Disable device name lookup over federation by default (#12616)

This commit is contained in:
Andrew Morgan 2022-05-04 16:41:40 +01:00 committed by GitHub
parent ba3fd54bad
commit 332cce8dcf
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 24 additions and 12 deletions

1
changelog.d/12616.misc Normal file
View file

@ -0,0 +1 @@
Prevent remote homeservers from requesting local user device names by default.

View file

@ -709,11 +709,11 @@ retention:
#
#allow_profile_lookup_over_federation: false
# Uncomment to disable device display name lookup over federation. By default, the
# Federation API allows other homeservers to obtain device display names of any user
# on this homeserver. Defaults to 'true'.
# Uncomment to allow device display name lookup over federation. By default, the
# Federation API prevents other homeservers from obtaining the display names of
# user devices on this homeserver. Defaults to 'false'.
#
#allow_device_name_lookup_over_federation: false
#allow_device_name_lookup_over_federation: true
## Caching ##

View file

@ -89,6 +89,17 @@ process, for example:
dpkg -i matrix-synapse-py3_1.3.0+stretch1_amd64.deb
```
# Upgrading to v1.59.0
## Device name lookup over federation has been disabled by default
The names of user devices are no longer visible to users on other homeservers by default.
Device IDs are unaffected, as these are necessary to facilitate end-to-end encryption.
To re-enable this functionality, set the
[`allow_device_name_lookup_over_federation`](https://matrix-org.github.io/synapse/v1.59/usage/configuration/config_documentation.html#federation)
homeserver config option to `true`.
# Upgrading to v1.58.0
## Groups/communities feature has been disabled by default

View file

@ -1035,13 +1035,13 @@ allow_profile_lookup_over_federation: false
---
Config option: `allow_device_name_lookup_over_federation`
Set this option to false to disable device display name lookup over federation. By default, the
Federation API allows other homeservers to obtain device display names of any user
Set this option to true to allow device display name lookup over federation. By default, the
Federation API prevents other homeservers from obtaining the display names of any user devices
on this homeserver.
Example configuration:
```yaml
allow_device_name_lookup_over_federation: false
allow_device_name_lookup_over_federation: true
```
---
## Caching ##

View file

@ -46,7 +46,7 @@ class FederationConfig(Config):
)
self.allow_device_name_lookup_over_federation = config.get(
"allow_device_name_lookup_over_federation", True
"allow_device_name_lookup_over_federation", False
)
def generate_config_section(self, **kwargs: Any) -> str:
@ -81,11 +81,11 @@ class FederationConfig(Config):
#
#allow_profile_lookup_over_federation: false
# Uncomment to disable device display name lookup over federation. By default, the
# Federation API allows other homeservers to obtain device display names of any user
# on this homeserver. Defaults to 'true'.
# Uncomment to allow device display name lookup over federation. By default, the
# Federation API prevents other homeservers from obtaining the display names of
# user devices on this homeserver. Defaults to 'false'.
#
#allow_device_name_lookup_over_federation: false
#allow_device_name_lookup_over_federation: true
"""