Matrix/synapse
Matrix/synapse
1
0
Fork 0
mirror of https://github.com/element-hq/synapse synced 2024-07-05 10:23:32 +00:00
Code Issues Packages Projects Releases Wiki Activity
synapse/changelog.d
History
David Robertson 4f00432ce1
Fix potential leak of per-room profiles when the user dir is rebuilt. (#10981) 
There are two steps to rebuilding the user directory:

1. a scan over rooms, followed by
2. a scan over local users.

The former reads avatars and display names from the `room_memberships`
table and therefore contains potentially private avatars and
display names. The latter reads from the the `profiles` table which only
contains public data; moreover it will overwrite any private profiles
that the rooms scan may have written to the user directory. This means
that the rebuild could leak private user while the rebuild was in
progress, only to later cover up the leaks once the rebuild had completed.

This change skips over local users when writing user_directory rows
when scanning rooms. Doing so means that it'll take longer for a rebuild
to make local users searchable, which is unfortunate. I think a future
PR can improve this by swapping the order of the two steps above. (And
indeed there's more to do here, e.g. copying from `profiles` without
going via Python.)

Small tidy-ups while I'm here:

* Remove duplicated code from test_initial. This was meant to be pulled into `purge_and_rebuild_user_dir`.
* Move `is_public` before updating sharing tables. No functional change; it's still before the first read of `is_public`.
* Don't bother creating a set from dict keys. Slightly nicer and makes the code simpler.

Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
2021-10-05 18:35:25 +01:00
..
.gitignore Correct attrs package name in requirements (#3492) 2018-07-07 10:46:59 +10:00
9655.feature Implement MSC3069: Guest support on whoami (#9655) 2021-09-29 11:32:45 +01:00
10877.feature Ensure (room_id, next_batch_id) is unique to avoid cross-talk/conflicts between batches (MSC2716) (#10877) 2021-09-28 21:23:16 -05:00
10895.misc Pass str to twisted's IReactorTCP (#10895) 2021-09-30 12:51:47 +01:00
10902.misc Update utility code to handle C implementations of frozendict (#10902) 2021-09-28 09:13:23 -07:00
10903.misc Drop backwards-compatibility support for "outlier" (#10903) 2021-09-28 15:25:36 +01:00
10915.misc Clean-up type hints in server config (#10915) 2021-09-28 09:24:40 -04:00
10916.misc Use direct references for configuration variables (part 6). (#10916) 2021-09-29 06:44:15 -04:00
10922.bugfix Fix getTurnServer response: return an integer ttl (#10922) 2021-09-30 08:04:55 -04:00
10924.bugfix Fix empty url_cache_thumbnails/yyyy-mm-dd/ directories being left behind (#10924) 2021-09-29 10:24:37 +01:00
10926.misc Inline _check_event_auth for outliers (#10926) 2021-09-28 15:25:07 +01:00
10927.bugfix Only do restricted join rules signature checks for room versions 8/9. (#10927) 2021-09-28 08:44:19 -04:00
10934.misc Use RoomVersion objects (#10934) 2021-09-29 10:57:10 +01:00
10935.misc Refactor user directory tests (#10935) 2021-09-30 11:04:40 +01:00
10936.misc add event id to logcontext when handling incoming PDUs (#10936) 2021-09-29 11:59:43 +01:00
10939.misc Fix errors in Synapse logs from unit tests. (#10939) 2021-09-30 11:03:29 -04:00
10940.misc Split event_auth.check into two parts (#10940) 2021-09-29 18:59:15 +01:00
10945.misc Clean-up registration tests (#10945) 2021-09-30 14:06:02 -04:00
10947.bugfix Add functionality to remove deactivated users from the monthly_active_users table (#10947) 2021-10-04 08:34:42 -07:00
10956.bugfix Ensure that we reject events which use rejected events for auth (#10956) 2021-10-05 13:23:29 +01:00
10958.misc Add type hints to filtering classes. (#10958) 2021-10-01 07:02:32 -04:00
10959.misc Use direct references for configuration variables (part 7). (#10959) 2021-10-04 07:18:54 -04:00
10960.bugfix Consistently exclude from user_directory (#10960) 2021-10-04 11:45:51 +00:00
10961.misc type-hint HomeserverTestcase.setup_test_homeserver (#10961) 2021-10-01 12:22:47 +01:00
10962.bugfix Fix logic flaw preventing tracking of MSC2716 events in existing room versions (#10962) 2021-10-05 11:51:57 -05:00
10963.misc Make is_public Optional[bool] for create_room_as test util (#10951) (#10963) 2021-10-04 14:43:03 +00:00
10981.bugfix Fix potential leak of per-room profiles when the user dir is rebuilt. (#10981) 2021-10-05 18:35:25 +01:00
10983.misc Log stack traces when a missing opentracing span is detected (#10983) 2021-10-05 12:23:25 +01:00
10986.misc Host cache_joined_hosts_for_event to caller (#10986) 2021-10-05 13:01:41 +01:00
10987.misc _update_auth_events_and_context_for_auth: add some comments (#10987) 2021-10-05 12:50:38 +01:00
10988.misc _check_event_auth: move event validation earlier (#10988) 2021-10-05 12:50:07 +01:00
10991.doc Update links to MSCs in documentation (#10991) 2021-10-05 11:35:19 +00:00
10992.misc Run CI with Python 3.10 and Postgres 14 (#10992) 2021-10-05 12:43:04 +01:00