Path to this page:
Subject: CVS commit: pkgsrc/chat/matrix-synapse
From: Greg Troxel
Date: 2023-10-27 00:46:48
Message id: 20231026224648.26E9CFADC@cvs.NetBSD.org
Log Message:
chat/matrix-synapse: Update to 1.95.0
Upstream NEWS content less bugfixes, minor improvements, improved
documentation, etc.
1.95.0:
none
1.94.0:
* Security
The following issue is fixed in 1.94.0 (and RC).
GHSA-5chr-wjw5-3gq4 / CVE-2023-45129 — Moderate Severity
A malicious server ACL event can impact performance temporarily or \
permanently leading to a persistent denial of service.
Homeservers running on a closed federation (which presumably do not need to \
use server ACLs) are not affected.
* Features
Render plain, CSS, CSV, JSON and common image formats in the browser \
(inline) when requested through the /download endpoint. (#15988)
Add experimental support for MSC4028 to push all encrypted events to \
clients. (#16361)
Minor performance improvement when sending presence to federated servers. \
(#16385)
Minor performance improvement by caching server ACL checking. (#16360)
1.93.0:
* Security
The following issues are fixed in 1.93.0 (and RCs).
GHSA-4f74-84v3-j9q5 / CVE-2023-41335 — Low Severity
Temporary storage of plaintext passwords during password changes.
GHSA-7565-cq32-vx2x / CVE-2023-42453 — Low Severity
Improper validation of receipts allows forged read receipts.
* Features
Add automatic purge after all users have forgotten a room. (#15488)
Restore room purge/shutdown after a Synapse restart. (#15488)
Support resolving homeservers using matrix-fed DNS SRV records from MSC4040. \
(#16137)
Add the ability to use G (GiB) and T (TiB) suffixes in configuration options \
that refer to numbers of bytes. (#16219)
Add span information to requests sent to appservices. Contributed by \
MTRNord. (#16227)
Add the ability to enable/disable registrations when using CAS. Contributed \
by Aurélien Grimpard. (#16262)
Allow the /notifications endpoint to be routed to workers. (#16265)
Enable users to easily unsubscribe to notifications emails via the \
List-Unsubscribe header. (#16274)
Report whether a user is locked in the List Accounts admin API, and exclude \
locked users by default. (#16328)
1.92.x:
* Security
Pillow requirement in 10.0.1, not because it's actually required,
but because other packaging systems don't handle updates correctly
(libwebp).
1.91.x:
Revert MSC3861 introspection cache, admin impersonation and
account lock. (Labeled bugfix, but written in a way that makes it
seem far more important.
* Features
Add configuration setting for CAS protocol version. Contributed by Aurélien \
Grimpard. (#15816)
Suppress notifications from message edits per MSC3958. (#16113)
Return a Retry-After with M_LIMIT_EXCEEDED error responses. (#16136)
Add last_seen_ts to the admin users API. (#16218)
Improve resource usage when sending data to a large number of remote hosts \
that are marked as "down". (#16223)
Files: