synapse

synapse copied to clipboard

Disallow randos to spam room directory by default

4

Someone has published a bunch of political spam to our room directory and we discovered that this is allowed by default. I suggest to disable it by default. Looks like...

xaur

Remember to build packages for Ubuntu 24.04

1

And then do the equivalent of #16524 and https://github.com/matrix-org/pkg-repo-configs/pull/21.

DMRobertson

Invited users don't trigger device_list updates when their device lists change.

1

If you invite a user to an E2E chat, you have no way of being told when its device list changes as it is not yet participating in the room....

ara4n

Bumps [idna](https://github.com/kjd/idna) from 3.6 to 3.7. Release notes Sourced from idna's releases. v3.7 What's Changed Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time...

dependabot[bot]

Bumps [immutabledict](https://github.com/corenting/immutabledict) from 4.0.0 to 4.2.0. Release notes Sourced from immutabledict's releases. Version 4.2.0 Add discard method which return a new immutabledict without the item at the given key, if...

dependabot[bot]

Bumps [pillow](https://github.com/python-pillow/Pillow) from 10.1.0 to 10.3.0. Release notes Sourced from pillow's releases. 10.3.0 https://pillow.readthedocs.io/en/stable/releasenotes/10.3.0.html Changes CVE-2024-28219: Use strncpy to avoid buffer overflow #7928 [@​hugovk] Use functools.lru_cache for hopper() #7912 [@​hugovk]...

dependabot[bot]

Bumps [jinja2](https://github.com/pallets/jinja) from 3.1.2 to 3.1.3. Release notes Sourced from jinja2's releases. 3.1.3 This is a fix release for the 3.1.x feature branch. Fix for GHSA-h5c8-rqwp-cp95. You are affected if...

dependabot[bot]

Bumps [gitpython](https://github.com/gitpython-developers/GitPython) from 3.1.40 to 3.1.41. Release notes Sourced from gitpython's releases. 3.1.41 - fix Windows security issue The details about the Windows security issue can be found in this...

dependabot[bot]

Bumps [black](https://github.com/psf/black) from 23.10.1 to 24.3.0. Release notes Sourced from black's releases. 24.3.0 Highlights This release is a milestone: it fixes Black's first CVE security vulnerability. If you run Black...

dependabot[bot]

Bumps [peaceiris/actions-gh-pages](https://github.com/peaceiris/actions-gh-pages) from 3.9.3 to 4.0.0. Release notes Sourced from peaceiris/actions-gh-pages's releases. actions-github-pages v4.0.0 See CHANGELOG.md for more details. Changelog Sourced from peaceiris/actions-gh-pages's changelog. Changelog All notable changes to this...

dependabot[bot]