2f11bf4d74
docs: Document image mirrors
2026-01-06 00:45:12 +00:00
1e8748d1a0
docs: Fix some issues
2026-01-06 00:45:12 +00:00
70ef6e4211
docs: Document maxperf Docker image variants from #1017
...
Add documentation for the new performance-optimised Docker images with
"-maxperf" suffix. These use the release-max-perf build profile with LTO
and target haswell CPU architecture on amd64 for optimal performance.
Also restructure the static prebuilt binary section in generic deployment
docs for better clarity and fix various UK English spelling issues.
2026-01-06 00:45:12 +00:00
212c1bc14d
chore(deps): update github-actions-non-major
2026-01-06 00:24:55 +00:00
ce46b6869f
chore: Bump dependencies to fix request errors
2026-01-05 20:10:30 +00:00
a18b8254d0
chore: Add news fragment
2026-01-05 20:10:30 +00:00
279f7cbfe4
style: Fix failing lints
2026-01-05 20:10:29 +00:00
006c57face
perf: Don't check accept_make_join twice for restricted make_join
2026-01-05 20:10:29 +00:00
d52e0dc014
fix: Apply check_all_joins to make_join
2026-01-05 20:10:29 +00:00
4b873a1b95
fix: Apply spam checker to local restricted joins
2026-01-05 20:10:29 +00:00
76865e6f91
fix: Accept_may_join callback works again
2026-01-05 20:10:29 +00:00
99f16c2dfc
fix: Call user_may_join_room later in the join process
2026-01-05 20:10:28 +00:00
5ac82f36f3
feat: Consolidate antispam checks into a service
...
Also adds support for the spam checker join rule, and Draupnir callbacks
2026-01-05 20:10:28 +00:00
c249dd992e
feat: Add support for automatically rejecting pending invites
2026-01-05 20:10:28 +00:00
0956779802
feat: Add Meowlnir invite interception support
...
Co-authored-by: Jade Ellis <jade@ellis.link >
2026-01-05 20:10:27 +00:00
a83c1f1513
fix: Restrict suspend+lock commands to admin room
...
Also prevent locking the service user or admin users
2026-01-05 19:49:12 +00:00
8b5e4d8fe1
chore: Add news fragment
2026-01-05 19:34:21 +00:00
7502a944d7
feat: Add user locking and unlocking commands and functionality
...
Also corrects the response code returned by UserSuspended
2026-01-05 19:30:16 +00:00
aed15f246a
refactor: Clean up logging issues
...
Primary issues: Double escapes (debug fmt), spans without levels
2026-01-05 18:28:57 +00:00
27d6604d14
fix: Use a timeout instead of deadline
2026-01-03 17:08:47 +00:00
1c7bd2f6fa
style: Remove unnecessary then() calls in chain
2026-01-03 16:22:49 +00:00
56d7099011
style: Include errors in key claim response too
2026-01-03 16:10:06 +00:00
bc426e1bfc
fix: Apply client-requested timeout to federated key queries
...
Also parallelised federation calls in related functions
2026-01-03 16:05:05 +00:00
6c61b3ec5b
fix: Build error two: electric boogaloo
2025-12-31 21:15:28 +00:00
9d9d1170b6
fix: Build error
2025-12-31 21:04:06 +00:00
7be20abcad
style: Fix typo
2025-12-31 20:08:53 +00:00
078275964c
chore: Update precommit hooks
2025-12-31 20:08:53 +00:00
bf200ad12d
fix: Resolve compile errors
...
me and cargo check are oops now
2025-12-31 20:01:29 +00:00
41e628892d
chore: Add news fragment
2025-12-31 20:01:29 +00:00
44851ee6a2
feat: Fall back to remote room summary if local fails
2025-12-31 20:01:29 +00:00
a7e6e6e83f
feat: Allow local server admins to bypass summary visibility checks
...
feat: Allow local server admins to bypass summary visibility checks
Also improve error messages so they aren't so damn long.
2025-12-31 20:01:29 +00:00
8a561fcd3a
chore: Clippy fixes
2025-12-31 19:56:35 +00:00
25c305f473
chore: Fix comment formatting
2025-12-31 19:56:35 +00:00
c900350164
chore: Add news fragment
2025-12-31 19:56:35 +00:00
c565e6ffbc
feat: Restrict where certain admin commands may be used
2025-12-31 19:56:31 +00:00
442f887c98
style: Improve warning regarding admin removal
2025-12-31 19:40:42 +00:00
03220845e5
docs: Changelog
2025-12-31 19:35:53 +00:00
f8c1e9bcde
feat: Config defined admin list
...
Closes !1246
2025-12-31 19:35:40 +00:00
21324b748f
feat: Enable console feature by default
2025-12-31 19:12:25 +00:00
b7bf36443b
docs: Fix typo
2025-12-31 19:03:22 +00:00
d72192aa32
fix(ci): Stop using nightly to build Debian packages
2025-12-30 14:23:31 -05:00
38ecc41780
chore: Release
2025-12-30 17:45:32 +00:00
7ae958bb03
docs: Announcement
2025-12-30 17:35:20 +00:00
f676fa53f1
chore: Specify the tag body template
2025-12-30 17:34:44 +00:00
978bdc6466
docs: Changelog
2025-12-30 17:34:44 +00:00
7c741e62cf
fix: Forbid creators in power levels
2025-12-30 17:34:43 +00:00
12aecf8091
validate membership events returned by remote servers
...
This fixes a vulnerability where an attacker with a malicious remote
server and a user on the local server can trick the local server into
signing arbitrary events. The attacker issue a remote leave as the local
user to a room on the malicious server. Without any validation of the
make_leave response, the local server would sign the attacker-controlled
event and pass it back to the malicious server with send_leave.
The join and knock endpoints are also fixed in this commit, but are less
useful for exploitation because the local server replaces the "content"
field returned by the remote server. Remote invites are unaffected
because we already check that the event returned from /invite has the
same event ID as the event passed to it.
Co-authored-by: timedout <git@nexy7574.co.uk >
Co-authored-by: Jade Ellis <jade@ellis.link >
Co-authored-by: Ginger <ginger@gingershaped.computer >
2025-12-30 15:24:45 +00:00
19372f0b15
chore(deps): update dependency cargo-bins/cargo-binstall to v1.16.6
2025-12-29 23:52:04 +00:00
a66b90cb3d
ci: Explicitly auto tag latest
2025-12-29 23:45:02 +00:00
7234ce6cbe
ci: Don't force tag all versions as latest
2025-12-29 23:45:02 +00:00
Jade Ellis