mirror of
https://mau.dev/maunium/synapse.git
synced 2024-10-01 01:36:05 -04:00
Merge branch 'master' into develop
This commit is contained in:
commit
74976a8e43
24
CHANGES.md
24
CHANGES.md
@ -1,3 +1,27 @@
|
|||||||
|
Synapse 1.21.2 (2020-10-15)
|
||||||
|
===========================
|
||||||
|
|
||||||
|
Debian packages and Docker images have been rebuilt using the latest versions of dependency libraries, including authlib 0.15.1. Please see bugfixes below.
|
||||||
|
|
||||||
|
Security advisory
|
||||||
|
-----------------
|
||||||
|
|
||||||
|
* HTML pages served via Synapse were vulnerable to cross-site scripting (XSS)
|
||||||
|
attacks. All server administrators are encouraged to upgrade.
|
||||||
|
([\#8444](https://github.com/matrix-org/synapse/pull/8444))
|
||||||
|
([CVE-2020-26891](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26891))
|
||||||
|
|
||||||
|
This fix was originally included in v1.21.0 but was missing a security advisory.
|
||||||
|
|
||||||
|
This was reported by [Denis Kasak](https://github.com/dkasak).
|
||||||
|
|
||||||
|
Bugfixes
|
||||||
|
--------
|
||||||
|
|
||||||
|
- Fix rare bug where sending an event would fail due to a racey assertion. ([\#8530](https://github.com/matrix-org/synapse/issues/8530))
|
||||||
|
- An updated version of the authlib dependency is included in the Docker and Debian images to fix an issue using OpenID Connect. See [\#8534](https://github.com/matrix-org/synapse/issues/8534) for details.
|
||||||
|
|
||||||
|
|
||||||
Synapse 1.21.1 (2020-10-13)
|
Synapse 1.21.1 (2020-10-13)
|
||||||
===========================
|
===========================
|
||||||
|
|
||||||
|
@ -1 +0,0 @@
|
|||||||
Fix rare bug where sending an event would fail due to a racey assertion.
|
|
7
debian/changelog
vendored
7
debian/changelog
vendored
@ -1,3 +1,10 @@
|
|||||||
|
matrix-synapse-py3 (1.21.2) stable; urgency=medium
|
||||||
|
|
||||||
|
[ Synapse Packaging team ]
|
||||||
|
* New synapse release 1.21.2.
|
||||||
|
|
||||||
|
-- Synapse Packaging team <packages@matrix.org> Thu, 15 Oct 2020 09:23:27 -0400
|
||||||
|
|
||||||
matrix-synapse-py3 (1.21.1) stable; urgency=medium
|
matrix-synapse-py3 (1.21.1) stable; urgency=medium
|
||||||
|
|
||||||
[ Synapse Packaging team ]
|
[ Synapse Packaging team ]
|
||||||
|
@ -48,7 +48,7 @@ try:
|
|||||||
except ImportError:
|
except ImportError:
|
||||||
pass
|
pass
|
||||||
|
|
||||||
__version__ = "1.21.1"
|
__version__ = "1.21.2"
|
||||||
|
|
||||||
if bool(os.environ.get("SYNAPSE_TEST_PATCH_LOG_CONTEXTS", False)):
|
if bool(os.environ.get("SYNAPSE_TEST_PATCH_LOG_CONTEXTS", False)):
|
||||||
# We import here so that we don't have to install a bunch of deps when
|
# We import here so that we don't have to install a bunch of deps when
|
||||||
|
Loading…
Reference in New Issue
Block a user