recipe-maintainers/matrix-synapse
0
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

chore: upgrade synapse v1.155.0, nginx 1.31.2, MAS 1.19.0 #4

Open
autonomic-bot wants to merge 2 commits from upgrade-7.2.1+v1.155.0 into main
pull from: upgrade-7.2.1+v1.155.0
merge into: recipe-maintainers:main
Conversation 4 Commits 2 Files Changed 2 +4 -4
autonomic-bot commented 2026-06-16 23:50:58 +00:00
Owner
Copy Link

matrix-synapse upgrade: v1.154.0 → v1.155.0 + MAS 1.18.0 → 1.19.0 + nginx 1.31.2

Image tag changes

service image old new
app matrixdotorg/synapse v1.154.0 v1.155.0
mas ghcr.io/element-hq/matrix-authentication-service 1.18.0 1.19.0
web nginx 1.31.1 1.31.2

Upstream release notes

Upstream release notes: synapse v1.154.0→v1.155.0: https://github.com/element-hq/synapse/releases/tag/v1.155.0
Upstream release notes: matrix-authentication-service 1.18.0→1.19.0: https://github.com/element-hq/matrix-authentication-service/releases/tag/v1.19.0
Upstream release notes: nginx 1.31.1→1.31.2: https://nginx.org/en/CHANGES

What changed

  • synapse v1.155.0: Bugfix release — sliding sync fix, to-device EDU size limits, non-media worker fix for MSC4452. No breaking changes, no config/migration changes.
  • MAS 1.19.0: Minor release — per-provider registration token support, X-Frame-Options: DENY security hardening. No breaking changes, no DB migrations, no config file changes.
  • nginx 1.31.2: Security release fixing 3 CVEs (CVE-2026-42530 use-after-free HTTP/3, CVE-2026-42055 heap overflow HTTP/2, CVE-2026-48142 heap overread charset). Upgrade recommended.

Deferred (separate PRs)

  • mautrix/signal v0.8.7 → v26.02.2 (CalVer scheme change; requires fresh install or manual pg dump/restore — deferred)
  • mautrix/telegram v0.15.3 → v0.2606.0 (CalVer scheme change — deferred)
  • signaldb/telegramdb postgres 13→17 (deferred along with bridge upgrades)

Recommended release

abra recipe release matrix-synapse -z

(patch bump: v1.155.0 is a bugfix/security release, MAS 1.19.0 minor features, nginx security patch)

Nothing merged — for operator review.

Tested green on the cc-ci recipe CI server (full suite, cold, against this PR head). NOT merged — for operator review.

cc @trav @notplants

## matrix-synapse upgrade: v1.154.0 → v1.155.0 + MAS 1.18.0 → 1.19.0 + nginx 1.31.2 ### Image tag changes | service | image | old | new | |---------|-------|-----|-----| | app | matrixdotorg/synapse | v1.154.0 | v1.155.0 | | mas | ghcr.io/element-hq/matrix-authentication-service | 1.18.0 | 1.19.0 | | web | nginx | 1.31.1 | 1.31.2 | ### Upstream release notes **Upstream release notes:** synapse v1.154.0→v1.155.0: https://github.com/element-hq/synapse/releases/tag/v1.155.0 **Upstream release notes:** matrix-authentication-service 1.18.0→1.19.0: https://github.com/element-hq/matrix-authentication-service/releases/tag/v1.19.0 **Upstream release notes:** nginx 1.31.1→1.31.2: https://nginx.org/en/CHANGES ### What changed - **synapse v1.155.0**: Bugfix release — sliding sync fix, to-device EDU size limits, non-media worker fix for MSC4452. No breaking changes, no config/migration changes. - **MAS 1.19.0**: Minor release — per-provider registration token support, X-Frame-Options: DENY security hardening. No breaking changes, no DB migrations, no config file changes. - **nginx 1.31.2**: Security release fixing 3 CVEs (CVE-2026-42530 use-after-free HTTP/3, CVE-2026-42055 heap overflow HTTP/2, CVE-2026-48142 heap overread charset). Upgrade recommended. ### Deferred (separate PRs) - mautrix/signal v0.8.7 → v26.02.2 (CalVer scheme change; requires fresh install or manual pg dump/restore — deferred) - mautrix/telegram v0.15.3 → v0.2606.0 (CalVer scheme change — deferred) - signaldb/telegramdb postgres 13→17 (deferred along with bridge upgrades) ### Recommended release ``` abra recipe release matrix-synapse -z ``` (patch bump: v1.155.0 is a bugfix/security release, MAS 1.19.0 minor features, nginx security patch) Nothing merged — for operator review. Tested green on the cc-ci recipe CI server (full suite, cold, against this PR head). NOT merged — for operator review. cc @trav @notplants
autonomic-bot added 1 commit 2026-06-16 23:50:59 +00:00
chore: upgrade to 7.2.1+v1.155.0
All checks were successful
cc-ci/testme cc-ci: success
Details
f00725de2c
autonomic-bot requested review from trav 2026-06-16 23:50:59 +00:00
autonomic-bot requested review from notplants 2026-06-16 23:50:59 +00:00
autonomic-bot commented 2026-06-17 01:58:04 +00:00
Author
Owner
Copy Link

!testme

!testme
autonomic-bot commented 2026-06-17 01:58:05 +00:00
Author
Owner
Copy Link

🌻 cc-cimatrix-synapse @ f00725de passed

cc-ci result card

level

full logs · dashboard

<!-- cc-ci:testme --> 🌻 **cc-ci** — `matrix-synapse` @ `f00725de` ✅ **passed** [![cc-ci result card](https://ci.commoninternet.net/runs/725/summary.png)](https://drone.ci.commoninternet.net/recipe-maintainers/cc-ci/725) [![level](https://ci.commoninternet.net/runs/725/badge.svg)](https://drone.ci.commoninternet.net/recipe-maintainers/cc-ci/725) [full logs](https://drone.ci.commoninternet.net/recipe-maintainers/cc-ci/725) · [dashboard](https://ci.commoninternet.net/)
autonomic-bot changed title from chore: upgrade to 7.2.1+v1.155.0 to chore: upgrade nginx to 1.31.2 and MAS to 1.19.0 2026-06-19 03:23:36 +00:00
autonomic-bot added 1 commit 2026-06-19 03:23:36 +00:00
chore: upgrade nginx to 1.31.2 and MAS to 1.19.0
All checks were successful
cc-ci/testme cc-ci: success
Details
64a7129e26
autonomic-bot commented 2026-06-19 03:27:10 +00:00
Author
Owner
Copy Link

!testme

!testme
autonomic-bot commented 2026-06-19 03:27:40 +00:00
Author
Owner
Copy Link

🌻 cc-cimatrix-synapse @ 64a7129e passed

cc-ci result card

level

full logs · dashboard

<!-- cc-ci:testme --> 🌻 **cc-ci** — `matrix-synapse` @ `64a7129e` ✅ **passed** [![cc-ci result card](https://ci.commoninternet.net/runs/936/summary.png)](https://drone.ci.commoninternet.net/recipe-maintainers/cc-ci/936) [![level](https://ci.commoninternet.net/runs/936/badge.svg)](https://drone.ci.commoninternet.net/recipe-maintainers/cc-ci/936) [full logs](https://drone.ci.commoninternet.net/recipe-maintainers/cc-ci/936) · [dashboard](https://ci.commoninternet.net/)
autonomic-bot changed title from chore: upgrade nginx to 1.31.2 and MAS to 1.19.0 to chore: upgrade synapse v1.155.0, nginx 1.31.2, MAS 1.19.0 2026-06-19 03:31:11 +00:00
All checks were successful
cc-ci/testme cc-ci: success
Details
This pull request can be merged automatically.
You are not authorized to merge this pull request.
View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.
git fetch -u origin upgrade-7.2.1+v1.155.0:upgrade-7.2.1+v1.155.0
git checkout upgrade-7.2.1+v1.155.0
Sign in to join this conversation.
Reviewers
No Reviewers
trav
notplants
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
autonomic autonomic-bot notplants trav
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: recipe-maintainers/matrix-synapse#4
No description provided.
Delete Branch "upgrade-7.2.1+v1.155.0"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?