automation: Update matrix-synapse Docker tag to v1.86.0 (!62) · Merge requests · Infrastructure / ansible

Note: this release only fixes a bug that stopped some deployments from upgrading to v1.85.0. There is no need to upgrade to v1.85.1 if successfully running v1.85.0.

Bugfixes

Fix bug in schema delta that broke upgrades for some deployments. Introduced in v1.85.0. (#15738, #15739)

`v1.85.0`

Compare Source

===========================

No significant changes since 1.85.0rc2.

Security advisory

The following issues are fixed in 1.85.0 (and RCs).

GHSA-26c5-ppr8-f33p / CVE-2023-32682 — Low Severity

It may be possible for a deactivated user to login when using uncommon configurations.
GHSA-98px-6486-j7qc / CVE-2023-32683 — Low Severity

A discovered oEmbed or image URL can bypass the url_preview_url_blacklist setting potentially allowing server side request forgery or bypassing network policies. Impact is limited to IP addresses allowed by the url_preview_ip_range_blacklist setting (by default this only allows public IPs).

See the advisories for more details. If you have any questions, email security@matrix.org.

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about this update again.

If you want to rebase/retry this MR, check this box

This MR has been generated by Renovate Bot.

Edited Jun 20, 2023 by botaniker

Admin message

automation: Update matrix-synapse Docker tag to v1.86.0

Release Notes

v1.86.0

v1.85.2

Bugfixes

v1.85.1

Bugfixes

v1.85.0

Security advisory

Configuration

Merge request reports

`v1.86.0`

`v1.85.2`

`v1.85.1`

`v1.85.0`