Merge 70f6749c92 into d8be2ad942

The server-name segment of MXC URIs is sanitised differently from the media-id segment (#2217 )
Fixes: #1990 Signed-off-by: Johannes Marbach <n0-0ne+github@mailbox.org>
2026-04-25 20:14:09 +02:00 · 2025-09-29 10:21:52 +01:00 · 2025-09-26 17:36:34 +03:00 · 2025-09-11 02:19:33 +02:00 · 2025-09-11 02:19:33 +02:00
4 changed files with 14 additions and 8 deletions
--- a/changelogs/client_server/newsfragments/2217.clarification
+++ b/changelogs/client_server/newsfragments/2217.clarification
@ -0,0 +1 @@
+The `server-name` segment of MXC URIs is sanitised differently from the `media-id` segment.
--- a/changelogs/server_server/newsfragments/2191.clarification
+++ b/changelogs/server_server/newsfragments/2191.clarification
@ -0,0 +1 @@
+Clarify what the minimum_valid_until_ts field means when it is set in key queries.
--- a/content/client-server-api/modules/content_repo.md
+++ b/content/client-server-api/modules/content_repo.md
@ -134,9 +134,14 @@ entity isn't in the room.
 `mxc://` URIs are vulnerable to directory traversal attacks such as
 `mxc://127.0.0.1/../../../some_service/etc/passwd`. This would cause the
 target homeserver to try to access and return this file. As such,
-homeservers MUST sanitise `mxc://` URIs by allowing only alphanumeric
-(`A-Za-z0-9`), `_` and `-` characters in the `server-name` and
-`media-id` values. This set of whitelisted characters allows URL-safe
+homeservers MUST sanitise `mxc://` URIs by:
+
+-   restricting the `server-name` segment to valid
+    [server names](/appendices/#server-name)
+-   allowing only alphanumeric (`A-Za-z0-9`), `_` and `-` characters in
+    the `media-id` segment
+
+The resulting set of whitelisted characters allows URL-safe
 base64 encodings specified in RFC 4648. Applying this character
 whitelist is preferable to blacklisting `.` and `/` as there are
 techniques around blacklisted characters (percent-encoded characters,
--- a/data/api/server-server/keys_query.yaml
+++ b/data/api/server-server/keys_query.yaml
@ -34,8 +34,8 @@ paths:
        - in: query
          name: minimum_valid_until_ts
          description: |-
-            A millisecond POSIX timestamp in milliseconds indicating when the returned
-            certificates will need to be valid until to be useful to the requesting server.
+            A millisecond POSIX timestamp. The returned keys MUST be valid
+            until at least this timestamp.

            If not supplied, the current time as determined by the notary server is used.
          required: false
@ -98,9 +98,8 @@ paths:
                          type: integer
                          format: int64
                          description: |-
-                            A millisecond POSIX timestamp in milliseconds indicating when
-                            the returned certificates will need to be valid until to be
-                            useful to the requesting server.
+                            A millisecond POSIX timestamp. The returned keys
+                            MUST be valid until at least this timestamp.

                            If not supplied, the current time as determined by the notary
                            server is used.
Author	SHA1	Message	Date
famfo	84823bc066	Merge `70f6749c92` into `d8be2ad942`	2025-09-29 10:21:52 +01:00
Johannes Marbach	d8be2ad942	The `server-name` segment of MXC URIs is sanitised differently from the `media-id` segment (#2217 ) Some checks failed Spec / 🔎 Validate OpenAPI specifications (push) Has been cancelled Details Spec / 🔎 Check Event schema examples (push) Has been cancelled Details Spec / 🔎 Check OpenAPI definitions examples (push) Has been cancelled Details Spec / 🔎 Check JSON Schemas inline examples (push) Has been cancelled Details Spec / ⚙️ Calculate baseURL for later jobs (push) Has been cancelled Details Spec / 📢 Run towncrier for changelog (push) Has been cancelled Details Spell Check / Spell Check with Typos (push) Has been cancelled Details Spec / 🐍 Build OpenAPI definitions (push) Has been cancelled Details Spec / 📖 Build the spec (push) Has been cancelled Details Spec / 🔎 Validate generated HTML (push) Has been cancelled Details Spec / 📖 Build the historical backup spec (push) Has been cancelled Details Fixes: #1990 Signed-off-by: Johannes Marbach <n0-0ne+github@mailbox.org>	2025-09-26 17:36:34 +03:00
famfo	70f6749c92	changelogs/s2s: add minimum_valid_until_ts clarification	2025-09-11 02:19:33 +02:00
famfo	1583a12cec	s2s/keys: clarify minimum_valid_until_ts query Signed-off-by: famfo <famfo@famfo.xyz>	2025-09-11 02:19:33 +02:00
				`@ -0,0 +1 @@`
				The `server-name` segment of MXC URIs is sanitised differently from the `media-id` segment.
				`@ -0,0 +1 @@`
				`Clarify what the minimum_valid_until_ts field means when it is set in key queries.`