From a6eb5d646d307b3c28b68b678779d3eec6450fbc Mon Sep 17 00:00:00 2001 From: Matthew Hodgson Date: Sun, 9 Feb 2020 18:24:01 +0000 Subject: [PATCH 1/5] filter out m.room.aliases from the CS API until MSC2261 lands --- synapse/visibility.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/synapse/visibility.py b/synapse/visibility.py index 100dc47a8a04..8ff16ea2974b 100644 --- a/synapse/visibility.py +++ b/synapse/visibility.py @@ -122,6 +122,12 @@ def allowed(event): if not event.is_state() and event.sender in ignore_list: return None + # Until MSC2261 has landed we can't redact malicious aliases, so for + # now we temporarily filter out m.room.aliases entirely, until we bump + # to a room version which lets us manage them properly. + if event.type == EventTypes.Aliases: + return None + # Don't try to apply the room's retention policy if the event is a state event, as # MSC1763 states that retention is only considered for non-state events. if apply_retention_policies and not event.is_state(): From fac45d9af999d1dc333fd18c29b991fb8fc45ccd Mon Sep 17 00:00:00 2001 From: Matthew Hodgson Date: Sun, 9 Feb 2020 18:46:34 +0000 Subject: [PATCH 2/5] changelog --- changelog.d/6878.feature | 1 + 1 file changed, 1 insertion(+) create mode 100644 changelog.d/6878.feature diff --git a/changelog.d/6878.feature b/changelog.d/6878.feature new file mode 100644 index 000000000000..6ee8bbdfa614 --- /dev/null +++ b/changelog.d/6878.feature @@ -0,0 +1 @@ +Filter out m.room.aliases from the CS API until we can redact them properly. From 14c8503ecee486283d3eb6696c4d4aadf2377813 Mon Sep 17 00:00:00 2001 From: Matthew Hodgson Date: Sun, 9 Feb 2020 19:13:40 +0000 Subject: [PATCH 3/5] reword changelog --- changelog.d/6878.feature | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/changelog.d/6878.feature b/changelog.d/6878.feature index 6ee8bbdfa614..ad52c801d12b 100644 --- a/changelog.d/6878.feature +++ b/changelog.d/6878.feature @@ -1 +1 @@ -Filter out m.room.aliases from the CS API until we can redact them properly. +Filter out m.room.aliases from the CS API to mitigate abuse while a better solution is specced From 59abcd00438c67e6dbbf1670c91bb4559c024acb Mon Sep 17 00:00:00 2001 From: Matthew Hodgson Date: Sun, 9 Feb 2020 19:21:41 +0000 Subject: [PATCH 4/5] reword for vdh --- synapse/visibility.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/synapse/visibility.py b/synapse/visibility.py index 8ff16ea2974b..d0abd8f04ffc 100644 --- a/synapse/visibility.py +++ b/synapse/visibility.py @@ -122,9 +122,10 @@ def allowed(event): if not event.is_state() and event.sender in ignore_list: return None - # Until MSC2261 has landed we can't redact malicious aliases, so for - # now we temporarily filter out m.room.aliases entirely, until we bump - # to a room version which lets us manage them properly. + # Until MSC2261 has landed we can't redact malicious alias events, so for + # now we temporarily filter out m.room.aliases entirely to mitigate + # abuse, while we spec a better solution to advertising aliases + # on rooms. if event.type == EventTypes.Aliases: return None From 79025d448b561ac1a5b3fd1830282dc73d6fb35a Mon Sep 17 00:00:00 2001 From: Richard van der Hoff <1389908+richvdh@users.noreply.github.com> Date: Sun, 9 Feb 2020 19:40:09 +0000 Subject: [PATCH 5/5] fix changelog --- changelog.d/6878.feature | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/changelog.d/6878.feature b/changelog.d/6878.feature index ad52c801d12b..af3e958a4394 100644 --- a/changelog.d/6878.feature +++ b/changelog.d/6878.feature @@ -1 +1 @@ -Filter out m.room.aliases from the CS API to mitigate abuse while a better solution is specced +Filter out m.room.aliases from the CS API to mitigate abuse while a better solution is specced.