Merge branch 'master' into develop

b0659a11 · Richard van der Hoff · 1800bd47 · 9925f9b8 · b0659a11 · b0659a11
Commit b0659a11 authored 3 years ago by Richard van der Hoff
--- a/CHANGES.md
+++ b/CHANGES.md
+Synapse 1.55.2 (2022-03-24)
+===========================
+
+This patch version reverts the earlier fixes from Synapse 1.55.1, which could cause problems in certain deployments, and instead adds a cap to the version of Jinja to be installed. Again, this is to fix an incompatibility with version 3.1.0 of the [Jinja](https://pypi.org/project/Jinja2/) library, and again, deployments of Synapse using the `matrixdotorg/synapse` Docker image or Debian packages from packages.matrix.org are not affected.
+
+Internal Changes
+----------------
+
+- Pin Jinja to <3.1.0, as Synapse fails to start with Jinja 3.1.0. ([\#12297](https://github.com/matrix-org/synapse/issues/12297))
+- Revert changes from 1.55.1 as they caused problems with older versions of Jinja ([\#12296](https://github.com/matrix-org/synapse/issues/12296))
+
+
 Synapse 1.55.1 (2022-03-24)
 ===========================
  

--- a/debian/changelog
+++ b/debian/changelog
+matrix-synapse-py3 (1.55.2) stable; urgency=medium
+
+  * New synapse release 1.55.2.
+
+ -- Synapse Packaging team <packages@matrix.org>  Thu, 24 Mar 2022 19:07:11 +0000
+
 matrix-synapse-py3 (1.55.1) stable; urgency=medium

  * New synapse release 1.55.1.

--- a/synapse/__init__.py
+++ b/synapse/__init__.py
@@ -68,7 +68,7 @@ try:
 except ImportError:
    pass

-__version__ = "1.55.1"
+__version__ = "1.55.2"

 if bool(os.environ.get("SYNAPSE_TEST_PATCH_LOG_CONTEXTS", False)):
    # We import here so that we don't have to install a bunch of deps when

--- a/synapse/push/mailer.py
+++ b/synapse/push/mailer.py
@@ -18,7 +18,6 @@ from typing import TYPE_CHECKING, Dict, Iterable, List, Optional, TypeVar

 import bleach
 import jinja2
-from markupsafe import Markup

 from synapse.api.constants import EventTypes, Membership, RoomTypes
 from synapse.api.errors import StoreError
@@ -868,7 +867,7 @@ class Mailer:
        )


-def safe_markup(raw_html: str) -> Markup:
+def safe_markup(raw_html: str) -> jinja2.Markup:
    """
    Sanitise a raw HTML string to a set of allowed tags and attributes, and linkify any bare URLs.

@@ -878,7 +877,7 @@ def safe_markup(raw_html: str) -> Markup:
    Returns:
        A Markup object ready to safely use in a Jinja template.
    """
-    return Markup(
+    return jinja2.Markup(
        bleach.linkify(
            bleach.clean(
                raw_html,
@@ -892,7 +891,7 @@ def safe_markup(raw_html: str) -> Markup:
    )


-def safe_text(raw_text: str) -> Markup:
+def safe_text(raw_text: str) -> jinja2.Markup:
    """
    Sanitise text (escape any HTML tags), and then linkify any bare URLs.

@@ -902,7 +901,7 @@ def safe_text(raw_text: str) -> Markup:
    Returns:
        A Markup object ready to safely use in a Jinja template.
    """
-    return Markup(
+    return jinja2.Markup(
        bleach.linkify(bleach.clean(raw_text, tags=[], attributes=[], strip=False))
    )


--- a/synapse/python_dependencies.py
+++ b/synapse/python_dependencies.py
@@ -74,8 +74,8 @@ REQUIREMENTS = [
    # Note: 21.1.0 broke `/sync`, see #9936
    "attrs>=19.2.0,!=21.1.0",
    "netaddr>=0.7.18",
-    "Jinja2>=2.9",
-    "MarkupSafe>=2.0",
+    # Jinja2 3.1.0 removes the deprecated jinja2.Markup class, which we rely on.
+    "Jinja2<3.1.0",
    "bleach>=1.4.3",
    # We use `ParamSpec`, which was added in `typing-extensions` 3.10.0.0.
    "typing-extensions>=3.10.0",