:40 +0100
Subject: [PATCH 6/9] Improve clarity on deprecation of TCP replication

Borrows some text from https://github.com/matrix-org/synapse/pull/13647
for the changelog.
---
 CHANGES.md                                       | 10 +++++++++-
 docs/usage/configuration/config_documentation.md |  2 +-
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/CHANGES.md b/CHANGES.md
index f502866f7..712d3b134 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -5,7 +5,15 @@ No significant changes since 1.66.0rc2.
 
 Deployments with multiple workers should note that the direct TCP replication
 configuration was deprecated in Synapse v1.18.0 and will be removed in Synapse
-v1.67.0. See the [worker documentation](https://matrix-org.github.io/synapse/v1.66/workers.html)
+v1.67.0. In particular, the TCP `replication` listener and the
+`worker_replication_port` config option are deprecated.
+
+To migrate to Redis, add the [`redis` config](https://matrix-org.github.io/synapse/v1.66/workers.html#shared-configuration)
+and remove the TCP `replication` listener from config of the master and
+`worker_replication_port` from worker config. Note that a HTTP listener with a
+`replication` resource is still required.
+
+See the [worker documentation](https://matrix-org.github.io/synapse/v1.66/workers.html)
 for more details.
 
 
diff --git a/docs/usage/configuration/config_documentation.md b/docs/usage/configuration/config_documentation.md
index 8ae018e62..5dee38d28 100644
--- a/docs/usage/configuration/config_documentation.md
+++ b/docs/usage/configuration/config_documentation.md
@@ -431,7 +431,7 @@ Sub-options for each listener include:
 
    * `metrics`: (see the docs [here](../../metrics-howto.md)),
 
-   * `replication`: (see the docs [here](../../workers.md)).
+   * `replication`: (deprecated as of Synapse 1.18, see the docs [here](../../workers.md)).
 
 * `tls`: set to true to enable TLS for this listener. Will use the TLS key/cert specified in tls_private_key_path / tls_certificate_path.
 

From c01f21d31da83e3ad7844d40b293df941f304663 Mon Sep 17 00:00:00 2001
From: Sean Quah <seanq@matrix.org>
Date: Wed, 31 Aug 2022 12:35:25 +0100
Subject: [PATCH 7/9] Tweak changelog wording

---
 CHANGES.md | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/CHANGES.md b/CHANGES.md
index 712d3b134..7e9862f61 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -5,11 +5,12 @@ No significant changes since 1.66.0rc2.
 
 Deployments with multiple workers should note that the direct TCP replication
 configuration was deprecated in Synapse v1.18.0 and will be removed in Synapse
-v1.67.0. In particular, the TCP `replication` listener and the
-`worker_replication_port` config option are deprecated.
+v1.67.0. In particular, the TCP `replication` [listener](https://matrix-org.github.io/synapse/v1.66/usage/configuration/config_documentation.html#listeners)
+type (not to be confused with the `replication` resource on the `http` listener
+type) and the `worker_replication_port` config option will be removed .
 
-To migrate to Redis, add the [`redis` config](https://matrix-org.github.io/synapse/v1.66/workers.html#shared-configuration)
-and remove the TCP `replication` listener from config of the master and
+To migrate to Redis, add the [`redis` config](https://matrix-org.github.io/synapse/v1.66/workers.html#shared-configuration),
+then remove the TCP `replication` listener from config of the master and
 `worker_replication_port` from worker config. Note that a HTTP listener with a
 `replication` resource is still required.
 

From 838d722eba6c3f9c9e3e6433b3771c994f75a2ec Mon Sep 17 00:00:00 2001
From: Sean Quah <seanq@matrix.org>
Date: Wed, 31 Aug 2022 12:40:14 +0100
Subject: [PATCH 8/9] Move notice from 1.66.0rc1 to 1.66.0 section in changelog

---
 CHANGES.md | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/CHANGES.md b/CHANGES.md
index 7e9862f61..535fd36a0 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -3,6 +3,12 @@ Synapse 1.66.0 (2022-08-31)
 
 No significant changes since 1.66.0rc2.
 
+This release removes the ability for homeservers to delegate email ownership
+verification and password reset confirmation to identity servers. This removal
+was originally planned for Synapse 1.64, but was later deferred until now.
+
+See the [upgrade notes](https://matrix-org.github.io/synapse/v1.66/upgrade.html#upgrading-to-v1660) for more details.
+
 Deployments with multiple workers should note that the direct TCP replication
 configuration was deprecated in Synapse v1.18.0 and will be removed in Synapse
 v1.67.0. In particular, the TCP `replication` [listener](https://matrix-org.github.io/synapse/v1.66/usage/configuration/config_documentation.html#listeners)
@@ -30,12 +36,6 @@ Bugfixes
 Synapse 1.66.0rc1 (2022-08-23)
 ==============================
 
-This release removes the ability for homeservers to delegate email ownership
-verification and password reset confirmation to identity servers. This removal
-was originally planned for Synapse 1.64, but was later deferred until now.
-
-See the [upgrade notes](https://matrix-org.github.io/synapse/v1.66/upgrade.html#upgrading-to-v1660) for more details.
-
 Features
 --------
 

From 6f80fe1e1bbb6cab3ce605b2023e0488e2d80d52 Mon Sep 17 00:00:00 2001
From: Sean Quah <seanq@matrix.org>
Date: Wed, 31 Aug 2022 12:51:57 +0100
Subject: [PATCH 9/9] Tweak changelog formatting

---
 CHANGES.md | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/CHANGES.md b/CHANGES.md
index 535fd36a0..0b10e9018 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -5,9 +5,8 @@ No significant changes since 1.66.0rc2.
 
 This release removes the ability for homeservers to delegate email ownership
 verification and password reset confirmation to identity servers. This removal
-was originally planned for Synapse 1.64, but was later deferred until now.
-
-See the [upgrade notes](https://matrix-org.github.io/synapse/v1.66/upgrade.html#upgrading-to-v1660) for more details.
+was originally planned for Synapse 1.64, but was later deferred until now. See
+the [upgrade notes](https://matrix-org.github.io/synapse/v1.66/upgrade.html#upgrading-to-v1660) for more details.
 
 Deployments with multiple workers should note that the direct TCP replication
 configuration was deprecated in Synapse v1.18.0 and will be removed in Synapse
@@ -18,9 +17,8 @@ type) and the `worker_replication_port` config option will be removed .
 To migrate to Redis, add the [`redis` config](https://matrix-org.github.io/synapse/v1.66/workers.html#shared-configuration),
 then remove the TCP `replication` listener from config of the master and
 `worker_replication_port` from worker config. Note that a HTTP listener with a
-`replication` resource is still required.
-
-See the [worker documentation](https://matrix-org.github.io/synapse/v1.66/workers.html)
+`replication` resource is still required. See the
+[worker documentation](https://matrix-org.github.io/synapse/v1.66/workers.html)
 for more details.