mirror of
https://github.com/element-hq/dendrite.git
synced 2025-09-13 12:52:24 +03:00
463 commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Travis Ralston
|
e9cc37ac52
|
Merge commit from fork
* Support configuring allow/deny networks * Make the DNS cache aware of the allow/deny networks * Allow all networks in CI * Update GMSL * Add missed file --------- Co-authored-by: Till Faelligen <2353100+S7evinK@users.noreply.github.com> |
||
|
dependabot[bot]
|
97706ffa28
|
Bump github.com/gorilla/websocket from 1.5.0 to 1.5.3 (#3455)
Bumps [github.com/gorilla/websocket](https://github.com/gorilla/websocket) from 1.5.0 to 1.5.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/gorilla/websocket/releases">github.com/gorilla/websocket's releases</a>.</em></p> <blockquote> <h2>v1.5.3</h2> <h2>Important change</h2> <p>This reverts the websockets package back to <a href=" |
||
|
dependabot[bot]
|
3be22065a6
|
Bump github.com/docker/go-connections from 0.4.0 to 0.5.0 (#3465)
Bumps [github.com/docker/go-connections](https://github.com/docker/go-connections) from 0.4.0 to 0.5.0. <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
19cc831fdd
|
Bump github.com/docker/docker from 26.1.0+incompatible to 26.1.5+incompatible (#3466)
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 26.1.0+incompatible to 26.1.5+incompatible. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/docker/releases">github.com/docker/docker's releases</a>.</em></p> <blockquote> <h2>v26.1.5</h2> <h2>26.1.5</h2> <h3>Security</h3> <p>This release contains a fix for <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41110">CVE-2024-41110</a> / <a href="https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq">GHSA-v23v-6jw2-98fq</a> that impacted setups using <a href="https://docs.docker.com/engine/extend/plugins_authorization/">authorization plugins (AuthZ)</a> for access control. No other changes are included in this release, and this release is otherwise identical for users not using AuthZ plugins.</p> <p><strong>Full Changelog</strong>: <a href="https://github.com/moby/moby/compare/v26.1.4...v26.1.5">https://github.com/moby/moby/compare/v26.1.4...v26.1.5</a></p> <h2>v26.1.4</h2> <h2>26.1.4</h2> <p>For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:</p> <ul> <li><a href="https://github.com/docker/cli/issues?q=is%3Aclosed+milestone%3A26.1.4">docker/cli, 26.1.4 milestone</a></li> <li><a href="https://github.com/moby/moby/issues?q=is%3Aclosed+milestone%3A26.1.4">moby/moby, 26.1.4 milestone</a></li> <li>Deprecated and removed features, see <a href="https://github.com/docker/cli/blob/v26.1.4/docs/deprecated.md">Deprecated Features</a>.</li> <li>Changes to the Engine API, see <a href="https://github.com/moby/moby/blob/v26.1.4/docs/api/version-history.md">API version history</a>.</li> </ul> <h3>Security</h3> <p>This release updates the Go runtime to 1.21.11 which contains security fixes for:</p> <ul> <li><a href="https://redirect.github.com/golang/go/issues/66869">CVE-2024-24789</a></li> <li><a href="https://redirect.github.com/golang/go/issues/67680">CVE-2024-24790</a></li> <li>A symlink time of check to time of use race condition during directory removal reported by Addison Crump (<a href="https://github.com/addisoncrump"><code>@addisoncrump</code></a>).</li> </ul> <h3>Bug fixes and enhancements</h3> <ul> <li>Fixed an issue where promoting a node immediately after another node was demoted could cause the promotion to fail. <a href="https://redirect.github.com/moby/moby/pull/47870">moby/moby#47870</a></li> <li>Prevent the daemon log from being spammed with <code>superfluous response.WriteHeader call ...</code> messages.. <a href="https://redirect.github.com/moby/moby/pull/47843">moby/moby#47843</a></li> <li>Don't show empty hints when plugins return an empty hook message. <a href="https://redirect.github.com/docker/cli/pull/5083">docker/cli#5083</a></li> <li>Added <code>ContextType: "moby"</code> to the context list/inspect output to address a compatibility issue with Visual Studio Container Tools. <a href="https://redirect.github.com/docker/cli/pull/5095">docker/cli#5095</a></li> <li>Fix a compatibility issue with Visual Studio Container Tools. <a href="https://redirect.github.com/docker/cli/pull/5095">docker/cli#5095</a></li> </ul> <h3>Packaging updates</h3> <ul> <li>Update containerd (static binaries only) to <a href="https://github.com/containerd/containerd/releases/tag/v1.7.17">v1.7.17</a>. <a href="https://redirect.github.com/moby/moby/pull/47841">moby/moby#47841</a></li> <li><a href="https://redirect.github.com/golang/go/issues/66869">CVE-2024-24789</a>, <a href="https://redirect.github.com/golang/go/issues/67680">CVE-2024-24790</a>: Update Go runtime to 1.21.11. <a href="https://redirect.github.com/moby/moby/pull/47904">moby/moby#47904</a></li> <li>Update Compose to <a href="https://github.com/docker/compose/releases/tag/v2.27.1">v2.27.1</a>. <a href="https://redirect.github.com/docker/docker-ce-packaging/pull/1022">docker/docker-ce-packages#1022</a></li> <li>Update Buildx to <a href="https://github.com/docker/buildx/releases/tag/v0.14.1">v0.14.1</a>. <a href="https://redirect.github.com/docker/docker-ce-packaging/pull/1021">docker/docker-ce-packages#1021</a></li> </ul> <h2>v26.1.3</h2> <h2>26.1.3</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
f8ef6118c7
|
Bump github.com/docker/docker from 25.0.6+incompatible to 27.4.0+incompatible (#3458)
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 25.0.6+incompatible to 27.4.0+incompatible. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/docker/releases">github.com/docker/docker's releases</a>.</em></p> <blockquote> <h2>v27.4.0</h2> <h2>27.4.0</h2> <p>For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:</p> <ul> <li><a href="https://github.com/docker/cli/issues?q=is%3Aclosed+milestone%3A27.4.0">docker/cli, 27.4.0 milestone</a></li> <li><a href="https://github.com/moby/moby/issues?q=is%3Aclosed+milestone%3A27.4.0">moby/moby, 27.4.0 milestone</a></li> </ul> <h3>API</h3> <ul> <li><code>GET /images/json</code> with the <code>manifests</code> option enabled now preserves the original order in which manifests appeared in the manifest-index. <a href="https://redirect.github.com/moby/moby/pull/48712">moby/moby#48712</a></li> </ul> <h3>Bug fixes and enhancements</h3> <ul> <li>When reading logs with the <code>jsonfile</code> or <code>local</code> log drivers, any errors while trying to read or parse underlying log files will cause the rest of the file to be skipped and move to the next log file (if one exists) rather than returning an error to the client and closing the stream. The errors are viewable in the Docker Daemon logs and exported to traces when tracing is configured. <a href="https://redirect.github.com/moby/moby/pull/48842">moby/moby#48842</a></li> <li>When reading log files, compressed log files are now only decompressed when needed rather than decompressing all files before starting the log stream. <a href="https://redirect.github.com/moby/moby/pull/48842">moby/moby#48842</a></li> <li>Fix an issue that meant published ports from one container on a bridge network were not accessible from another container on the same network with <code>userland-proxy</code> disabled, if the kernel's <code>br_netfilter</code> module was not loaded and enabled. The daemon will now attempt to load the module and enable <code>bridge-nf-call-iptables</code> or <code>bridge-nf-call-ip6tables</code> when creating a network with the userland proxy disabled. <a href="https://redirect.github.com/moby/moby/pull/48685">moby/moby#48685</a></li> <li>Fix loading of <code>bridge</code> and <code>br_netfilter</code> kernel modules. <a href="https://redirect.github.com/moby/moby/pull/48966">moby/moby#48966</a></li> <li>containerd image store: Fix Docker daemon failing to fully start with a "context deadline exceeded error" with containerd snapshotter and many builds/images. <a href="https://redirect.github.com/moby/moby/pull/48954">moby/moby#48954</a></li> <li>containerd image-store: Fix partially pulled images not being garbage-collected. <a href="https://redirect.github.com/moby/moby/pull/48910">moby#48910</a>, <a href="https://redirect.github.com/moby/moby/pull/48957">moby/moby#48957</a></li> <li>containerd image store: Fix <code>docker image inspect</code> outputting duplicate references in <code>RepoDigests</code>. <a href="https://redirect.github.com/moby/moby/pull/48785">moby/moby#48785</a></li> <li>containerd image store: Fix not being able to connect to some insecure registries in cases where the HTTPS request failed due to a non-TLS related error. <a href="https://redirect.github.com/moby/moby/pull/48758">moby/moby#48758</a></li> <li>containerd image store: Remove a confusing warning log when tagging a non-dangling image. <a href="https://redirect.github.com/moby/moby/pull/49010">moby/moby#49010</a></li> <li>dockerd-rootless-setuptool.sh: let --force ignore smoke test errors <a href="https://redirect.github.com/moby/moby/pull/48695">moby/moby#48695</a></li> <li>Disable IPv6 Duplicate Address Detection (DAD) for addresses assigned to the bridges belonging to bridge networks. <a href="https://redirect.github.com/moby/moby/pull/48684">moby/moby#48684</a></li> <li>Remove BuildKit init timeout. <a href="https://redirect.github.com/moby/moby/pull/48963">moby/moby#48963</a></li> <li>Ignore "dataset does not exist" error when removing dataset on ZFS. <a href="https://redirect.github.com/moby/moby/pull/48968">moby/moby#48968</a></li> <li>Client: Prevent idle connections leaking FDs. <a href="https://redirect.github.com/moby/moby/pull/48764">moby/moby#48764</a></li> <li>Fix anonymous volumes being created through the <code>--mount</code> option not being marked as anonymous. <a href="https://redirect.github.com/moby/moby/pull/48755">moby/moby#48755</a></li> <li>After a daemon restart with live-restore, ensure an iptables jump to the <code>DOCKER-USER</code> chain is placed before other rules. <a href="https://redirect.github.com/moby/moby/pull/48714">moby/moby#48714</a></li> <li>Fix a possible memory leak caused by OTel meters. <a href="https://redirect.github.com/moby/moby/pull/48693">moby/moby#48693</a></li> <li>Create distinct build history db for each store. <a href="https://redirect.github.com/moby/moby/pull/48688">moby/moby#48688</a></li> <li>Fix an issue that caused excessive memory usage when DNS resolution was made in a tight loop. <a href="https://redirect.github.com/moby/moby/pull/48840">moby/moby#48840</a></li> <li>containerd image store: Do not underline names in <code>docker image ls --tree</code>. <a href="https://redirect.github.com/docker/cli/pull/5519">docker/cli#5519</a></li> <li>containerd image store: Change name of <code>USED</code> column in <code>docker image ls --tree</code> to <code>IN USE</code>. <a href="https://redirect.github.com/docker/cli/pull/5518">docker/cli#5518</a></li> <li>Fix a bug preventing image pulls from being cancelled during <code>docker run</code>. <a href="https://redirect.github.com/docker/cli/pull/5654">docker/cli#5654</a></li> <li>Port some completions from the bash completion to the new cobra based completion. <a href="https://redirect.github.com/docker/cli/pull/5618">docker/cli#5618</a></li> <li>The <code>docker login</code> and <code>docker logout</code> command no longer update the configuration file if the credentials didn't change. <a href="https://redirect.github.com/docker/cli/pull/5569">docker/cli#5569</a></li> <li>Optimise <code>docker stats</code> to reduce flickering issues. <a href="https://redirect.github.com/docker/cli/pull/5588">docker/cli#5588</a>, <a href="https://redirect.github.com/docker/cli/pull/5635">docker/cli#5635</a></li> <li>Fix inaccessible plugins paths preventing plugins from being detected. <a href="https://redirect.github.com/docker/cli/pull/5652">docker/cli#5652</a></li> <li>Add support for <code>events --filter</code> in cobra generated shell completions. <a href="https://redirect.github.com/docker/cli/pull/5614">docker/cli#5614</a></li> <li>Fix bash completion for <code>events --filter daemon=</code>. <a href="https://redirect.github.com/docker/cli/pull/5563">docker/cli#5563</a></li> <li>Improve shell-completion of containers for <code>docker rm</code>. <a href="https://redirect.github.com/docker/cli/pull/5540">docker/cli#5540</a></li> <li>Add shell-completion for <code>--platform</code> flags. <a href="https://redirect.github.com/docker/cli/pull/5540">docker/cli#5540</a></li> <li>rootless: Make <code>/etc/cdi</code> and <code>/var/run/cdi</code> accessible by the Container Device Interface (CDI) integration. <a href="https://redirect.github.com/moby/moby/pull/49027">moby/moby#49027</a></li> </ul> <h3>Removed</h3> <ul> <li>Deprecate <code>Daemon.Exists()</code> and <code>Daemon.IsPaused()</code>. These functions are no longer used and will be removed in the next release. <a href="https://redirect.github.com/moby/moby/pull/48719">moby/moby#48719</a></li> <li>Deprecate <code>container.ErrNameReserved</code> and <code>container.ErrNameNotReserved</code>. <a href="https://redirect.github.com/moby/moby/pull/48697">moby/moby#48697</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
bed4abf229
|
Bump github.com/dgraph-io/ristretto from 0.1.1 to 0.2.0 (#3457)
Bumps [github.com/dgraph-io/ristretto](https://github.com/dgraph-io/ristretto) from 0.1.1 to 0.2.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/dgraph-io/ristretto/releases">github.com/dgraph-io/ristretto's releases</a>.</em></p> <blockquote> <h2>v0.2.0</h2> <h2>What's Changed</h2> <p>*`docs(readme): Use new Wait method by <a href="https://github.com/angadn"><code>@angadn</code></a> in <a href="https://redirect.github.com/dgraph-io/ristretto/pull/327">dgraph-io/ristretto#327</a></p> <ul> <li>docs: format example on readme by <a href="https://github.com/rfyiamcool"><code>@rfyiamcool</code></a> in <a href="https://redirect.github.com/dgraph-io/ristretto/pull/339">dgraph-io/ristretto#339</a></li> <li>Fix flakes in TestDropUpdates by <a href="https://github.com/evanj"><code>@evanj</code></a> in <a href="https://redirect.github.com/dgraph-io/ristretto/pull/334">dgraph-io/ristretto#334</a></li> <li>docs(Cache): document Wait, clarify Get by <a href="https://github.com/evanj"><code>@evanj</code></a> in <a href="https://redirect.github.com/dgraph-io/ristretto/pull/333">dgraph-io/ristretto#333</a></li> <li>chore: fix typo error by <a href="https://github.com/proost"><code>@proost</code></a> in <a href="https://redirect.github.com/dgraph-io/ristretto/pull/341">dgraph-io/ristretto#341</a></li> <li>fix: support compilation to wasip1 by <a href="https://github.com/achille-roussel"><code>@achille-roussel</code></a> in <a href="https://redirect.github.com/dgraph-io/ristretto/pull/344">dgraph-io/ristretto#344</a></li> <li>remove glog dependency by <a href="https://github.com/jhawk28"><code>@jhawk28</code></a> in <a href="https://redirect.github.com/dgraph-io/ristretto/pull/350">dgraph-io/ristretto#350</a></li> <li>add config for cleanup ticker duration by <a href="https://github.com/singhvikash11"><code>@singhvikash11</code></a> in <a href="https://redirect.github.com/dgraph-io/ristretto/pull/342">dgraph-io/ristretto#342</a></li> <li>fix(OnEvict): Set missing Expiration field on evicted items by <a href="https://github.com/0x1ee7"><code>@0x1ee7</code></a> in <a href="https://redirect.github.com/dgraph-io/ristretto/pull/345">dgraph-io/ristretto#345</a></li> <li>uint32 -> uint64 in slice methods by <a href="https://github.com/mocurin"><code>@mocurin</code></a> in <a href="https://redirect.github.com/dgraph-io/ristretto/pull/323">dgraph-io/ristretto#323</a></li> <li>fix: cleanupTicker not being stopped by <a href="https://github.com/IlyaFloppy"><code>@IlyaFloppy</code></a> in <a href="https://redirect.github.com/dgraph-io/ristretto/pull/343">dgraph-io/ristretto#343</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/dgraph-io/ristretto/compare/v0.1.1...v0.2.0">https://github.com/dgraph-io/ristretto/compare/v0.1.1...v0.2.0</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/dgraph-io/ristretto/blob/main/CHANGELOG.md">github.com/dgraph-io/ristretto's changelog</a>.</em></p> <blockquote> <h2>[v0.2.0] - 2024-10-06</h2> <h3>Added</h3> <ul> <li><a href="https://redirect.github.com/dgraph-io/ristretto/pull/344"><code>fix: support compilation to wasip1 by @achille-roussel</code></a></li> <li><a href="https://redirect.github.com/dgraph-io/ristretto/pull/342"><code>add config for cleanup ticker duration by @singhvikash11</code></a></li> </ul> <h3>Fixed</h3> <ul> <li><a href="https://redirect.github.com/dgraph-io/ristretto/pull/327"><code>docs(readme): Use new Wait method by @angadn</code></a></li> <li><a href="https://redirect.github.com/dgraph-io/ristretto/pull/339"><code>docs: format example on readme by @rfyiamcool</code></a></li> <li><a href="https://redirect.github.com/dgraph-io/ristretto/pull/334"><code>Fix flakes in TestDropUpdates by @evanj</code></a></li> <li><a href="https://redirect.github.com/dgraph-io/ristretto/pull/333"><code>docs(Cache): document Wait, clarify Get by @evanj</code></a></li> <li><a href="https://redirect.github.com/dgraph-io/ristretto/pull/341"><code>chore: fix typo error by @proost</code></a></li> <li><a href="https://redirect.github.com/dgraph-io/ristretto/pull/350"><code>remove glog dependency by @jhawk28</code></a></li> <li><a href="https://redirect.github.com/dgraph-io/ristretto/pull/345"><code>fix(OnEvict): Set missing Expiration field on evicted items by @0x1ee7</code></a></li> <li><a href="https://redirect.github.com/dgraph-io/ristretto/pull/323"><code>uint32 -> uint64 in slice methods by @mocurin</code></a></li> <li><a href="https://redirect.github.com/dgraph-io/ristretto/pull/343"><code>fix: cleanupTicker not being stopped by @IlyaFloppy</code></a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/dgraph-io/ristretto/compare/v0.1.1...v0.2.0">https://github.com/dgraph-io/ristretto/compare/v0.1.1...v0.2.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Neil
|
72039f651e
|
Update dependencies (#3449)
Signed-off-by: Neil Alexander <git@neilalexander.dev> --------- Co-authored-by: Neil Alexander <neilalexander@users.noreply.github.com> |
||
|
Till Faelligen
|
3ca9dae95a
|
Fix missed matrix-org bits, run go mod tidy | ||
|
idk
|
6cd1285ca0
|
Adds support for listening on and connecting to I2P and Onion services securely (#3293)
This PR adds 2 `dendrite-demo` main's, each designed expressly to serve a Hidden Service/Overlay network. The first, `dendrite-demo-i2p` add self-configuration for use of dendrite as an I2P hidden service(eepsite) and to connect to I2P services(federate) as an I2P client. It further disables the `dendrite` server from communicating with non-anonymous servers by federation(because I2P does not canonically have the ability to exit, we rely on donors for exit traffic), and enables the use of self-signed TLS certificates([because I2P services are self-authenticating but TLS is still required for other aspects of the system to work reliably](https://tor.stackexchange.com/questions/13887/registering-onion-with-certificate-authority)). This demo turns the system into an "pseudonymous" homeserver which people can connect to using an I2P-enabled Matrix client(I like `cinny` and it's what I tested with). The second, `dendrite-demo-tor` adds self-configuration for the use of dendrite as an Onion service and to connect to other onion services and non-anonymous web sites using Tor to obfuscate it's physical location and providing, optionally, pseudonymity. It also enables the use of self-signed TLS certificates, for the same reason as with I2P, because onion services aren't typically eligible for TLS certificates. It has also been tested with `cinny`. These services are both pseudonymous like myself, not anonymous. I will be meeting members of the element team at the CCC assembly shortly to discuss contributing under my pseudonym. As none of the other `dendrite-demo` have unit tests I did not add them to these checkins. * [*] I have added Go unit tests or [Complement integration tests](https://github.com/matrix-org/complement) for this PR _or_ I have justified why this PR doesn't need tests --------- Co-authored-by: eyedeekay <idk@mulder> Co-authored-by: Till Faelligen <2353100+S7evinK@users.noreply.github.com> |
||
|
Till
|
002fed3cb9
|
Bump GMSL (#3419)
Adds https://github.com/matrix-org/gomatrixserverlib/pull/436 https://github.com/matrix-org/gomatrixserverlib/pull/438 https://github.com/matrix-org/gomatrixserverlib/pull/432 |
||
|
Neil
|
117ed66037
|
Update NATS to 2.10.20, use SyncAlways (#3418)
The internal NATS instance is definitely convenient but it does have one problem: its lifecycle is tied to the Dendrite process. That means if Dendrite panics or OOMs, it takes out NATS with it. I suspect this is sometimes contributing to what people see with stuck streams, as some operations or state might not be written to disk fully before it gets interrupted. Using `SyncAlways` means that NATS will effectively use `O_SYNC` and block writes on flushes, which should improve resiliency against this kind of failure considerably. It might affect performance a little but shouldn't be significant. Also updates NATS to 2.10.20 as there have been all sorts of fixes since 2.10.7, including better `SyncAlways` handling. Signed-off-by: Neil Alexander <git@neilalexander.dev> --------- Signed-off-by: Neil Alexander <git@neilalexander.dev> Co-authored-by: Neil Alexander <neilalexander@users.noreply.github.com> |
||
|
Till
|
7a4ef240fc
|
Implement MSC3916 (#3397)
Needs https://github.com/matrix-org/gomatrixserverlib/pull/437 |
||
|
Till
|
4d116ff0db
|
Bump yggdrasil (#3407) | ||
|
dependabot[bot]
|
c876790f08
|
Bump github.com/docker/docker from 24.0.9+incompatible to 25.0.6+incompatible (#3405)
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 24.0.9+incompatible to 25.0.6+incompatible. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/docker/releases">github.com/docker/docker's releases</a>.</em></p> <blockquote> <h2>v25.0.6</h2> <h2>25.0.6</h2> <p>For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:</p> <ul> <li><a href="https://github.com/docker/cli/issues?q=is%3Aclosed+milestone%3A25.0.6">docker/cli, 25.0.6 milestone</a></li> <li><a href="https://github.com/moby/moby/issues?q=is%3Aclosed+milestone%3A25.0.6">moby/moby, 25.0.6 milestone</a></li> <li>Deprecated and removed features, see <a href="https://github.com/docker/cli/blob/v25.0.6/docs/deprecated.md">Deprecated Features</a>.</li> <li>Changes to the Engine API, see <a href="https://github.com/moby/moby/blob/v25.0.6/docs/api/version-history.md">API version history</a>.</li> </ul> <h3>Security</h3> <p>This release contains a fix for <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41110">CVE-2024-41110</a> / <a href="https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq">GHSA-v23v-6jw2-98fq</a> that impacted setups using <a href="https://docs.docker.com/engine/extend/plugins_authorization/">authorization plugins (AuthZ)</a> for access control.</p> <h3>Bug fixes and enhancements</h3> <ul> <li>[25.0] remove erroneous <code>platform</code> from image <code>config</code> OCI descriptor in <code>docker save</code> output. <a href="https://redirect.github.com/moby/moby/pull/47695">moby/moby#47695</a></li> <li>[25.0 backport] Fix a nil dereference when getting image history for images having layers without the <code>Created</code> value set. <a href="https://redirect.github.com/moby/moby/pull/47759">moby/moby#47759</a></li> <li>[25.0 backport] apparmor: Allow confined runc to kill containers. <a href="https://redirect.github.com/moby/moby/pull/47830">moby/moby#47830</a></li> <li>[25.0 backport] Fix an issue where rapidly promoting a Swarm node after another node was demoted could cause the promoted node to fail its promotion. <a href="https://redirect.github.com/moby/moby/pull/47869">moby/moby#47869</a></li> <li>[25.0 backport] don't depend on containerd platform.Parse to return a typed error. <a href="https://redirect.github.com/moby/moby/pull/47890">moby/moby#47890</a></li> <li>[25.0 backport] builder/mobyexporter: Add missing nil check <a href="https://redirect.github.com/moby/moby/pull/47987">moby/moby#47987</a></li> </ul> <h3>Packaging updates</h3> <ul> <li>Update AWS SDK Go v2 to v1.24.1 for AWS CloudWatch logging driver. <a href="https://redirect.github.com/moby/moby/pull/47724">moby/moby#47724</a></li> <li>Update Go runtime to 1.21.12, which contains security fixes for <a href="https://github.com/advisories/GHSA-hw49-2p59-3mhj">CVE-2024-24791</a> <a href="https://redirect.github.com/moby/moby/pull/48146">moby/moby#48146</a></li> <li>Update Containerd (static binaries only) to <a href="https://github.com/containerd/containerd/releases/tag/v1.7.20">v1.7.20</a>. <a href="https://redirect.github.com/moby/moby/pull/48199">moby/moby#48199</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/moby/moby/compare/v25.0.5...v25.0.6">https://github.com/moby/moby/compare/v25.0.5...v25.0.6</a></p> <h2>v25.0.5</h2> <h2>25.0.5</h2> <p>For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:</p> <ul> <li><a href="https://github.com/docker/cli/issues?q=is%3Aclosed+milestone%3A25.0.5">docker/cli, 25.0.5 milestone</a></li> <li><a href="https://github.com/moby/moby/issues?q=is%3Aclosed+milestone%3A25.0.5">moby/moby, 25.0.5 milestone</a></li> <li>Deprecated and removed features, see <a href="https://github.com/docker/cli/blob/v25.0.5/docs/deprecated.md">Deprecated Features</a>.</li> <li>Changes to the Engine API, see <a href="https://github.com/moby/moby/blob/v25.0.5/docs/api/version-history.md">API version history</a>.</li> </ul> <h3>Security</h3> <p>This release contains a security fix for <a href="https://github.com/moby/moby/security/advisories/GHSA-mq39-4gv4-mvpx">CVE-2024-29018</a>, a potential data exfiltration from 'internal' networks via authoritative DNS servers.</p> <h3>Bug fixes and enhancements</h3> <ul> <li> <p><a href="https://github.com/moby/moby/security/advisories/GHSA-mq39-4gv4-mvpx">CVE-2024-29018</a>: Do not forward requests to external DNS servers for a container that is only connected to an 'internal' network. Previously, requests were forwarded if the host's DNS server was running on a loopback address, like systemd's 127.0.0.53. <a href="https://redirect.github.com/moby/moby/pull/47589">moby/moby#47589</a></p> </li> <li> <p>plugin: fix mounting /etc/hosts when running in UserNS. <a href="https://redirect.github.com/moby/moby/pull/47588">moby/moby#47588</a></p> </li> <li> <p>rootless: fix <code>open /etc/docker/plugins: permission denied</code>. <a href="https://redirect.github.com/moby/moby/pull/47587">moby/moby#47587</a></p> </li> <li> <p>Fix multiple parallel <code>docker build</code> runs leaking disk space. <a href="https://redirect.github.com/moby/moby/pull/47527">moby/moby#47527</a></p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Till
|
a37d317958
|
Bump go to 1.21 (#3360) | ||
|
dependabot[bot]
|
7d8516838d
|
Bump golang.org/x/image from 0.10.0 to 0.18.0 (#3390)
Bumps [golang.org/x/image](https://github.com/golang/image) from 0.10.0 to 0.18.0. <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
5547bf8ca6
|
Bump golang.org/x/net from 0.21.0 to 0.23.0 (#3365)
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.21.0 to 0.23.0. <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Till
|
14a6c10097
|
Version 0.13.7 (#3349) | ||
|
Till
|
b732eede27
|
Fix spaces over federation (#3347)
Fixes #2504 A few issues with the previous iteration: - We never returned `inaccessible_children`, which (if I read the code correctly), made Synapse raise an error and thus not returning the requested rooms - For restricted rooms, we didn't return the list of allowed rooms |
||
|
dependabot[bot]
|
1bdf0cc541
|
Bump github.com/docker/docker from 24.0.7+incompatible to 24.0.9+incompatible (#3341)
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 24.0.7+incompatible to 24.0.9+incompatible. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/docker/releases">github.com/docker/docker's releases</a>.</em></p> <blockquote> <h2>v24.0.9</h2> <h2>24.0.9</h2> <p>For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:</p> <ul> <li><a href="https://github.com/docker/cli/issues?q=is%3Aclosed+milestone%3A24.0.9">docker/cli, 24.0.9 milestone</a></li> <li><a href="https://github.com/moby/moby/issues?q=is%3Aclosed+milestone%3A24.0.9">moby/moby, 24.0.9 milestone</a></li> </ul> <h2>Security</h2> <p>This release contains security fixes for the following CVEs affecting Docker Engine and its components.</p> <table> <thead> <tr> <th>CVE</th> <th>Component</th> <th>Fix version</th> <th>Severity</th> </tr> </thead> <tbody> <tr> <td><a href="https://scout.docker.com/v/CVE-2024-21626">CVE-2024-21626</a></td> <td>runc</td> <td>1.1.12</td> <td>High, CVSS 8.6</td> </tr> <tr> <td><a href="https://scout.docker.com/v/CVE-2024-24557">CVE-2024-24557</a></td> <td>Docker Engine</td> <td>24.0.9</td> <td>Medium, CVSS 6.9</td> </tr> </tbody> </table> <blockquote> <p><strong>Important</strong> ⚠️</p> <p>Note that this release of Docker Engine doesn't include fixes for the following known vulnerabilities in BuildKit:</p> <ul> <li><a href="https://scout.docker.com/v/CVE-2024-23651">CVE-2024-23651</a></li> <li><a href="https://scout.docker.com/v/CVE-2024-23652">CVE-2024-23652</a></li> <li><a href="https://scout.docker.com/v/CVE-2024-23653">CVE-2024-23653</a></li> <li><a href="https://scout.docker.com/v/CVE-2024-23650">CVE-2024-23650</a></li> </ul> <p>To address these vulnerabilities, upgrade to <a href="https://github.com/docker/docker/blob/HEAD/25.0.md#2502">Docker Engine v25.0.2</a>.</p> </blockquote> <p>For more information about the security issues addressed in this release, and the unaddressed vulnerabilities in BuildKit, refer to the <a href="https://www.docker.com/blog/docker-security-advisory-multiple-vulnerabilities-in-runc-buildkit-and-moby/">blog post</a>. For details about each vulnerability, see the relevant security advisory:</p> <ul> <li><a href="https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv">CVE-2024-21626</a></li> <li><a href="https://github.com/moby/moby/security/advisories/GHSA-xw73-rw38-6vjc">CVE-2024-24557</a></li> </ul> <h3>Packaging updates</h3> <ul> <li>Upgrade runc to <a href="https://github.com/opencontainers/runc/releases/tag/v1.1.12">v1.1.12</a>. <a href="https://redirect.github.com/moby/moby/pull/47269">moby/moby#47269</a></li> <li>Upgrade containerd to <a href="https://github.com/containerd/containerd/releases/tag/v1.7.13">v1.7.13</a> (static binaries only). <a href="https://redirect.github.com/moby/moby/pull/47280">moby/moby#47280</a></li> </ul> <h2>v24.0.8</h2> <h2>24.0.8</h2> <p>For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:</p> <ul> <li><a href="https://github.com/docker/cli/issues?q=is%3Aclosed+milestone%3A24.0.8">docker/cli, 24.0.8 milestone</a></li> <li><a href="https://github.com/moby/moby/issues?q=is%3Aclosed+milestone%3A24.0.8">moby/moby, 24.0.8 milestone</a></li> </ul> <h3>Bug fixes and enhancements</h3> <ul> <li>Live restore: Containers with auto remove (<code>docker run --rm</code>) are no longer forcibly removed on engine restart. <a href="https://redirect.github.com/moby/moby/pull/46869">moby/moby#46857</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
a00b976a00
|
Bump google.golang.org/protobuf from 1.30.0 to 1.33.0 (#3339)
Bumps google.golang.org/protobuf from 1.30.0 to 1.33.0. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/matrix-org/dendrite/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
Till
|
dae1ef2e46
|
Update GMSL (#3303)
If I didn't miss anything, this should add fixes from: https://github.com/matrix-org/gomatrixserverlib/pull/424 https://github.com/matrix-org/gomatrixserverlib/pull/426 https://github.com/matrix-org/gomatrixserverlib/pull/427 https://github.com/matrix-org/gomatrixserverlib/pull/428 https://github.com/matrix-org/gomatrixserverlib/pull/429 https://github.com/matrix-org/gomatrixserverlib/pull/430 |
||
|
dependabot[bot]
|
3a4b5f49ac
|
Bump github.com/quic-go/quic-go from 0.37.4 to 0.37.7 (#3300)
Bumps [github.com/quic-go/quic-go](https://github.com/quic-go/quic-go) from 0.37.4 to 0.37.7. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/quic-go/quic-go/releases">github.com/quic-go/quic-go's releases</a>.</em></p> <blockquote> <h2>v0.37.7</h2> <p>This release contains fixes for the Honeybadger vulnerability (CVE-2023-49295):</p> <ul> <li>limit the number of queued PATH_RESPONSE frames to 256 (<a href="https://redirect.github.com/quic-go/quic-go/issues/4199">#4199</a>)</li> <li>don't retransmit PATH_CHALLENGE and PATH_RESPONSE frames (<a href="https://redirect.github.com/quic-go/quic-go/issues/4200">#4200</a>)</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/quic-go/quic-go/compare/v0.37.6...v0.37.7">https://github.com/quic-go/quic-go/compare/v0.37.6...v0.37.7</a></p> <h2>v0.37.6</h2> <p>This patch release contains a backport of <a href="https://redirect.github.com/quic-go/quic-go/pull/4038">quic-go/quic-go#4038</a>.</p> <p><strong>Full Changelog</strong>: <a href="https://github.com/quic-go/quic-go/compare/v0.37.5...v0.37.6">https://github.com/quic-go/quic-go/compare/v0.37.5...v0.37.6</a></p> <h2>v0.37.5</h2> <p>This patch release contains the backport of 3 fixes:</p> <ul> <li>fix handshake failure if <code>tls.Config.SessionTicketDisabled = false</code>, but <code>tls.Config.GetConfigForClient</code> returns a config that disables session tickets: <a href="https://redirect.github.com/quic-go/quic-go/issues/4030">#4030</a></li> <li>use the correct hash function for TLS_AES_256_GCM_SHA384: <a href="https://redirect.github.com/quic-go/quic-go/issues/4031">#4031</a></li> <li>automatically set the <code>tls.Config.ServerName</code>: <a href="https://redirect.github.com/quic-go/quic-go/issues/4032">#4032</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/quic-go/quic-go/compare/v0.37.4...v0.37.5">https://github.com/quic-go/quic-go/compare/v0.37.4...v0.37.5</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
9a5a56718e
|
Bump golang.org/x/crypto from 0.14.0 to 0.17.0 (#3290)
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.14.0 to 0.17.0. <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Till
|
f93d1c4790
|
Use AckExplicitPolicy instead of AckAllPolicy (#3288)
Fixes https://github.com/matrix-org/dendrite/issues/3240 and potentially a root cause for state resets. While testing, I've had added some more debug logging: ``` time="2023-12-16T18:13:11.319458084Z" level=warning msg="already processed event" event_id="$qFYMl_F2vb1N0yxmvlFAMhqhGhLKq4kA-o_YCQKH7tQ" kind=KindNew times=2 time="2023-12-16T18:13:14.537389126Z" level=warning msg="already processed event" event_id="$EU-LTsKErT6Mt1k12-p_3xOHfiLaK6gtwVDlZ35lSuo" kind=KindNew times=5 time="2023-12-16T18:13:16.789551206Z" level=warning msg="already processed event" event_id="$dIPuAfTL5x0VyG873LKPslQeljCSxFT1WKxUtjIMUGE" kind=KindNew times=5 time="2023-12-16T18:13:17.383838767Z" level=warning msg="already processed event" event_id="$7noSZiCkzerpkz_UBO3iatpRnaOiPx-3IXc0GPDQVGE" kind=KindNew times=2 time="2023-12-16T18:13:22.091946597Z" level=warning msg="already processed event" event_id="$3Lvo3Wbi2ol9-nNbQ93N-E2MuGQCJZo5397KkFH-W6E" kind=KindNew times=1 time="2023-12-16T18:13:23.026417446Z" level=warning msg="already processed event" event_id="$lj1xS46zsLBCChhKOLJEG-bu7z-_pq9i_Y2DUIjzGy4" kind=KindNew times=4 ``` So we did receive the same event over and over again. Given they are `KindNew`, we don't short circuit if we already processed them, which potentially caused the state to be calculated with a now wrong state snapshot. Also fixes the back pressure metric. We now correctly increment the counter once we sent the message to NATS and decrement it once we actually processed an event. |
||
|
Till
|
b7054f4274
|
Version 0.13.5 (#3285) | ||
|
Till Faelligen
|
210bce9938
|
Update GMSL to avoid logging unnecessary messages | ||
|
dependabot[bot]
|
5c67eb99b3
|
Bump golang.org/x/image from 0.5.0 to 0.10.0 (#3257)
Bumps [golang.org/x/image](https://github.com/golang/image) from 0.5.0 to 0.10.0. <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
8b4043473c
|
Bump github.com/nats-io/nkeys from 0.4.4 to 0.4.6 (#3252)
Bumps [github.com/nats-io/nkeys](https://github.com/nats-io/nkeys) from 0.4.4 to 0.4.6. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/nats-io/nkeys/releases">github.com/nats-io/nkeys's releases</a>.</em></p> <blockquote> <h2>v0.4.5</h2> <h2>What's Changed</h2> <ul> <li>[CI] bump staticcheck GHAction by <a href="https://github.com/philpennock"><code>@philpennock</code></a> in <a href="https://redirect.github.com/nats-io/nkeys/pull/49">nats-io/nkeys#49</a></li> <li>[FIX] added windows binary by <a href="https://github.com/aricart"><code>@aricart</code></a> in <a href="https://redirect.github.com/nats-io/nkeys/pull/51">nats-io/nkeys#51</a></li> <li>[FIX] YAML Enginering: quote go-version string by <a href="https://github.com/philpennock"><code>@philpennock</code></a> in <a href="https://redirect.github.com/nats-io/nkeys/pull/53">nats-io/nkeys#53</a></li> <li>[FEAT] Use readKeyFile to read both seed file and public key file by <a href="https://github.com/nanjj"><code>@nanjj</code></a> in <a href="https://redirect.github.com/nats-io/nkeys/pull/54">nats-io/nkeys#54</a></li> <li>[FEAT] Made <code>decode</code> a little fast by <a href="https://github.com/nanjj"><code>@nanjj</code></a> in <a href="https://redirect.github.com/nats-io/nkeys/pull/55">nats-io/nkeys#55</a></li> <li>[REPO] Add issue forms by <a href="https://github.com/bruth"><code>@bruth</code></a> in <a href="https://redirect.github.com/nats-io/nkeys/pull/56">nats-io/nkeys#56</a></li> <li>[FIX] added binaries to match nats-server by <a href="https://github.com/aricart"><code>@aricart</code></a> in <a href="https://redirect.github.com/nats-io/nkeys/pull/58">nats-io/nkeys#58</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/nats-io/nkeys/compare/v0.4.4...v0.4.5">https://github.com/nats-io/nkeys/compare/v0.4.4...v0.4.5</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
32f7c4b166
|
Bump github.com/docker/docker from 24.0.5+incompatible to 24.0.7+incompatible (#3250)
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 24.0.5+incompatible to 24.0.7+incompatible. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/docker/releases">github.com/docker/docker's releases</a>.</em></p> <blockquote> <h2>v24.0.7</h2> <h2>24.0.7</h2> <p>For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:</p> <ul> <li><a href="https://github.com/docker/cli/issues?q=is%3Aclosed+milestone%3A24.0.7">docker/cli, 24.0.7 milestone</a></li> <li><a href="https://github.com/moby/moby/issues?q=is%3Aclosed+milestone%3A24.0.7">moby/moby, 24.0.7 milestone</a></li> </ul> <h3>Bug fixes and enhancements</h3> <ul> <li>Write overlay2 layer metadata atomically. <a href="https://redirect.github.com/moby/moby/pull/46703">moby/moby#46703</a></li> <li>Fix "Rootful-in-Rootless" Docker-in-Docker on systemd version 250 and later. <a href="https://redirect.github.com/moby/moby/pull/46626">moby/moby#46626</a></li> <li>Fix <code>dockerd-rootless-setuptools.sh</code> when username contains a backslash. <a href="https://redirect.github.com/moby/moby/pull/46407">moby/moby#46407</a></li> <li>Fix a bug that would prevent network sandboxes to be fully deleted when stopping containers with no network attachments and when <code>dockerd --bridge=none</code> is used. <a href="https://redirect.github.com/moby/moby/pull/46702">moby/moby#46702</a></li> <li>Fix a bug where cancelling an API request could interrupt container restart. <a href="https://redirect.github.com/moby/moby/pull/46697">moby/moby#46697</a></li> <li>Fix an issue where containers would fail to start when providing <code>--ip-range</code> with a range larger than the subnet. <a href="https://redirect.github.com/docker/for-mac/issues/6870">docker/for-mac#6870</a></li> <li>Fix data corruption with zstd output. <a href="https://redirect.github.com/moby/moby/pull/46709">moby/moby#46709</a></li> <li>Fix the conditions under which the container's MAC address is applied. <a href="https://redirect.github.com/moby/moby/pull/46478">moby/moby#46478</a></li> <li>Improve the performance of the stats collector. <a href="https://redirect.github.com/moby/moby/pull/46448">moby/moby#46448</a></li> <li>Fix an issue with source policy rules ending up in the wrong order. <a href="https://redirect.github.com/moby/moby/pull/46441">moby/moby#46441</a></li> </ul> <h3>Packaging updates</h3> <ul> <li>Add support for Fedora 39 and Ubuntu 23.10. <a href="https://redirect.github.com/docker/docker-ce-packaging/pull/940">docker/docker-ce-packaging#940</a>, <a href="https://redirect.github.com/docker/docker-ce-packaging/pull/955">docker/docker-ce-packaging#955</a></li> <li>Fix <code>docker.socket</code> not getting disabled when uninstalling the <code>docker-ce</code> RPM package. <a href="https://redirect.github.com/docker/docker-ce-packaging/pull/852">docker/docker-ce-packaging#852</a></li> <li>Upgrade Go to <code>go1.20.10</code>. <a href="https://redirect.github.com/docker/docker-ce-packaging/pull/951">docker/docker-ce-packaging#951</a></li> <li>Upgrade containerd to <code>v1.7.6</code> (static binaries only). <a href="https://redirect.github.com/moby/moby/pull/46103">moby/moby#46103</a></li> <li>Upgrade the <code>containerd.io</code> package to <a href="https://github.com/containerd/containerd/releases/tag/v1.6.24"><code>v1.6.24</code></a>.</li> </ul> <h3>Security</h3> <ul> <li>Deny containers access to <code>/sys/devices/virtual/powercap</code> by default. This change hardens against <a href="https://scout.docker.com/v/CVE-2020-8694">CVE-2020-8694</a>, <a href="https://scout.docker.com/v/CVE-2020-8695">CVE-2020-8695</a>, and <a href="https://scout.docker.com/v/CVE-2020-12912">CVE-2020-12912</a>, and an attack known as <a href="https://platypusattack.com/">the PLATYPUS attack</a>. For more details, see <a href="https://github.com/moby/moby/security/advisories/GHSA-jq35-85cj-fj4p">advisory</a>, <a href=" |
||
|
Till
|
4fa8512d57
|
Check event is not rejected (#3243)
Companion PR to https://github.com/matrix-org/gomatrixserverlib/pull/421 |
||
|
dependabot[bot]
|
c1d6b9aa8e
|
Bump github.com/nats-io/nats-server/v2 from 2.9.19 to 2.9.23 (#3238)
Bumps [github.com/nats-io/nats-server/v2](https://github.com/nats-io/nats-server) from 2.9.19 to 2.9.23. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/nats-io/nats-server/releases">github.com/nats-io/nats-server/v2's releases</a>.</em></p> <blockquote> <h2>Release v2.9.23</h2> <h2>Changelog</h2> <h3>Go Version</h3> <ul> <li>1.20.10</li> </ul> <h3>Fixed</h3> <p>Accounts</p> <ul> <li>Prevent bypassing authorization block when enabling system account access in accounts block (<a href="https://redirect.github.com/nats-io/nats-server/issues/4605">#4605</a>). Backport from v2.10.2</li> </ul> <p>Leafnodes</p> <ul> <li>Prevent a leafnode cluster from receiving a message multiple times in a queue subscription (<a href="https://redirect.github.com/nats-io/nats-server/issues/4578">#4578</a>). Backport from v2.10.2</li> </ul> <p>JetStream</p> <ul> <li>Hold lock when calculating the first message for subject in a message block (<a href="https://redirect.github.com/nats-io/nats-server/issues/4531">#4531</a>). Backport from v2.10.0</li> <li>Add self-healing mechanism to detect and delete orphaned Raft groups (<a href="https://redirect.github.com/nats-io/nats-server/issues/4647">#4647</a>). Backport from v2.10.0</li> <li>Prevent forward proposals in consumers after scaling down a stream (<a href="https://redirect.github.com/nats-io/nats-server/issues/4647">#4647</a>). Backport from v2.10.0</li> <li>Fix race condition during leader failover scenarios resulting in potential duplicate messages being sourced (<a href="https://redirect.github.com/nats-io/nats-server/issues/4592">#4592</a>). Backport from v2.10.2</li> </ul> <h3>Complete Changes</h3> <p><a href="https://github.com/nats-io/nats-server/compare/v2.9.22...v2.9.23">https://github.com/nats-io/nats-server/compare/v2.9.22...v2.9.23</a></p> <h2>Release v2.9.22</h2> <h2>Changelog</h2> <h3>Go Version</h3> <ul> <li>1.20.8 (updated out-of-cycle since Go 1.19 is now EOL)</li> </ul> <h3>Dependencies</h3> <ul> <li>github.com/nats-io/jwt/v2 v2.5.0</li> <li>golang.org/x/crypto v0.12.0</li> <li>golang.org/x/sys v0.11.0</li> </ul> <h3>Improved</h3> <p>Monitoring</p> <ul> <li>CORS Allow-Origin passthrough for monitoring server (<a href="https://redirect.github.com/nats-io/nats-server/issues/4423">#4423</a>) Thanks to <a href="https://github.com/mdawar"><code>@mdawar</code></a> for the contribution!</li> </ul> <p>JetStream</p> <ul> <li>Improve consumer scaling reliability with filters and cluster restart (<a href="https://redirect.github.com/nats-io/nats-server/issues/4404">#4404</a>)</li> <li>Send event on lame duck mode (LDM) to avoid placing assets on shutting down nodes (<a href="https://redirect.github.com/nats-io/nats-server/issues/4405">#4405</a>)</li> <li>Skip filestore tombstones if downgrade from 2.10 occurs (<a href="https://redirect.github.com/nats-io/nats-server/issues/4452">#4452</a>)</li> <li>Adjust delivered and waiting count when consumer message delivery fails (<a href="https://redirect.github.com/nats-io/nats-server/issues/4472">#4472</a>)</li> </ul> <h3>Fixed</h3> <p>Config</p> <ul> <li>Allow empty configs and fix JSON compatibility (<a href="https://redirect.github.com/nats-io/nats-server/issues/4394">#4394</a>, <a href="https://redirect.github.com/nats-io/nats-server/issues/4418">#4418</a>)</li> <li>Remove TLS OCSP debug log on reload (<a href="https://redirect.github.com/nats-io/nats-server/issues/4453">#4453</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Till
|
8b3adaf244
|
Fix state resets (#3231)
Needs https://github.com/matrix-org/gomatrixserverlib/pull/419 May fix: https://github.com/matrix-org/dendrite/issues/2508, https://github.com/matrix-org/dendrite/issues/1760 |
||
|
dependabot[bot]
|
fe2955a4db
|
Bump golang.org/x/net from 0.14.0 to 0.17.0 (#3233)
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.14.0 to 0.17.0. <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Till
|
05a8f1ede3
|
Support for room version v11 (#3204)
Fixes #3203 |
||
|
devonh
|
16d922de70
|
Complement fixes for pseudoIDs (#3206) | ||
|
devonh
|
8245b24100
|
Update gmsl to use new validated RoomID on PDUs (#3200)
GMSL returns a `spec.RoomID` when calling `PDU.RoomID()` |
||
|
Sam Wedgwood
|
478827459c
|
bump GMSL back to main (#3197)
In a [previous PR](https://github.com/matrix-org/dendrite/pull/3181) I accidentally left GMSL on a dev branch, this PR fixes it by bringing it back to the main branch of GMSL Signed-off-by: `Sam Wedgwood <sam@wedgwood.dev>` |
||
|
Till
|
e3a7039c81
|
Fix CI, upgrade image used for upgrade tests (#3151) | ||
|
Sam Wedgwood
|
9b5be6b9c5
|
[pseudoIDs] More pseudo ID fixes - Part 2 (#3181)
Fixes include: - Translating state keys that contain user IDs to their respective room keys for both querying and sending state events - **NOTE**: there may be design discussion needed on what should happen when sender keys cannot be found for users - A simple fix for kicking guests from rooms properly - Logic for boundary history visibilities was slightly off (I'm surprised this only manifested in pseudo ID room versions) Signed-off-by: `Sam Wedgwood <sam@wedgwood.dev>` |
||
|
devonh
|
fa6c7ba456
|
Update pinecone to use new quic version (#3174) | ||
|
Sam Wedgwood
|
35804f8493
|
Add config key for default room version (#3171)
This PR adds a config key `room_server.default_config_key` to set the default room version for the room server. Signed-off-by: `Sam Wedgwood <sam@wedgwood.dev>` |
||
|
Sam Wedgwood
|
c7193e24d0
|
Use *spec.SenderID for QuerySenderIDForUser (#3164)
There are cases where a dendrite instance is unaware of a pseudo ID for a user, the user is not a member of that room. To represent this case, we currently use the 'zero' value, which is often not checked and so causes errors later down the line. To make this case more explict, and to be consistent with `QueryUserIDForSender`, this PR changes this to use a pointer (and `nil` to mean no sender ID). Signed-off-by: `Sam Wedgwood <sam@wedgwood.dev>` |
||
|
devonh
|
c809e95335
|
Fix event federation with pseudoID rooms (#3156) | ||
|
Sam Wedgwood
|
9582827493
|
de-MSC-ifying space summaries (MSC2946) (#3134)
- This PR moves and refactors the [code](https://github.com/matrix-org/dendrite/blob/main/setup/mscs/msc2946/msc2946.go) for [MSC2946](https://github.com/matrix-org/matrix-spec-proposals/pull/2946) ('Space Summaries') to integrate it into the rest of the codebase. - Means space summaries are no longer hidden behind an MSC flag - Solves #3096 Signed-off-by: Sam Wedgwood <sam@wedgwood.dev> |
||
|
Till Faelligen
|
0df982a2e5
|
Update NATS again [skip ci] | ||
|
Till Faelligen
|
b965a08faa
|
Unknown issue | ||
|
Till Faelligen
|
ef32de928d
|
[NATS] Issue identified and fixed applied, workaround known. | ||
|
Till
|
74a5ab6c24
|
Fix issues reported by Sentry (#3143)
This should fix a few issues reported by Sentry |
||
|
Till
|
eb9e90379d
|
Add event size checks similar to Synapse (#3140)
Companion to https://github.com/matrix-org/gomatrixserverlib/pull/400 This tries to mimic the logic found in Synapse, as dropping events can break rooms (and we may end up in endless loops..) |