fix: Don't store events that have already been redacted

This prevents clobbering
feat: Allow retrieving redacted message content (msc2815)
2025-07-05 20:35:48 +02:00 · 2025-05-28 02:10:02 +01:00 · 2025-05-28 02:07:56 +01:00 · 2025-05-28 01:04:00 +01:00
4 changed files with 6 additions and 15 deletions
--- a/.forgejo/workflows/release-image.yml
+++ b/.forgejo/workflows/release-image.yml
@ -180,7 +180,7 @@ jobs:
          file: "docker/Dockerfile"
          build-args: |
            GIT_COMMIT_HASH=${{ github.sha }})
-            GIT_COMMIT_HASH_SHORT=${{ env.COMMIT_SHORT_SHA }}
+            GIT_COMMIT_HASH_SHORT=${{ env.COMMIT_SHORT_SHA }})
            GIT_REMOTE_URL=${{github.event.repository.html_url }}
            GIT_REMOTE_COMMIT_URL=${{github.event.head_commit.url }}
          platforms: ${{ matrix.platform }}
--- a/SECURITY.md
+++ b/SECURITY.md
@ -20,10 +20,10 @@ We may backport fixes to the previous release at our discretion, but we don't gu

 We appreciate the efforts of security researchers and the community in identifying and reporting vulnerabilities. To ensure that potential vulnerabilities are addressed properly, please follow these guidelines:

-1. **Contact members of the team directly** over E2EE private message.
+1. Contact members of the team over E2EE private message.
   - [@jade:ellis.link](https://matrix.to/#/@jade:ellis.link)
   - [@nex:nexy7574.co.uk](https://matrix.to/#/@nex:nexy7574.co.uk) <!-- ? -->
-2. **Email the security team** at [security@continuwuity.org](mailto:security@continuwuity.org). This is not E2EE, so don't include sensitive details.
+2. **Email the security team** directly at [security@continuwuity.org](mailto:security@continuwuity.org). This is not E2EE, so don't include sensitive details.
 3. **Do not disclose the vulnerability publicly** until it has been addressed
 4. **Provide detailed information** about the vulnerability, including:
   - A clear description of the issue
@ -48,7 +48,7 @@ When you report a security vulnerability:

 When security vulnerabilities are identified:

-1. We will develop and test fixes in a private fork
+1. We will develop and test fixes in a private branch
 2. Security updates will be released as soon as possible
 3. Release notes will include information about the vulnerabilities, avoiding details that could facilitate exploitation where possible
 4. Critical security updates may be backported to the previous stable release
--- a/src/admin/debug/mod.rs
+++ b/src/admin/debug/mod.rs
@ -125,13 +125,13 @@ pub(super) enum DebugCommand {
 		reset: bool,
 	},

-	/// - Sign JSON blob
+	/// - Verify json signatures
 	///
 	/// This command needs a JSON blob provided in a Markdown code block below
 	/// the command.
 	SignJson,

-	/// - Verify JSON signatures
+	/// - Verify json signatures
 	///
 	/// This command needs a JSON blob provided in a Markdown code block below
 	/// the command.
--- a/src/core/config/check.rs
+++ b/src/core/config/check.rs
@ -219,15 +219,6 @@ pub fn check(config: &Config) -> Result {
 		));
 	}

-	// Check if support contact information is configured
-	if config.well_known.support_email.is_none() && config.well_known.support_mxid.is_none() {
-		warn!(
-			"No support contact information (support_email or support_mxid) is configured in \
-			 the well_known section. Users in the admin room will be automatically listed as \
-			 support contacts in the /.well-known/matrix/support endpoint."
-		);
-	}
-
 	if config
 		.url_preview_domain_contains_allowlist
 		.contains(&"*".to_owned())
Author	SHA1	Message	Date
Jade Ellis	be52d495c9	fix: Don't store events that have already been redacted Some checks failed Release Docker Image / define-variables (push) Failing after 1s Details Release Docker Image / build-image (linux/amd64, linux-amd64) (push) Has been skipped Details Release Docker Image / build-image (linux/arm64, linux-arm64) (push) Has been skipped Details Release Docker Image / merge (push) Has been skipped Details Rust Checks / Format (push) Failing after 2s Details Rust Checks / Clippy (push) Failing after 17s Details Rust Checks / Cargo Test (push) Failing after 9s Details This prevents clobbering	2025-05-28 02:10:02 +01:00
Jade Ellis	8f7b3bceb0	feat: Allow retrieving redacted message content (msc2815) Still to do: - Handling the difference between content that we have deleted and content we never received - Deleting the original content on command or expiry Another question is if we have to store the full original content? Can we get by with just storing the 'content' field?	2025-05-28 02:07:56 +01:00
Jade Ellis	5c916550fc	feat: Store the original content of redacted PDUs	2025-05-28 01:04:00 +01:00