New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
matrix-synapse: 0.30.0 -> 0.31.1 #41728
Conversation
@GrahamcOfBorg build matrix-synapse |
No attempt on x86_64-darwin (full log) The following builds were skipped because they don't evaluate on x86_64-darwin: matrix-synapse Partial log (click to expand)
|
Success on x86_64-linux (full log) Attempted: matrix-synapse Partial log (click to expand)
|
Success on aarch64-linux (full log) Attempted: matrix-synapse Partial log (click to expand)
|
@GrahamcOfBorg test matrix-synapse |
Success on x86_64-linux (full log) Attempted: tests.matrix-synapse Partial log (click to expand)
|
Success on aarch64-linux (full log) Attempted: tests.matrix-synapse Partial log (click to expand)
|
@xeji thanks! Could you tell me what I have to do so that @GrahamcOfBorg runs tests on my command? |
Motivation for this change
v0.31.1 fixes a security bug where the rules for message visibility were not correctly applied over federation, I interpret this as other matrix servers federating with yours could request a specific message despite no user of that other homeserver should have access to that message.
v0.30.0's main change:
Not totally sure whether I should advise to backport to stable, the security bug really isn't nice and probably quite easy to exploit, but private conversations are hopefully using e2e encryption to protect from this. Backporting this will quite certainly break the setups of people using the prometheus monitoring system to monitor their matrix instance, but on the other hand, the intersection between NixOS, matrix and prometheus users might be near zero, or at least much less than there are people using synapse on NixOS in general.
NOTE: As of #41038, I can't run the synapse tests myself.
Things done
sandbox
innix.conf
on non-NixOS)nix-shell -p nox --run "nox-review wip"
./result/bin/
)