automation: Update matrix-synapse Docker tag to v1.92.3
This MR contains the following updates:
| Package | Update | Change |
|---|---|---|
| matrix-synapse | minor |
1.91.1 -> 1.92.3
|
Release Notes
matrix-org/synapse
v1.92.3
This is again a security update targeted at mitigating CVE-2023-4863. It turns out that libwebp is bundled statically in Pillow wheels so we need to update this dependency instead of libwebp package at the OS level.
Unlike what was advertised in 1.92.2 changelog this release also impacts PyPI wheels and Debian packages from matrix.org.
We encourage admins to upgrade as soon as possible.
Internal Changes
- Pillow 10.0.1 is now mandatory because of libwebp CVE-2023-4863, since Pillow provides libwebp in the wheels. (#16347)
Updates to locked dependencies
- Bump pillow from 10.0.0 to 10.0.1. (#16344)
v1.92.2
This is a Docker-only update to mitigate CVE-2023-4863, a critical vulnerability in libwebp. Server admins not using Docker should ensure that their libwebp is up to date (if installed). We encourage admins to upgrade as soon as possible.
Updates to the Docker image
- Update docker image to use Debian bookworm as the base. (#16324)
v1.92.1
This minor release was needed only because of CI-related trouble on v1.92.0, which was never released.
Internal Changes
- Stop building Ubuntu Kinetic since it is EOL and repos seem to be dead.
v1.92.0
This release includes the same bugfix as Synapse 1.91.2.
This version was never released following a CI build failure, cf v1.92.1 changelog.
Bugfixes
Internal Changes
- Fix incorrect docstring for
Ratelimiter. (#16255) - Update the release script to work on macOS. (#16266)
v1.91.2
Bugfixes
Configuration
-
If you want to rebase/retry this MR, check this box
This MR has been generated by Renovate Bot.