pkgsrc.se | The NetBSD package collection

Subject: CVS commit: pkgsrc/chat/matrix-synapse
From: Jonathan Schleifer
Date: 2025-03-27 00:18:49
Message id: 20250326231849.A344EFBE1@cvs.NetBSD.org

Log Message:
Update chat/matrix-synapse to 1.127.1

Fixes high severity vulnerability *exploited in the wild*!

# Synapse 1.127.1 (2025-03-26)

## Security
- Fix [CVE-2025-30355](https://www.cve.org/CVERecord?id=CVE-2025-30355) / \ 
[GHSA-v56r-hwv5-mxg6](https://github.com/element-hq/synapse/security/advisories/GHSA-v56r-hwv5-mxg6). \ 
**High severity vulnerability affecting federation. The vulnerability has been \ 
exploited in the wild.**

# Synapse 1.127.0 (2025-03-25)

No significant changes since 1.127.0rc1.

# Synapse 1.127.0rc1 (2025-03-18)

### Features

- Update \ 
[MSC4140](https://github.com/matrix-org/matrix-spec-proposals/pull/4140) \ 
implementation to no longer cancel a user's own delayed state events with an \ 
event type & state key that match a more recent state event sent by that \ 
user. ([\#17810](https://github.com/element-hq/synapse/issues/17810))

### Improved Documentation

- Fixed a minor typo in the Synapse documentation. Contributed by @karuto12. \ 
([\#18224](https://github.com/element-hq/synapse/issues/18224))

### Internal Changes

- Remove undocumented `SYNAPSE_USE_FROZEN_DICTS` environment variable. \ 
([\#18123](https://github.com/element-hq/synapse/issues/18123))
- Fix detection of workflow failures in the release script. \ 
([\#18211](https://github.com/element-hq/synapse/issues/18211))
- Add caching support to media endpoints. \ 
([\#18235](https://github.com/element-hq/synapse/issues/18235))

### Updates to locked dependencies

* Bump anyhow from 1.0.96 to 1.0.97. \ 
([\#18201](https://github.com/element-hq/synapse/issues/18201))
* Bump bcrypt from 4.2.1 to 4.3.0. \ 
([\#18207](https://github.com/element-hq/synapse/issues/18207))
* Bump bytes from 1.10.0 to 1.10.1. \ 
([\#18227](https://github.com/element-hq/synapse/issues/18227))
* Bump http from 1.2.0 to 1.3.1. \ 
([\#18245](https://github.com/element-hq/synapse/issues/18245))
* Bump sentry-sdk from 2.19.2 to 2.22.0. \ 
([\#18205](https://github.com/element-hq/synapse/issues/18205))
* Bump serde from 1.0.218 to 1.0.219. \ 
([\#18228](https://github.com/element-hq/synapse/issues/18228))
* Bump serde_json from 1.0.139 to 1.0.140. \ 
([\#18202](https://github.com/element-hq/synapse/issues/18202))
* Bump ulid from 1.2.0 to 1.2.1. \ 
([\#18246](https://github.com/element-hq/synapse/issues/18246))

Files:

Revision	Action	file
1.111	modify	pkgsrc/chat/matrix-synapse/Makefile
1.26	modify	pkgsrc/chat/matrix-synapse/cargo-depends.mk
1.79	modify	pkgsrc/chat/matrix-synapse/distinfo