feat(deps): update turt2live/matrix-media-repo docker tag to v1.3.7 #2355

renovate · 2023-09-08T09:13:53Z

This PR contains the following updates:

Package	Update	Change
turt2live/matrix-media-repo	minor	`v1.2.12` -> `v1.3.7`

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Release Notes

t2bot/matrix-media-repo (turt2live/matrix-media-repo)

`v1.3.7`

Compare Source

Added

A new global config option, repo.freezeUnauthenticatedMedia, is supported to enact the unauthenticated media freeze early. See config.sample.yaml for details.

Changed

The default leaky bucket capacity has changed from 300mb to 500mb, allowing for more downloads to go through. The drain rate and overflow limit are unchanged (5mb/minute and 100mb respectively).

`v1.3.6`

Compare Source

Fixed

Ensure a boundary is set on federation downloads, allowing the download to work.

`v1.3.5`

Compare Source

Added

New datastore option to ignore Redis cache when downloading media served by a publicBaseUrl. This can help ensure more requests get redirected to the CDN.
HEAD /download is now supported, as per MSC4120.
S3 datastores can now specify a prefixLength to improve S3 performance on some providers. See config.sample.yaml for details.
Add multipartUploads flag for running MMR against unsupported S3 providers. See config.sample.yaml for details.
A new "leaky bucket" rate limit algorithm has been applied to downloads. See rateLimit.buckets in config.sample.yaml for details.
Add support for MSC3916: Authentication for media.
- To enable full support, use signingKeyPath in your config. See config.sample.yaml for details.
- Server operators should point /_matrix/client/v1/media/* and /_matrix/federation/v1/media/* at MMR.

Changed

The leaky bucket rate limiting introduced above is turned on by default. Administrators are encouraged to review the default settings and adjust as needed.

Fixed

Metrics for redirected and HTML requests are tracked.
Fixed more issues relating to non-dimensional media being thumbnailed (invalid image size: 0x0 errors).
Long-running purge requests no longer fail when the requesting client times out. They are continued in the background.
Purging old media has been fixed to actually identify old media.
JPEG thumbnails will now use sensible extensions.
Fixed directory permissions when exporting MMR to Synapse.
In some rare cases, memory usage may have leaked due to thumbnail error handling. This has been fixed.
Synapse signing keys with blank lines can now be decoded/combined with other keys.

`v1.3.4`

Compare Source

Added

Dendrite homeservers can now have their media imported safely, and adminApiKind may be set to dendrite.
Exporting MMR's data to Synapse is now possible with import_to_synapse. To use it, first run gdpr_export or similar.
Errors encountered during a background task, such as an API-induced export, are exposed as error_message in the admin API.
MMR will follow redirects on federated downloads up to 5 hops.
S3-backed datastores can have download requests redirected to a public-facing CDN rather than being proxied through MMR. See publicBaseUrl under the S3 datastore config.

Changed

Exports now use an internal timeout of 10 minutes instead of 1 minute when downloading files. This may still result in errors if downloading from S3 takes too long.
MMR now requires Go 1.21 for compilation.
ARM-supported Docker images are now available through GHCR.
- The Docker Hub (docker.io) builds are deprecated and will not receive updates starting with v1.4.0
- Docker Hub images are not guaranteed to have ARM compatibility.
The latest Docker tag on both Docker Hub and GHCR now points to the latest release instead of the unstable development build.

Fixed

Exports created with s3_urls now contain valid URLs.
Exports no longer fail with "The requested range is not satisfiable".
Exports no longer fail with "index out of range [0] with length 0".
Requests requiring authentication, but lack a provided access token, will return HTTP 401 instead of HTTP 500 now.
Downloads when using a self-hosted MinIO instance are no longer slower than expected.
The DELETE /_matrix/media/unstable/admin/export/:exportId endpoint has been reinstated as described.
If a server's downloads.maxSize is greater than the uploads.maxSize, remote media is no longer cut off at uploads.maxSize. The media will instead be downloaded at downloads.maxSize and error if greater.
Content-Type on /download and /thumbnail is now brought in line with MSC2701.

`v1.3.3`

Compare Source

Fixed

Improved handling when encountering an error attempting to populate Redis during uploads.
Fixed Range requests failing by default by internally setting a default chunk size of 10mb.
Stop logging "no exif data".
Fixed admin API requests not working when authenticating as the shared secret user.

Changed

Updated dependencies. Manually compiled deployments may need to recompile libheif as well.

`v1.3.2`

Compare Source

Fixed

Fixed thumbnail generation causing thumbnails_index errors in some circumstances.

`v1.3.1`

Compare Source

From v1.3.0

Mandatory configuration change: Please see docs.t2bot.io for details.
Fix improper usage of Content-Disposition: inline and related Content-Type safety (CVE-2023-41318, GHSA-5crw-6j7v-xc72).

Fixed

Fixed media purge API not being able to delete thumbnails.
Fixed thumbnails being attempted for disabled media types.
Fixed SVG and other non-dimensional media failing to be usefully thumbnailed in some cases.

`v1.3.0`

Compare Source

Mandatory Configuration Change

Please see docs.t2bot.io for details.

Security Fixes

Fix improper usage of Content-Disposition: inline and related Content-Type safety (CVE-2023-41318, GHSA-5crw-6j7v-xc72).

Deprecations

The GET /_matrix/media/unstable/local_copy/:server/:mediaId (and unstable/io.t2bot.media variant) endpoint is deprecated and scheduled for removal. If you are using this endpoint, please comment on this issue to explain your use case.

Added

Added a federation.ignoredHosts config option to block media from individual homeservers.
Support for MSC2246 (async uploads) is added, with per-user quota limiting options.
Support for MSC4034 (self-serve usage information) is added, alongside a new "maximum file count" quota limit.
The GET /_synapse/admin/v1/statistics/users/media endpoint from Synapse is now supported at the same path for local server admins.
Thumbnailing support for:
- BMP images.
- TIFF images.
- HEIC images.
New metrics:
- HTTP response times.
- Age of downloaded/accessed media.
Support for PGO builds has been enabled via pgo-fleet.

Removed

IPFS support has been removed due to maintenance burden.
Exports initiated through the admin API no longer support ?include_data=false. Exports will always contain data.
Server-side blurhash calculation has been removed. Clients and bridges already calculate blurhashes locally where applicable.

Changed

Mandatory configuration change: You must add datastore IDs to your datastore configuration, as matrix-media-repo will no longer manage datastores for you.
If compiling matrix-media-repo, note that new external dependencies are required. See the docs.
- Docker images already contain these dependencies.
Datastores no longer use the enabled flag set on them. Use forKinds: [] instead to disable a datastore's usage.
Per-user upload quotas now do not allow users to exceed the maximum values, even by 1 byte. Previously, users could exceed the limits by a little bit.
Updated to Go 1.19, then Go 1.20 in the same release cycle.
New CGO dependencies are required. See docs.t2bot.io for details.
Logs are now less noisy by default.
Connected homeservers must support at least Matrix 1.1 on the Client-Server API. Servers over federation are not affected.
The example Grafana dashboard has been updated.

Fixed

URL previews now follow redirects properly.
Overall memory usage is improved, particularly during media uploads and API-initiated imports.
- Note: If you use plugins then memory usage will still be somewhat high due to temporary caching of uploads.
- Note: This affects RSS primarily. VSZ and other memory metrics may be higher than expected due to how Go releases memory to the OS. This is fixed when there's memory pressure.
Fixed shutdown stall if the config was reloaded more than once while running.

`v1.2.13`

Compare Source

Deprecations

In version 1.3.0, IPFS will no longer be supported as a datastore. Please migrate your data if you are using the IPFS support.

Added

Added the Cross-Origin-Resource-Policy: cross-origin header to all downloads, as per MSC3828.
Added metrics for tracking which S3 operations are performed against datastores.

Changed

Swap out the HEIF library for better support towards ARM64 Docker Images.
The development environment now uses Synapse as a homeserver. Test accounts will need recreating.
Updated to Go 1.18
Improved error message when thumbnailer cannot determine image dimensions.

Fixed

Return default media attributes if none have been explicitly set.

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

github-actions · 2023-09-08T09:14:27Z