| 2 Mar 2025 |
|  @kevincox:matrix.org left the room. | 00:15:36 |
| 8 Mar 2025 |
 Ralith | what happened to pkgs.matrix-synapse-tools.rust-synapse-compress-state? it seems to have disappeared from 24.11 | 08:25:10 |
 ma27 | apologies, it was my fault given I merged the PR that did not only clean up a few synapse packages, but also renamed this attribute by accident | 08:26:25 |
| ma27 | Try rust-synapse-state-compress for now, I filed a PR a few days ago that I'll merge in a minute | 08:27:10 |
| Ralith | thanks | 08:27:26 |
| ma27 | fixed now on 24.11 and master (the wrong alias is kept in aliases.nix to not break folks again who already updated) | 10:36:26 |
| ma27 | apologies for the inconvenience! | 10:36:38 |
| 26 Mar 2025 |
 Sumner Evans | https://github.com/element-hq/synapse/releases/tag/v1.127.1 was just released which contains a critical security fix for CVE-2025-30355. I updated https://github.com/NixOS/nixpkgs/pull/393086 to bump to the patched version. Can I get some eyes on it and a committer to merge? | 21:44:12 |
| ma27 | deploying it rn. | 21:51:58 |
| ma27 | Given the apparent severity I'm willing to make an exception and merge right away. | 21:52:16 |
 emily | perhaps a good idea to get someone to kick the channel? | 21:53:04 |
| Sumner Evans | I think that's the right call. I've been running 1.127.0 for a few days and it's been fine, and the diff to 1.127.1 is not too large. | 21:53:51 |
| Sumner Evans | from what I understand, this vulnerability is why matrix.org has been having issues today | 21:54:08 |
| emily | what do we do for backports? | 21:54:19 |
|  max invited  Willi Butz. | 21:54:25 |
| ma27 | we backport all synapse updates anyways | 21:54:28 |
| Willi Butz joined the room. | 21:54:28 |
| ma27 | so same procedure as every bump imho | 21:54:42 |
| emily | the diff looks like DoS at a glance, maybe not channel-kicking levels of severe (though of course that could be misleading) | 21:55:26 |
|  @willi:matrix.butz.cloud left the room. | 21:56:08 |
| Willi Butz | ty :) | 21:56:19 |
| emily | oh, https://github.com/element-hq/synapse/commit/2277df2a1eb685f85040ef98fa21d41aa4cdd389 explicitly says DoS | 21:56:24 |
|  Emma [it/its] joined the room. | 21:58:28 |
| Sumner Evans | anyone know NickCao's mxid? looks like he went ahead and merged. We should get him into this room if he's on Matrix | 21:58:32 |
| Emma [it/its] | 👋 | 21:59:13 |
| Sumner Evans | Redacted or Malformed Event | 21:59:27 |
| ma27 | there's none in the maintainer entry. will leave a message in the PR. | 21:59:27 |
| emily | haven't seen him on Matrix | 21:59:30 |
| emily | ironically :) | 21:59:41 |
| ma27 | would be kinda funny if the person who regularly merges synapse PRs doesn't use it :D | 21:59:53 |
