- Add more spans to live updates to account for more time spent in various functions.
- When there are a lot of stacked updates in the buffer, return after processing 100
of them rather than relying on >=50 list operations. List operations isn't a good
proxy for the amount of work being done, as the majority of work updates are things
like: receipts, typing, device list updates. This means we will return faster than
before when we have stacked updates, reducing perceived latency, despite having to
still go through the entire buffer.
with CGO we are linking to whatever glibc is in ubuntu-latest, which may
not be present in other distros (Think older Debian, Alpine)
In addition, the docker build with alpine already (implicitly) does not
use CGO, as CGO is still not supported with musl officially if I
understand the following issue correctly: https://github.com/golang/go/issues/19938
So disabling CGO in the released binaries and in the README instructions harmonizes
the behaviour across docker and non-docker builds.
Signed-off-by: Christoph Settgast <csett86_git@quicksands.de>
If Alice and Bob are in the same space, and Bob creates a child in that space,
Alice would incorrectly receive global metadata about that child room if Alice
was live syncing at that time. This leak did not expose confidential information
as Alice could receive all that metadata via the /rooms/{roomId}/hierarchy endpoint
already. However, it would cause clients to put the space child room into the room
list which would be very confusing, as it would have no timeline and no other data.
- Connections are unique for the 3-uple (user, device, conneciton) IDs.
The code was only checking (user, device). This means we would delete
ALL connections for a device, is ANY connection expired.
- ...except we wouldn't, because of the 2nd bug, which is the deletion
code itself. This is missing `i--` so we will not do an ID check on
the element after a deleted index.
Both of these issues have now been fixed.
