Do not send User Directory search requests to ma1sd for now
We can undo this once https://github.com/ma1uta/ma1sd/issues/44 gets resolved.
This commit is contained in:
parent
ba23779b05
commit
07ff116266
14
CHANGELOG.md
14
CHANGELOG.md
@ -1,3 +1,16 @@
|
|||||||
|
# 2020-05-19
|
||||||
|
|
||||||
|
## (Compatibility Break / Security Issue) Disabling User Directory search powered by the ma1sd Identity Server
|
||||||
|
|
||||||
|
User Directory search requests used to go to the ma1sd identity server by default, which queried its own stores and the Synapse database.
|
||||||
|
|
||||||
|
ma1sd current has [a security issue](https://github.com/ma1uta/ma1sd/issues/44), which made it leak information about all users - including users created by bridges, etc.
|
||||||
|
|
||||||
|
Until the issue gets fixed, we're making User Directory search not go to ma1sd by default. You **need to re-run the playbook and restart services to apply this workaround**.
|
||||||
|
|
||||||
|
*If you insist on restoring the old behavior* (**which has a security issue!**), you *might* use this configuration: `matrix_nginx_proxy_proxy_matrix_user_directory_search_enabled: "{{ matrix_ma1sd_enabled }}"`
|
||||||
|
|
||||||
|
|
||||||
# 2020-04-28
|
# 2020-04-28
|
||||||
|
|
||||||
## Newer IRC bridge (with potential breaking change)
|
## Newer IRC bridge (with potential breaking change)
|
||||||
@ -11,6 +24,7 @@ If you did not include `mappings` in your configuration for IRC, no
|
|||||||
change is necessary. `mappings` is not part of the default
|
change is necessary. `mappings` is not part of the default
|
||||||
configuration.
|
configuration.
|
||||||
|
|
||||||
|
|
||||||
# 2020-04-23
|
# 2020-04-23
|
||||||
|
|
||||||
## Slack bridging support
|
## Slack bridging support
|
||||||
|
@ -616,7 +616,10 @@ matrix_nginx_proxy_proxy_synapse_metrics: "{{ matrix_synapse_metrics_enabled }}"
|
|||||||
matrix_nginx_proxy_proxy_synapse_metrics_addr_with_container: "matrix-synapse:{{ matrix_synapse_metrics_port }}"
|
matrix_nginx_proxy_proxy_synapse_metrics_addr_with_container: "matrix-synapse:{{ matrix_synapse_metrics_port }}"
|
||||||
matrix_nginx_proxy_proxy_synapse_metrics_addr_sans_container: "127.0.0.1:{{ matrix_synapse_metrics_port }}"
|
matrix_nginx_proxy_proxy_synapse_metrics_addr_sans_container: "127.0.0.1:{{ matrix_synapse_metrics_port }}"
|
||||||
|
|
||||||
matrix_nginx_proxy_proxy_matrix_user_directory_search_enabled: "{{ matrix_ma1sd_enabled }}"
|
# Not proxying the user directory search to the identity server by default anymore,
|
||||||
|
# because it currently leaks data.
|
||||||
|
# See: https://github.com/ma1uta/ma1sd/issues/44
|
||||||
|
matrix_nginx_proxy_proxy_matrix_user_directory_search_enabled: false
|
||||||
matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_with_container: "{{ matrix_nginx_proxy_proxy_matrix_identity_api_addr_with_container }}"
|
matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_with_container: "{{ matrix_nginx_proxy_proxy_matrix_identity_api_addr_with_container }}"
|
||||||
matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_sans_container: "{{ matrix_nginx_proxy_proxy_matrix_identity_api_addr_sans_container }}"
|
matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_sans_container: "{{ matrix_nginx_proxy_proxy_matrix_identity_api_addr_sans_container }}"
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user