38ecc41780
chore: Release
2025-12-30 17:45:32 +00:00
7ae958bb03
docs: Announcement
2025-12-30 17:35:20 +00:00
f676fa53f1
chore: Specify the tag body template
2025-12-30 17:34:44 +00:00
978bdc6466
docs: Changelog
2025-12-30 17:34:44 +00:00
7c741e62cf
fix: Forbid creators in power levels
2025-12-30 17:34:43 +00:00
12aecf8091
validate membership events returned by remote servers
...
This fixes a vulnerability where an attacker with a malicious remote
server and a user on the local server can trick the local server into
signing arbitrary events. The attacker issue a remote leave as the local
user to a room on the malicious server. Without any validation of the
make_leave response, the local server would sign the attacker-controlled
event and pass it back to the malicious server with send_leave.
The join and knock endpoints are also fixed in this commit, but are less
useful for exploitation because the local server replaces the "content"
field returned by the remote server. Remote invites are unaffected
because we already check that the event returned from /invite has the
same event ID as the event passed to it.
Co-authored-by: timedout <git@nexy7574.co.uk >
Co-authored-by: Jade Ellis <jade@ellis.link >
Co-authored-by: Ginger <ginger@gingershaped.computer >
2025-12-30 15:24:45 +00:00
19372f0b15
chore(deps): update dependency cargo-bins/cargo-binstall to v1.16.6
2025-12-29 23:52:04 +00:00
a66b90cb3d
ci: Explicitly auto tag latest
2025-12-29 23:45:02 +00:00
7234ce6cbe
ci: Don't force tag all versions as latest
2025-12-29 23:45:02 +00:00
beb0c2ad9a
fix(ci): Don't double append latest tag suffix
2025-12-29 23:45:02 +00:00
39aaf95d09
docs: Changelog
2025-12-29 23:33:12 +00:00
5e0edd5a1c
feat: Allow configuring the OTLP protocol
2025-12-29 23:33:12 +00:00
d180f5a759
feat: Split otlp exporter into a new, enabled-by-default feature
2025-12-29 23:33:12 +00:00
f163264a82
docs: Update example domains
2025-12-29 23:33:12 +00:00
5e7bc590d2
chore: Apply suggestions
2025-12-29 23:30:49 +00:00
08df35946b
fix: File -> line
2025-12-29 23:30:49 +00:00
c4ebf289fa
fix: Dead link to code style doc
2025-12-29 23:30:49 +00:00
1fc6010f9a
fix: Issue title -> pull request title
2025-12-29 23:30:49 +00:00
1d91331275
fix: Stray whitespace
2025-12-29 23:30:49 +00:00
77e62ad772
feat: Add pull request template
2025-12-29 23:30:49 +00:00
696a1e6a4d
docs: Add information on writing changelog fragments
2025-12-28 00:59:31 +00:00
f41bbd7361
feat(meta): Set up towncrier
2025-12-28 00:53:44 +00:00
7350266c80
fix: Don't allow admin room upgrades and fix power levels during upgrade
2025-12-27 04:05:26 +00:00
322c0900c6
docs: handle traefik >=3.6.3 "encoded characters"
2025-12-24 22:40:50 -05:00
1237e60aaf
Revert "feat(ci): Allow running manual workflows against specific commits"
...
This reverts commit 9b4845bf8d
2025-12-22 13:45:45 +00:00
9b4845bf8d
feat(ci): Allow running manual workflows against specific commits
2025-12-22 13:29:40 +00:00
fb5b515f96
chore: update flake lock
2025-12-22 04:11:41 +00:00
e6336d694a
chore: Fix escape
2025-12-22 02:42:21 +00:00
b7841280d9
chore: Security announcement
2025-12-22 02:36:31 +00:00
f4ccb81913
chore: Release
2025-12-22 00:23:20 +00:00
710cdfeadb
chore: Update mailmap
2025-12-21 20:34:11 +00:00
666849ea87
chore(ci): Unify artifact versions
2025-12-21 19:11:12 +00:00
71094803f1
fix(ci): Try use path that exists
2025-12-21 18:50:48 +00:00
bf91ce5c7f
feat: Mark v12 as stable
2025-12-21 17:15:16 +00:00
8fd15f26ce
style: Fix clippy
2025-12-21 17:12:36 +00:00
705fa6c5c6
fix: Simplify visibility check code
2025-12-21 17:12:36 +00:00
6f67c27538
fix: Ensure that room ID is present on state events sent to client
...
routes
Mostly fixes !1094
The remaining issue is federation routes
2025-12-21 17:12:35 +00:00
8586d747d1
feat: Run visibility checks on bundled relations
2025-12-21 17:12:35 +00:00
11012a9ce1
fix: Always return the same 404 message in context
2025-12-21 17:12:35 +00:00
07be190507
fix: Return 404 when event is not accessible
2025-12-21 17:12:35 +00:00
ae4acc9568
fix: Don't incorrectly add thread root to relation response
2025-12-21 17:12:35 +00:00
f83ddecd8c
refactor(perf): Push down visibility check after limit
2025-12-21 17:12:34 +00:00
dd87232f1f
refactor: Reduce database lookups in some cases
2025-12-21 17:12:34 +00:00
8e33f9a7d0
refactor: Improve code style for bundled aggregations
2025-12-21 17:12:34 +00:00
8d3e4eba99
fix: Add aggregations to the search endpoint
2025-12-21 17:12:34 +00:00
96bfdb97da
fix: Filter out invalid replacements from bundled aggregations
2025-12-21 17:12:34 +00:00
b61010da47
feat: Add bundled aggregations support
...
Add support for the m.replace and m.reference bundled
aggregations.
This should fix plenty of subtle client issues.
Threads are not included in the new code as they have
historically been written to the database. Replacing the
old system would result in issues when switching away from
continuwuity, so saved for later.
Some TODOs have been left re event visibility and ignored users.
These should be OK for now, though.
2025-12-21 17:12:34 +00:00
987c5eeb03
refactor: Promote handling unsigned data out of timeline
...
Also fixes:
- Transaction IDs leaking in event route
- Age not being set for event relations or threads
- Both of the above for search results
Notes down concern with relations table
2025-12-21 17:12:33 +00:00
7fa4fa9862
fix: Also check sender origin
2025-12-21 10:58:50 +00:00
b2bead67ac
fix: Apply additional validation to invites
2025-12-21 10:10:54 +00:00
Jade Ellis