Releases: matrix-org/sygnal
Sygnal 0.10.0 (2021-08-09)
Database Removal
Sygnal is now stateless, and does not rely on a database of any kind.
You may remove your existing SQLite or PostgreSQL databases once you are satisfied that this release is working as intended.
Configuration changes are not necessary, as the database
section will be ignored if present.
- Remove legacy database to ease horizontal scaling. Contributed by H. Shay. (#236)
Improved Documentation
- Update CONTRIBUTING.md to recommend installing libpq-dev. Contributed by Tawanda Moyo. (#197)
Internal Changes
- Improve static type checking. Contributed by Omar Mohamed. (#221, #223, #225, #227)
- Update towncrier CI check to run against the new default branch name. (#226)
- Update black to 21.6b0. (#233)
- Fix type hint errors from new upstream Twisted release. (#239)
- Fixup GitHub Actions pipeline to always run tests on PRs. (#240)
- Add CI testing for old dependencies. (#242)
Sygnal 0.9.3 (2021-04-22)
Features
- Prevent the push key from being rejected for temporary errors and oversized payloads, add TTL logging, and support
events_only
push data flag. (#212) - WebPush: add support for Urgency and Topic header (#213)
Bugfixes
- Fix a long-standing bug where invalid JSON would be accepted over the HTTP interfaces. (#216)
- Limit the size of requests received from HTTP clients. (#220)
Updates to the Docker image
- Remove manually added GeoTrust Root CA certificate from docker image as Apple is no longer using it. (#208)
Improved Documentation
- Make
CONTIBUTING.md
more explicit about how to get tests passing. (#188) - Update
CONTRIBUTING.md
to specify how to run code style and type checks with Tox, and add formatting to code block samples. (#193) - Document how to work around pip installation timeout errors. Contributed by Omar Mohamed. (#215)
Internal Changes
- Update Tox to run in the installed version of Python (instead of specifying Python 3.7) and to consider specific paths and folders while running checks, instead of the whole repository (potentially including unwanted files and folders, e.g. the virtual environment). (#193)
- Make development dependencies available as extras. Contributed by Hillery Shay. (#194)
- Update
setup.py
to specify that a minimum version of Python greater or equal to 3.7 is required. Contributed by Tawanda Moyo. (#207) - Port CI checks to Github Actions. (#210, #219)
- Upgrade development dependencies. Contributed by Omar Mohamed (#214)
- Set up
coverage.py
to run in tox environment, and add html reports (#217)
v0.9.2
v0.9.1
Sygnal 0.9.1 (2021-03-23)
Features
- Add
allowed_endpoints
configuration option for limiting the endpoints that WebPush pushkins will contact. (#182)
Bugfixes
v0.9.0
Sygnal 0.9.0 (2021-03-19)
Features
- Add experimental support for WebPush pushkins. (#177)
Bugfixes
- Fix erroneous warning log line when setting the
max_connections
option in a GCM app config. (#157) - Fix bug where the
sygnal_inflight_request_limit_drop
metric would not appear in prometheus until requests were actually dropped. (#172) - Fix bug where Sygnal would not recover after losing connection to the database. (#179)
Improved Documentation
- Add preliminary documentation (Troubleshooting and Application Developers' Notes). (#150, #154, #158)
- Add a note to the releasing doc asking people to inform EMS and customers during the release process. (#155)
Internal Changes
Sygnal v0.8.2
Sygnal v0.8.1
Updates to the Docker image
- Include GeoTrust Global CA's certificate in the Docker image as it is needed for APNs (and was removed by Debian). (#141)
Sygnal v0.7.2
Updates to the Docker image
- Include GeoTrust Global CA's certificate in the Docker image as it is needed for APNs (and was removed by Debian). (#141)
Sygnal v0.8.0
Sygnal v0.7.1
Security advisory
This version of Sygnal updates the minimum version of the aioapns
dependency
to version 1.10
which addresses a TLS hostname validation bug in aioapns
.
Sygnal was vulnerable to a man-in-the-middle attack on APNs data if someone
could spoof your DNS or otherwise redirect your APNs traffic.
This issue affects any Sygnal deployments that make use of APNs certificate
authentication (i.e. those with certfile: something.pem
in the configuration).
Administrators are encouraged to upgrade.
Bugfixes
- Update minimum version of
aioapns
dependency to 1.10, which has security fixes. (#139)