From 8b98acca05fcf6b4a64ce27a27df398b922039fa Mon Sep 17 00:00:00 2001
From: Matthew Hodgson <matthew@matrix.org>
Date: Thu, 7 Jun 2018 23:54:16 +0300
Subject: [PATCH 1/5] fix various changelog bugs and typos

---
 CHANGES.rst | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index f2b7f0409..3a2a30873 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -1,15 +1,15 @@
 Changes in synapse v0.31.0 (2018-06-06)
 =======================================
 
-Most notable change from v0.30.0 is to switch to python prometheus library to improve system
-stats reporting. WARNING this changes a number of prometheus metrics in a
+Most notable change from v0.30.0 is to switch to the python prometheus library to improve system
+stats reporting. WARNING: this changes a number of prometheus metrics in a
 backwards-incompatible manner. For more details, see
 `docs/metrics-howto.rst <docs/metrics-howto.rst#removal-of-deprecated-metrics--time-based-counters-becoming-histograms-in-0310>`_.
 
 Bug Fixes:
 
 * Fix metric documentation tables (PR #3341)
-* Fix LaterGuage error handling (694968f)
+* Fix LaterGauge error handling (694968f)
 * Fix replication metrics (b7e7fd2)
 
 Changes in synapse v0.31.0-rc1 (2018-06-04)
@@ -29,7 +29,6 @@ Changes:
 * Remove users from user directory on deactivate (PR #3277)
 * Avoid sending consent notice to guest users (PR #3288)
 * disable CPUMetrics if no /proc/self/stat (PR #3299)
-* Add local and loopback IPv6 addresses to url_preview_ip_range_blacklist (PR #3312) Thanks to @thegcat!
 * Consistently use six's iteritems and wrap lazy keys/values in list() if they're not meant to be lazy (PR #3307)
 * Add private IPv6 addresses to example config for url preview blacklist (PR #3317) Thanks to @thegcat!
 * Reduce stuck read-receipts: ignore depth when updating (PR #3318)

From c6b1441c52e06b6b8c8715dd3e4d4340aac3a216 Mon Sep 17 00:00:00 2001
From: Richard van der Hoff <richard@matrix.org>
Date: Fri, 8 Jun 2018 11:34:46 +0100
Subject: [PATCH 2/5] Fix event filtering in get_missing_events handler

---
 synapse/handlers/federation.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/synapse/handlers/federation.py b/synapse/handlers/federation.py
index fcf94befb..495ac4c64 100644
--- a/synapse/handlers/federation.py
+++ b/synapse/handlers/federation.py
@@ -1794,6 +1794,10 @@ class FederationHandler(BaseHandler):
             min_depth=min_depth,
         )
 
+        missing_events = yield self._filter_events_for_server(
+            origin, room_id, missing_events,
+        )
+
         defer.returnValue(missing_events)
 
     @defer.inlineCallbacks

From 0eb4722932b4d2d92cd8cca97e1b36bd3b20d38d Mon Sep 17 00:00:00 2001
From: Neil Johnson <neil@matrix.org>
Date: Fri, 8 Jun 2018 15:21:46 +0100
Subject: [PATCH 3/5] changelog a bump version

---
 CHANGES.rst         | 10 ++++++++++
 synapse/__init__.py |  2 +-
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index 3a2a30873..ff137f481 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -1,3 +1,13 @@
+Changes in synapse v0.31.1 (2018-06-08)
+=======================================
+
+This release fixes a security bug where event visibility rules were not
+applied correctly to ``get_missing_events``.
+
+Bug Fixes:
+
+ * Fix event filtering in get_missing_events handler (PR #3371)
+
 Changes in synapse v0.31.0 (2018-06-06)
 =======================================
 
diff --git a/synapse/__init__.py b/synapse/__init__.py
index ca113db43..78fc63aa4 100644
--- a/synapse/__init__.py
+++ b/synapse/__init__.py
@@ -16,4 +16,4 @@
 """ This is a reference implementation of a Matrix home server.
 """
 
-__version__ = "0.31.0"
+__version__ = "0.31.1"

From 82e751c43fceb9fc20127e766cab59c9c376d4cb Mon Sep 17 00:00:00 2001
From: Neil Johnson <neil@matrix.org>
Date: Fri, 8 Jun 2018 15:22:34 +0100
Subject: [PATCH 4/5] Update CHANGES.rst

---
 CHANGES.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index ff137f481..397509e9a 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -6,7 +6,7 @@ applied correctly to ``get_missing_events``.
 
 Bug Fixes:
 
- * Fix event filtering in get_missing_events handler (PR #3371)
+* Fix event filtering in get_missing_events handler (PR #3371)
 
 Changes in synapse v0.31.0 (2018-06-06)
 =======================================

From aefcc0f5e5e3b4ce6020dd895045ddf5f83ba5d9 Mon Sep 17 00:00:00 2001
From: Neil Johnson <neil@matrix.org>
Date: Fri, 8 Jun 2018 15:32:54 +0100
Subject: [PATCH 5/5] tweak changelog

---
 CHANGES.rst | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index 397509e9a..4047f50aa 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -1,8 +1,10 @@
 Changes in synapse v0.31.1 (2018-06-08)
 =======================================
 
-This release fixes a security bug where event visibility rules were not
-applied correctly to ``get_missing_events``.
+v0.31.1 fixes a security bug in the ``get_missing_events`` federation API
+where event visibility rules were not applied correctly.
+
+We are not aware of it being actively exploited but please upgrade asap.
 
 Bug Fixes: