Commit Graph

470 Commits

Author SHA1 Message Date
Erik Johnston
afb6dcf806 1.34.0 2021-05-17 11:34:39 +01:00
Brendan Abolivier
451f25172a
Incorporate changes from review 2021-05-12 17:10:42 +01:00
Brendan Abolivier
91143bb24e
Refer and link to the upgrade notes rather than to the file name 2021-05-12 17:04:00 +01:00
Brendan Abolivier
47806b0869 1.34.0rc1 2021-05-12 16:59:46 +01:00
Brendan Abolivier
d1473f7362
Use link to advisory rather than to the CVE repo 2021-05-11 14:09:46 +01:00
Brendan Abolivier
86fb71431c
1.33.2 2021-05-11 14:01:32 +01:00
Erik Johnston
ac88aca7f7 1.33.1 2021-05-06 14:06:38 +01:00
Brendan Abolivier
0644ac0989 1.33.0 2021-05-05 14:15:54 +01:00
Andrew Morgan
d11f2dfee5 typo in changelog 2021-04-29 14:31:14 +01:00
Andrew Morgan
e9444cc74d 1.33.0rc2 2021-04-29 11:45:37 +01:00
Andrew Morgan
8ba086980d Reword account validity template change to sound less like a bugfix 2021-04-28 12:07:49 +01:00
Andrew Morgan
787de3190f 1.33.0rc1 2021-04-28 11:43:33 +01:00
Andrew Morgan
dac4445934 A regression can't be introduced twice 2021-04-22 11:09:31 +01:00
Andrew Morgan
79e6d9e4b1 Note regression was in 1.32.0 and 1.32.1 2021-04-22 11:04:51 +01:00
Andrew Morgan
ca380881b1 Update dates in changelogs 2021-04-21 18:47:31 +01:00
Andrew Morgan
55159c48e3 1.32.2 2021-04-21 18:45:39 +01:00
Andrew Morgan
0c23aa393c
Note LoggingContext signature change incompatibility in 1.32.0 (#9859)
1.32.0 also introduced an incompatibility with Synapse modules that make use of `synapse.logging.context.LoggingContext`, such as [synapse-s3-storage-provider](https://github.com/matrix-org/synapse-s3-storage-provider).

This PR adds a note to the 1.32.0 changelog and upgrade notes about it.
2021-04-21 18:16:58 +01:00
Andrew Morgan
bdb4c20dc1 Clarify 1.32.0/1 changelog and upgrade notes 2021-04-21 14:44:04 +01:00
Andrew Morgan
acb8c81041 Add regression notes to CHANGES.md; fix link in 1.32.0 changelog 2021-04-21 14:24:16 +01:00
Andrew Morgan
98a1b84631 Add link to fixing prometheus to 1.32.0 upgrade notes; 1.32.1 has a fix 2021-04-21 14:19:11 +01:00
Andrew Morgan
a745531c10 1.32.1 2021-04-21 14:01:12 +01:00
Andrew Morgan
30c94862b4 Mention Prometheus metrics regression in v1.32.0 2021-04-21 14:00:31 +01:00
Andrew Morgan
05fa06834d Further tweaking on gpg signing key notice 2021-04-20 15:52:06 +01:00
Andrew Morgan
913f790bb2 Add note about expired Debian gpg signing keys to CHANGES.md 2021-04-20 15:33:56 +01:00
Andrew Morgan
438a8594cb Update v1.32.0 changelog. It's m.login.application_service, not plural 2021-04-20 14:47:17 +01:00
Andrew Morgan
e031c7e0cc 1.32.0 2021-04-20 14:31:27 +01:00
Andrew Morgan
d9bd181a3f Update changelog for v1.32.0 2021-04-13 14:39:06 +01:00
Andrew Morgan
3efd98aa1c 1.32.0rc1 2021-04-13 14:23:43 +01:00
Erik Johnston
1d8863c67d 1.31.0 2021-04-06 13:09:56 +01:00
Erik Johnston
3a446c21f8 Update changelog 2021-03-30 11:29:21 +01:00
Erik Johnston
78e48f61bf 1.31.0rc1 2021-03-30 11:19:21 +01:00
Erik Johnston
262ed05f5b Update cahngelog 2021-03-26 12:21:04 +00:00
Erik Johnston
548c4a6587 Update cahngelog 2021-03-26 12:17:37 +00:00
Erik Johnston
c6f8e8086c 1.30.1 2021-03-26 12:03:29 +00:00
Erik Johnston
e2904f720d 1.30.0 2021-03-22 13:15:55 +00:00
Andrew Morgan
45ef73fd4f Fix jemalloc changelog entry wording 2021-03-16 14:46:40 +00:00
Andrew Morgan
e3bc0e6f7c Changelog typo 2021-03-16 14:33:23 +00:00
Andrew Morgan
ad5d2e7ec0 Pull up appservice login deprecation notice 2021-03-16 13:51:24 +00:00
Andrew Morgan
d315e96443 1.30.0rc1 2021-03-16 13:45:46 +00:00
Will Hunt
b2c4d3d721
Warn that /register will soon require a type when called with an access token (#9559)
This notice is giving a heads up to the planned spec compliance fix https://github.com/matrix-org/synapse/pull/9548.
2021-03-08 16:35:04 +00:00
Erik Johnston
4de1c35728 Fixup changelog 2021-03-08 13:59:17 +00:00
Erik Johnston
15c788e22d 1.29.0 2021-03-08 13:52:13 +00:00
Erik Johnston
ea0a3aaf0a Fix changelog 2021-03-04 10:29:43 +00:00
Erik Johnston
3f49d80dcf 1.29.0rc1 2021-03-04 10:12:53 +00:00
Richard van der Hoff
e53f11bd62
Call out the need for an X-Forwarded-Proto in the upgrade notes (#9501) 2021-02-26 13:24:54 +00:00
Erik Johnston
2756517f7a Fixup changelog 2021-02-25 10:47:19 +00:00
Erik Johnston
0f9f30b32b Fixup changelog 2021-02-25 10:27:22 +00:00
Erik Johnston
b5c4fe1971 1.28.0 2021-02-25 10:22:07 +00:00
Patrick Cloke
d0365bc8b0 Update release date. 2021-02-19 08:01:17 -05:00
Patrick Cloke
1c5e715e5e Update the CHANGES document. 2021-02-18 12:37:27 -05:00
Patrick Cloke
1381cd05b0 1.28.0rc1 2021-02-18 12:32:49 -05:00
Patrick Cloke
84a7191410 Merge branch 'master' into develop 2021-02-18 11:27:15 -05:00
Patrick Cloke
d804285139 Clarify the release notes around SAML2 for v1.27.0. 2021-02-18 11:25:27 -05:00
Patrick Cloke
9ee3b9775f
Remove deprecated SAML2 callback URL since it does not work. (#9434)
Updates documentation from #9289 and removes a deprecated
endpoint which didn't work as expected.
2021-02-18 11:20:33 -05:00
Erik Johnston
9d64e4dbd6
Drop ARMv7 from docker (#9433)
It's proving incredibly hard to build in CircleCI infra.
2021-02-18 14:46:22 +00:00
Dirk Klimpel
e8e7012265
Deprecate old admin API GET /_synapse/admin/v1/users/<user_id> (#9429)
This API was undocumented and nonsensical.
2021-02-18 09:05:41 -05:00
Erik Johnston
6600f0bd57 Fixup CHANGES 2021-02-16 13:16:17 +00:00
Erik Johnston
a27c1fd74b 1.27.0 2021-02-16 13:12:02 +00:00
Patrick Cloke
dcb9c2e8ae Clarify when new ratelimiting was added. 2021-02-11 11:29:23 -05:00
Patrick Cloke
3f2f7efb87 Update changelog. 2021-02-11 11:24:12 -05:00
Patrick Cloke
40de534238 1.27.0rc2 2021-02-11 11:22:29 -05:00
Erik Johnston
eec9ab3225 Update changelog 2021-02-02 13:51:20 +00:00
Erik Johnston
2610930721 1.27.0rc1 2021-02-02 13:32:05 +00:00
Richard van der Hoff
846b9d3df0
Put OIDC callback URI under /_synapse/client. (#9288) 2021-02-01 22:56:01 +00:00
Patrick Cloke
17b713850f Merge branch 'master' into develop 2021-01-27 11:13:21 -05:00
Patrick Cloke
b685c5e7f1 Move note above changes. 2021-01-27 11:02:04 -05:00
Patrick Cloke
71c46652a2 Copy the upgrade note to 1.26.0. 2021-01-27 10:52:45 -05:00
Patrick Cloke
73ed289bd2 1.26.0 2021-01-27 10:50:37 -05:00
Erik Johnston
93b61589b0
Add a note to changelog about redis usage (#9227) 2021-01-27 14:06:27 +00:00
Patrick Cloke
69961c7e9f Tweak changes. 2021-01-25 08:26:42 -05:00
Patrick Cloke
a01605c136 1.26.0rc2 2021-01-25 08:25:40 -05:00
Patrick Cloke
937b849a2e Fix a typo in the release notes. 2021-01-20 11:34:34 -05:00
Patrick Cloke
adabf328ac Point people to the upgrade notes. 2021-01-20 11:01:04 -05:00
Patrick Cloke
7e072d38b1 Re-run towncrier. 2021-01-20 08:56:25 -05:00
Patrick Cloke
5b8ee181b7 Reword confusing sentence in CHANGES. 2021-01-20 07:30:34 -05:00
Patrick Cloke
74ced7d070 Fix tenses in CHANGES. 2021-01-20 07:24:37 -05:00
Patrick Cloke
3005a2816c Re-arrange CHANGES.md. 2021-01-20 07:19:42 -05:00
Patrick Cloke
72822e60be 1.26.0rc1 2021-01-20 07:14:25 -05:00
Erik Johnston
ebd534b58d Move removal warning up changelog 2021-01-13 10:31:27 +00:00
Erik Johnston
891c925b88 Link to GH profile and fix tense 2021-01-13 10:28:03 +00:00
Erik Johnston
f7478d5cc6 Fix link in changelog 2021-01-13 10:26:25 +00:00
Erik Johnston
429c339de8 Fixup changelog 2021-01-13 10:23:16 +00:00
Erik Johnston
3dd6ba135e 1.25.0 2021-01-13 10:19:12 +00:00
Dan Callahan
6d91e6ca5f
Announce Python / PostgreSQL deprecation policies (#9085)
Fixes #8782
2021-01-12 20:11:15 +00:00
Patrick Cloke
8f08021e86 More updates to changes for consistency. 2021-01-06 07:36:52 -05:00
Patrick Cloke
62b5f13768 A few more tweaks to changes. 2021-01-06 07:34:11 -05:00
Patrick Cloke
bde6705ad1 Some manual tweaks to the changes file. 2021-01-06 07:20:12 -05:00
Patrick Cloke
2fe0fb21f6 1.25.0rc1 2021-01-06 07:08:13 -05:00
Dirk Klimpel
a5f7aff5e5
Deprecate Shutdown Room and Purge Room Admin API (#8829)
Deprecate both APIs in favour of the Delete Room API.

Related: #8663 and #8810
2020-12-10 11:42:48 +00:00
Erik Johnston
320e8c8064 Synapse 1.23.1 (2020-12-09)
===========================
 
 Due to the two security issues highlighted below, server administrators are
 encouraged to update Synapse. We are not aware of these vulnerabilities being
 exploited in the wild.
 
 Security advisory
 -----------------
 
 The following issues are fixed in v1.23.1 and v1.24.0.
 
 - There is a denial of service attack
   ([CVE-2020-26257](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26257))
   against the federation APIs in which future events will not be correctly sent
   to other servers over federation. This affects all servers that participate in
   open federation. (Fixed in [#8776](https://github.com/matrix-org/synapse/pull/8776)).
 
 - Synapse may be affected by OpenSSL
   [CVE-2020-1971](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1971).
   Synapse administrators should ensure that they have the latest versions of
   the cryptography Python package installed.
 
 To upgrade Synapse along with the cryptography package:
 
 * Administrators using the [`matrix.org` Docker
   image](https://hub.docker.com/r/matrixdotorg/synapse/) or the [Debian/Ubuntu
   packages from
   `matrix.org`](https://github.com/matrix-org/synapse/blob/master/INSTALL.md#matrixorg-packages)
   should ensure that they have version 1.24.0 or 1.23.1 installed: these images include
   the updated packages.
 * Administrators who have [installed Synapse from
   source](https://github.com/matrix-org/synapse/blob/master/INSTALL.md#installing-from-source)
   should upgrade the cryptography package within their virtualenv by running:
   ```sh
   <path_to_virtualenv>/bin/pip install 'cryptography>=3.3'
   ```
 * Administrators who have installed Synapse from distribution packages should
   consult the information from their distributions.
 
 Bugfixes
 --------
 
 - Fix a bug in some federation APIs which could lead to unexpected behaviour if different parameters were set in the URI and the request body. ([\#8776](https://github.com/matrix-org/synapse/issues/8776))
 
 Internal Changes
 ----------------
 
 - Add a maximum version for pysaml2 on Python 3.5. ([\#8898](https://github.com/matrix-org/synapse/issues/8898))
 -----BEGIN PGP SIGNATURE-----
 
 iQFEBAABCgAuFiEEBTGR3/RnAzBGUif3pULk7RsPrAkFAl/QsOYQHGVyaWtAbWF0
 cml4Lm9yZwAKCRClQuTtGw+sCZTkCACEDbyMY/UCqJaUILxtYeBE7K4GvOqPPHyo
 2VLjyitI7XWVzB/paUOPxAtOtiwXS0GOrL+UsW6Lky2HIjafjLe1Z3LHzATQwF2I
 J2bZWTY1Y4v3y8B7noPmp7+QFIBIey++09BY+MwzT3EQYnXt6lvoHmEvPH/htzjg
 LfdZpSj4WrJr4S2/W0rVlkGSuIShN0Tnv6pTgbGRZMt1N4JH2mo65mCGt3xrMS7E
 us+xqStGh5Q+9g3F913iIJ8noUMeCvTT7hbr1eonhZ3MIKWG30z+zcXwmGb0t3B8
 zvTFXqdbZPSw+ZZdxaZwZuJzNCnYOu6t0JuzXqDoE0xsHb8RVUe9
 =Z9US
 -----END PGP SIGNATURE-----

Merge tag 'v1.23.1'

Synapse 1.23.1 (2020-12-09)
===========================

Due to the two security issues highlighted below, server administrators are
encouraged to update Synapse. We are not aware of these vulnerabilities being
exploited in the wild.

Security advisory
-----------------

The following issues are fixed in v1.23.1 and v1.24.0.

- There is a denial of service attack
  ([CVE-2020-26257](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26257))
  against the federation APIs in which future events will not be correctly sent
  to other servers over federation. This affects all servers that participate in
  open federation. (Fixed in [#8776](https://github.com/matrix-org/synapse/pull/8776)).

- Synapse may be affected by OpenSSL
  [CVE-2020-1971](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1971).
  Synapse administrators should ensure that they have the latest versions of
  the cryptography Python package installed.

To upgrade Synapse along with the cryptography package:

* Administrators using the [`matrix.org` Docker
  image](https://hub.docker.com/r/matrixdotorg/synapse/) or the [Debian/Ubuntu
  packages from
  `matrix.org`](https://github.com/matrix-org/synapse/blob/master/INSTALL.md#matrixorg-packages)
  should ensure that they have version 1.24.0 or 1.23.1 installed: these images include
  the updated packages.
* Administrators who have [installed Synapse from
  source](https://github.com/matrix-org/synapse/blob/master/INSTALL.md#installing-from-source)
  should upgrade the cryptography package within their virtualenv by running:
  ```sh
  <path_to_virtualenv>/bin/pip install 'cryptography>=3.3'
  ```
* Administrators who have installed Synapse from distribution packages should
  consult the information from their distributions.

Bugfixes
--------

- Fix a bug in some federation APIs which could lead to unexpected behaviour if different parameters were set in the URI and the request body. ([\#8776](https://github.com/matrix-org/synapse/issues/8776))

Internal Changes
----------------

- Add a maximum version for pysaml2 on Python 3.5. ([\#8898](https://github.com/matrix-org/synapse/issues/8898))
2020-12-09 11:29:56 +00:00
Erik Johnston
1cec3d1457 1.23.1 2020-12-09 11:07:41 +00:00
Erik Johnston
9b26a4ac87 1.24.0 2020-12-09 11:07:24 +00:00
Patrick Cloke
2602514f34 Minor update to CHANGES. 2020-12-04 09:00:32 -05:00
Patrick Cloke
693dab487c 1.24.0rc2 2020-12-04 08:48:04 -05:00
Patrick Cloke
e41720d85f Minor changes to the CHANGES doc. 2020-12-02 09:17:42 -05:00
Patrick Cloke
c67af840aa Minor fixes to changelog. 2020-12-02 09:03:12 -05:00
Patrick Cloke
53b12688dd 1.24.0rc1 2020-12-02 08:57:51 -05:00
Matthew Hodgson
476b8c0ae6 fix MD 2020-11-22 00:30:13 +00:00
Matthew Hodgson
1091bcea3e fix ancient changelog to be MD 2020-11-22 00:29:05 +00:00
Erik Johnston
244bff4edd Update changelog 2020-11-18 12:04:08 +00:00