SipsOfCode/infrastructure
2
2
Fork 0
Code Issues 6 Pull requests 4 Releases Activity

chore(deps): update synapse docker tag to v1.139.2 #406

Open
barista-bot wants to merge 1 commit from renovate/synapse-1.x into main
pull from: renovate/synapse-1.x
merge into: SipsOfCode:main
Conversation 0 Commits 1 Files changed 1 +1 -1
barista-bot commented 2025-10-07 14:03:40 +02:00
Collaborator
Copy link

This PR contains the following updates:

Package Update Change
synapse (source) patch v1.139.0 -> v1.139.2

Release Notes

element-hq/synapse (synapse)

v1.139.2

Compare Source

Synapse 1.139.2 (2025-10-07)

Bugfixes

v1.139.1

Compare Source

Synapse 1.139.1 (2025-10-07)

Security Fixes

  • Fix CVE-2025-61672 / GHSA-fh66-fcv5-jjfr. Lack of validation for device keys in Synapse before 1.139.1 allows an attacker registered on the victim homeserver to degrade federation functionality, unpredictably breaking outbound federation to other homeservers. (#​17097)

Deprecations and Removals

  • Drop support for unstable field names from the long-accepted MSC2732 (Olm fallback keys) proposal. This change allows unit tests to pass following the security patch above. (#​18996)

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot. The local configuration can be found in the local Renovate Bot repository.

This PR contains the following updates: | Package | Update | Change | |---|---|---| | [synapse](https://matrix.org/docs/projects/server/synapse) ([source](https://github.com/element-hq/synapse)) | patch | `v1.139.0` -> `v1.139.2` | --- ### Release Notes <details> <summary>element-hq/synapse (synapse)</summary> ### [`v1.139.2`](https://github.com/element-hq/synapse/releases/tag/v1.139.2) [Compare Source](https://github.com/element-hq/synapse/compare/v1.139.1...v1.139.2) ### Synapse 1.139.2 (2025-10-07) #### Bugfixes - Fix a bug introduced in 1.139.1 where a client could receive an Internal Server Error if they set `device_keys: null` in the request to [`POST /_matrix/client/v3/keys/upload`](https://spec.matrix.org/v1.16/client-server-api/#post_matrixclientv3keysupload). ([#&#8203;19023](https://github.com/element-hq/synapse/issues/19023)) ### [`v1.139.1`](https://github.com/element-hq/synapse/releases/tag/v1.139.1) [Compare Source](https://github.com/element-hq/synapse/compare/v1.139.0...v1.139.1) ### Synapse 1.139.1 (2025-10-07) #### Security Fixes - Fix [CVE-2025-61672](https://www.cve.org/CVERecord?id=CVE-2025-61672) / [GHSA-fh66-fcv5-jjfr](https://github.com/element-hq/synapse/security/advisories/GHSA-fh66-fcv5-jjfr). Lack of validation for device keys in Synapse before 1.139.1 allows an attacker registered on the victim homeserver to degrade federation functionality, unpredictably breaking outbound federation to other homeservers. ([#&#8203;17097](https://github.com/element-hq/synapse/issues/17097)) #### Deprecations and Removals - Drop support for unstable field names from the long-accepted [MSC2732](https://github.com/matrix-org/matrix-spec-proposals/pull/2732) (Olm fallback keys) proposal. This change allows unit tests to pass following the security patch above. ([#&#8203;18996](https://github.com/element-hq/synapse/issues/18996)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). The local configuration can be found in the [local Renovate Bot repository](https://git.sipsofcode.dev/renovate/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS4xMzUuNSIsInVwZGF0ZWRJblZlciI6IjQxLjEzNS41IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->
chore(deps): update synapse docker tag to v1.139.1
All checks were successful
ci/woodpecker/pr/ansible-lint Pipeline was successful
Details
fddc5c75c1
requested review from saibotk 2025-10-07 14:03:41 +02:00
barista-bot scheduled this pull request to auto merge when all checks succeed 2025-10-07 14:03:41 +02:00
barista-bot force-pushed renovate/synapse-1.x from fddc5c75c1 to b23977e02e 2025-10-07 18:06:02 +02:00 Compare
barista-bot changed title from chore(deps): update synapse docker tag to v1.139.1 to chore(deps): update synapse docker tag to v1.139.2 2025-10-07 18:06:13 +02:00
barista-bot force-pushed renovate/synapse-1.x from b23977e02e to 4c760f8e47 2025-10-08 09:05:22 +02:00 Compare
All checks were successful
ci/woodpecker/pr/ansible-lint Pipeline was successful
Details
This pull request is blocked because it is missing approval from one or more official reviewers.
You are not authorized to merge this pull request.
View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.
git fetch -u origin renovate/synapse-1.x:renovate/synapse-1.x
git switch renovate/synapse-1.x
Sign in to join this conversation.
Reviewers
No reviewers
saibotk
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: SipsOfCode/infrastructure#406
No description provided.
Delete branch "renovate/synapse-1.x"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?