Merge pull request #664 from element-hq/gaelg/upgrade-synapse-v1.135.1

gaelgatelement · web-flow · commit 8cf14a75f044 · 2025-08-11T21:33:02.000+02:00
Upgrade synapse v1.135.2
diff --git a/.github/workflows/pytest.yml b/.github/workflows/pytest.yml
@@ -105,7 +105,7 @@ jobs:
 
     - name: On upgrade, Synapse can restart, expect 429 to occur
       run: |
-        echo "PYTEST_EXPECTED_HTTP_STATUS_CODES=429" >> "$GITHUB_ENV"
+        echo "PYTEST_EXPECTED_HTTP_STATUS_CODES=429,502" >> "$GITHUB_ENV"
       if: ${{ matrix.test-from-ref != github.event.pull_request.head.sha }}
 
     - name: Test with pytest (upgrade or idempotent setup)
diff --git a/charts/matrix-stack/source/synapse.yaml.j2 b/charts/matrix-stack/source/synapse.yaml.j2
@@ -84,7 +84,7 @@ logging:
   ## levelOverrides:
   ##   synapse.util.caches.lrucache: WARNING
   levelOverrides: {}
-{{- sub_schema_values.image(registry='ghcr.io', repository='element-hq/synapse', tag='v1.135.0') }}
+{{- sub_schema_values.image(registry='ghcr.io', repository='element-hq/synapse', tag='v1.135.2') }}
 {{- sub_schema_values.ingress() }}
 {{- sub_schema_values.labels() }}
 {{- sub_schema_values.workloadAnnotations() }}
diff --git a/charts/matrix-stack/values.yaml b/charts/matrix-stack/values.yaml
@@ -3722,7 +3722,7 @@ synapse:
 
     ## The tag of the container image to use.
     ## One of tag or digest must be provided.
-    tag: "v1.135.0"
+    tag: "v1.135.2"
 
     ## Container digest to use. Used to pull the image instead of the image tag if set
     ## The tag will still be set as the app.kubernetes.io/version label
diff --git a/newsfragments/664.changed.md b/newsfragments/664.changed.md
@@ -0,0 +1,6 @@
+Update Synapse to v1.135.2.
+
+Highlights :
+- This is the Synapse portion of the [Matrix coordinated security release](https://matrix.org/blog/2025/07/security-predisclosure/). This release includes support for [room version](https://spec.matrix.org/v1.15/rooms/) 12 which fixes a number of security vulnerabilities, including [CVE-2025-49090](https://www.cve.org/CVERecord?id=CVE-2025-49090).
+- The default room version is not changed. Not all clients will support room version 12 immediately, and not all users will be using the latest version of their clients. Large, public rooms are advised to wait a few weeks before upgrading to room version 12 to allow users throughout the Matrix ecosystem to update their clients.
+
