commit 7811e7190c54ce0e628a43c5e627d07f6781d60be275284bfdf12c95d55ba596 Author: Marcus Rueckert Date: Wed Aug 21 09:51:49 2024 +0000 - Update to 1.113.0 OBS-URL: https://build.opensuse.org/package/show/network:messaging:matrix/matrix-synapse?expand=0&rev=332 diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/10719-Fix-instert-of-duplicate-key-into-event_json.patch b/10719-Fix-instert-of-duplicate-key-into-event_json.patch new file mode 100644 index 0000000..20670b7 --- /dev/null +++ b/10719-Fix-instert-of-duplicate-key-into-event_json.patch @@ -0,0 +1,71 @@ +From d8917666d6198873bca140c3c511ae230ee698ec Mon Sep 17 00:00:00 2001 +From: Jan Zerebecki +Date: Mon, 30 Aug 2021 17:31:31 +0200 +Subject: [PATCH] Fix instert of duplicate key into event_json + +When an incoming event id is present in event_json but not in events +synapse fails trying to insert it with "psycopg2.errors.UniqueViolation: +duplicate key value violates unique constraints", because it is only +filtered based on those that are in events. + +I don't know why those become out of sync, but this happening was +reported by others before. + +Fix this by using an upsert (which inserts or updates existing records) +instead of a normal insert. + +Please verify that this is the safe and correct thing to do before +merging this. Verify e.g. that it doesn't allow breaking history +integrity or something like it. As I don't know enough to understand +what this change entails. + +Fixes: https://github.com/matrix-org/synapse/issues/10718 +Signed-off-by: Jan Zerebecki +--- + changelog.d/10719.bugfix | 1 + + synapse/storage/databases/main/events.py | 22 +++++++++++----------- + 2 files changed, 12 insertions(+), 11 deletions(-) + create mode 100644 changelog.d/10719.bugfix + +diff --git a/changelog.d/10719.bugfix b/changelog.d/10719.bugfix +new file mode 100644 +index 00000000000..d928f74f6bf +--- /dev/null ++++ b/changelog.d/10719.bugfix +@@ -0,0 +1 @@ ++Fix instert failure because of duplicate key when an incoming event id is present in the table event_json but not in events. +diff --git a/synapse/storage/databases/main/events.py b/synapse/storage/databases/main/events.py +index 40b53274fb3..830af72d5e6 100644 +--- a/synapse/storage/databases/main/events.py ++++ b/synapse/storage/databases/main/events.py +@@ -1334,19 +1334,19 @@ def get_internal_metadata(event): + + return im + +- self.db_pool.simple_insert_many_txn( ++ self.db_pool.simple_upsert_many_txn( + txn, + table="event_json", +- values=[ +- { +- "event_id": event.event_id, +- "room_id": event.room_id, +- "internal_metadata": json_encoder.encode( +- get_internal_metadata(event) +- ), +- "json": json_encoder.encode(event_dict(event)), +- "format_version": event.format_version, +- } ++ key_names=["event_id"], ++ key_values=[[event.event_id] for event, _ in events_and_contexts], ++ value_names=["room_id", "internal_metadata", "json", "format_version"], ++ value_values=[ ++ [ ++ event.room_id, ++ json_encoder.encode(get_internal_metadata(event)), ++ json_encoder.encode(event_dict(event)), ++ event.format_version, ++ ] + for event, _ in events_and_contexts + ], + ) diff --git a/README.SUSE b/README.SUSE new file mode 100644 index 0000000..c9e2392 --- /dev/null +++ b/README.SUSE @@ -0,0 +1,8 @@ + README.SUSE +------------- + + Bootstrapping a server +======================== + +/usr/sbin/matrix-synapse-generate-config servername + diff --git a/_multibuild b/_multibuild new file mode 100644 index 0000000..86087bf --- /dev/null +++ b/_multibuild @@ -0,0 +1,3 @@ + + matrix-synapse-test + diff --git a/_service b/_service new file mode 100644 index 0000000..1979274 --- /dev/null +++ b/_service @@ -0,0 +1,31 @@ + + + matrix-synapse + @PARENT_TAG@ + https://github.com/element-hq/synapse.git + git + v1.113.0 + v(.*) + \1 + + + + synapse + + + + synapse + + + + + xz + *.tar + + diff --git a/bump-dependencies.patch b/bump-dependencies.patch new file mode 100644 index 0000000..f21eaf3 --- /dev/null +++ b/bump-dependencies.patch @@ -0,0 +1,13 @@ +Index: synapse/pyproject.toml +=================================================================== +--- synapse.orig/pyproject.toml ++++ synapse/pyproject.toml +@@ -190,7 +190,7 @@ pymacaroons = ">=0.13.0" + msgpack = ">=0.5.2" + phonenumbers = ">=8.2.0" + # we use GaugeHistogramMetric, which was added in prom-client 0.4.0. +-prometheus-client = ">=0.4.0" ++prometheus-client = ">=0.13.1" + # we use `order`, which arrived in attrs 19.2.0. + # Note: 21.1.0 broke `/sync`, see https://github.com/matrix-org/synapse/issues/9936 + attrs = ">=19.2.0,!=21.1.0" diff --git a/matrix-synapse-1.111.0.obscpio b/matrix-synapse-1.111.0.obscpio new file mode 100644 index 0000000..6e92d64 --- /dev/null +++ b/matrix-synapse-1.111.0.obscpio @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:f9752a3658adfb2eeec225a3f5f4a61b055c345bc28416cb86a1299a461838fe +size 37170701 diff --git a/matrix-synapse-1.112.0.obscpio b/matrix-synapse-1.112.0.obscpio new file mode 100644 index 0000000..8a9182d --- /dev/null +++ b/matrix-synapse-1.112.0.obscpio @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:1d0ac72c80abe374740683f0af068b45baa067a102ae9deaf0f324d20b375f31 +size 37371405 diff --git a/matrix-synapse-1.113.0.obscpio b/matrix-synapse-1.113.0.obscpio new file mode 100644 index 0000000..29a8061 --- /dev/null +++ b/matrix-synapse-1.113.0.obscpio @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:c52f61ef6801829cc218e83767bbc6586471bb7289fcb93d69bbf88a45226952 +size 37584397 diff --git a/matrix-synapse-1.4.1-paths.patch b/matrix-synapse-1.4.1-paths.patch new file mode 100644 index 0000000..120d947 --- /dev/null +++ b/matrix-synapse-1.4.1-paths.patch @@ -0,0 +1,61 @@ +Index: synapse/contrib/example_log_config.yaml +=================================================================== +--- synapse.orig/contrib/example_log_config.yaml ++++ synapse/contrib/example_log_config.yaml +@@ -26,7 +26,7 @@ handlers: + file: + class: logging.handlers.RotatingFileHandler + formatter: fmt +- filename: /var/log/synapse/homeserver.log ++ filename: /var/log/matrix-synapse/homeserver.log + maxBytes: 100000000 + backupCount: 3 + filters: [context] +Index: synapse/synapse/config/key.py +=================================================================== +--- synapse.orig/synapse/config/key.py ++++ synapse/synapse/config/key.py +@@ -110,7 +110,7 @@ class KeyConfig(Config): + signing_key_path = config.get("signing_key_path") + if signing_key_path is None: + signing_key_path = os.path.join( +- config_dir_path, config["server_name"] + ".signing.key" ++ '/etc/matrix-synapse/keys.d', config["server_name"] + ".signing.key" + ) + + self.signing_key = self.read_signing_keys(signing_key_path, "signing_key") +@@ -183,7 +183,7 @@ class KeyConfig(Config): + generate_secrets: bool = False, + **kwargs: Any, + ) -> str: +- base_key_name = os.path.join(config_dir_path, server_name) ++ base_key_name = os.path.join('/etc/matrix-synapse/keys.d', server_name) + macaroon_secret_key = "" + form_secret = "" + +Index: synapse/synapse/config/logger.py +=================================================================== +--- synapse.orig/synapse/config/logger.py ++++ synapse/synapse/config/logger.py +@@ -149,7 +149,7 @@ class LoggingConfig(Config): + def generate_config_section( + self, config_dir_path: str, server_name: str, **kwargs: Any + ) -> str: +- log_config = os.path.join(config_dir_path, server_name + ".log.config") ++ log_config = os.path.join('/etc/matrix-synapse/', server_name + ".log.config") + return ( + """\ + log_config: "%(log_config)s" +Index: synapse/synapse/config/server.py +=================================================================== +--- synapse.orig/synapse/config/server.py ++++ synapse/synapse/config/server.py +@@ -793,7 +793,7 @@ class ServerConfig(Config): + bind_port = 8448 + unsecure_port = 8008 + +- pid_file = os.path.join(data_dir_path, "homeserver.pid") ++ pid_file = os.path.join("/run/matrix-synapse", "homeserver.pid") + + secure_listeners = [] + unsecure_listeners = [] diff --git a/matrix-synapse-generate-config.sh b/matrix-synapse-generate-config.sh new file mode 100644 index 0000000..62d2b8f --- /dev/null +++ b/matrix-synapse-generate-config.sh @@ -0,0 +1,14 @@ +#!/bin/bash +CONFDIR="/etc/matrix-synapse" +DATADIR="/var/lib/matrix-synapse" +/usr/bin/python3 \ + -m synapse.app.homeserver \ + --config-path ${CONFDIR}/homeserver.yaml \ + --config-directory="${CONFDIR}/conf.d/" \ + --data-directory="${DATADIR}" \ + --generate-config \ + --generate-keys \ + --report-stats=no \ + --server-name $@ +chown -R root:synapse "${CONFDIR}" +chmod -R u=rwX,g=rX,o= "${CONFDIR}" diff --git a/matrix-synapse-test.spec b/matrix-synapse-test.spec new file mode 100644 index 0000000..3e8cb82 --- /dev/null +++ b/matrix-synapse-test.spec @@ -0,0 +1,68 @@ +# +# spec file for package matrix-synapse-test +# +# Copyright (c) 2024 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +# synapse only supports python >= 3.5, which is not available on pre-15 Leap. +# However, future versions of matrix-synapse will no longer support python2 and +# continued use of python2 is not recommended, so we only use the primary +# python3 flavor. As a result, at no point do we have two versions of the +# matrix-synapse package. + +# Disable debug packages since we're not installing anything. +%define debug_package %{nil} + +%define pkgname matrix-synapse +Name: %{pkgname}-test +Version: 1.113.0 +Release: 0 +Summary: Test package for %{pkgname} +License: AGPL-3.0-or-later +BuildRequires: %{pkgname} == %{version} + +%description +. + +%prep +touch %{_sourcedir}/%{pkgname} + +%build + +%install + +%check + +# Following tests disabled which would need to be run as 'synapse' user which +# we can not do easily (or at all) within RPM +# Generate a sample config. +#python3 -m synapse.app.homeserver \ +# --generate-config \ +# --server localhost \ +# --config-path dummy-homeserver.yaml \ +# --report-stats no + +# Start synapse and try to register a user (basic smoke-test). +# register_new_matrix_user doesn't seem to work inside check so we have to +# manually run the module. +#synctl start dummy-homeserver.yaml +#sleep 2s +#python3 -m synapse._scripts.register_new_matrix_user \ +# http://localhost:8008 \ +# --config dummy-homeserver.yaml \ +# --admin --user opensuse --password opensuse +#synctl stop dummy-homeserver.yaml + +%changelog diff --git a/matrix-synapse-user.conf b/matrix-synapse-user.conf new file mode 100644 index 0000000..7f1dffb --- /dev/null +++ b/matrix-synapse-user.conf @@ -0,0 +1,2 @@ +# Type Name ID GECOS [HOME] +u synapse - "Matrix Synapse" /var/lib/matrix-synapse diff --git a/matrix-synapse.changes b/matrix-synapse.changes new file mode 100644 index 0000000..1c77e7c --- /dev/null +++ b/matrix-synapse.changes @@ -0,0 +1,12327 @@ +------------------------------------------------------------------- +Wed Aug 21 09:48:38 UTC 2024 - Marcus Rueckert + +- Update to 1.113.0 + - Features + - Track which rooms have been sent to clients in the + experimental MSC3575 Sliding Sync /sync endpoint. (#17447) + - Add Account Data extension support to experimental MSC3575 + Sliding Sync /sync endpoint. (#17477) + - Add receipts extension support to experimental MSC3575 + Sliding Sync /sync endpoint. (#17489) + - Add typing notification extension support to experimental + MSC3575 Sliding Sync /sync endpoint. (#17505) + - Bugfixes + - Update experimental MSC3575 Sliding Sync /sync endpoint to + handle invite/knock rooms when filtering. (#17450) + - Fix a bug introduced in v1.110.0 which caused /keys/query to + return incomplete results, leading to high network activity + and CPU usage on Matrix clients. (#17499) + - Improved Documentation + - Update the allowed_local_3pids config option's msisdn address + to a working example. (#17476) + - Internal Changes + - Change sliding sync to use their own token format in + preparation for storing per-connection state. (#17452) + - Ensure we don't send down negative bump_stamp in experimental + sliding sync endpoint. (#17478) + - Do not send down empty room entries down experimental sliding + sync endpoint. (#17479) + - Refactor Sliding Sync tests to better utilize the + SlidingSyncBase. (#17481, #17482) + - Add some opentracing tags and logging to the experimental + sliding sync implementation. (#17501) + - Split and move Sliding Sync tests so we have some more sane + test file sizes. (#17504) + - Update the limited field description in the Sliding Sync + response to accurately describe what it actually represents. + (#17507) + - Easier to understand timeline assertions in Sliding Sync + tests. (#17511) + - Reset the sliding sync connection if we don't recognize the + per-connection state position. (#17529) + +------------------------------------------------------------------- +Tue Jul 30 17:07:03 UTC 2024 - Marcus Rueckert + +- Update to 1.112.0 (boo#1228596) + + The actual security fix will be in the python3x-Twisted package: + + This security release is to update our locked dependency on + Twisted to 24.7.0rc1, which includes a security fix for + CVE-2024-41671 / GHSA-c8m8-j448-xjx7: Disordered HTTP pipeline + response in twisted.web, again. + + Note that this security fix is also available as Synapse 1.111.1, + which does not include the rest of the changes in Synapse + 1.112.0. + + This issue means that, if multiple HTTP requests are pipelined in + the same TCP connection, Synapse can send responses to the wrong + HTTP request. If a reverse proxy was configured to use HTTP + pipelining, this could result in responses being sent to the + wrong user, severely harming confidentiality. + + With that said, despite being a high severity issue, we consider + it unlikely that Synapse installations will be affected. The use + of HTTP pipelining in this fashion would cause worse performance + for clients (request-response latencies would be increased as + users' responses would be artificially blocked behind other + users' slow requests). Further, Nginx and Haproxy, two common + reverse proxies, do not appear to support configuring their + upstreams to use HTTP pipelining and thus would not be affected. + For both of these reasons, we consider it unlikely that a Synapse + deployment would be set up in such a configuration. + + Despite that, we cannot rule out that some installations may + exist with this unusual setup and so we are releasing this + security update today. + + pip users: Note that by default, upgrading Synapse using pip will + not automatically upgrade Twisted. Please manually install the + new version of Twisted using pip install Twisted==24.7.0rc1. Note + also that even the --upgrade-strategy=eager flag to pip install + -U matrix-synapse will not upgrade Twisted to a patched version + because it is only a release candidate at this time. + + - Features + - Add to-device extension support to experimental MSC3575 + Sliding Sync /sync endpoint. (#17416) + - Populate name/avatar fields in experimental MSC3575 Sliding + Sync /sync endpoint. (#17418) + - Populate heroes and room summary fields (joined_count, + invited_count) in experimental MSC3575 Sliding Sync /sync + endpoint. (#17419) + - Populate is_dm room field in experimental MSC3575 Sliding + Sync /sync endpoint. (#17429) + - Add room subscriptions to experimental MSC3575 Sliding Sync + /sync endpoint. (#17432) + - Prepare for authenticated media freeze. (#17433) + - Add E2EE extension support to experimental MSC3575 Sliding + Sync /sync endpoint. (#17454) + - Bugfixes + - Add configurable option to always include offline users in + presence sync results. Contributed by @Michael-Hollister. + (#17231) + - Fix bug in experimental MSC3575 Sliding Sync /sync endpoint + when using room type filters and the user has one or more + remote invites. (#17434) + - Order heroes by stream_ordering as the Matrix specification + states (applies to /sync). (#17435) + - Fix rare bug where /sync would break for a user when using + workers with multiple stream writers. (#17438) + - Improved Documentation + - Update the readme image to have a white background, so that + it is readable in dark mode. (#17387) + - Add Red Hat Enterprise Linux and Rocky Linux 8 and 9 + installation instructions. (#17423) + - Improve documentation for the + default_power_level_content_override config option. (#17451) + - Internal Changes + - Make sure we always use the right logic for enabling the + media repo. (#17424) + - Fix argument documentation for method + RateLimiter.record_action. (#17426) + - Reduce volume of 'Waiting for current token' logs, which were + introduced in v1.109.0. (#17428) + - Limit concurrent remote downloads to 6 per IP address, and + decrement remote downloads without a content-length from the + ratelimiter after the download is complete. (#17439) + - Remove unnecessary call to resume producing in fake channel. + (#17449) + - Update experimental MSC3575 Sliding Sync /sync endpoint to + bump room when it is created. (#17453) + - Speed up generating sliding sync responses. (#17458) + - Add cache to get_rooms_for_local_user_where_membership_is to + speed up sliding sync. (#17460) + - Speed up fetching room keys from backup. (#17461) + - Speed up sorting of the room list in sliding sync. (#17468) + - Implement handling of $ME as a state key in sliding sync. + (#17469) + - Updates to locked dependencies + - Bump bytes from 1.6.0 to 1.6.1. (#17441) + - Bump hiredis from 2.3.2 to 3.0.0. (#17464) + - Bump jsonschema from 4.22.0 to 4.23.0. (#17444) + - Bump matrix-org/done-action from 2 to 3. (#17440) + - Bump mypy from 1.9.0 to 1.10.1. (#17445) + - Bump pyopenssl from 24.1.0 to 24.2.1. (#17465) + - Bump ruff from 0.5.0 to 0.5.4. (#17466) + - Bump sentry-sdk from 2.6.0 to 2.8.0. (#17456) + - Bump sentry-sdk from 2.8.0 to 2.10.0. (#17467) + - Bump setuptools from 67.6.0 to 70.0.0. (#17448) + - Bump twine from 5.1.0 to 5.1.1. (#17443) + - Bump types-jsonschema from 4.22.0.20240610 to + 4.23.0.20240712. (#17446) + - Bump ulid from 1.1.2 to 1.1.3. (#17442) + - Bump zipp from 3.15.0 to 3.19.1. (#17427) + +------------------------------------------------------------------- +Tue Jul 16 12:42:41 UTC 2024 - Marcus Rueckert + +- new dependency on python-python-multipart +- Update to 1.111.0 + - Features + - Add rooms data to experimental MSC3575 Sliding Sync /sync + endpoint. (#17320) + - Add room_types/not_room_types filtering to experimental + MSC3575 Sliding Sync /sync endpoint. (#17337) + - Return "required state" in experimental MSC3575 Sliding Sync + /sync endpoint. (#17342) + - Support MSC3916 by adding _matrix/client/v1/media/download + endpoint. (#17365) + - Support MSC3916 + by adding _matrix/client/v1/media/thumbnail, + _matrix/federation/v1/media/thumbnail endpoints and + stabilizing the remaining _matrix/client/v1/media endpoints. (#17388) + - Add rooms.bump_stamp for easier client-side sorting in + experimental MSC3575 Sliding Sync /sync endpoint. (#17395) + - Forget all of a user's rooms upon deactivation, preventing + local room purges from being blocked on deactivated users. + (#17400) + - Declare support for Matrix 1.11. (#17403) + - MSC3861: allow overriding the introspection endpoint. + (#17406) + - Bugfixes + - Fix bug where using synapse.app.media_repository worker + configuration would break the new media endpoints. (#17420) + - Fix rare race which caused no new to-device messages to be + received from remote server. (#17362) + - Fix bug in experimental MSC3575 Sliding Sync /sync endpoint + when using an old database. (#17398) + - Improved Documentation + - Document the new federation media worker endpoints in the + upgrade notes and worker docs. (#17421) + - Clarify that url_preview_url_blacklist is a usability + feature. (#17356) + - Fix broken links in README. (#17379) + - Clarify that changelog content and file extension need to + match in order for entries to merge. (#17399) + - Internal Changes + - Route authenticated federation media requests to media + repository workers in Complement tests. (#17422) + - Make the release script create a release branch for + Complement as well. (#17318) + - Fix uploading packages to PyPi. (#17363) + - Add CI check for the README. (#17367) + - Fix linting errors from new ruff version. (#17381, #17411) + - Fix building debian packages on non-clean checkouts. (#17390) + - Finish up work to allow per-user feature flags. (#17392, + #17410) + - Allow enabling sliding sync per-user. (#17393) + - Updates to locked dependencies + - Bump certifi from 2023.7.22 to 2024.7.4. (#17404) + - Bump cryptography from 42.0.7 to 42.0.8. (#17382) + - Bump ijson from 3.2.3 to 3.3.0. (#17413) + - Bump log from 0.4.21 to 0.4.22. (#17384) + - Bump mypy-zope from 1.0.4 to 1.0.5. (#17414) + - Bump pillow from 10.3.0 to 10.4.0. (#17412) + - Bump pydantic from 2.7.1 to 2.8.2. (#17415) + - Bump ruff from 0.3.7 to 0.5.0. (#17381) + - Bump serde from 1.0.203 to 1.0.204. (#17409) + - Bump serde_json from 1.0.117 to 1.0.120. (#17385, #17408) + - Bump types-setuptools from 69.5.0.20240423 to + 70.1.0.20240627. (#17380) + +------------------------------------------------------------------- +Wed Jul 3 18:33:06 UTC 2024 - Marcus Rueckert + +- Update to 1.110.0 + - Features + - Add initial implementation of an experimental MSC3575 Sliding + Sync /sync endpoint. (#17187) + - Add experimental support for MSC3823 - Account suspension. + (#17255) + - Improve ratelimiting in Synapse. (#17256) + - Add support for the unstable MSC4151 report room API. + (#17270, #17296) + - Filter for public and empty rooms added to Admin-API List + Room API. (#17276) + - Add is_dm filtering to experimental MSC3575 Sliding Sync + /sync endpoint. (#17277) + - Add is_encrypted filtering to experimental MSC3575 Sliding + Sync /sync endpoint. (#17281) + - Include user membership in events served to clients, per + MSC4115. (#17282) + - Do not require user-interactive authentication for uploading + cross-signing keys for the first time, per MSC3967. (#17284) + - Add stream_ordering sort to experimental MSC3575 Sliding Sync + /sync endpoint. (#17293) + - register_new_matrix_user now supports a --password-file flag, + which + - is useful for scripting. (#17294) + - register_new_matrix_user now supports a --exists-ok flag to + allow registration of users that already exist in the + database. + - This is useful for scripts that bootstrap user accounts with + initial passwords. (#17304) + - Add support for via query parameter from MSC4156. (#17322) + - Add is_invite filtering to experimental MSC3575 Sliding Sync + /sync endpoint. (#17335) + - Support MSC3916 by adding a federation /download endpoint. + (#17350) + - Bugfixes + - Fix bug where /sync requests could get blocked indefinitely + after an upgrade from Synapse versions before v1.109.0. + (#17386, [#17391](https://github.com/ /issues/17391)) + - Fix searching for users with their exact localpart whose ID + includes a hyphen. (#17254) + - Fix wrong retention policy being used when filtering events. + (#17272) + - Fix bug where OTKs were not always included in /sync response + when using workers. (#17275) + - Fix a long-standing bug where an invalid 'from' parameter to + /notifications would result in an Internal Server Error. + (#17283) + - Fix edge case in /sync returning the wrong the state when + using sharded event persisters. (#17295) + - Add initial implementation of an experimental MSC3575 Sliding + Sync /sync endpoint. (#17301) + - Fix email notification subject when invited to a space. + (#17336) + - Improved Documentation + - Add missing quotes for example for exclude_rooms_from_sync. + (#17308) + - Update header in the README to visually fix the the + auto-generated table of contents. (#17329) + - Fix stale references to the Foundation's Security Disclosure + Policy. (#17341) + - Add default values for rc_invites.per_issuer to docs. + (#17347) + - Fix an error in the docs for search_all_users parameter under + user_directory. (#17348) + - Internal Changes + - Limit size of presence EDUs to 50 entries. (#17371) + - Fix building debian package for debian sid. (#17389) + - Fix uploading packages to PyPi. (#17363) + - Remove unused expire_access_token option in the Synapse + Docker config file. Contributed by @AaronDewes. (#17198) + - Use fully-qualified PersistedEventPosition when returning + RoomsForUser to facilitate proper comparisons and + RoomStreamToken generation. (#17265) + - Add debug logging for when room keys are uploaded, including + whether they are replacing other room keys. (#17266) + - Handle OTK uploads off master. (#17271) + - Don't try and resync devices for remote users whose servers + are marked as down. (#17273) + - Re-organize Pydantic models and types used in handlers. + (#17279) + - Expose the worker instance that persisted the event on + event.internal_metadata.instance_name. (#17300) + - Update the README with Element branding, improve headers and + fix the #synapse:matrix.org support room link rendering. + (#17324) + - Change path of the experimental MSC3575 Sliding Sync + implementation to /org.matrix.simplified_msc3575/sync since + our simplified API is slightly incompatible with what's in + the current MSC. (#17331) + - Handle device lists notifications for large accounts more + efficiently in worker mode. (#17333, #17358) + - Do not block event sending/receiving while calculating large + event auth chains. (#17338) + - Tidy up parse_integer docs and call sites to reflect the fact + that they require non-negative integers by default, and bring + parse_integer_from_args default in alignment. Contributed by + Denis Kasak (@dkasak). (#17339) + +------------------------------------------------------------------- +Tue Jun 18 11:01:41 UTC 2024 - Marcus Rueckert + +- Update to 1.109.0 + - Features + - Add the ability to auto-accept invites on the behalf of + users. See the auto_accept_invites config option for details. + (#17147) + - Add experimental MSC3575 Sliding Sync /sync/e2ee endpoint for + to-device messages and device encryption info. (#17167) + - Support MSC3916 by adding unstable media endpoints to + /_matrix/client. (#17213) + - Add logging to tasks managed by the task scheduler, showing + CPU and database usage. (#17219) + - Bugfixes + - When rolling back to a previous Synapse version and then + forwards again to this release, don't require server + operators to manually run SQL. (#17305, #17309) + - Fix bug where one-time-keys were not always included in /sync + response when using workers. Introduced in v1.109.0rc1. + (#17275) + - Fix bug where /sync could get stuck due to edge case in + device lists handling. Introduced in v1.109.0rc1. (#17292) + - Fix deduplicating of membership events to not create unused + state groups. (#17164) + - Fix bug where duplicate events could be sent down sync when + using workers that are overloaded. (#17215) + - Ignore attempts to send to-device messages to bad users, to + avoid log spam when we try to connect to the bad server. + (#17240) + - Fix handling of duplicate concurrent uploading of device + one-time-keys. (#17241) + - Fix reporting of default tags to Sentry, such as worker name. + Broke in v1.108.0. (#17251) + - Fix bug where typing updates would not be sent when using + workers after a restart. (#17252) + - Improved Documentation + - Update the LemonLDAP documentation to say that claims should + be explicitly included in the returned id_token, as Synapse + won't request them. (#17204) + - Internal Changes + - Fix the building of binary wheels for macOS by switching to + macOS 12 CI runners. (#17319) + - Use the release branch for sytest in release-branch PRs. + (#17306) + - Improve DB usage when fetching related events. (#17083) + - Log exceptions when failing to auto-join new user according + to the auto_join_rooms option. (#17176) + - Reduce work of calculating outbound device lists updates. + (#17211) + - Improve performance of calculating device lists changes in + /sync. (#17216) + - Move towards using MultiWriterIdGenerator everywhere. + (#17226) + - Replaces all usages of StreamIdGenerator with + MultiWriterIdGenerator. (#17229) + - Change the allow_unsafe_locale config option to also apply + when setting up new databases. (#17238) + - Fix errors in logs about closing incorrect logging contexts + when media gets rejected by a module. (#17239, #17246) + - Clean out invalid destinations from device_federation_outbox + table. (#17242) + - Stop logging errors when receiving invalid User IDs in key + querys requests. (#17250) + +------------------------------------------------------------------- +Tue May 28 12:37:01 UTC 2024 - Marcus Rueckert + +- Update to 1.108.0 + - Features + - Add a feature that allows clients to query the configured + federation whitelist. Disabled by default. (#16848, #17199) + - Add the ability to allow numeric user IDs with a specific + prefix when in the CAS flow. Contributed by Aurélien + Grimpard. (#17098) + - Bugfixes + - Fix bug where push rules would be empty in /sync for some + accounts. Introduced in v1.93.0. (#17142) + - Add support for optional whitespace around the Federation + API's Authorization header's parameter commas. (#17145) + - Fix bug where disabling room publication prevented public + rooms being created on workers. (#17177, #17184) + - Improved Documentation + - Document /v1/make_knock and /v1/send_knock/ federation + endpoints as worker-compatible. (#17058) + - Update User Admin API with note about prefixing OIDC + external_id providers. (#17139) + - Clarify the state of the created room when using the + autocreate_auto_join_room_preset config option. (#17150) + - Update the Admin FAQ with the current libjemalloc version for + latest Debian stable. Additionally update the name of the + "push_rules" stream in the Workers documentation. (#17171) + - Internal Changes + - Add note to reflect that MSC3886 is closed but will remain + supported for some time. (#17151) + - Update dependency PyO3 to 0.21. (#17162) + - Fixes linter errors found in PR #17147. (#17166) + - Bump black from 24.2.0 to 24.4.2. (#17170) + - Cache literal sync filter validation for performance. + (#17186) + - Improve performance by fixing a reactor pause. (#17192) + - Route /make_knock and /send_knock federation APIs to the + federation reader worker in Complement test runs. (#17195) + - Prepare sync handler to be able to return different sync + responses (SyncVersion). (#17200) + - Organize the sync cache key parameter outside of the sync + config (separate concerns). (#17201) + - Refactor SyncResultBuilder assembly to its own function. + (#17202) + - Rename to be obvious: joined_rooms -> joined_room_ids. + (#17203, #17208) + - Add a short pause when rate-limiting a request. (#17210) + +------------------------------------------------------------------- +Tue May 14 14:41:53 UTC 2024 - Marcus Rueckert + +- Update to 1.107.0 + - Features + - Add preliminary support for MSC3823: Account Suspension. + (#17051) + - Declare support for Matrix v1.10. Contributed by @clokep. + (#17082) + - Add support for MSC4115: membership metadata on events. + (#17104, #17137) + - Bugfixes + - Fixed search feature of Element Android on homesevers using + SQLite by returning search terms as search highlights. + (#17000) + - Fixes a bug introduced in v1.52.0 where the destination query + parameter for the Destination Rooms Admin API failed to + actually filter returned rooms. (#17077) + - For MSC3266 room summaries, support queries at the + recommended endpoint of + /_matrix/client/unstable/im.nheko.summary/summary/{roomIdOrAlias}. + The existing endpoint of + /_matrix/client/unstable/im.nheko.summary/rooms/{roomIdOrAlias}/summary + is deprecated. (#17078) + - Apply user email & picture during OIDC registration if + present & selected. (#17120) + - Improve error message for cross signing reset with MSC3861 + enabled. (#17121) + - Fix a bug which meant that to-device messages received over + federation could be dropped when the server was under load or + networking problems caused problems between Synapse processes + or the database. (#17127) + - Fix bug where StreamChangeCache would not respect configured + cache factors. (#17152) + - Updates to the Docker image + - Correct licensing metadata on Docker image. (#17141) + - Improved Documentation + - Update the event_cache_size and global_factor configuration + options' documentation. (#17071) + - Remove broken sphinx docs. (#17073, #17148) + - Add RuntimeDirectory to example matrix-synapse.service + systemd unit. (#17084) + - Fix various small typos throughout the docs. (#17114) + - Update enable_notifs configuration documentation. (#17116) + - Update the Upgrade Notes with the latest minimum supported + Rust version of 1.66.0. Contributed by @jahway603. (#17140) + - Internal Changes + - Enable MSC3266 by default in the Synapse Complement image. + (#17105) + - Add optimisation to + StreamChangeCache.get_entities_changed(..). (#17130) + +------------------------------------------------------------------- +Tue Apr 30 14:09:46 UTC 2024 - Marcus Rueckert + +- Update to 1.106.0 + - Features + - Send an email if the address is already bound to an user + account. (#16819) + - Implement the rendezvous mechanism described by MSC4108. + (#17056) + - Support delegating the rendezvous mechanism described MSC4108 + to an external implementation. (#17086) + - Bugfixes + - Add validation to ensure that the limit parameter on + /publicRooms is non-negative. (#16920) + - Return 400 M_NOT_JSON upon receiving invalid JSON in query + parameters across various client and admin endpoints, rather + than an internal server error. (#16923) + - Make the CSAPI endpoint /keys/device_signing/upload + idempotent. (#16943) + - Redact membership events if the user requested erasure upon + deactivating. (#17076) + - Improved Documentation + - Add a prompt in the contributing guide to manually configure + icu4c. (#17069) + - Clarify what part of message retention is still experimental. + (#17099) + - Internal Changes + - Use new receipts column to optimise receipt and push action + SQL queries. Contributed by Nick @ Beeper (@Fizzadar). + (#17032, #17096) + - Fix mypy with latest Twisted release. (#17036) + - Bump minimum supported Rust version to 1.66.0. (#17079) + - Add helpers to transform Twisted requests to Rust http + Requests/Responses. (#17081) + - Fix type annotation for visited_chains after mypy upgrade. + (#17125) + +------------------------------------------------------------------- +Tue Apr 23 16:37:19 UTC 2024 - Marcus Rueckert + +- Update to 1.105.1 (boo#1223319) + - Security + - GHSA-3h7q-rfh9-xm4v / CVE-2024-31208 — High Severity + Weakness in auth chain indexing allows DoS from remote room + members through disk fill and high CPU usage. + + See the advisories for more details. If you have any + questions, email security@element.io. + +------------------------------------------------------------------- +Tue Apr 16 19:29:37 UTC 2024 - Marcus Rueckert + +- Update to 1.105.0 + - Features + - Stabilize support for MSC4010 which clarifies the interaction + of push rules and account data. Contributed by @clokep. + (#17022) + - Stabilize support for MSC3981: /relations recursion. + Contributed by @clokep. (#17023) + - Add support for moving /pushrules off of main process. + (#17037, #17038) + - Bugfixes + - Fix various long-standing bugs which could cause incorrect + state to be returned from /sync in certain situations. + (#16930, #16932, #16942, #17064, #17065, #17066) + - Fix server notice rooms not always being created as + unencrypted rooms, even when + encryption_enabled_by_default_for_room_type is in use (server + notices are always unencrypted). (#17033) + - Fix the .m.rule.encrypted_room_one_to_one and + .m.rule.room_one_to_one default underride push rules being in + the wrong order. Contributed by @Sumpy1. (#17043) + - Internal Changes + - Refactor auth chain fetching to reduce duplication. (#17044) + - Improve database performance by adding a missing index to + access_tokens.refresh_token_id. (#17045, #17054) + - Improve database performance by reducing number of receipts + fetched when sending push notifications. (#17049) + +------------------------------------------------------------------- +Tue Apr 2 21:08:17 UTC 2024 - Marcus Rueckert + +- Update to 1.104.0 + - Features + - Add an OIDC config to specify extra parameters for the + authorization grant URL. IT can be useful to pass an ACR + value for example. (#16971) + - Add support for OIDC provider returning JWT. (#16972, #17031) + - Bugfixes + - Fix regression when using OIDC provider. Introduced in + v1.104.0rc1. (#17031) + - Fix a bug which meant that, under certain circumstances, we + might never retry sending events or to-device messages over + federation after a failure. (#16925) + - Fix various long-standing bugs which could cause incorrect + state to be returned from /sync in certain situations. + (#16949) + - Fix case in which m.fully_read marker would not get updated. + Contributed by @SpiritCroc. (#16990) + - Fix bug which did not retract a user's pending knocks at + rooms when their account was deactivated. Contributed by + @hanadi92. (#17010) + - Updates to the Docker image + - Updated start.py to generate config using the correct user ID + when running as root (fixes #16824, #15202). (#16978) + - Improved Documentation + - Add a query to force a refresh of a remote user's device list + to the "Useful SQL for Admins" documentation page. (#16892) + - Minor grammatical corrections to the upgrade documentation. + (#16965) + - Fix the sort order for the documentation version picker, so + that newer releases appear above older ones. (#16966) + - Remove recommendation for a specific poetry version from + contributing guide. (#17002) + - Internal Changes + - Improve lock performance when a lot of locks are all waiting + for a single lock to be released. (#16840) + - Update power level default for public rooms. (#16907) + - Improve event validation. (#16908) + - Multi-worker-docker-container: disable log buffering. + (#16919) + - Refactor state delta calculation in /sync handler. (#16929) + - Clarify docs for some room state functions. (#16950) + - Specify IP subnets in canonical form. (#16953) + - As done for SAML mapping provider, let's pass the module API + to the OIDC one so the mapper can do more logic in its code. + (#16974) + - Allow containers building on top of Synapse's Complement + container is use the included PostgreSQL cluster. (#16985) + - Raise poetry-core version cap to 1.9.0. (#16986) + - Patch the db conn pool sooner in tests. (#17017) +- cleaned up TODOs in the poetry section and bumped the minimum + versions to what is available in TW + +------------------------------------------------------------------- +Wed Mar 27 12:14:05 UTC 2024 - Adam Majer + +- Moved to Element maintained fork as matrix has archived their version +- Update to 1.103.0 + - Features + - Add a new List Accounts v3 Admin API with improved deactivated + user filtering capabilities. (#16874) + - Include Retry-After header by default per MSC4041. Contributed + by @clokep. (#16947) + - Bugfixes + - Fix joining remote rooms when a module uses the on_new_event + callback. This callback may now pass partial state events + instead of the full state for remote rooms. Introduced in + v1.76.0. (#16973) + - Fix performance issue when joining very large rooms that can + cause the server to lock up. Introduced in v1.100.0. + Contributed by @ggogel. (#16968) + - Improved Documentation + - Add HAProxy example for single port operation to reverse proxy + documentation. Contributed by Georg Pfuetzenreuter (@tacerus). + (#16768) + - Improve the documentation around running Complement tests with + new configuration parameters. (#16946) + - Add docs on upgrading from a very old version. (#16951) + +For changes in older version since 1.98.0, see +https://github.com/element-hq/synapse/releases + +------------------------------------------------------------------- +Fri Mar 22 00:28:47 UTC 2024 - Marcus Rueckert + +- allow newer poetry-core after bump in TW + +------------------------------------------------------------------- +Fri Mar 1 23:54:12 UTC 2024 - Marcus Rueckert + +- bump setuptools-rust to 1.9.0 + +------------------------------------------------------------------- +Wed Dec 13 00:53:28 UTC 2023 - Marcus Rueckert + +- Update to 1.98.0 + Synapse 1.98.0 will be the last Synapse release in 2023; the + regular release cadence will resume in January 2024. + + Synapse will soon be forked by Element under an AGPLv3.0 licence + (with CLA, for proprietary dual licensing). You can read more + about this here: + + https://matrix.org/blog/2023/11/06/future-of-synapse-dendrite/ + https://element.io/blog/element-to-adopt-agplv3/ + + The Matrix.org Foundation copy of the project will be archived. + Any changes needed by server administrators will be communicated + via our usual announcements channels, but we are striving to make + this as seamless as possible. + + - Features + - Synapse now declares support for Matrix v1.7, v1.8, and v1.9. + (#16707) + - Add on_user_login module API callback allowing to execute + custom code after (on) Auth. (#15207) + - Support MSC4069: Inhibit profile propagation. (#16636) + - Restore tracking of requests and monthly active users when + delegating authentication via MSC3861 to an OIDC provider. + (#16672) + - Add an autojoin setting for server notices rooms, so users + may be joined directly instead of receiving an invite. + (#16699) + - Follow redirects when downloading media over federation (per + MSC3860). (#16701) + - Bugfixes + - Enable refreshable tokens on the admin registration endpoint. + (#16642) + - Consistently bypass rate limits when using the server notice + admin API. (#16670) + - Fix a bug introduced in Synapse 1.7.2 where rooms whose power + levels lacked an events field could not be upgraded. (#16725) + - Fix GET /_synapse/admin/v1/federation/destinations admin API + returning null (instead of 0) for retry_last_ts and + retry_interval. (#16729) + - Improved Documentation + - Add schema rollback information to documentation. (#16661) + - Fix poetry version typo in the contributors' guide. (#16695) + - Switch the example UNIX socket paths to /run. Add HAProxy + example configuration for UNIX sockets. (#16700) + - Add documentation for how to validate the configuration file + with synapse.config script. (#16714) + - Internal Changes + - Clean-up unused tables. (#16522) + - Reduce a little database load while processing state auth + chains. (#16552) + - Reduce database load of pruning old user_ips. (#16667) + - Reduce DB load when forget on leave setting is disabled. + (#16668) + - Ignore encryption_enabled_by_default_for_room_type setting + when creating server notices room, since the notices will be + send unencrypted anyway. (#16677) + - Correctly read the to-device stream ID on startup using + SQLite. (#16682) + - Reoranganise test files. (#16684) + - Remove old full schema dumps which are no longer used. + (#16697) + - Raise poetry-core upper bound to <=1.8.1. This allows + contributors to import Synapse after poetry installing with + Poetry 1.6 and above. Contributed by Mo Balaa. (#16702) + - Add a workflow to try and automatically fixup linting in a + PR. (#16704) + +------------------------------------------------------------------- +Tue Nov 28 15:22:31 UTC 2023 - Marcus Rueckert + +- Update to 1.97.0 + Synapse will soon be forked by Element under an AGPLv3.0 licence (with CLA, for + proprietary dual licensing). You can read more about this here: + + https://matrix.org/blog/2023/11/06/future-of-synapse-dendrite/ + https://element.io/blog/element-to-adopt-agplv3/ + The Matrix.org Foundation copy of the project will be archived. Any changes needed + by server administrators will be communicated via our usual announcements channels, + but we are striving to make this as seamless as possible. + + - Features + - Add support for asynchronous uploads as defined by MSC2246. + Contributed by @sumnerevans at @beeper. (#15503) + - Improve the performance of some operations in multi-worker + deployments. (#16613, #16616) + - Bugfixes + - Fix a long-standing bug where some queries updated the same + row twice. Introduced in Synapse 1.57.0. (#16609) + - Fix a long-standing bug where Synapse would not unbind + third-party identifiers for Application Service users when + deactivated and would not emit a compliant response. (#16617) + - Fix sending out of order POSITION over replication, causing + additional database load. (#16639) + - Improved Documentation + - Note that the option outbound_federation_restricted_to was + added in Synapse 1.89.0, and fix a nearby formatting error. + (#16628) + - Update parameter information for the /timestamp_to_event + admin API. (#16631) + - Provide an example for a common encrypted media response from + the admin user media API and mention possible null values. + (#16654) + - Internal Changes + - Remove whole table locks on push rule modifications. + Contributed by Nick @ Beeper (@Fizzadar). (#16051) + - Support reactor tick timings on more types of event loops. + (#16532) + - Improve type hints. (#16564, #16611, #16612) + - Avoid executing no-op queries. (#16583) + - Simplify persistence code to be per-room. (#16584) + - Use standard SQL helpers in persistence code. (#16585) + - Avoid updating the stream cache unnecessarily. (#16586) + - Improve performance when using opentracing. (#16589) + - Run push rule evaluator setup in parallel. (#16590) + - Improve tests of the SQL generator. (#16596) + - Use more generic database methods. (#16615) + - Use dbname instead of the deprecated database connection + parameter for psycopg2. (#16618) + - Add an internal Admin API endpoint to temporarily grant the + ability to update an existing cross-signing key without UIA. + (#16634) + - Improve references to GitHub issues. (#16637, #16638) + - More efficiently handle no-op POSITION over replication. + (#16640, #16655) + - Speed up deleting of device messages when deleting a device. + (#16643) + - Speed up persisting large number of outliers. (#16649) + - Reduce max concurrency of background tasks, reducing + potential max DB load. (#16656, #16660) + - Speed up purge room by adding an index to event_push_summary. + (#16657) +- refresh patches: + bump-dependencies.patch + matrix-synapse-1.4.1-paths.patch + +------------------------------------------------------------------- +Fri Nov 17 23:44:47 UTC 2023 - Marcus Rueckert + +- Update to 1.96.0 + Synapse will soon be forked by Element under an AGPLv3.0 licence + (with CLA, for proprietary dual licensing). You can read more + about this here: + + https://matrix.org/blog/2023/11/06/future-of-synapse-dendrite/ + https://element.io/blog/element-to-adopt-agplv3/ + + The Matrix.org Foundation copy of the project will be archived. + Any changes needed by server administrators will be communicated + via our usual announcements channels, but we are striving to make + this as seamless as possible. + + - Features + - Add experimental support to allow multiple workers to write + to receipts stream. (#16432) + - Add a new module API for controller presence. (#16544) + - Add a new module API callback that allows adding extra fields + to events' unsigned section when sent down to clients. + (#16549) + - Improve the performance of claiming encryption keys. (#16565, + #16570) + - Bugfixes + - Fix "'int' object is not iterable" error in + set_device_id_for_pushers background update introduced in + Synapse 1.95.0. (#16594) + - Fixed a bug in the example Grafana dashboard that prevents it + from finding the correct datasource. Contributed by + @MichaelSasser. (#16471) + - Fix a long-standing, exceedingly rare edge case where the + first event persisted by a new event persister worker might + not be sent down /sync. (#16473, #16557, #16561, #16578, + #16580) + - Fix long-standing bug where /sync incorrectly did not mark a + room as limited in a sync requests when there were missing + remote events. (#16485) + - Fix a bug introduced in Synapse 1.41 where HTTP(S) forward + proxy authorization would fail when using basic HTTP + authentication with a long username:password string. (#16504) + - Force TLS certificate verification in user registration + script. (#16530) + - Fix long-standing bug where /sync could tightloop after + restart when using SQLite. (#16540) + - Fix ratelimiting of message sending when using workers, where + the ratelimit would only be applied after most of the work + has been done. (#16558) + - Fix a long-standing bug where invited/knocking users would + not leave during a room purge. (#16559) + - Improved Documentation + - Improve documentation of presence router. (#16529) + - Add a sentence to the opentracing docs on how you can have + jaeger in a different place than synapse. (#16531) + - Correctly describe the meaning of unspecified rule lists in + the alias_creation_rules and room_list_publication_rules + config options and improve their descriptions more generally. + (#16541) + - Pin the recommended poetry version in contributors' guide. + (#16550) + - Fix a broken link to the client breakdown in the README. + (#16569) + - Internal Changes + - Improve performance of delete device messages query, cf issue + 16479. (#16492) + - Reduce memory allocations. (#16505) + - Improve replication performance when purging rooms. (#16510) + - Run tests against Python 3.12. (#16511) + - Run trial & integration tests in continuous integration when + .ci directory is modified. (#16512) + - Remove duplicate call to mark remote server 'awake' when + using a federation sending worker. (#16515) + - Enable dirty runs on Complement CI, which is significantly + faster. (#16520) + - Stop deleting from an unused table. (#16521) + - Improve type hints. (#16526, #16551) + - Fix running unit tests on Twisted trunk. (#16528) + - Reduce some spurious logging in worker mode. (#16555) + - Stop porting a table in port db that we're going to nuke and + rebuild anyway. (#16563) + - Deal with warnings from running complement in CI. (#16567) + - Allow building with setuptools_rust 1.8.0. (#16574) + +------------------------------------------------------------------- +Tue Nov 7 09:14:10 UTC 2023 - Dominique Leuenberger + +- Fix build with RPM 4.19: unnumbered patches are no longer + supported. + +------------------------------------------------------------------- +Tue Oct 31 20:03:55 UTC 2023 - Marcus Rueckert + +- Update to 1.95.1 (boo#1216770) + - Security: + - GHSA-mp92-3jfm-3575 / CVE-2023-43796 — Moderate Severity + Cached device information of remote users can be queried from + Synapse. This can be used to enumerate the remote users known + to a homeserver. + +------------------------------------------------------------------- +Tue Oct 24 19:56:22 UTC 2023 - Marcus Rueckert + +- Update to 1.95.0 + - Bugfixes + - Remove legacy unspecced knock_state_events field returned in + some responses. (#16403) + - Fix a bug introduced in Synapse 1.81.0 where an + AttributeError would be raised when + _matrix/client/v3/account/whoami is called over a unix + socket. Contributed by @Sir-Photch. (#16404) + - Properly return inline media when content types have + parameters. (#16440) + - Prevent the purging of large rooms from timing out when + Postgres is in use. The timeout which causes this issue was + introduced in Synapse 1.88.0. (#16455) + - Improve the performance of purging rooms, particularly + encrypted rooms. (#16457) + - Fix a bug introduced in Synapse 1.59.0 where servers could be + incorrectly marked as available after an error response was + received. (#16506) + - Improved Documentation + - Document internal background update mechanism. (#16420) + - Fix a typo in the sql for useful SQL for admins document. + (#16477) + - Internal Changes + - Bump pyo3 from 0.17.1 to 0.19.2. (#16162) + - Update registration of media repository URLs. (#16419) + - Improve type hints. (#16421, #16468, #16469, #16507) + - Refactor some code to simplify and better type receipts + stream adjacent code. (#16426) + - Factor out MultiWriter token from RoomStreamToken. (#16427) + - Improve code comments. (#16428) + - Reduce memory allocations. (#16429, #16431, #16433, #16434, + #16438, #16444) + - Remove unused method. (#16435) + - Improve rate limiting logic. (#16441) + - Do not block running of CI behind the check for sign-off on + PRs. (#16454) + - Update the release script to remind releaser to check for + special release notes. (#16461) + - Update complement.sh to match new public API shape. (#16466) + - Clean up logging on event persister endpoints. (#16488) + - Remove useless async job to delete device messages on sync, + since we only deliver (and hence delete) up to 100 device + messages at a time. (#16491) + +------------------------------------------------------------------- +Tue Oct 10 13:20:04 UTC 2023 - Marcus 'darix' Rückert + +- Update to 1.94.0 (boo#1216126 CVE-2023-45129) + GHSA-5chr-wjw5-3gq4 / CVE-2023-45129 — Moderate Severity + + A malicious server ACL event can impact performance temporarily + or permanently leading to a persistent denial of service. + + Homeservers running on a closed federation (which presumably do + not need to use server ACLs) are not affected. + + - Features + - Render plain, CSS, CSV, JSON and common image formats in the + browser (inline) when requested through the /download + endpoint. (#15988) + - Add experimental support for MSC4028 to push all encrypted + events to clients. (#16361) + - Minor performance improvement when sending presence to + federated servers. (#16385) + - Minor performance improvement by caching server ACL checking. + (#16360) + - Improved Documentation + - Add developer documentation concerning gradual schema + migrations with column alterations. (#15691) + - Improve documentation of the user directory search algorithm. + (#16320) + - Fix rendering of user admin API documentation around + deactivation. This was broken in Synapse 1.91.0. (#16355) + - Update documentation around message retention policies. + (#16382) + - Add note to federation_domain_whitelist config option to + clarify its usage. (#16416) + - Improve legacy release notes. (#16418) + - Deprecations and Removals + - Remove Python version from /_synapse/admin/v1/server_version. + (#16380) + - Internal Changes + - Avoid running CI steps when the files they check have not + been changed. (#14745, #16387) + - Improve type hints. (#14911, #16350, #16356, #16395) + - Added support for pydantic v2 in addition to pydantic v1. + Contributed by Maxwell G (@gotmax23). (#16332) + - Get CI to check PRs have been signed-off. (#16348) + - Add missing licence header. (#16359) + - Improve type hints, and bump types-psycopg2 from 2.9.21.11 to + 2.9.21.14. (#16381) + - Improve comments in StateGroupBackgroundUpdateStore. (#16383) + - Update maturin configuration. (#16394) + - Downgrade replication stream time out error log lines to + warning. (#16401) + +------------------------------------------------------------------- +Tue Sep 26 17:35:26 UTC 2023 - Marcus Rueckert + +- Update to 1.93.0 + The following issues are fixed in 1.93.0 (and RCs). + + GHSA-4f74-84v3-j9q5 / CVE-2023-41335 — Low Severity + https://github.com/matrix-org/synapse/security/advisories/GHSA-4f74-84v3-j9q5 + + Temporary storage of plaintext passwords during password changes. + + GHSA-7565-cq32-vx2x / CVE-2023-42453 — Low Severity + https://github.com/matrix-org/synapse/security/advisories/GHSA-7565-cq32-vx2x + + Improper validation of receipts allows forged read receipts. + + See the advisories for more details. If you have any questions, email security@matrix.org. + + + - Features + - Add automatic purge after all users have forgotten a room. + (#15488) + - Restore room purge/shutdown after a Synapse restart. (#15488) + - Support resolving homeservers using matrix-fed DNS SRV + records from MSC4040. (#16137) + - Add the ability to use G (GiB) and T (TiB) suffixes in + configuration options that refer to numbers of bytes. + (#16219) + - Add span information to requests sent to appservices. + Contributed by MTRNord. (#16227) + - Add the ability to enable/disable registrations when using + CAS. Contributed by Aurélien Grimpard. (#16262) + - Allow the /notifications endpoint to be routed to workers. + (#16265) + - Enable users to easily unsubscribe to notifications emails + via the List-Unsubscribe header. (#16274) + - Report whether a user is locked in the List Accounts admin + API, and exclude locked users by default. (#16328) + - Bugfixes + - Fix a long-standing bug where multi-device accounts could + cause high load due to presence. (#16066, #16170, #16171, + #16172, #16174) + - Fix a long-standing bug where appservices using MSC2409 to + receive to_device messages would only get messages for one + user. (#16251) + - Fix bug when using workers where Synapse could end up + re-requesting the same remote device repeatedly. (#16252) + - Fix long-standing bug where we kept re-requesting a remote + server's key repeatedly, potentially causing delays in + receiving events over federation. (#16257) + - Avoid temporary storage of sensitive information. (#16272) + - Fix bug introduced in Synapse 1.49.0 when using dehydrated + devices (MSC2697) and refresh tokens. Contributed by Hanadi. + (#16288) + - Fix a long-standing bug where invalid receipts would be + accepted. (#16327) + - Use standard name for UTF-8 charset in emails. (#16329) + - Don't try refetching device lists for users on remote hosts + that are marked as "down". (#16298) + - Improved Documentation + - Fix typos in the documentation. (#16282) + - Link to the Alpine Linux community package for Synapse. + (#16304) + - Use string for federation_client_minimum_tls_version + documentation examples. Contributed by @jcgruenhage. (#16353) + - Internal Changes + - Allow modules to delete rooms. (#15997) + - Add GCC and GNU Make to the Nix flake development environment + so that ruff can be compiled. (#16090, #16263) + - Fix type checking when using the new version of Twisted. + (#16235) + - Delete device messages asynchronously and in staged batches + using the task scheduler. (#16240, #16311, #16312, #16313) + - Bump minimum supported Rust version to 1.61.0. (#16248) + - Update rust to version 1.71.1 in the nix development + environment. (#16260) + - Simplify server key storage. (#16261) + - Reduce CPU overhead of change password endpoint. (#16264) + - Stop purging from tables slated for removal. (#16273) + - Improve type hints. (#16276, #16301, #16325, #16326) + - Raise setuptools_rust version cap to 1.7.0. (#16277) + - Fix using the new task scheduler causing lots of CPU to be + used. (#16278) + - Upgrade CI run of Python 3.12 from rc1 to rc2. (#16280) + - Include values in SQL debug when using execute_values with + Postgres. (#16281) + - Enable additional linting checks. (#16283) + - Refactor receipts_graph Postgres transactions to stop error + messages. (#16299) + - Small improvements to logging in replication code. (#16309) + - Remove a reference cycle in background processes. (#16314) + - Only use literal strings for background process names. + (#16315) + - Refactor get_user_by_id. (#16316) + - Speed up task to delete to-device messages. (#16318) + - Avoid patching code in tests. (#16349) + - Test against PostgreSQL 16. (#16351) + +------------------------------------------------------------------- +Mon Sep 25 23:09:42 UTC 2023 - Marcus Rueckert + +- Update to 1.92.3 + This release does not affect openSUSE as we do not use the intree + libwebp + + Upstream changes: + This is again a security update targeted at mitigating + CVE-2023-4863. It turns out that libwebp is bundled statically in + Pillow wheels so we need to update this dependency instead of + libwebp package at the OS level. + + Unlike what was advertised in 1.92.2 changelog this release also + impacts PyPI wheels and Debian packages from matrix.org. + + We encourage admins to upgrade as soon as possible. + + Internal Changes + - Pillow 10.0.1 is now mandatory because of libwebp + CVE-2023-4863, since Pillow provides libwebp in the wheels. + (#16347) +- bump all the dependencies which are not available in tumbleweed. + +------------------------------------------------------------------- +Fri Sep 15 13:57:20 UTC 2023 - Marcus Rueckert + +- Update to 1.92.2 + Only fix in this is actually changing the upstream docker + configuration to mitigate the webp security bug. Does not affect + our package. + +------------------------------------------------------------------- +Tue Sep 12 20:21:04 UTC 2023 - Marcus Rueckert + +- Update to 1.92.1 + - Bugfixes + - Revert MSC3861 introspection cache, admin impersonation and + account lock. (#16258) + - Internal Changes + - Fix incorrect docstring for Ratelimiter. (#16255) + - Update the release script to work on macOS. (#16266) + - Stop building Ubuntu Kinetic since it is EOL and repos seem + to be dead. + +------------------------------------------------------------------- +Wed Sep 6 20:43:15 UTC 2023 - Marcus Rueckert + +- Update to 1.91.2 + - Bugfixes + - Revert MSC3861 introspection cache, admin impersonation and + account lock. (#16258) + +------------------------------------------------------------------- +Mon Sep 4 14:06:47 UTC 2023 - Marcus Rueckert + +- Update to 1.91.1 + - Bugfixes + - Fix a performance regression introduced in Synapse 1.91.0 + where event persistence would cause an excessive linear + growth in CPU usage. (#16220) + +------------------------------------------------------------------- +Mon Sep 4 01:12:17 UTC 2023 - Marcus Rueckert + +- Update to 1.91.0 + - Features + - Implements an admin API to lock an user without deactivating + them. Based on MSC3939. (#15870) + - Allow specifying client_secret_path as alternative to + client_secret for OIDC providers. This avoids leaking the + client secret in the homeserver config. Contributed by @Ma27. + (#16030) + - Allow customising the IdP display name, icon, and brand for + SAML and CAS providers (in addition to OIDC provider). + (#16094) + - Add an admins query parameter to the List Accounts admin API, + to include only admins or to exclude admins in user queries. + (#16114) + - Bugfixes + - Fix long-standing bug where concurrent requests to change a + user's push rules could cause a deadlock. Contributed by Nick + @ Beeper (@Fizzadar). (#16052) + - Fix a long-standing bug in /sync where timeout=0 does not + skip caching, resulting in slow calls in cases where there + are no new changes. Contributed by @PlasmaIntec. (#16080) + - Fix performance of state resolutions for large, old rooms + that did not have the full auth chain persisted. (#16116) + - Filter out user agent references to the sliding sync proxy + and rust-sdk from the user_daily_visits table to ensure that + Element X can be represented fully. (#16124) + - User constent and third-party changes capability cannot be + enabled when using experimental MSC3861 support. (#16127, + #16134) + - Fix a rare race that could block new events from being sent + for up to two minutes. Introduced in v1.90.0. (#16133, + #16169) + - Fix performance degredation when there are a lot of in-flight + replication requests. (#16148) + - Fix a bug introduced in 1.87 where synapse would send an + excessive amount of federation requests to servers which have + been offline for a long time. Contributed by Nico. (#16156, + #16164) + - Improved Documentation + - Structured logging docs: add a link to explain the ELK stack + (#16091) + - Internal Changes + - Update dehydrated devices implementation. (#16010) + - Fix database performance of read/write worker locks. (#16061) + - Fix building the nix development environment on MacOS + systems. (#16063) + - Override global statement timeout when creating indexes in + Postgres. (#16085) + - Fix the type annotation on run_db_interaction in the Module + API. (#16089) + - Clean-up the presence code. (#16092) + - Run pyupgrade for Python 3.8+. (#16110) + - Rename pagination and purge locks and add comments to explain + why they exist and how they work. (#16112) + - Attempt to fix the twisted trunk job. (#16115) + - Cache token introspection response from OIDC provider. + (#16117) + - Add cache to get_server_keys_json_for_remote. (#16123) + - Add an admin endpoint to allow authorizing server to signal + token revocations. (#16125) + - Add response time metrics for introspection requests for + delegated auth. (#16131) + - MSC3861: allow impersonation by an admin user using + _oidc_admin_impersonate_user_id query parameter. (#16132) + - Increase performance of read/write locks. (#16149) + - Improve presence tests. (#16150, #16151, #16158) + - Raised the poetry-core version cap to 1.7.0. (#16152) + - Fix assertion in user directory unit tests. (#16157) + - Reduce scope of locks when paginating to alleviate DB + contention. (#16159) + - Reduce DB contention on worker locks. (#16160) + - Task scheduler: mark task as active if we are scheduling as + soon as possible. (#16165) + - Implements a task scheduler for resumable potentially long + running tasks. (#15891) + +------------------------------------------------------------------- +Tue Aug 15 11:40:35 UTC 2023 - Marcus Rueckert + +- Update to 1.90.0 + - Features + - Scope transaction IDs to devices (implement MSC3970). + (#15629) + - Remove old rows from the + cache_invalidation_stream_by_instance table automatically + (this table is unused in SQLite). (#15868) + - Bugfixes + - Fix a long-standing bug where purging history and paginating + simultaneously could lead to database corruption when using + workers. (#15791) + - Fix a long-standing bug where profile endpoint returned a 404 + when the user's display name was empty. (#16012) + - Fix a long-standing bug where the synapse_port_db failed to + configure sequences for application services and partial + stated rooms. (#16043) + - Fix long-standing bug with deletion in dehydrated devices v2. + (#16046) + - Updates to the Docker image + - Add org.opencontainers.image.version labels to Docker + containers published by Matrix.org. Contributed by Mo Balaa. + (#15972, #16009) + - Improved Documentation + - Add a internal documentation page describing the "streams" + used within Synapse. (#16015) + - Clarify comment on the keys/upload over replication enpoint. + (#16016) + - Do not expose Admin API in caddy reverse proxy example. + Contributed by @NilsIrl. (#16027) + - Deprecations and Removals + - Remove support for legacy application service paths. (#15964) + - Move support for application service query parameter + authorization behind a configuration option. (#16017) + - Internal Changes + - Update SQL queries to inline boolean parameters as supported + in SQLite 3.27. (#15525) + - Allow for the configuration of the backoff algorithm for + federation destinations. (#15754) + - Allow modules to check whether the current worker is + configured to run background tasks. (#15991) + - Update support for MSC3958 to match the latest revision of + the MSC. (#15992) + - Allow modules to schedule delayed background calls. (#15993) + - Properly overwrite the redacts content-property for + forwards-compatibility with room versions 1 through 10. + (#16013) + - Fix building the nix development environment on MacOS + systems. (#16019) + - Remove leading and trailing spaces when setting a display + name. (#16031) + - Combine duplicated code. (#16023) + - Collect additional metrics from ResponseCache for eviction. + (#16028) + - Fix endpoint improperly declaring support for MSC3814. + (#16068) + - Drop backwards compat hack for event serialization. (#16069) + - Updates to locked dependencies + - Update PyYAML to 6.0.1. (#16011) + - Bump cryptography from 41.0.2 to 41.0.3. (#16048) + - Bump furo from 2023.5.20 to 2023.7.26. (#16077) + - Bump immutabledict from 2.2.4 to 3.0.0. (#16034) + - Update certifi to 2023.7.22 and pygments to 2.15.1. (#16044) + - Bump jsonschema from 4.18.3 to 4.19.0. (#16081) + - Bump phonenumbers from 8.13.14 to 8.13.18. (#16076) + - Bump regex from 1.9.1 to 1.9.3. (#16073) + - Bump serde from 1.0.171 to 1.0.175. (#15982) + - Bump serde from 1.0.175 to 1.0.179. (#16033) + - Bump serde from 1.0.179 to 1.0.183. (#16074) + - Bump serde_json from 1.0.103 to 1.0.104. (#16032) + - Bump service-identity from 21.1.0 to 23.1.0. (#16038) + - Bump types-commonmark from 0.9.2.3 to 0.9.2.4. (#16037) + - Bump types-jsonschema from 4.17.0.8 to 4.17.0.10. (#16036) + - Bump types-netaddr from 0.8.0.8 to 0.8.0.9. (#16035) + - Bump types-opentracing from 2.4.10.5 to 2.4.10.6. (#16078) + - Bump types-setuptools from 68.0.0.0 to 68.0.0.3. (#16079) + +------------------------------------------------------------------- +Tue Aug 1 12:10:11 UTC 2023 - Marcus Rueckert + +- Update to 1.89.0 + - Features + - Add Unix Socket support for HTTP Replication Listeners. + Document and provide usage instructions for utilizing Unix + sockets in Synapse. Contributed by Jason Little. (#15708, + #15924) + - Allow + in Matrix IDs, per MSC4009. (#15911) + - Support room version 11 from MSC3820. (#15912) + - Allow configuring the set of workers to proxy outbound + federation traffic through via + outbound_federation_restricted_to. (#15913, #15969) + - Implement MSC3814, dehydrated devices v2/shrivelled sessions + and move MSC2697 behind a config flag. Contributed by Nico + from Famedly, H-Shay and poljar. (#15929) + - Bugfixes + - Fix a long-standing bug where remote invites weren't + correctly pushed. (#15820) + - Fix background schema updates failing over a large upgrade + gap. (#15887) + - Fix a bug introduced in 1.86.0 where Synapse starting with an + empty experimental_features configuration setting. (#15925) + - Fixed deploy annotations in the provided Grafana dashboard + config, so that it shows for any homeserver and not just + matrix.org. Contributed by @wrjlewis. (#15957) + - Ensure a long state res does not starve CPU by occasionally + yielding to the reactor. (#15960) + - Properly handle redactions of creation events. (#15973) + - Fix a bug where resyncing stale device lists could block + responding to federation transactions, and thus delay + receiving new data from the remote server. (#15975) + - Improved Documentation + - Better clarify how to run a worker instance (pass both + configs). (#15921) + - Improve the documentation for the login as a user admin API. + (#15938) + - Fix broken Arch Linux package link. Contributed by + @SnipeXandrej. (#15981) + - Deprecations and Removals + - Remove support for calling the /register endpoint with an + unspecced user property for application services. (#15928) + - Internal Changes + - Mark get_user_in_directory private since it is only used in + tests. Also remove the cache from it. (#15884) + - Document which Python version runs on a given Linux + distribution so we can more easily clean up later. (#15909) + - Add details to warning in log when we fail to fetch an alias. + (#15922) + - Remove unneeded __init__. (#15926) + - Fix bug with read/write lock implementation. This is + currently unused so has no observable effects. (#15933, + #15958) + - Unbreak the nix development environment by pinning the Rust + version to 1.70.0. (#15940) + - Update presence metrics to differentiate remote vs local + users. (#15952) + - Stop reading from column user_id of table profiles. (#15955) + - Build packages for Debian Trixie. (#15961) + - Reduce the amount of state we pull out. (#15968) + - Speed up updating state in large rooms. (#15971) + +------------------------------------------------------------------- +Wed Jul 26 12:32:53 UTC 2023 - Dirk Müller + +- switch to _multibuild + +------------------------------------------------------------------- +Tue Jul 18 14:17:11 UTC 2023 - Marcus Rueckert + +- Update to 1.88.0 + This release + + - raises the minimum supported version of Python to 3.8, as + Python 3.7 is now end-of-life, and + - removes deprecated config options related to worker deployment. + + See the upgrade notes for more information. + https://github.com/matrix-org/synapse/blob/release-v1.88/docs/upgrade.md#upgrading-to-v1880 + + - Features + - Add not_user_type param to the list accounts admin API. + (#15844) + - Bugfixes + - Revert "Stop writing to column user_id of tables profiles and + user_filters", which was introduced in Synapse 1.88.0rc1. + (#15953) + - Pin pydantic to ^=1.7.4 to avoid backwards-incompatible API + changes from the 2.0.0 release. Contributed by @PaarthShah. + (#15862) + - Correctly resize thumbnails with pillow version >=10. + (#15876) + - Improved Documentation + - Fixed header levels on the Admin API "Users" documentation + page. Contributed by @sumnerevans at @beeper. (#15852) + - Remove deprecated worker_replication_host, + worker_replication_http_port and worker_replication_http_tls + configuration options. (#15872) + - Deprecations and Removals + - Remove deprecated worker_replication_host, + worker_replication_http_port and worker_replication_http_tls + configuration options. See the upgrade notes for more + details. (#15860) + - Remove support for Python 3.7 and hence for Debian Buster. + (#15851, #15892, #15893, #15917) + - Internal Changes + - Add foreign key constraint to event_forward_extremities. + (#15751, #15907) + - Add read/write style cross-worker locks. (#15782) + - Stop writing to column user_id of tables profiles and + user_filters. (#15787) + - Use lower isolation level when cleaning old presence stream + data to avoid serialization errors. (#15826) + - Add tracing to media /upload code paths. (#15850, #15888) + - Add a timeout that aborts any Postgres statement taking more + than 1 hour. (#15853) + - Fix the devenv up configuration which was ignoring the config + overrides. (#15854) + - Optimised cleanup of old entries in device_lists_stream. + (#15861) + - Update the Matrix clients link in the It works! Synapse is + running landing page. (#15874) + - Fix building Synapse with the nightly Rust compiler. (#15906) + - Add Server to Access-Control-Expose-Headers header. (#15908) + +------------------------------------------------------------------- +Wed Jul 5 09:53:07 UTC 2023 - Marcus Rueckert + +- Update to 1.87.0 + Please note that this will be the last release of Synapse that is + compatible with Python 3.7 and earlier. This is due to Python 3.7 + now having reached End of Life; see our deprecation policy for + more details. + + - Features + - Improve /messages response time by avoiding backfill when we + already have messages to return. (#15737) + - Add spam checker module API for logins. (#15838) + - Bugfixes + - Pin pydantic to ^1.7.4 to avoid backwards-incompatible API + changes from the 2.0.0 release. Resolves #15858. Contributed + by @PaarthShah. (#15862) + - Fix a long-standing bug where media files were served in an + unsafe manner. Contributed by @joshqou. (#15680) + - Avoid invalidating a cache that was just prefilled. (#15758) + - Fix requesting multiple keys at once over federation, related + to MSC3983. (#15770) + - Fix joining rooms through aliases where the alias server + isn't a real homeserver. Contributed by @tulir @ Beeper. + (#15776) + - Fix a bug in push rules handling leading to an invalid (per + spec) is_user_mention rule sent to clients. Also fix wrong + rule names for is_user_mention and is_room_mention. (#15781) + - Fix a bug introduced in 1.57.0 where the wrong table would be + locked on updating database rows when using SQLite as the + database backend. (#15788) + - Fix Sytest environmental variable evaluation in CI. (#15804) + - Fix forgotten rooms missing from initial sync after rejoining + them. Contributed by Nico from Famedly. (#15815) + - Fix sqlite user_filters upgrade introduced in v1.86.0. + (#15817) + - Improved Documentation + - Document looping_call() functionality that will wait for the + given function to finish before scheduling another. (#15772) + - Fix a typo in the Admin API. (#15805) + - Fix typo in MSC number in faster remote room join + architecture doc. (#15812) + - Deprecations and Removals + - Remove experimental MSC2716 implementation to incrementally + import history into existing rooms. (#15748) + - Internal Changes + - Split out 2022 changes from the changelog so the rendered + version in GitHub doesn't timeout as much. (#15846) + - Replace EventContext fields prev_group and delta_ids with + field state_group_deltas. (#15233) + - Regularly try to send transactions to other servers after + they failed instead of waiting for a new event to be + available before trying. (#15743) + - Fix requesting multiple keys at once over federation, related + to MSC3983. (#15755) + - Allow for the configuration of max request retries and + min/max retry delays in the matrix federation client. + (#15783) + - Switch from matrix:// to matrix-federation:// scheme for + internal Synapse routing of outbound federation traffic. + (#15806) + - Fix harmless exceptions being printed when running the port + DB script. (#15814) + - Updates to locked dependencies + - Bump attrs from 22.2.0 to 23.1.0. (#15801) + - Bump cryptography from 40.0.2 to 41.0.1. (#15800) + - Bump ijson from 3.2.0.post0 to 3.2.1. (#15802) + - Bump phonenumbers from 8.13.13 to 8.13.14. (#15798) + - Bump ruff from 0.0.265 to 0.0.272. (#15799) + - Bump ruff from 0.0.272 to 0.0.275. (#15833) + - Bump serde_json from 1.0.96 to 1.0.97. (#15797) + - Bump serde_json from 1.0.97 to 1.0.99. (#15832) + - Bump towncrier from 22.12.0 to 23.6.0. (#15831) + - Bump types-opentracing from 2.4.10.4 to 2.4.10.5. (#15830) + - Bump types-setuptools from 67.8.0.0 to 68.0.0.0. (#15835) + +------------------------------------------------------------------- +Tue Jun 20 23:00:07 UTC 2023 - Marcus Rueckert + +- Update to 1.86.0 + - Features + - Stable support for MSC3882 to allow an existing + device/session to generate a login token for use on a new + device/session. (#15388) + - Support resolving a room's canonical alias via the module + API. (#15450) + - Enable support for MSC3952: intentional mentions. (#15520) + - Experimental MSC3861 support: delegate auth to an OIDC + provider. (#15582) + - Add Synapse version deploy annotations to Grafana dashboard + which enables easy correlation between behavior changes + witnessed in a graph to a certain Synapse version and nail + down regressions. (#15674) + - Add a catch-all * to the supported relation types when + redacting an event and its related events. This is an update + to MSC3912 implementation. (#15705) + - Speed up /messages by backfilling in the background when + there are no backward extremities where we are directly + paginating. (#15710) + - Expose a metric reporting the database background update + status. (#15740) + - Bugfixes + - Fix an error when having workers of different versions + running. (#15774) + - Correctly clear caches when we delete a room. (#15609) + - Check permissions for enabling encryption earlier during room + creation to avoid creating broken rooms. (#15695) + - Improved Documentation + - Simplify query to find participating servers in a room. + (#15732) + - Internal Changes + - Log when events are (maybe unexpectedly) filtered out of + responses in tests. (#14213) + - Read from column full_user_id rather than user_id of tables + profiles and user_filters. (#15649) + - Add support for tracing functions which return Awaitables. + (#15650) + - Cache requests for user's devices over federation. (#15675) + - Add fully qualified docker image names to Dockerfiles. + (#15689) + - Remove some unused code. (#15690) + - Improve type hints. (#15694, #15697) + - Update docstring and traces on maybe_backfill() functions. + (#15709) + - Add context for when/why to use the long_retries option when + sending Federation requests. (#15721) + - Removed some unused fields. (#15723) + - Update federation error to more plainly explain we can only + authorize our own membership events. (#15725) + - Prevent the latest_deps and twisted_trunk daily GitHub + Actions workflows from running on forks of the codebase. + (#15726) + - Improve performance of user directory search. (#15729) + - Remove redundant table join with room_memberships when doing + a is_host_joined()/is_host_invited() call (membership is + already part of the current_state_events). (#15731) + - Remove superfluous room_memberships join from background + update. (#15733) + - Speed up typechecking CI. (#15752) + - Bump minimum supported Rust version to 1.60.0. (#15768) + - Updates to locked dependencies + - Bump importlib-metadata from 6.1.0 to 6.6.0. (#15711) + - Bump library/redis from 6-bullseye to 7-bullseye in /docker. + (#15712) + - Bump log from 0.4.18 to 0.4.19. (#15761) + - Bump phonenumbers from 8.13.11 to 8.13.13. (#15763) + - Bump pyasn1 from 0.4.8 to 0.5.0. (#15713) + - Bump pydantic from 1.10.8 to 1.10.9. (#15762) + - Bump pyo3-log from 0.8.1 to 0.8.2. (#15759) + - Bump pyopenssl from 23.1.1 to 23.2.0. (#15765) + - Bump regex from 1.7.3 to 1.8.4. (#15769) + - Bump sentry-sdk from 1.22.1 to 1.25.0. (#15714) + - Bump sentry-sdk from 1.25.0 to 1.25.1. (#15764) + - Bump serde from 1.0.163 to 1.0.164. (#15760) + - Bump types-jsonschema from 4.17.0.7 to 4.17.0.8. (#15716) + - Bump types-pyopenssl from 23.1.0.2 to 23.2.0.0. (#15766) + - Bump types-requests from 2.31.0.0 to 2.31.0.1. (#15715) + +------------------------------------------------------------------- +Thu Jun 8 17:49:10 UTC 2023 - Marcus Rueckert + +- Update to 1.85.2 + - Bugfixes + - Fix regression where using TLS for HTTP replication between + workers did not work. Introduced in v1.85.0. (#15746) + +------------------------------------------------------------------- +Wed Jun 7 15:28:24 UTC 2023 - Marcus Rueckert + +- Update to 1.85.1 + Note: this release only fixes a bug that stopped some deployments + from upgrading to v1.85.0. There is no need to upgrade to v1.85.1 + if successfully running v1.85.0. + + - Bugfixes + - Fix bug in schema delta that broke upgrades for some + deployments. Introduced in v1.85.0. (#15738, #15739) + +------------------------------------------------------------------- +Tue Jun 6 11:34:10 UTC 2023 - Marcus Rueckert + +- make use that the pythons define and use_python do not diverge by + moving them closer to each other. + +------------------------------------------------------------------- +Tue Jun 6 10:06:46 UTC 2023 - Marcus Rueckert + +- Update to 1.85.0 + - Security + + - GHSA-26c5-ppr8-f33p / CVE-2023-32682 — Low Severity It may be + possible for a deactivated user to login when using uncommon + configurations. (boo#1212055) + + - GHSA-98px-6486-j7qc / CVE-2023-32683 — Low Severity A + discovered oEmbed or image URL can bypass the + url_preview_url_blacklist setting potentially allowing server + side request forgery or bypassing network policies. Impact is + limited to IP addresses allowed by the + url_preview_ip_range_blacklist setting (by default this only + allows public IPs). (boo#1212054) + + - Features + - Improve performance of backfill requests by performing + backfill of previously failed requests in the background. + (#15585) + - Add a new admin API to create a new device for a user. + (#15611) + - Add Unix socket support for Redis connections. Contributed by + Jason Little. (#15644) + - Bugfixes + - Fix a performance issue introduced in Synapse v1.83.0 which + meant that purging rooms was very slow and + database-intensive. (#15693) + - Fix a long-standing bug where setting the read marker could + fail when using message retention. Contributed by Nick @ + Beeper (@Fizzadar). (#15464) + - Fix a long-standing bug where the url_preview_url_blacklist + configuration setting was not applied to oEmbed or image URLs + found while previewing a URL. (#15601) + - Fix a long-standing bug where filters with multiple + backslashes were rejected. (#15607) + - Fix a bug introduced in Synapse 1.82.0 where the error + message displayed when validation of the + app_service_config_files config option fails would be + incorrectly formatted. (#15614) + - Fix a long-standing bug where deactivated users were still + able to login using the custom org.matrix.login.jwt login + type (if enabled). (#15624) + - Fix a long-standing bug where deactivated users were able to + login in uncommon situations. (#15634) + - Improved Documentation + - Warn users that at least 3.75GB of space is needed for the + nix Synapse development environment. (#15613) + - Remove outdated comment from the generated and sample + homeserver log configs. (#15648) + - Improve contributor docs to make it more clear that Rust is a + necessary prerequisite. Contributed by @grantm. (#15668) + - Deprecations and Removals + - Deprecate calling the /register endpoint with an unspecced + user property for application services. (#15703) + - Remove the old version of the R30 (30-day retained users) + phone-home metric. (#10428) + - Internal Changes + - Speed up background jobs populate_full_user_id_user_filters + and populate_full_user_id_profiles. (#15700) + - Create dependabot changelogs at release time. (#15481) + - Add not null constraint to column full_user_id of tables + profiles and user_filters. (#15537) + - Allow connecting to HTTP Replication Endpoints by using + worker_name when constructing the request. (#15578) + - Make the thread_id column on event_push_actions, + event_push_actions_staging, and event_push_summary non-null. + (#15597) + - Run mypy type checking with the minimum supported Python + version to catch new usage that isn't backwards-compatible. + (#15602) + - Fix subscriptable type usage in Python <3.9. (#15604) + - Update internal terminology. (#15606, #15620) + - Instrument state and state_group storage-related operations + to better picture what's happening when tracing. (#15610, + #15647) + - Trace how many new events from the backfill response we need + to process. (#15633) + - Re-type config paths in ConfigErrors to be StrSequences + instead of Iterable[str]s. (#15615) + - Update Mutual Rooms (MSC2666) implementation to match new + proposal text. (#15621) + - Remove the unstable identifiers from faster joins (MSC3706). + (#15625) + - Fix the olddeps CI. (#15626) + - Remove duplicate timestamp from test logs + (_trial_temp/test.log). (#15636) + - Fix two memory leaks in trial test runs. (#15630) + - Limit the size of the HomeServerConfig cache in trial test + runs. (#15646) + - Improve type hints. (#15658, #15659) + - Add requesting user id parameter to key claim methods in + TransportLayerClient. (#15663) + - Speed up rebuilding of the user directory for local users. + (#15665) + - Implement "option 2" for MSC3820: Room version 11. (#15666, + #15678) + +------------------------------------------------------------------- +Fri May 26 19:16:23 UTC 2023 - Marcus Rueckert + +- Update to 1.84.1 + This patch release fixes a major issue with homeservers that do + not have an instance_map defined but which do use workers. If you + have already upgraded to Synapse 1.84.0 and your homeserver is + working normally, then there is no need to update to this patch + release. + + - Bugfixes + - Fix a bug introduced in Synapse v1.84.0 where workers do not + start up when no instance_map was provided. (#15672) + - Internal Changes + - Add dch and notify-send to the development Nix flake so that + the release script can be used. (#15673) + +------------------------------------------------------------------- +Wed May 24 00:15:46 UTC 2023 - Marcus Rueckert + +- Update to 1.84.0 + The worker_replication_* configuration settings have been + deprecated in favour of configuring the main process consistently + with other instances in the instance_map. The deprecated settings + will be removed in Synapse v1.88.0, but changing your + configuration in advance is recommended. See the upgrade notes + for more information. + + https://github.com/matrix-org/synapse/blob/release-v1.84/docs/upgrade.md#upgrading-to-v1840 + + - Features + - Add an option to prevent media downloads from configured + domains. (#15197) + - Add forget_rooms_on_leave config option to automatically + forget rooms when users leave them or are removed from them. + (#15224) + - Add redis TLS configuration options. (#15312) + - Add a config option to delay push notifications by a random + amount, to discourage time-based profiling. (#15516) + - Stabilize support for MSC2659: application service ping + endpoint. Contributed by Tulir @ Beeper. (#15528) + - Implement MSC4009 to expand the supported characters in + Matrix IDs. (#15536) + - Advertise support for Matrix 1.6 on /_matrix/client/versions. + (#15559) + - Print full error and stack-trace of any exception that occurs + during startup/initialization. (#15569) + - Bugfixes + - Fix a bug introduced in Synapse 1.84.0rc1 where errors during + startup were not reported correctly on Python < 3.10. + (#15599) + - Don't fail on federation over TOR where SRV queries are not + supported. Contributed by Zdzichu. (#15523) + - Experimental support for MSC4010 which rejects setting the + "m.push_rules" via account data. (#15554, #15555) + - Fix a long-standing bug where an invalid membership event + could cause an internal server error. (#15564) + - Require at least poetry-core v1.1.0. (#15566, #15571) + - Deprecations and Removals + - Remove need for worker_replication_* based settings in worker + configuration yaml by placing this data directly on the + instance_map instead. (#15491) + - Updates to the Docker image + - Add pkg-config package to Stage 0 to be able to build + Dockerfile on ppc64le architecture. (#15567) + - Improved Documentation + - Clarify documentation of the "Create or modify account" Admin + API. (#15544) + - Fix path to the statistics/database/rooms admin API in + documentation. (#15560) + - Update and improve Mastodon Single Sign-On documentation. + (#15587) + - Internal Changes + - Use oEmbed to generate URL previews for YouTube Shorts. + (#15025) + - Create new Client for use with HTTP Replication between + workers. Contributed by Jason Little. (#15470) + - Remove need for worker_replication_* based settings in worker + configuration yaml by placing this data directly on the + instance_map instead. (#15491) + - Bump pyicu from 2.10.2 to 2.11. (#15509) + - Remove references to supporting per-user flag for MSC2654. + (#15522) + - Don't use a trusted key server when running the demo scripts. + (#15527) + - Speed up rebuilding of the user directory for local users. + (#15529) + - Speed up deleting of old rows in event_push_actions. (#15531) + - Install the xmlsec and mdbook packages and switch back to the + upstream cachix/devenv repo in the nix development + environment. (#15532, #15533, #15545) + - Implement MSC3987 by removing "dont_notify" from the list of + actions in default push rules. (#15534) + - Move various module API callback registration methods to a + dedicated class. (#15535) + - Proxy /user/devices federation queries to application + services for MSC3984. (#15539) + - Factor out an is_mine_server_name method. (#15542) + - Allow running Complement tests using podman by adding a + PODMAN environment variable to scripts-dev/complement.sh. + (#15543) + - Bump serde from 1.0.160 to 1.0.162. (#15548) + - Bump types-setuptools from 67.6.0.5 to 67.7.0.1. (#15549) + - Bump sentry-sdk from 1.19.1 to 1.22.1. (#15550) + - Bump ruff from 0.0.259 to 0.0.265. (#15551) + - Bump hiredis from 2.2.2 to 2.2.3. (#15552) + - Bump types-requests from 2.29.0.0 to 2.30.0.0. (#15553) + - Add org.matrix.msc3981 info to /_matrix/client/versions. + (#15558) + - Declare unstable support for MSC3391 under + /_matrix/client/versions if the experimental implementation + is enabled. (#15562) + - Implement MSC3821 to update the redaction rules. (#15563) + - Implement updated redaction rules from MSC3389. (#15565) + - Allow pip install to use setuptools_rust 1.6.0 when building + Synapse. (#15570) + - Deal with upcoming Github Actions deprecations. (#15576) + - Export run_as_background_process from the module API. + (#15577) + - Update build system requirements to allow building with + poetry-core==1.6.0. (#15588) + - Bump serde from 1.0.162 to 1.0.163. (#15589) + - Bump phonenumbers from 8.13.7 to 8.13.11. (#15590) + - Bump types-psycopg2 from 2.9.21.9 to 2.9.21.10. (#15591) + - Bump types-commonmark from 0.9.2.2 to 0.9.2.3. (#15592) + - Bump types-setuptools from 67.7.0.1 to 67.7.0.2. (#15594) + +------------------------------------------------------------------- +Tue May 9 18:58:15 UTC 2023 - Marcus Rueckert + +- Update to 1.83.0 + - Features + - Experimental support to recursively provide relations per + MSC3981. (#15315) + - Experimental support for MSC3970: Scope transaction IDs to + devices. (#15318) + - Add an admin API endpoint to support per-user feature flags. + (#15344) + - Add a module API to send an HTTP push notification. (#15387) + - Add an admin API endpoint to query the largest rooms by disk + space used in the database. (#15482) + - Bugfixes + - Disable push rule evaluation for rooms excluded from sync. + (#15361) + - Fix a long-standing bug where cached server key results which + were directly fetched would not be properly re-used. (#15417) + - Fix a bug introduced in Synapse 1.73.0 where some + experimental push rules were returned by default. (#15494) + - Improved Documentation + - Add Nginx loadbalancing example with sticky mxid for workers. + (#15411) + - Update outdated development docs that mention restrictions in + versions of SQLite that we no longer support. (#15498) + - Internal Changes + - Speedup tests by caching HomeServerConfig instances. (#15284) + - Add denormalised event stream ordering column to membership + state tables for future use. Contributed by Nick @ Beeper + (@fizzadar). (#15356) + - Always use multi-user device resync replication endpoints. + (#15418) + - Add column full_user_id to tables profiles and user_filters. + (#15458) + - Update support for MSC3983 to allow always returning + fallback-keys in a /keys/claim request. (#15462) + - Improve type hints. (#15465, #15496, #15497) + - Support claiming more than one OTK at a time. (#15468) + - Bump types-pyyaml from 6.0.12.8 to 6.0.12.9. (#15471) + - Bump pyasn1-modules from 0.2.8 to 0.3.0. (#15473) + - Bump cryptography from 40.0.1 to 40.0.2. (#15474) + - Bump types-netaddr from 0.8.0.7 to 0.8.0.8. (#15475) + - Bump types-jsonschema from 4.17.0.6 to 4.17.0.7. (#15476) + - Ask bug reporters to provide logs as text. (#15479) + - Add a Nix flake for use as a development environment. + (#15495) + - Bump anyhow from 1.0.70 to 1.0.71. (#15507) + - Bump types-pillow from 9.4.0.19 to 9.5.0.2. (#15508) + - Bump packaging from 23.0 to 23.1. (#15510) + - Bump types-requests from 2.28.11.16 to 2.29.0.0. (#15511) + - Bump setuptools-rust from 1.5.2 to 1.6.0. (#15512) + - Update the check_schema_delta script to account for when the + schema version has been bumped locally. (#15466) +- Allow newer setuptools-rust + +------------------------------------------------------------------- +Tue Apr 25 11:53:22 UTC 2023 - Marcus Rueckert + +- Update to 1.82.0 + - Features + - Allow loading the /directory/room/{roomAlias} endpoint on + workers. (#15333) + - Add some validation to instance_map configuration loading. + (#15431) + - Allow loading the /capabilities endpoint on workers. (#15436) + - Bugfixes + - Delete server-side backup keys when deactivating an account. + (#15181) + - Fix and document untold assumption that on_logged_out module + hooks will be called before the deletion of pushers. (#15410) + - Improve robustness when handling a perspective key response + by deduplicating received server keys. (#15423) + - Synapse now correctly fails to start if the config option + app_service_config_files is not a list. (#15425) + - Disable loading RefreshTokenServlet + (/_matrix/client/(r0|v3|unstable)/refresh) on workers. + (#15428) + - Improved Documentation + - Note that the delete_stale_devices_after background job + always runs on the main process. (#15452) + - Deprecations and Removals + - Remove the broken, unspecced registration fallback. Note that + the login fallback is unaffected by this change. (#15405) + - Internal Changes + - Improve DB performance of clearing out old data from + stream_ordering_to_exterm. (#15382, #15429) + - Implement MSC3989 redaction algorithm. (#15393) + - Implement MSC2175 to stop adding creator to create events. + (#15394) + - Implement MSC2174 to move the redacts key to a content + property. (#15395) + - Trust dtonlay/rust-toolchain in CI. (#15406) + - Explicitly install Synapse during typechecking in CI. + (#15409) + - Only load the SSO redirect servlet if SSO is enabled. + (#15421) + - Refactor SimpleHttpClient to pull out a base class. (#15427) + - Improve type hints. (#15432) + - Convert async to normal tests in TestSSOHandler. (#15433) + - Speed up the user directory background update. (#15435) + - Disable directory listing for static resources in + /_matrix/static/. (#15438) + - Move various module API callback registration methods to a + dedicated class. (#15453) + +------------------------------------------------------------------- +Fri Apr 14 12:07:11 UTC 2023 - Marcus Rueckert + +- Update to 1.81.0 + Synapse now attempts the versioned appservice paths before + falling back to the legacy paths. Usage of the legacy routes + should be considered deprecated. + + Additionally, Synapse has supported sending the application + service access token via the Authorization header since v1.70.0. + For backwards compatibility it is also sent as the access_token + query parameter. This is insecure and should be considered + deprecated. + + A future version of Synapse (v1.88.0 or later) will remove + support for legacy application service routes and query parameter + authorization. + + - Features + - Add the ability to enable/disable registrations when in the + OIDC flow. (#14978) + - Add a primitive helper script for listing worker endpoints. + (#15243) + - Experimental support for passing One Time Key and device key + requests to application services (MSC3983 and MSC3984). + (#15314, #15321) + - Allow loading /password_policy endpoint on workers. (#15331) + - Add experimental support for Unix sockets. Contributed by + Jason Little. (#15353) + - Build Debian packages for Ubuntu 23.04 (Lunar Lobster). + (#15381) + - Bugfixes + - Fix the set_device_id_for_pushers_txn background update + crash. (#15391) + - Fix a long-standing bug where edits of non-m.room.message + events would not be correctly bundled. (#15295) + - Fix a bug introduced in Synapse v1.55.0 which could delay + remote homeservers being able to decrypt encrypted messages + sent by local users. (#15297) + - Add a check to SQLite port_db script + - to ensure that the sqlite database passed to the script + exists before trying to port from it. (#15306) + - Fix a bug introduced in Synapse 1.76.0 where responses from + worker deployments could include an internal _INT_STREAM_POS + key. (#15309) + - Fix a long-standing bug that Synpase only used the legacy + appservice routes. (#15317) + - Fix a long-standing bug preventing users from rejoining rooms + after being banned and unbanned over federation. Contributed + by Nico. (#15323) + - Fix bug in worker mode where on a rolling restart of workers + the "typing" worker would consume 100% CPU until it got + restarted. (#15332) + - Fix a long-standing bug where some to_device messages could + be dropped when using workers. (#15349) + - Fix a bug introduced in Synapse 1.70.0 where the background + sync from a faster join could spin for hours when one of the + events involved had been marked for backoff. (#15351) + - Fix missing app variable in mail subject for password resets. + Contributed by Cyberes. (#15352) + - Fix a rare bug introduced in Synapse 1.66.0 where initial + syncs would fail when the user had been kicked from a faster + joined room that had not finished syncing. (#15383) + - Improved Documentation + - Fix a typo in login requests ratelimit defaults. (#15341) + - Add some clarification to the doc/comments regarding TCP + replication. (#15354) + - Note that Synapse 1.74 queued a rebuild of the user directory + tables. (#15386) + - Internal Changes + - Update CI to run complement under the latest stable go + version. (#15403) + - Use immutabledict instead of frozendict. (#15113) + - Add developer documentation for the Federation Sender and add + a documentation mechanism using Sphinx. (#15265, #15336) + - Make the pushers rely on the device_id instead of the + access_token_id for various operations. (#15280) + - Bump sentry-sdk from 1.15.0 to 1.17.0. (#15285) + - Allow running the Twisted trunk job against other branches. + (#15302) + - Remind the releaser to ask for changelog feedback in + #synapse-dev. (#15303) + - Bump dtolnay/rust-toolchain from + e12eda571dc9a5ee5d58eecf4738ec291c66f295 to + fc3253060d0c959bea12a59f10f8391454a0b02d. (#15304) + - Reject events with an invalid "mentions" property per + MSC3952. (#15311) + - As an optimisation, use TRUNCATE on Postgres when clearing + the user directory tables. (#15316) + - Fix .gitignore rule for the Complement source tarball + downloaded automatically by complement.sh. (#15319) + - Bump serde from 1.0.157 to 1.0.158. (#15324) + - Bump regex from 1.7.1 to 1.7.3. (#15325) + - Bump types-pyopenssl from 23.0.0.4 to 23.1.0.0. (#15326) + - Bump furo from 2022.12.7 to 2023.3.23. (#15327) + - Bump ruff from 0.0.252 to 0.0.259. (#15328) + - Bump cryptography from 40.0.0 to 40.0.1. (#15329) + - Bump mypy-zope from 0.9.0 to 0.9.1. (#15330) + - Speed up unit tests when using SQLite3. (#15334) + - Speed up pydantic CI job. (#15339) + - Speed up sample config CI job. (#15340) + - Fix copyright year in SSO footer template. (#15358) + - Bump peaceiris/actions-gh-pages from 3.9.2 to 3.9.3. (#15369) + - Bump serde from 1.0.158 to 1.0.159. (#15370) + - Bump serde_json from 1.0.94 to 1.0.95. (#15371) + - Speed up membership queries for users with forgotten rooms. + (#15385) + +------------------------------------------------------------------- +Thu Mar 30 20:56:38 UTC 2023 - Marcus Rueckert + +- Update to 1.80.0 + - Features + - Stabilise support for MSC3966: event_property_contains push + condition. (#15187) + - Implement MSC2659: application service ping endpoint. + Contributed by Tulir @ Beeper. (#15249) + - Allow loading /register/available endpoint on workers. + (#15268) + - Improve performance of creating and authenticating events. + (#15195) + - Add topic and name events to group of events that are batch + persisted when creating a room. (#15229) + - Bugfixes + - Fix a bug in which the POST + /_matrix/client/v3/rooms/{roomId}/report/{eventId} endpoint + would return the wrong error if the user did not have + permission to view the event. This aligns Synapse's + implementation with MSC2249. (#15298, #15300) + - Fix a bug introduced in Synapse 1.75.0rc1 where the SQLite + port_db script + - would fail to open the SQLite database. (#15301) + - Fix a long-standing bug in which the user directory would + assume any remote membership state events represent a profile + change. (#14755, #14756) + - Implement MSC3873 to fix a long-standing bug where properties + with dots were handled ambiguously in push rules. (#15190) + - Faster joins: Fix a bug introduced in Synapse 1.66 where + spurious "Failed to find memberships ..." errors would be + logged. (#15232) + - Fix a long-standing error when sending message into deleted + room. (#15235) + - Updates to the Docker image + - Ensure the Dockerfile builds on platforms that don't have a + cryptography wheel. (#15239) + - Mirror images to the GitHub Container Registry + (ghcr.io/matrix-org/synapse). (#15281, #15282) + - Improved Documentation + - Add a missing endpoint to the workers documentation. (#15223) + - Internal Changes + - Add additional functionality to declaring worker types when + starting Complement in worker mode. (#14921) + - Add Synapse-Trace-Id to access-control-expose-headers header. + (#14974) + - Make the HttpTransactionCache use the Requester in addition + of the just the Request to build the transaction key. + (#15200) + - Improve log lines when purging rooms. (#15222) + - Improve type hints. (#15230, #15231, #15238) + - Move various module API callback registration methods to a + dedicated class. (#15237) + - Configure GitHub Actions for merge queues. (#15244) + - Add schema comments about the destinations and + destination_rooms tables. (#15247) + - Skip processing of auto-join room behaviour if there are no + auto-join rooms configured. (#15262) + - Remove unused store method + _set_destination_retry_timings_emulated. (#15266) + - Reorganize URL preview code. (#15269) + - Clean-up direct TCP replication code. (#15272, #15274) + - Make configure_workers_and_start script used in Complement + tests compatible with older versions of Python. (#15275) + - Add a /versions flag for MSC3952. (#15293) + - Bump hiredis from 2.2.1 to 2.2.2. (#15252) + - Bump serde from 1.0.152 to 1.0.155. (#15253) + - Bump pysaml2 from 7.2.1 to 7.3.1. (#15254) + - Bump msgpack from 1.0.4 to 1.0.5. (#15255) + - Bump gitpython from 3.1.30 to 3.1.31. (#15256) + - Bump cryptography from 39.0.1 to 39.0.2. (#15257) + - Bump pydantic from 1.10.4 to 1.10.6. (#15286) + - Bump serde from 1.0.155 to 1.0.157. (#15287) + - Bump anyhow from 1.0.69 to 1.0.70. (#15288) + - Bump txredisapi from 1.4.7 to 1.4.9. (#15289) + - Bump pygithub from 1.57 to 1.58.1. (#15290) + - Bump types-requests from 2.28.11.12 to 2.28.11.15. (#15291) + +------------------------------------------------------------------- +Tue Mar 14 19:50:05 UTC 2023 - Marcus Rueckert + +- Update to 1.79.0 + - Features + - Add two new Third Party Rules module API callbacks: + on_add_user_third_party_identifier and + on_remove_user_third_party_identifier. (#15044) + - Experimental support for MSC3967 to not require UIA for + setting up cross-signing on first use. (#15077) + - Add media information to the command line user data export + tool. (#15107) + - Add an admin API to delete a specific event report. (#15116) + - Add support for knocking to workers. (#15133) + - Allow use of the /filter Client-Server APIs on workers. + (#15134) + - Update support for MSC2677: remove support for server-side + aggregation of reactions. (#15172) + - Stabilise support for MSC3758: event_property_is push + condition. (#15185) + - Bugfixes + - Fix a bug introduced in Synapse 1.79.0rc1 where attempting to + register a on_remove_user_third_party_identifier module API + callback would be a no-op. (#15227) + - Fix a rare bug introduced in Synapse 1.73 where events could + remain unsent to other homeservers after a faster-join to a + room. (#15248) + - Fix a bug introduced in Synapse 1.75 that caused experimental + support for deleting account data to raise an internal server + error while using an account data writer worker. (#14869) + - Fix a long-standing bug where Synapse handled an unspecced + field on push rules. (#15088) + - Fix a long-standing bug where a URL preview would break if + the discovered oEmbed failed to download. (#15092) + - Fix a long-standing bug where an initial sync would not + respond to changes to the list of ignored users if there was + an initial sync cached. (#15163) + - Add the transaction_id in the events included in many + endpoints' responses. (#15174) + - Fix a bug introduced in Synapse 1.78.0 where requests to + claim dehydrated devices would fail with a 405 error. + (#15180) + - Stop applying edits when bundling aggregations, per MSC3925. + (#15193) + - Fix a long-standing bug where the user directory search was + not case-insensitive for accented characters. (#15143) + - Updates to the Docker image + - Improve startup logging in the with-workers Docker image. + (#15186) + - Improved Documentation + - Document how to use caches in a module. (#14026) + - Clarify which worker processes the ThirdPartyRules' + on_new_event module API callback runs on. (#15071) + - Document using Shibboleth as an OpenID Provider. (#15112) + - Correct reference to federation_verify_certificates in + configuration documentation. (#15139) + - Correct small documentation errors in some + MatrixFederationHttpClient methods. (#15148) + - Correct the description of the behavior of + registration_shared_secret_path on startup. (#15168) + - Deprecations and Removals + - Deprecate the on_threepid_bind module callback, to be + replaced by on_add_user_third_party_identifier. See upgrade + notes. ([#15044] + - Remove the unspecced room_alias field from the /createRoom + response. (#15093) + - Remove the unspecced PUT on the /knock/{roomIdOrAlias} + endpoint. (#15189) + - Remove the undocumented and unspecced type parameter to the + /thumbnail endpoint. (#15137) + - Remove unspecced and buggy PUT method on the unstable + /rooms//batch_send endpoint. (#15199) + - Internal Changes + - Refactor filter_events_for_server. (#15240) + - Run the integration test suites with the asyncio reactor + enabled in CI. (#14101) + - Batch up storing state groups when creating a new room. + (#14918) + - Update MSC3952 support based on changes to the MSC. (#15051) + - Refactor writing json data in FileExfiltrationWriter. + (#15095) + - Tighten the login ratelimit defaults. (#15135) + - Fix a typo in an experimental config setting. (#15138) + - Refactor the media modules. (#15146, #15175) + - Improve type hints. (#15164) + - Move get_event_report and get_event_reports_paginate from + RoomStore to RoomWorkerStore. (#15165) + - Remove dangling reference to being a reference implementation + in docstring. (#15167) + - Add an option to force a rebuild of the "editable" complement + image. (#15184) + - Use nightly rustfmt in CI. (#15188) + - Add a get_next_txn method to StreamIdGenerator to match + MultiWriterIdGenerator. (#15191) + - Combine AbstractStreamIdTracker and + AbstractStreamIdGenerator. (#15192) + - Automatically fix errors with ruff. (#15194) + - Refactor database transaction for query users' devices to + reduce database pool contention. (#15215) + - Correct test_icu_word_boundary_punctuation so that it passes + with the ICU versions available in Alpine and macOS. (#15177) + +------------------------------------------------------------------- +Tue Feb 28 22:35:35 UTC 2023 - Marcus Rueckert + +- Update to 1.78.0 + - Features + - Implement the experimental exact_event_match push rule + condition from MSC3758. (#14964) + - Add account data to the command line user data export tool. + (#14969) + - Implement MSC3873 to disambiguate push rule keys with dots in + them. (#15004) + - Allow Synapse to use a specific Redis logical database in + worker-mode deployments. (#15034) + - Tag opentracing spans for federation requests with the name + of the worker serving the request. (#15042) + - Implement the experimental exact_event_property_contains push + rule condition from MSC3966. (#15045) + - Remove spurious dont_notify action from the defaults for the + .m.rule.reaction pushrule. (#15073) + - Update the error code returned when user sends a duplicate + annotation. (#15075) + - Bugfixes + - Fix a bug introduced in Synapse 1.76 where 5s delays would + occasionally occur in deployments using workers. (#15150) + - Prevent clients from reporting nonexistent events. (#13779) + - Return spec-compliant JSON errors when unknown endpoints are + requested. (#14605) + - Fix a long-standing bug where the room aliases returned could + be corrupted. (#15038) + - Fix a bug introduced in Synapse 1.76.0 where partially-joined + rooms could not be deleted using the purge room API. (#15068) + - Fix a long-standing bug where federated joins would fail if + the first server in the list of servers to try is not in the + room. (#15074) + - Fix a bug introduced in Synapse v1.74.0 where searching with + colons when using ICU for search term tokenisation would fail + with an error. (#15079) + - Reduce the likelihood of a rare race condition where + rejoining a restricted room over federation would fail. + (#15080) + - Fix a bug introduced in Synapse 1.76 where workers would fail + to start if the health listener was configured. (#15096) + - Fix a bug introduced in Synapse 1.75 where the portdb script + would fail to run after a room had been faster-joined. + (#15108) + - Improved Documentation + - Document how to start Synapse with Poetry. Contributed by + @thezaidbintariq. (#14892, #15022) + - Update delegation documentation to clarify that SRV DNS + delegation does not eliminate all needs to serve files from + .well-known locations. Contributed by @williamkray. (#14959) + - Fix a mistake in registration_shared_secret_path docs. + (#15078) + - Refer to a more recent blog post on the Database Maintenance + Tools page. Contributed by @jahway603. (#15083) + - Internal Changes + - Re-type hint some collections as read-only. (#13755) + - Faster joins: don't stall when another user joins during a + partial-state room resync. (#14606) + - Add a class UnpersistedEventContext to allow for the batching + up of storing state groups. (#14675) + - Add a check to ensure that locked dependencies have source + distributions available. (#14742) + - Tweak comment on _is_local_room_accessible as part of room + visibility in /hierarchy to clarify the condition for a room + being visible. (#14834) + - Prevent WARNING: there is already a transaction in progress + lines appearing in PostgreSQL's logs on some occasions. + (#14840) + - Use StrCollection to avoid potential bugs with + Collection[str]. (#14929) + - Improve performance of /sync in a few situations. (#14973) + - Limit concurrent event creation for a room to avoid state + resolution when sending bursts of events to a local room. + (#14977) + - Skip calculating unread push actions in /sync when + enable_push is false. (#14980) + - Add a schema dump symlinks inside contrib, to make it easier + for IDEs to interrogate Synapse's database schema. (#14982) + - Improve type hints. (#15008, #15026, #15027, #15028, #15031, + #15035, #15052, #15072, #15084) + - Update MSC3952 support based on changes to the MSC. (#15037) + - Avoid mutating a cached value in get_user_devices_from_cache. + (#15040) + - Fix a rare exception in logs on start up. (#15041) + - Update pyo3-log to v0.8.1. (#15043) + - Avoid mutating cached values in + _generate_sync_entry_for_account_data. (#15047) + - Refactor arguments of try_unbind_threepid and + _try_unbind_threepid_with_id_server to not use dictionaries. + (#15053) + - Merge debug logging from the hotfixes branch. (#15054) + - Faster joins: omit device list updates originating from + partial state rooms in /sync responses without lazy loading + of members enabled. (#15069) + - Fix clashing database transaction name. (#15070) + - Upper-bound frozendict dependency. This works around us being + unable to test installing our wheels against Python 3.11 in + CI. (#15114) + - Tweak logging for when a worker waits for its view of a + replication stream to catch up. (#15120) + +------------------------------------------------------------------- +Mon Feb 20 12:45:02 UTC 2023 - Marcus Rueckert + +- lock matrix-synapse until frozendict can enable python 3.11 + support + +------------------------------------------------------------------- +Tue Feb 14 15:18:22 UTC 2023 - Marcus Rueckert + +- Update to 1.77.0 + - Features + - Experimental support for MSC3952: intentional mentions. + (#14823, #14943, #14957, #14958) + - Experimental support to suppress notifications from message + edits (MSC3958). (#14960, #15016) + - Add profile information, devices and connections to the + command line user data export tool. (#14894) + - Improve performance when joining or sending an event in large + rooms. (#14962) + - Improve performance of joining and leaving large rooms with + many local users. (#14971) + - Bugfixes + - Fix bug where retried replication requests would return a + failure. Introduced in v1.76.0. (#15024) + - Fix a bug introduced in Synapse 1.53.0 where next_batch + tokens from /sync could not be used with the /relations + endpoint. (#14866) + - Fix a bug introduced in Synapse 1.35.0 where the module API's + send_local_online_presence_to would fail to send presence + updates over federation. (#14880) + - Fix a bug introduced in Synapse 1.70.0 where the background + updates to add non-thread unique indexes on receipts could + fail when upgrading from 1.67.0 or earlier. (#14915) + - Fix a regression introduced in Synapse 1.69.0 which can + result in database corruption when database migrations are + interrupted on sqlite. (#14926) + - Fix a bug introduced in Synapse 1.68.0 where we were unable + to service remote joins in rooms with @room notification + levels set to null in their (malformed) power levels. + (#14942) + - Fix a bug introduced in Synapse 1.64.0 where boolean power + levels were erroneously permitted in v10 rooms. (#14944) + - Fix a long-standing bug where sending messages on servers + with presence enabled would spam "Re-starting finished log + context" log lines. (#14947) + - Fix a bug introduced in Synapse 1.68.0 where logging from the + Rust module was not properly logged. (#14976) + - Fix various long-standing bugs in Synapse's config, event and + request handling where booleans were unintentionally accepted + where an integer was expected. (#14945) + - Internal Changes + - Prepare for future database schema changes. (#15036) + - Add missing type hints. (#14879, #14886, #14887, #14904, + #14927, #14956, #14983, #14984, #14985, #14987, #14988, + #14990, #14991, #14992, #15007) + - Use StrCollection to avoid potential bugs with + Collection[str]. (#14922) + - Allow running the complement tests suites with the asyncio + reactor enabled. (#14858) + - Improve performance of /sync in a few situations. (#14908, + #14970) + - Document how to handle Dependabot pull requests. (#14916) + - Fix typo in release script. (#14920) + - Update build system requirements to allow building with + poetry-core 1.5.0. (#14949, #15019) + - Add an lnav config file for Synapse logs to /contrib/lnav. + (#14953) + - Faster joins: Refactor internal handling of servers in room + to never store an empty list. (#14954) + - Faster joins: tag v2/send_join/ requests to indicate if they + served a partial join response. (#14950) + - Allow running cargo without the extension-module option. + (#14965) + - Preparatory work for adding a denormalised event stream + ordering column in the future. Contributed by Nick @ Beeper + (@Fizzadar). (#14979, 9cd7610, f10caa7; see #15014) + - Add tests for _flatten_dict. (#14981, #15002) + +------------------------------------------------------------------- +Tue Jan 31 23:13:24 UTC 2023 - Marcus Rueckert + +- Update to 1.76.0 + The 1.76 release is the first to enable faster joins (MSC3706 and + MSC3902) by default. Admins can opt-out: see the upgrade notes + for more details. + + The upgrade from 1.75 to 1.76 changes the account data + replication streams in a backwards-incompatible manner. Server + operators running a multi-worker deployment should consult the + upgrade notes. + + Those who are poetry installing from source using our lockfile + should ensure their poetry version is 1.3.2 or higher; see + upgrade notes. + + Notes on faster joins + + The faster joins project sees the most benefit when joining a + room with a large number of members (joined or historical). We + expect it to be particularly useful for joining large public + rooms like the Matrix HQ or Synapse Admins rooms. + + After a faster join, Synapse considers that room "partially + joined". In this state, you should be able to + + - read incoming messages; + - see incoming state changes, e.g. room topic changes; and + - send messages, if the room is unencrypted. + + Synapse has to spend more effort to complete the join in the + background. Once this finishes, you will be able to + + - send messages, if the room is in encrypted; + - retrieve room history from before your join, if permitted by + the room settings; and + - access the full list of room members. + + - Features + - Update the default room version to v10 (MSC 3904). + Contributed by @FSG-Cat. (#14111) + - Add a set_displayname() method to the module API for setting + a user's display name. (#14629) + - Add a dedicated listener configuration for health endpoint. + (#14747) + - Implement support for MSC3890: Remotely silence local + notifications. (#14775) + - Implement experimental support for MSC3930: Push rules for + (MSC3381) Polls. (#14787) + - Per MSC3925, bundle the whole of the replacement with any + edited events, and optionally inhibit server-side + replacement. (#14811) + - Faster joins: always serve a partial join response to servers + that request it with the stable query param. (#14839) + - Faster joins: allow non-lazy-loading ("eager") syncs to + complete after a partial join by omitting partial state rooms + until they become fully stated. (#14870) + - Faster joins: request partial joins by default. Admins can + opt-out of this for the time being---see the upgrade notes. + (#14905) + - Bugfixes + - Faster joins: Fix a bug introduced in Synapse 1.69 where + device list EDUs could fail to be handled after a restart + when a faster join sync is in progress. (#14914) + - Add index to improve performance of the /timestamp_to_event + endpoint used for jumping to a specific date in the timeline + of a room. (#14799) + - Fix a long-standing bug where Synapse would exhaust the stack + when processing many federation requests where the remote + homeserver has disconencted early. (#14812, #14842) + - Fix rare races when using workers. (#14820) + - Fix a bug introduced in Synapse 1.64.0 when using room + version 10 with frozen events enabled. (#14864) + - Fix a long-standing bug where the populate_room_stats + background job could fail on broken rooms. (#14873) + - Faster joins: Fix a bug in worker deployments where the room + stats and user directory would not get updated when finishing + a fast join until another event is sent or received. (#14874) + - Faster joins: Fix incompatibility with joins into restricted + rooms where no local users have the ability to invite. + (#14882) + - Fix a regression introduced in Synapse 1.69.0 which can + result in database corruption when database migrations are + interrupted on sqlite. (#14910) + - Updates to the Docker image + - Bump default Python version in the Dockerfile from 3.9 to + 3.11. (#14875) + - Improved Documentation + - Describe the ideas and the internal machinery behind faster + joins. (#14677) + - Include x_forwarded entry in the HTTP listener example + configs and remove the remaining worker_main_http_uri + entries. (#14667) + - Remove duplicate commands from the Code Style documentation + page; point to the Contributing Guide instead. (#14773) + - Add missing documentation for tag to listeners section. + (#14803) + - Updated documentation in configuration manual for + user_directory.search_all_users. (#14818) + - Add worker_manhole to configuration manual. (#14824) + - Fix the example config missing the id field in application + service documentation. (#14845) + - Minor corrections to the logging configuration documentation. + (#14868) + - Document the export user data command. Contributed by + @thezaidbintariq. (#14883) + - Deprecations and Removals + - Poetry 1.3.2 or higher is now required when poetry installing + from source. (#14860) + - Internal Changes + - Faster joins: Improve performance of looking up partial-state + status of rooms. (#14917) + - Faster remote room joins (worker mode): do not populate + external hosts-in-room cache when sending events as this + requires blocking for full state. (#14749) + - Enable Complement tests for Faster Remote Room Joins against + worker-mode Synapse. (#14752) + - Add some clarifying comments and refactor a portion of the + Keyring class for readability. (#14804) + - Add local poetry config files (poetry.toml) to .gitignore. + (#14807) + - Add missing type hints. (#14816, #14885, #14889) + - Refactor push tests. (#14819) + - Re-enable some linting that was disabled when we switched to + ruff. (#14821) + - Add cargo fmt and cargo clippy to the lint script. (#14822) + - Drop unused table presence. (#14825) + - Merge the two account data and the two device list + replication streams. (#14826, #14833) + - Faster joins: use stable identifiers from MSC3706. (#14832, + #14841) + - Add a parameter to control whether the federation client + performs a partial state join. (#14843) + - Add check to avoid starting duplicate partial state syncs. + (#14844) + - Add an early return when handling no-op presence updates. + (#14855) + - Fix wait_for_stream_position to correctly wait for the right + instance to advance its token. (#14856, #14872) + - Always notify replication when a stream advances + automatically. (#14877) + - Reduce max time we wait for stream positions. (#14881) + - Faster joins: allow the resync process more time to fetch + /state ids. (#14912) + - Bump regex from 1.7.0 to 1.7.1. (#14848) + - Bump peaceiris/actions-gh-pages from 3.9.1 to 3.9.2. (#14861) + - Bump ruff from 0.0.215 to 0.0.224. (#14862) + - Bump types-pillow from 9.4.0.0 to 9.4.0.3. (#14863) + - Bump types-opentracing from 2.4.10 to 2.4.10.1. (#14896) + - Bump ruff from 0.0.224 to 0.0.230. (#14897) + - Bump types-requests from 2.28.11.7 to 2.28.11.8. (#14899) + - Bump types-psycopg2 from 2.9.21.2 to 2.9.21.4. (#14900) + - Bump types-commonmark from 0.9.2 to 0.9.2.1. (#14901) + +------------------------------------------------------------------- +Tue Jan 17 13:47:48 UTC 2023 - Marcus Rueckert + +- Update to 1.75.0 + - Features + - Add a cached function to synapse.module_api that returns a + decorator to cache return values of functions. (#14663) + - Add experimental support for MSC3391 (removing account data). + (#14714) + - Support RFC7636 Proof Key for Code Exchange for OAuth single + sign-on. (#14750) + - Support non-OpenID compliant userinfo claims for subject and + picture. (#14753) + - Improve performance of /sync when filtering all rooms, + message types, or senders. (#14786) + - Improve performance of the /hierarchy endpoint. (#14263) + - Bugfixes + - Fix a bug introduced in Synapse 1.75.0rc1 where device lists + could be miscalculated with some sync filters. (#14810) + - Fix race where calling /members or /state with an at + parameter could fail for newly created rooms, when using + multiple workers. (#14817) + - Fix the MAU Limits section of the Grafana dashboard relying + on a specific job name for the workers of a Synapse + deployment. (#14644) + - Fix a bug introduced in Synapse 1.70.0 which could cause + spurious UNIQUE constraint failed errors in the rotate_notifs + background job. (#14669) + - Ensure stream IDs are always updated after caches get + invalidated with workers. Contributed by Nick @ Beeper + (@Fizzadar). (#14723) + - Remove the unspecced device field from /pushrules responses. + (#14727) + - Fix a bug introduced in Synapse 1.73.0 where the + picture_claim configured under oidc_providers was unused (the + default value of "picture" was used instead). (#14751) + - Unescape HTML entities in URL preview titles making use of + oEmbed responses. (#14781) + - Disable sending confirmation email when 3pid is disabled. + (#14725) + - Improved Documentation + - Declare support for Python 3.11. (#14673) + - Fix target_memory_usage being used in the description for the + actual cache_autotune sub-option target_cache_memory_usage. + (#14674) + - Move email to Server section in config file documentation. + (#14730) + - Fix broken links in the Synapse documentation. (#14744) + - Add missing worker settings to shared configuration + documentation. (#14748) + - Document using Twitter as a OAuth 2.0 authentication + provider. (#14778) + - Fix Synapse 1.74 upgrade notes to correctly explain how to + install pyICU when installing Synapse from PyPI. (#14797) + - Update link to towncrier in contribution guide. (#14801) + - Use htmltest to check links in the Synapse documentation. + (#14743) + - Internal Changes + - Faster remote room joins: stream the un-partial-stating of + events over replication. (#14545, #14546) + - Use ruff instead of flake8. (#14633, #14741) + - Change handle_new_client_event signature so that a 429 does + not reach clients on PartialStateConflictError, and + internally retry when needed instead. (#14665) + - Remove dependency on jQuery on reCAPTCHA page. (#14672) + - Faster joins: make compute_state_after_events consistent with + other state-fetching functions that take a StateFilter. + (#14676) + - Add missing type hints. (#14680, #14681, #14687) + - Improve type annotations for the helper methods on a + CachedFunction. (#14685) + - Check that the SQLite database file exists before porting to + PostgreSQL. (#14692) + - Add .direnv/ directory to .gitignore to prevent local state + generated by the direnv development tool from being + committed. (#14707) + - Batch up replication requests to request the resyncing of + remote users's devices. (#14716) + - If debug logging is enabled, log the msgids of any to-device + messages that are returned over /sync. (#14724) + - Change GHA CI job to follow best practices. (#14772) + - Switch to our fork of dh-virtualenv to work around an + upstream Python 3.11 incompatibility. (#14774) + - Skip testing built wheels for PyPy 3.7 on Linux x86_64 as we + lack new required dependencies in the build environment. + (#14802) + +------------------------------------------------------------------- +Tue Dec 20 20:16:04 UTC 2022 - Marcus Rueckert + +- Update to 1.74.0 + - Features + - Improve user search for international display names. (#14464) + - Stop using deprecated keyIds parameter when calling + /_matrix/key/v2/server. (#14490, #14525) + - Add new push.enabled config option to allow opting out of + push notification calculation. (#14551, #14619) + - Advertise support for Matrix 1.5 on /_matrix/client/versions. + (#14576) + - Improve opentracing and logging for to-device message + handling. (#14598) + - Allow selecting "prejoin" events by state keys in addition to + event types. (#14642) + - Bugfixes + - Fix a long-standing bug where a device list update might not + be sent to clients in certain circumstances. (#14435, #14592, + #14604) + - Suppress a spurious warning when POST + /rooms///, POST /join// + receive an empty HTTP request body. (#14600) + - Return spec-compliant JSON errors when unknown endpoints are + requested. (#14620, #14621) + - Update html templates to load images over HTTPS. Contributed + by @ashfame. (#14625) + - Fix a long-standing bug where the user directory would return + 1 more row than requested. (#14631) + - Reject invalid read receipt requests with empty room or event + IDs. Contributed by Nick @ Beeper (@Fizzadar). (#14632) + - Fix a bug introduced in Synapse 1.67.0 where not specifying a + config file or a server URL would lead to the + register_new_matrix_user script failing. (#14637) + - Fix a long-standing bug where the user directory and + room/user stats might be out of sync. (#14639, #14643) + - Fix a bug introduced in Synapse 1.72.0 where the background + updates to add non-thread unique indexes on receipts would + fail if they were previously interrupted. (#14650) + - Improve validation of field size limits in events. (#14664) + - Fix bugs introduced in Synapse 1.55.0 and 1.69.0 where + application services would not be notified of events in the + correct rooms, due to stale caches. (#14670) + - Improved Documentation + - Add release note and update documentation regarding optional + ICU support in user search. (#14712) + - Update worker settings for pusher and federation_sender + functionality. (#14493) + - Add links to third party package repositories, and point to + the bug which highlights Ubuntu's out-of-date packages. + (#14517) + - Remove old, incorrect minimum postgres version note and + replace with a link to the Dependency Deprecation Policy. + (#14590) + - Add Single-Sign On setup instructions for Mastodon-based + instances. (#14594) + - Change turn_allow_guests example value to lowercase true. + (#14634) + - Internal Changes + - Optimise push badge count calculations. Contributed by Nick @ + Beeper (@Fizzadar). (#14255) + - Faster remote room joins: stream the un-partial-stating of + rooms over replication. (#14473, #14474) + - Share the ClientRestResource for both workers and the main + process. (#14528) + - Add --editable flag to complement.sh which uses an editable + install of Synapse for faster turn-around times whilst + developing iteratively. (#14548) + - Faster joins: use servers list approximation to send read + receipts when in partial state instead of waiting for the + full state of the room. (#14549) + - Modernize unit tests configuration related to workers. + (#14568) + - Bump jsonschema from 4.17.0 to 4.17.3. (#14591) + - Fix Rust lint CI. (#14602) + - Bump JasonEtco/create-an-issue from 2.5.0 to 2.8.1. (#14607) + - Alter some unit test environment parameters to decrease time + spent running tests. (#14610) + - Switch to Go recommended installation method for gotestfmt + template in CI. (#14611) + - Bump phonenumbers from 8.13.0 to 8.13.1. (#14612) + - Bump types-setuptools from 65.5.0.3 to 65.6.0.1. (#14613) + - Bump twine from 4.0.1 to 4.0.2. (#14614) + - Bump types-requests from 2.28.11.2 to 2.28.11.5. (#14615) + - Bump cryptography from 38.0.3 to 38.0.4. (#14616) + - Remove useless cargo install with apt from Dockerfile. + (#14636) + - Bump certifi from 2021.10.8 to 2022.12.7. (#14645) + - Bump flake8-bugbear from 22.10.27 to 22.12.6. (#14656) + - Bump packaging from 21.3 to 22.0. (#14657) + - Bump types-pillow from 9.3.0.1 to 9.3.0.4. (#14658) + - Bump serde from 1.0.148 to 1.0.150. (#14659) + - Bump phonenumbers from 8.13.1 to 8.13.2. (#14660) + - Bump authlib from 1.1.0 to 1.2.0. (#14661) + - Move StateFilter to synapse.types. (#14668) + - Improve type hints. (#14597, #14646, #14671) + +------------------------------------------------------------------- +Tue Dec 6 13:39:40 UTC 2022 - Marcus Rueckert + +- Update to 1.73.0 + Please note that legacy Prometheus metric names have been removed + in this release; see the upgrade notes for more details. + + https://github.com/matrix-org/synapse/blob/release-v1.73/docs/upgrade.md#legacy-prometheus-metric-names-have-now-been-removed + + - Features + - Speed-up /messages with filter_events_for_client + optimizations. (#14527) + - Improve DB performance by reducing amount of data that gets + read in device_lists_changes_in_room. (#14534) + - Adds support for handling avatar in SSO OIDC login. + Contributed by @ashfame. (#13917) + - Move MSC3030 /timestamp_to_event endpoints to stable v1 + location + (/_matrix/client/v1/rooms//timestamp_to_event?ts=&dir=, + /_matrix/federation/v1/timestamp_to_event/?ts=&dir=). + (#14471) + - Reduce database load of Client-Server endpoints which return + bundled aggregations. (#14491, #14508, #14510) + - Add unstable support for an Extensible Events room version + (org.matrix.msc1767.10) via MSC1767, MSC3931, MSC3932, and + MSC3933. (#14520, #14521, #14524) + - Prune user's old devices on login if they have too many. + (#14038, #14580) + - Bugfixes + - Fix a regression in Synapse 1.73.0rc1 where Synapse's main + process would stop responding to HTTP requests when a user + with a large number of devices logs in. (#14582) + - Fix a long-standing bug where paginating from the start of a + room did not work. Contributed by @gnunicorn. (#14149) + - Fix a bug introduced in Synapse 1.58.0 where a user with + presence state org.matrix.msc3026.busy would mistakenly be + set to online when calling /sync or /events on a worker + process. (#14393) + - Fix a bug introduced in Synapse 1.70.0 where a receipt's + thread ID was not sent over federation. (#14466) + - Fix a long-standing bug where the List media admin API would + fail when processing an image with broken thumbnail + information. (#14537) + - Fix a bug introduced in Synapse 1.67.0 where two logging + context warnings would be logged on startup. (#14574) + - In application service transactions that include the + experimental org.matrix.msc3202.device_one_time_key_counts + key, include a duplicate key of + org.matrix.msc3202.device_one_time_keys_count to match the + name proposed by MSC3202. (#14565) + - Fix a bug introduced in Synapse 0.9 where Synapse would fail + to fetch server keys whose IDs contain a forward slash. + (#14490) + - Improved Documentation + - Fixed link to 'Synapse administration endpoints'. (#14499) + - Deprecations and Removals + - Remove legacy Prometheus metrics names. They were deprecated + in Synapse v1.69.0 and disabled by default in Synapse + v1.71.0. (#14538) + - Internal Changes + - Improve type hinting throughout Synapse. (#14055, #14412, + #14529, #14452). + - Remove old stream ID tracking code. Contributed by Nick + @beeper (@Fizzadar). (#14376, #14468) + - Remove the worker_main_http_uri configuration setting. This + is now handled via internal replication. (#14400, #14476) + - Refactor federation_sender and pusher configuration loading. + (#14496) + - (#14509, #14573) + - Faster joins: do not wait for full state when creating events + to send. (#14403) + - Faster joins: filter out non local events when a room doesn't + have its full state. (#14404) + - Faster joins: send events to initial list of servers if we + don't have the full state yet. (#14408) + - Faster joins: use servers list approximation received during + send_join (potentially updated with received membership + events) in assert_host_in_room. (#14515) + - Fix type logic in TCP replication code that prevented + correctly ignoring blank commands. (#14449) + - Remove option to skip locking of tables when performing + emulated upserts, to avoid a class of bugs in future. + (#14469) + - scripts-dev/federation_client: Fix routing on servers with + .well-known files. (#14479) + - Reduce default third party invite rate limit to 216 invites + per day. (#14487) + - Refactor conversion of device list changes in room to + outbound pokes to track unconverted rows using a (stream ID, + room ID) position instead of updating the + converted_to_destinations flag on every row. (#14516) + - Add more prompts to the bug report form. (#14522) + - Extend editorconfig rules on indent and line length to .pyi + files. (#14526) + - Run Rust CI when Cargo.lock changes. This is particularly + useful for dependabot updates. (#14571) + - Fix a possible variable shadow in create_new_client_event. + (#14575) + - Bump various dependencies in the poetry.lock file and in CI + scripts. (#14557, #14559, #14560, #14500, #14501, #14502, + #14503, #14504, #14505). +- Bump dependencies to follow poetry bumps: + phonenumbers 8.12.44 -> 8.13.00 + sentry-sdk 1.10.1 -> 1.11.0 + +------------------------------------------------------------------- +Tue Nov 22 13:18:00 UTC 2022 - Marcus Rueckert + +- Update to 1.72.0 + Please note that Synapse now only supports PostgreSQL 11+, + because PostgreSQL 10 has reached end-of-life, c.f. our + Deprecation Policy. + + - Features + - Add experimental support for MSC3912: Relation-based + redactions. (#14260) + - Build Debian packages for Ubuntu 22.10 (Kinetic Kudu). + (#14396) + - Add an Admin API endpoint for user lookup based on + third-party ID (3PID). Contributed by @ashfame. (#14405) + - Faster joins: include heroes' membership events in the + partial join response, for rooms without a name or canonical + alias. (#14442) + - Bugfixes + - Update forgotten references to legacy metrics in the included + Grafana dashboard. (#14477) + - Faster joins: do not block creation of or queries for room + aliases during the resync. (#14292) + - Fix a bug introduced in Synapse 1.64.0rc1 which could cause + log spam when fetching events from other homeservers. + (#14347) + - Fix a bug introduced in 1.66 which would not send certain + pushrules to clients. Contributed by Nico. (#14356) + - Fix a bug introduced in v1.71.0rc1 where the power level + event was incorrectly created during initial room creation. + (#14361) + - Fix the refresh token endpoint to be under /r0 and /v3 + instead of /v1. Contributed by Tulir @ Beeper. (#14364) + - Fix a long-standing bug where Synapse would raise an error + when encountering an unrecognised field in a /sync filter, + instead of ignoring it for forward compatibility. (#14369) + - Fix a background database update, introduced in Synapse + 1.64.0, which could cause poor database performance. (#14374) + - Fix PostgreSQL sometimes using table scans for queries + against the event_search table, taking a long time and a + large amount of IO. (#14409) + - Fix rendering of some HTML templates (including emails). + Introduced in v1.71.0. (#14448) + - Fix a bug introduced in Synapse 1.70.0 where the background + updates to add non-thread unique indexes on receipts could + fail when upgrading from 1.67.0 or earlier. (#14453) + - Updates to the Docker image + - Add all Stream Writer worker types to + configure_workers_and_start.py. (#14197) + - Remove references to legacy worker types in the multi-worker + Dockerfile. (#14294) + - Improved Documentation + - Upload documentation PRs to Netlify. (#12947, #14370) + - Add addtional TURN server configuration example based on + eturnal and adjust general TURN server doc structure. + (#14293) + - Add example on how to load balance /sync requests. + Contributed by aceArt. (#14297) + - Edit sample Nginx reverse proxy configuration to use + HTTP/1.1. Contributed by Brad Jones. (#14414) + - Deprecations and Removals + - Remove support for PostgreSQL 10. (#14392, #14397) + - Internal Changes + - Run unit tests against Python 3.11. (#13812) + - Add TLS support for generic worker endpoints. (#14128, + #14455) + - Switch to a maintained action for installing Rust in CI. + (#14313) + - Add override ability to complement.sh command line script to + request certain types of workers. (#14324) + - Enabling testing of MSC3874 (filtering of /messages by + relation type) in complement. (#14339) + - Concisely log a failure to resolve state due to missing + prev_events. (#14346) + - Use a maintained Github action to install Rust. (#14351) + - Cleanup old worker datastore classes. Contributed by Nick @ + Beeper (@Fizzadar). (#14375) + - Test against PostgreSQL 15 in CI. (#14394) + - Remove unreachable code. (#14410) + - Clean-up event persistence code. (#14411) + - Update docstring to clarify that + get_partial_state_events_batch does not just give you + completely arbitrary partial-state events. (#14417) + - Fix mypy errors introduced by bumping the locked version of + attrs and gitpython. (#14433) + - Make Dependabot only bump Rust deps in the lock file. + (#14434) + - Fix an incorrect stub return type for PushRuleEvaluator.run. + (#14451) + - Improve performance of /context in large rooms. (#14461) +- bump dependencies based on poetry lock + Pillow 9.2.0 => 9.3.0 + attrs 21.4.0 => 22.1.0 + Twisted 22.4.0 => 22.10.0 + cryptography 36.0.1 => 38.0.3 + jsonschema 4.4.6 => 4.17.0 + +------------------------------------------------------------------- +Tue Nov 8 13:05:47 UTC 2022 - Marcus Rueckert + +- Update to 1.71.0 + Please note that, as announced in the release notes for Synapse + 1.69.0, legacy Prometheus metric names are now disabled by + default. They will be removed altogether in Synapse 1.73.0. If + not already done, server administrators should update their + dashboards and alerting rules to avoid using the deprecated + metric names. See the upgrade notes for more details. + + Note: in line with our deprecation policy for platform + dependencies, this will be the last release to support PostgreSQL + 10, which reaches upstream end-of-life on November 10th, 2022. + Future releases of Synapse will require PostgreSQL 11+. + - Features + - Support back-channel logouts from OpenID Connect providers. + (#11414) + - Allow use of Postgres and SQLlite full-text search operators in + search queries. (#11635, #14310, #14311) + - Implement MSC3664, Pushrules for relations. Contributed by + Nico. (#11804) + - Improve aesthetics of HTML templates. Note that these changes + do not retroactively apply to templates which have been + customised by server admins. (#13652) + - Enable write-ahead logging for SQLite installations. + Contributed by @asymmetric. (#13897) + - Show erasure status when listing users in the Admin API. + (#14205) + - Provide a specific error code when a /sync request provides a + filter which doesn't represent a JSON object. (#14262) + - Bugfixes + - Fix a long-standing bug where the update_synapse_database + script could not be run with multiple databases. Contributed by + @thefinn93 @ Beeper. (#13422) + - Fix a bug which prevented setting an avatar on homeservers + which have an explicit port in their server_name and have + max_avatar_size and/or allowed_avatar_mimetypes configuration. + Contributed by @ashfame. (#13927) + - Check appservice user interest against the local users instead + of all users in the room to align with MSC3905. (#13958) + - Fix a long-standing bug where Synapse would accidentally + include extra information in the response to PUT + /_matrix/federation/v2/invite/{roomId}/{eventId}. (#14064) + - Fix a bug introduced in Synapse 1.64.0 where presence updates + could be missing from /sync responses. (#14243) + - Fix a bug introduced in Synapse 1.60.0 which caused an error to + be logged when Synapse received a SIGHUP signal if debug + logging was enabled. (#14258) + - Prevent history insertion (MSC2716) during an partial join + (MSC3706). (#14291) + - Fix a bug introduced in Synapse 1.34.0 where device names would + be returned via a federation user key query request when + allow_device_name_lookup_over_federation was set to false. + (#14304) + - Fix a bug introduced in Synapse 0.34.0 where logs could include + error spam when background processes are measured as taking a + negative amount of time. (#14323) + - Fix a bug introduced in Synapse 1.70.0 where clients were + unable to PUT new dehydrated devices. (#14336) + - Improved Documentation + - Document the changes to monthly active user metrics due to + deprecation of legacy Prometheus metric names. (#14358, #14360) + - Explain how to disable the use of trusted_key_servers. (#13999) + - Add workers settings to configuration manual. (#14086) + - Correct the name of the config option + encryption_enabled_by_default_for_room_type. (#14110) + - Update docstrings of SynapseError and FederationError to + bettter describe what they are used for and the effects of + using them are. (#14191) + - Deprecations and Removals + - Disable legacy Prometheus metric names by default. They can + still be re-enabled for now, but they will be removed + altogether in Synapse 1.73.0. (#14353) + - Internal Changes + - Run unit tests against Python 3.11. (#13812) + - Remove unused @lru_cache decorator. (#13595) + - Save login tokens in database and prevent login token reuse. + (#13844) + - Refactor OIDC tests to better mimic an actual OIDC provider. + (#13910) + - Fix type annotation causing import time error in the Complement + forking launcher. (#14084) + - Refactor MSC3030 /timestamp_to_event endpoint to loop over + federation destinations with standard pattern and error + handling. (#14096) + - Add initial power level event to batch of bulk persisted events + when creating a new room. (#14228) + - Refactor /key/ endpoints to use RestServlet classes. (#14229) + - Switch to using the matrix-org/backend-meta version of + triage-incoming for new issues in CI. (#14230) + - Build wheels on macos 11, not 10.15. (#14249) + - Add debugging to help diagnose lost device list updates. + (#14268) + - Add Rust cache to CI for trial runs. (#14287) + - Improve type hinting of RawHeaders. (#14303) + - Use Poetry 1.2.0 in the Twisted Trunk CI job. (#14305) +- follow poetry version bumps: + Jinja2 3.1.2 + Pillow 9.2.0 + prometheus-client 0.15.0 + psycopg2 2.9.5 + pysaml2 7.2.1 + sentry-sdk 1.10.1 + Authlib 0.15.1 + +------------------------------------------------------------------- +Fri Oct 28 14:48:00 UTC 2022 - Marcus Rueckert + +- Update to 1.70.1 + - Bugfixes + - Fix a bug introduced in Synapse 1.70.0rc1 where the access + tokens sent to application services as headers were + malformed. Application services which were obtaining access + tokens from query parameters were not affected. (#14301) + - Fix room creation being rate limited too aggressively since + Synapse v1.69.0. (#14314) + +------------------------------------------------------------------- +Wed Oct 26 11:56:57 UTC 2022 - Marcus Rueckert + +- Update to 1.70.0 + - Features + - Support for MSC3856: threads list API. (#13394, #14171, + #14175) + - Support for thread-specific notifications & receipts (MSC3771 + and MSC3773). (#13776, #13824, #13877, #13878, #14050, + #14140, #14159, #14163, #14174, #14222) + - Stop fetching missing prev_events after we already know their + signature is invalid. (#13816) + - Send application service access tokens as a header (and query + parameter). Implements MSC2832. (#13996) + - Ignore server ACL changes when generating pushes. Implements + MSC3786. (#13997) + - Experimental support for redirecting to an implementation of + a MSC3886 HTTP rendezvous service. (#14018) + - The /relations endpoint can now be used on workers. (#14028) + - Advertise support for Matrix 1.3 and 1.4 on + /_matrix/client/versions. (#14032, #14184) + - Improve validation of request bodies for the Device + Management and MSC2697 Device Dehyrdation client-server API + endpoints. (#14054) + - Experimental support for MSC3874. (#14148) + - Improve the validation of the following PUT endpoints: + /directory/room/{roomAlias}, /directory/list/room/{roomId} + and /directory/list/appservice/{networkId}/{roomId}. (#14179) + - Build and publish binary wheels for aarch64 platforms. + (#14212) + - Bugfixes + - Fix a bug introduced in Synapse 1.70.0rc1 where the + information returned from the /threads API could be stale + when threaded events are redacted. (#14248) + - Fix a bug introduced in Synapse 1.70.0rc1 leading to broken + outbound federation when using Python 3.7. (#14280) + - Fix a bug introduced in Synapse 1.70.0rc1 where edits to + non-message events were aggregated by the homeserver. + (#14283) + - Prevent device names from appearing in device list updates + when allow_device_name_lookup_over_federation is false. + (#10015) + - Fix a long-standing bug where redactions were not being sent + over federation if we did not have the original event. + (#13813) + - Fix a long-standing bug where edits of non-m.room.message + events would not be correctly bundled or have their new + content applied. (#14034) + - Fix a bug introduced in Synapse 1.53.0 when querying + /publicRooms with both a room_type filter and a + third_party_instance_id. (#14053) + - Fix a bug introduced in Synapse 1.35.0 where errors parsing a + /send_join or /state response would produce excessive, + low-quality Sentry events. (#14065) + - Fix a long-standing bug where Synapse would error on the + optional 'invite_room_state' field not being provided to PUT + /_matrix/federation/v2/invite/{roomId}/{eventId}. (#14083) + - Fix a bug where invalid oEmbed fields would cause the entire + response to be discarded. Introduced in Synapse 1.18.0. + (#14089) + - Fix a bug introduced in Synapse 1.37.0 in which an incorrect + key name was used for sending and receiving room metadata + when knocking on a room. (#14102) + - Fix a bug introduced in v1.69.0rc1 where the joined hosts for + a given event were not being properly cached. (#14125) + - Fix a bug introduced in Synapse 1.30.0 where purging and + rejoining a room without restarting in-between would result + in a broken room. (#14161, #14164) + - Fix MSC3030 /timestamp_to_event endpoint returning + potentially inaccurate closest events with outliers present. + (#14215) + - Updates to the Docker image + - Update the version of frozendict in Docker images and Debian + packages from 2.3.3 to 2.3.4, which may fix memory leak + problems. (#13955) + - Use the minimal Rust profile when building Synapse. (#14141) + - Prevent a class of database sharding errors when using + Dockerfile-workers to spawn multiple instances of the same + worker. Contributed by Jason Little. (#14165) + - Set LD_PRELOAD to use jemalloc memory allocator in + Dockerfile-workers. (#14182) + - Fix pre-startup logging being lost when using the + Dockerfile-workers image. (#14195) + - Improved Documentation + - Add sample worker files for pusher and federation_sender. + (#14077) + - Improve the listener example on the metrics documentation. + (#14078) + - Expand Google OpenID Connect example config to map email + attribute. Contributed by @ptman. (#14081) + - The changelog entry ending in a full stop or exclamation mark + is not optional. (#14087) + - Fix links to jemalloc documentation, which were broken in + #13491. (#14093) + - Remove not needed replication listener in docker compose + example. (#14107) + - Fix name of alias_creation_rules option in the config manual + documentation. (#14124) + - Clarify comment on event contexts. (#14145) + - Fix dead link to the Admin Registration API. (#14189) + - Deprecations and Removals + - Remove the experimental implementation of MSC3772. (#14094) + - Remove the unstable identifier for MSC3715. (#14106, #14146) + - Internal Changes + - Build ABI3 wheels for CPython. (#14253) + - For the aarch64 architecture, only build wheels for CPython + manylinux. (#14259) + - Optimise queries used to get a users rooms during sync. + Contributed by Nick @ Beeper (@Fizzadar). (#13991) + - Update authlib from 0.15.5 to 1.1.0. (#14006) + - Make parse_server_name consistent in handling invalid server + names. (#14007) + - Don't repeatedly wake up the same users for batched events. + (#14033) + - Complement test image: capture logs from nginx. (#14063) + - Don't create noisy Sentry events when a requester drops + connection to the metrics server mid-request. (#14072) + - Run the integration test suites with the asyncio reactor + enabled in CI. (#14092) + - Add debug logs to figure out why an event was filtered out of + the client response. (#14095) + - Indicate what endpoint came back with a JSON response we were + unable to parse. (#14097) + - Break up calls to fetch rooms for many users. Contributed by + Nick @ Beeper (@Fizzadar). (#14109) + - Faster joins: prioritise the server we joined by when + restarting a partial join resync. (#14126) + - Cache Rust build cache when building docker images. (#14130) + - Enable dependabot for Rust dependencies. (#14132) + - Bump typing-extensions from 4.1.1 to 4.4.0. (#14134) + - Use the minimal Rust profile when building Synapse. (#14141) + - Remove unused configuration code. (#14142) + - Prepare for the gotestfmt repository move. (#14144) + - Invalidate rooms for user caches on replicated event, fix + sync cache race in synapse workers. Contributed by Nick @ + Beeper (@Fizzadar). (#14155) + - Enable url previews when testing with complement. (#14198) + - When authenticating batched events, check for auth events in + batch as well as DB. (#14214) + - Update CI config to avoid GitHub Actions deprecation + warnings. (#14216, #14224) + - Update dependency requirements to allow building with + poetry-core 1.3.2. (#14217) + - Rename the cache_memory extra to cache-memory, for + compatability with poetry-core 1.3.0 and PEP 685. From-source + installations using this extra will need to install using the + new name. (#14221) + - Specify dev-dependencies using lower bounds, to reduce the + likelihood of a dependabot merge conflict. The lockfile + continues to pin to specific versions. (#14227) +- Drop https://patch-diff.githubusercontent.com/raw/matrix-org/synapse/pull/14221.patch + +------------------------------------------------------------------- +Thu Oct 20 10:44:17 UTC 2022 - Marcus Rueckert + +- As 14221.patch is modified to skip the parts we dont need + (changelog snippets) remove the url from the spec file. + +------------------------------------------------------------------- +Tue Oct 18 14:52:09 UTC 2022 - Marcus Rueckert + +- All the shebang line fixing should skip the vendor directory so + that we do not break the checksum checks in cargo. + +------------------------------------------------------------------- +Tue Oct 18 12:44:57 UTC 2022 - Marcus Rueckert + +- Added https://patch-diff.githubusercontent.com/raw/matrix-org/synapse/pull/14221.patch + Same fix for the cache_memory as for url_preview + +------------------------------------------------------------------- +Tue Oct 18 10:45:30 UTC 2022 - pgajdos@suse.com + +- python-six is not required + https://trello.com/c/MO53MocR/143-remove-python3-six + +------------------------------------------------------------------- +Mon Oct 17 19:49:55 UTC 2022 - Marcus Rueckert + +- Update to 1.69.0 + Please note that legacy Prometheus metric names are now + deprecated and will be removed in Synapse 1.73.0. Server + administrators should update their dashboards and alerting rules + to avoid using the deprecated metric names. See the upgrade notes + for more details. + + - Features + - Allow application services to set the origin_server_ts of a + state event by providing the query parameter ts in PUT + /_matrix/client/r0/rooms/{roomId}/state/{eventType}/{stateKey}, + per MSC3316. Contributed by @lukasdenk. (#11866) + - Allow server admins to require a manual approval process + before new accounts can be used (using MSC3866). (#13556) + - Exponentially backoff from backfilling the same event over + and over. (#13635, #13936) + - Add cache invalidation across workers to module API. (#13667, + #13947) + - Experimental implementation of MSC3882 to allow an existing + device/session to generate a login token for use on a new + device/session. (#13722, #13868) + - Experimental support for thread-specific receipts (MSC3771). + (#13782, #13893, #13932, #13937, #13939) + - Add experimental support for MSC3881: Remotely toggle push + notifications for another client. (#13799, #13831, #13860) + - Keep track when an event pulled over federation fails its + signature check so we can intelligently back-off in the + future. (#13815) + - Improve validation for the unspecced, internal-only + _matrix/client/unstable/add_threepid/msisdn/submit_token + endpoint. (#13832) + - Faster remote room joins: record when we first partial-join + to a room. (#13892) + - Support a dir parameter on the /relations endpoint per + MSC3715. (#13920) + - Ask mail servers receiving emails from Synapse to not send + automatic replies (e.g. out-of-office responses). (#13957) + - Bugfixes + - Fix poor performance of the event_push_backfill_thread_id + background update, which was introduced in Synapse 1.68.0rc1. + (#14172, #14181) + - Fix an issue with Docker images causing the Rust dependencies + to not be pinned correctly. Introduced in v1.68.0 (#14129) + - Fix a bug introduced in Synapse 1.69.0rc1 which would cause + registration replication requests to fail if the worker + sending the request is not running Synapse 1.69. (#14135) + - Fix error in background update when rotating existing + notifications. Introduced in v1.69.0rc2. (#14138) + - Send push notifications for invites received over federation. + (#13719, #14014) + - Fix a long-standing bug where typing events would be accepted + from remote servers not present in a room. Also fix a bug + where incoming typing events would cause other incoming + events to get stuck during a fast join. (#13830) + - Fix a bug introduced in Synapse v1.53.0 where the + experimental implementation of MSC3715 would give incorrect + results when paginating forward. (#13840) + - Fix access token leak to logs from proxy agent. (#13855) + - Fix have_seen_event cache not being invalidated after we + persist an event which causes inefficiency effects like extra + /state federation calls. (#13863) + - Faster room joins: Fix a bug introduced in 1.66.0 where an + error would be logged when syncing after joining a room. + (#13872) + - Fix a bug introduced in 1.66.0 where some required fields in + the pushrules sent to clients were not present anymore. + Contributed by Nico. (#13904) + - Fix packaging to include Cargo.lock in sdist. (#13909) + - Fix a long-standing bug where device updates could cause + delays sending out to-device messages over federation. + (#13922) + - Fix a bug introduced in v1.68.0 where Synapse would require + setuptools_rust at runtime, even though the package is only + required at build time. (#13952) + - Fix a long-standing bug where POST + /_matrix/client/v3/keys/query requests could result in + excessively large SQL queries. (#13956) + - Fix a performance regression in the get_users_in_room + database query. Introduced in v1.67.0. (#13972) + - Fix a bug introduced in v1.68.0 bug where Rust extension + wasn't built in release mode when using poetry install. + (#14009) + - Do not return an unspecified original_event field when using + the stable /relations endpoint. Introduced in Synapse + v1.57.0. (#14025) + - Correctly handle a race with device lists when a remote user + leaves during a partial join. (#13885) + - Correctly handle sending local device list updates to remote + servers during a partial join. (#13934) + - Improved Documentation + - Add worker_main_http_uri for the worker generator bash + script. (#13772) + - Update URL for the NixOS module for Synapse. (#13818) + - Fix a mistake in sso_mapping_providers.md: + map_user_attributes is expected to return display_name, not + displayname. (#13836) + - Fix a cross-link from the registration admin API to the + registration_shared_secret configuration documentation. + (#13870) + - Update the man page for the hash_password script to correct + the default number of bcrypt rounds performed. (#13911, + #13930) + - Emphasize the right reasons when to use (room_id, event_id) + in a database schema. (#13915) + - Add instruction to contributing guide for running unit tests + in parallel. Contributed by @ashfame. (#13928) + - Clarify that the auto_join_rooms config option can also be + used with Space aliases. (#13931) + - Add some cross references to worker documentation. (#13974) + - Linkify urls in config documentation. (#14003) + - Updates to the Docker image + - Fix docker build OOMing in CI for arm64 builds. (#14173) + - Deprecations and Removals + - Remove the complete_sso_login method from the Module API + which was deprecated in Synapse 1.13.0. (#13843) + - Announce that legacy metric names are deprecated, will be + turned off by default in Synapse v1.71.0 and removed + altogether in Synapse v1.73.0. See the upgrade notes for more + information. (#14024) + - Deprecate the generate_short_term_login_token method in favor + of an async create_login_token method in the Module API. + (#13842) + - Internal Changes + - Rename the url_preview extra to url-preview, for + compatability with poetry-core 1.3.0 and PEP 685. From-source + installations using this extra will need to install using the + new name. (#14085) + - Ensure Synapse v1.69 works with upcoming database changes in + v1.70. (#14045) + - Fix a bug introduced in Synapse v1.68.0 where messages could + not be sent in rooms with non-integer notifications power + level. (#14073) + - Temporarily pin build-system requirements to workaround an + incompatibility with poetry-core 1.3.0. This will be reverted + before the v1.69.0 release proper, see #14079. (#14080) + - Speed up creation of DM rooms. (#13487, #13800) + - Port push rules to using Rust. (#13768, #13838, #13889) + - Optimise get rooms for user calls. Contributed by Nick @ + Beeper (@Fizzadar). (#13787) + - Update the script which makes full schema dumps. (#13792) + - Use shared methods for cache invalidation when persisting + events, remove duplicate codepaths. Contributed by Nick @ + Beeper (@Fizzadar). (#13796) + - Improve the synapse.api.auth.Auth mock used in unit tests. + (#13809) + - Faster Remote Room Joins: tell remote homeservers that we are + unable to authorise them if they query a room which has + partial state on our server. (#13823) + - Carry IdP Session IDs through user-mapping sessions. (#13839) + - Fix the release script not publishing binary wheels. (#13850) + - Raise issue if complement fails with latest deps. (#13859) + - Correct the comments in the complement dockerfile. (#13867) + - Create a new snapshot of the database schema. (#13873) + - Faster room joins: Send device list updates to most servers + in rooms with partial state. (#13874, #14013) + - Add comments to the Prometheus recording rules to make it + clear which set of rules you need for Grafana or Prometheus + Console. (#13876) + - Only pull relevant backfill points from the database based on + the current depth and limit (instead of all) every time we + want to /backfill. (#13879) + - Faster room joins: Avoid waiting for full state when + processing /keys/changes requests. (#13888) + - Improve backfill robustness by trying more servers when we + get a 4xx error back. (#13890) + - Fix mypy errors with canonicaljson 1.6.3. (#13905) + - Faster remote room joins: correctly handle remote device list + updates during a partial join. (#13913) + - Complement image: propagate SIGTERM to all workers. (#13914) + - Update an innaccurate comment in Synapse's upsert database + helper. (#13924) + - Update mypy (0.950 -> 0.981) and mypy-zope (0.3.7 -> 0.3.11). + (#13925, #13993) + - Use dedicated get_local_users_in_room(room_id) function to + find local users when calculating users to copy over during a + room upgrade. (#13960) + - Refactor language in user directory _track_user_joined_room + code to make it more clear that we use both local and remote + users. (#13966) + - Revert catch-all exceptions being recorded as event pull + attempt failures (only handle what we know about). (#13969) + - Speed up calculating push actions in large rooms. (#13973, + #13992) + - Enable update notifications from Github's dependabot. + (#13976) + - Prototype a workflow to automatically add changelogs to + dependabot PRs. (#13998, #14011, #14017, #14021, #14027) + - Fix type annotations to be compatible with new annotations in + development versions of twisted. (#14012) + - Clear out stale entries in event_push_actions_staging table. + (#14020) + - Bump versions of GitHub actions. (#13978, #13979, #13980, + #13982, #14015, #14019, #14022, #14023) +- modified bump-dependencies.patch: + to undo the upper bound for poetry-core again as we already have + a newer version in TW +- drop patches which are included in the update: + - 14085-extra-check.patch + - 13952.patch +- refreshed patches: + - matrix-synapse-1.4.1-paths.patch + +------------------------------------------------------------------- +Sat Oct 15 10:02:06 UTC 2022 - Ben Greiner + +- Replace fragile workaround which is not specification compliant + with 14085-extra-check.patch -- gh#matrix-org/synapse#14085 +- Fix python site-packages fdupes + +------------------------------------------------------------------- +Fri Oct 14 13:34:26 UTC 2022 - Marcus Rueckert + +- Add workaround for poetry >= 1.3.0 (boo#1204312) + Also add the unnormalized name to the Metadata so that the + checks inside synapse work correctly. + +------------------------------------------------------------------- +Sun Oct 9 21:58:05 UTC 2022 - Ben Greiner + +- Reduce BuildRequires footprint with poetry-core instead of poetry + +------------------------------------------------------------------- +Fri Sep 30 09:37:21 UTC 2022 - Marcus Rueckert + +- added https://patch-diff.githubusercontent.com/raw/matrix-org/synapse/pull/13952.patch + this prevents setuptools-rust being enforced as a runtime + dependency. Drop dependency in the package again. + +------------------------------------------------------------------- +Wed Sep 28 01:07:43 UTC 2022 - Marcus Rueckert + +- synapse checks for setuptools-rust as a runtime dep. add this + until we figured out a better solution + +------------------------------------------------------------------- +Tue Sep 27 20:50:59 UTC 2022 - Marcus Rueckert + +- Update to 1.68.0 + Please note that Synapse will now refuse to start if configured + to use a version of SQLite older than 3.27. + + In addition, please note that installing Synapse from a source + checkout now requires a recent Rust compiler. Those using + packages will not be affected. On most platforms, installing with + pip install matrix-synapse will not be affected. See the upgrade + notes. + + - Features + - Keep track of when we fail to process a pulled event over + federation so we can intelligently back off in the future. + (#13589, #13814) + - Add an admin API endpoint to fetch messages within a + particular window of time. (#13672) + - Add an admin API endpoint to find a user based on their + external ID in an auth provider. (#13810) + - Cancel the processing of key query requests when they time + out. (#13680) + - Improve validation of request bodies for the following + client-server API endpoints: + /account/3pid/msisdn/requestToken, + /org.matrix.msc3720/account_status, /account/3pid/add, + /account/3pid/bind, /account/3pid/delete and + /account/3pid/unbind. (#13687, #13736) + - Document the timestamp when a user accepts the consent, if + consent tracking is used. (#13741) + - Add a listeners[x].request_id_header configuration option to + specify which request header to extract and use as the + request ID in order to correlate requests from a reverse + proxy. (#13801) + - Bugfixes + - Fix packaging to include Cargo.lock in sdist. (#13909) + - Fix building from packaged sdist. Broken in v1.68.0rc1. + (#13866) + - Fix a bug introduced in Synapse 1.41.0 where the /hierarchy + API returned non-standard information (a room_id field under + each entry in children_state). (#13506) + - Fix a long-standing bug where previously rejected events + could end up in room state because they pass auth checks + given the current state of the room. (#13723) + - Fix a long-standing bug where Synapse fails to start if a + signing key file contains an empty line. (#13738) + - Fix a long-standing bug where Synapse would fail to handle + malformed user IDs or room aliases gracefully in certain + cases. (#13746) + - Fix a long-standing bug where device lists would remain + cached when remote users left and rejoined the last room + shared with the local homeserver. (#13749, #13826) + - Fix a long-standing bug that could cause stale caches in some + rare cases on the first startup of Synapse with replication. + (#13766) + - Fix a long-standing spec compliance bug where Synapse would + accept a trailing slash on the end of /get_missing_events + federation requests. (#13789) + - Delete associated data from event_failed_pull_attempts, + insertion_events, insertion_event_extremities, + insertion_event_extremities, insertion_event_extremities when + purging the room. (#13825) + - Improved Documentation + - Note that libpq is required on ARM-based Macs. (#13480) + - Fix a mistake in the config manual introduced in Synapse + 1.22.0: the event_cache_size is scaled by + caches.global_factor. (#13726) + - Fix a typo in the documentation for the login ratelimiting + configuration. (#13727) + - Define Synapse's compatability policy for SQLite versions. + (#13728) + - Add docs for the common fix of deleting the + matrix_synapse.egg-info/ directory for fixing Python + dependency problems. (#13785) + - Update request log format documentation to mention the format + used when the authenticated user is controlling another user. + (#13794) + - Deprecations and Removals + - Synapse will now refuse to start if configured to use SQLite + < 3.27. (#13760) + - Don't include redundant prev_state in new events. Contributed + by Denis Kariakin (@dakariakin). (#13791) + - Internal Changes + - Fix the release script not publishing binary wheels. (#13850) + - Lower minimum supported rustc version to 1.58.1. (#13857) + - Lock Rust dependencies' versions. (#13858) + - Add a stub Rust crate. (#12595, #13734, #13735, #13743, + #13763, #13769, #13778) + - Bump the minimum dependency of matrix_common to 1.3.0 to make + use of the MXCUri class. Use MXCUri to simplify media + retention test code. (#13162) + - Add and populate the event_stream_ordering column on the + receipts table for future optimisation of push action + processing. Contributed by Nick @ Beeper (@Fizzadar). + (#13703) + - Rename the EventFormatVersions enum values so that they line + up with room version numbers. (#13706) + - Update trial old deps CI to use Poetry 1.2.0. (#13707, + #13725) + - Add experimental configuration option to allow disabling + legacy Prometheus metric names. (#13714, #13717, #13718) + - Fix typechecking with latest types-jsonschema. (#13724) + - Strip number suffix from instance name to consolidate + services that traces are spread over. (#13729) + - Instrument get_metadata_for_events for understandable traces + in Jaeger. (#13730) + - Remove old queries to join room memberships to current state + events. Contributed by Nick @ Beeper (@Fizzadar). (#13745) + - Avoid raising an error due to malformed user IDs in + get_current_hosts_in_room. Malformed user IDs cannot + currently join a room, so this error would not be hit. + (#13748) + - Update the docstrings for get_users_in_room and + get_current_hosts_in_room to explain the impact of partial + state. (#13750) + - Use an additional database query when persisting receipts. + (#13752) + - Preparatory work for storing thread IDs for notifications and + receipts. (#13753) + - Re-type hint some collections as read-only. (#13754) + - Remove unused Prometheus recording rules from + synapse-v2.rules and add comments describing where the rest + are used. (#13756) + - Add a check for editable installs if the Rust library needs + rebuilding. (#13759) + - Tag traces with the instance name to be able to easily jump + into the right logs and filter traces by instance. (#13761) + - Concurrently fetch room push actions when calculating badge + counts. Contributed by Nick @ Beeper (@Fizzadar). (#13765) + - Update the script which makes full schema dumps. (#13770) + - Deduplicate is_server_notices_room. (#13780) + - Simplify the dependency DAG in the tests workflow. (#13784) + - Remove an old, incorrect migration file. (#13788) + - Remove unused method in synapse.api.auth.Auth. (#13795) + - Fix a memory leak when running the unit tests. (#13798) + - Use partial indices on SQLite. (#13802) + - Check that portdb generates the same postgres schema as that + in the source tree. (#13808) + - Fix Docker build when Rust .so has been built locally first. + (#13811) + - Complement: Initialise the Postgres database directly inside + the target image instead of the base Postgres image to fix + building using Buildah. (#13819) + - Support providing an index predicate clause when doing + upserts. (#13822) + - Minor speedups to linting in CI. (#13827) +- update dependencies + bcrypt to 3.1.7 + matrix-common to 1.3.0 +- add handling for the rust based parts: + - new dependencies + - setuptools-rust + - cargo + - update _service file to also vendor the cargo dependencies + +------------------------------------------------------------------- +Tue Sep 13 14:16:44 UTC 2022 - Marcus Rueckert + +- Update to 1.67.0 + This release removes using the deprecated direct TCP replication + configuration for workers. Server admins should use Redis + instead. See the upgrade notes. + + The minimum version of poetry supported for managing source + checkouts is now 1.2.0. + + Notice: from the next major release (v1.68.0) installing Synapse + from a source checkout will require a recent Rust compiler. Those + using packages or pip install matrix-synapse will not be + affected. See the upgrade notes. + + Notice: from the next major release (1.68.0), running Synapse + with a SQLite database will require SQLite version 3.27.0 or + higher. (The current minimum version is SQLite 3.22.0.) See + #12983 and the upgrade notes for more details. + + https://matrix-org.github.io/synapse/v1.67/upgrade.html#upgrading-to-v1670 + + - Features + - Support setting the registration shared secret in a file, via + a new registration_shared_secret_path configuration option. + (#13614) + - Change the default startup behaviour so that any missing + "additional" configuration files (signing key, etc) are + generated automatically. (#13615) + - Improve performance of sending messages in rooms with + thousands of local users. (#13634) + - Bugfixes + - Fix a bug introduced in Synapse 1.13 where the List Rooms + admin API would return integers instead of booleans for the + federatable and public fields when using a Sqlite database. + (#13509) + - Fix bug that user cannot /forget rooms after the last member + has left the room. (#13546) + - Faster Room Joins: fix /make_knock blocking indefinitely when + the room in question is a partial-stated room. (#13583) + - Fix loading the current stream position behind the actual + position. (#13585) + - Fix a longstanding bug in register_new_matrix_user which + meant it was always necessary to explicitly give a server + URL. (#13616) + - Fix the running of MSC1763 retention purge_jobs in + deployments with background jobs running on a worker by + forcing them back onto the main worker. Contributed by Brad @ + Beeper. (#13632) + - Fix a long-standing bug that downloaded media for URL + previews was not deleted while database background updates + were running. (#13657) + - Fix MSC3030 /timestamp_to_event endpoint to return the + correct next event when the events have the same timestamp. + (#13658) + - Fix bug where we wedge media plugins if clients disconnect + early. Introduced in v1.22.0. (#13660) + - Fix a long-standing bug which meant that keys for + unwhitelisted servers were not returned by + /_matrix/key/v2/query. (#13683) + - Fix a bug introduced in Synapse v1.20.0 that would cause the + unstable unread counts from MSC2654 to be calculated even if + the feature is disabled. (#13694) + - Updates to the Docker image + - Update docker image to use a stable version of poetry. + (#13688) + - Improved Documentation + - Improve the description of the "chain cover index" used + internally by Synapse. (#13602) + - Document how "monthly active users" is calculated and used. + (#13617) + - Improve documentation around user registration. (#13640) + - Remove documentation of legacy frontend_proxy worker app. + (#13645) + - Clarify documentation that HTTP replication traffic can be + protected with a shared secret. (#13656) + - Remove unintentional colons from config manual headers. + (#13665) + - Update docs to make enabling metrics more clear. (#13678) + - Clarify (room_id, event_id) global uniqueness and how we + should scope our database schemas. (#13701) + - Deprecations and Removals + - Drop support for calling + /_matrix/client/v3/rooms/{roomId}/invite without an + id_access_token, which was not permitted by the spec. + Contributed by @Vetchu. (#13241) + - Remove redundant _get_joined_users_from_context cache. + Contributed by Nick @ Beeper (@Fizzadar). (#13569) + - Remove the ability to use direct TCP replication with + workers. Direct TCP replication was deprecated in Synapse + v1.18.0. Workers now require using Redis. (#13647) + - Remove support for unstable private read receipts. (#13653, + #13692) + - Internal Changes + - Extend the release script to wait for GitHub Actions to + finish and to be usable as a guide for the whole process. + (#13483) + - Add experimental configuration option to allow disabling + legacy Prometheus metric names. (#13540) + - Cache user IDs instead of profiles to reduce cache memory + usage. Contributed by Nick @ Beeper (@Fizzadar). (#13573, + #13600) + - Optimize how Synapse calculates domains to fetch from during + backfill. (#13575) + - Comment about a better future where we can get the state diff + between two events. (#13586) + - Instrument _check_sigs_and_hash_and_fetch to trace time spent + in child concurrent calls for understandable traces in + Jaeger. (#13588) + - Improve performance of @cachedList. (#13591) + - Minor speed up of fetching large numbers of push rules. + (#13592) + - Optimise push action fetching queries. Contributed by Nick @ + Beeper (@Fizzadar). (#13597) + - Rename event_map to unpersisted_events when computing the + auth differences. (#13603) + - Refactor get_users_in_room(room_id) mis-use with dedicated + get_current_hosts_in_room(room_id) function. (#13605) + - Use dedicated get_local_users_in_room(room_id) function to + find local users when calculating + join_authorised_via_users_server of a /make_join request. + (#13606) + - Refactor get_users_in_room(room_id) mis-use to lookup single + local user with dedicated check_local_user_in_room(...) + function. (#13608) + - Drop unused column application_services_state.last_txn. + (#13627) + - Improve readability of Complement CI logs by printing failure + results last. (#13639) + - Generalise the @cancellable annotation so it can be used on + functions other than just servlet methods. (#13662) + - Introduce a CommonUsageMetrics class to share some usage + metrics between the Prometheus exporter and the phone home + stats. (#13671) + - Add some logging to help track down #13444. (#13679) + - Update poetry lock file for v1.2.0. (#13689) + - Add cache to is_partial_state_room. (#13693) + - Update the Grafana dashboard that is included with Synapse in + the contrib directory. (#13697) + - Only run trial CI on all python versions on non-PRs. (#13698) + - Fix typechecking with latest types-jsonschema. (#13712) + - Reduce number of CI checks we run for PRs. (#13713) + +------------------------------------------------------------------- +Wed Aug 31 22:26:31 UTC 2022 - Marcus Rueckert + +- Update to 1.66.0 + This release removes the ability for homeservers to delegate + email ownership verification and password reset confirmation to + identity servers. This removal was originally planned for Synapse + 1.64, but was later deferred until now. See the upgrade notes for + more details. + + Deployments with multiple workers should note that the direct TCP + replication configuration was deprecated in Synapse v1.18.0 and + will be removed in Synapse v1.67.0. In particular, the TCP + replication listener type (not to be confused with the + replication resource on the http listener type) and the + worker_replication_port config option will be removed . + + To migrate to Redis, add the redis config, then remove the TCP + replication listener from config of the master and + worker_replication_port from worker config. Note that a HTTP + listener with a replication resource is still required. See the + worker documentation for more details. + + - Features + - Improve validation of request bodies for the following + client-server API endpoints: /account/password, + /account/password/email/requestToken, /account/deactivate and + /account/3pid/email/requestToken. (#13188, #13563) + - Add forgotten status to Room Details Admin API. (#13503) + - Add an experimental implementation for MSC3852 (Expose user + agents on Device). (#13549) + - Add org.matrix.msc2716v4 experimental room version with + updated content fields. Part of MSC2716 (Importing history). + (#13551) + - Add support for compression to federation responses. (#13537) + - Improve performance of sending messages in rooms with + thousands of local users. (#13522, #13547) + - Bugfixes + - Fix a bug introduced in Synapse 1.66.0rc1 where the new rate + limit metrics were misreported + (synapse_rate_limit_sleep_affected_hosts, + synapse_rate_limit_reject_affected_hosts). (#13649) + - Faster room joins: make /joined_members block whilst the room + is partial stated. (#13514) + - Fix a bug introduced in Synapse 1.21.0 where the + /event_reports Admin API could return a total count which was + larger than the number of results you can actually query for. + (#13525) + - Fix a bug introduced in Synapse 1.52.0 where sending server + notices fails if max_avatar_size or allowed_avatar_mimetypes + is set and not system_mxid_avatar_url. (#13566) + - Fix a bug where the opentracing.force_tracing_for_users + config option would not apply to /sendToDevice and + /keys/upload requests. (#13574) + - Improved Documentation + - Add openssl example for generating registration HMAC digest. + (#13472) + - Tidy up Synapse's README. (#13491) + - Document that event purging related to the + redaction_retention_period config option is executed only + every 5 minutes. (#13492) + - Add a warning to retention documentation regarding the + possibility of database corruption. (#13497) + - Document that the DOCKER_BUILDKIT=1 flag is needed to build + the docker image. (#13515) + - Add missing links in user_consent section of configuration + manual. (#13536) + - Fix the doc and some warnings that were referring to the + nonexistent custom_templates_directory setting (instead of + custom_template_directory). (#13538) + - Deprecations and Removals + - Remove the ability for homeservers to delegate email + ownership verification + - and password reset confirmation to identity servers. See + upgrade notes for more details. + - Internal Changes + - Update the rejected state of events during + de-partial-stating. (#13459) + - Avoid blocking lazy-loading /syncs during partial joins due + to remote memberships. Pull remote memberships from auth + events instead of the room state. (#13477) + - Refuse to start when faster joins is enabled on a deployment + with workers, since worker configurations are not currently + supported. (#13531) + - Allow use of both @trace and @tag_args stacked on the same + function. (#13453) + - Instrument the federation/backfill part of /messages for + understandable traces in Jaeger. (#13489) + - Instrument FederationStateIdsServlet (/state_ids) for + understandable traces in Jaeger. (#13499, #13554) + - Track HTTP response times over 10 seconds from /messages + (synapse_room_message_list_rest_servlet_response_time_seconds). + (#13533) + - Add metrics to track how the rate limiter is affecting + requests (sleep/reject). (#13534, #13541) + - Add metrics to time how long it takes us to do backfill + processing + (synapse_federation_backfill_processing_before_time_seconds, + synapse_federation_backfill_processing_after_time_seconds). + (#13535, #13584) + - Add metrics to track rate limiter queue timing + (synapse_rate_limit_queue_wait_time_seconds). (#13544) + - Update metrics to track /messages response time by room size. + (#13545) + - Refactor methods in synapse.api.auth.Auth to use Requester + objects everywhere instead of user IDs. (#13024) + - Clean-up tests for notifications. (#13471) + - Add some miscellaneous comments to document sync, especially + around compute_state_delta. (#13474) + - Use literals in place of HTTPStatus constants in tests. + (#13479, #13488) + - Add comments about how event push actions are rotated. + (#13485) + - Modify HTML template content to better support mobile + devices' screen sizes. (#13493) + - Add a linter script which will reject non-strict types in + Pydantic models. (#13502) + - Reduce the number of tests using legacy TCP replication. + (#13543) + - Allow specifying additional request fields when using the + HomeServerTestCase.login helper method. (#13549) + - Make HomeServerTestCase load any configured homeserver + modules automatically. (#13558) +- sync update package dependencies from the pyproject.toml + adds pydantic >= 1.7.4 (>= 1.9.1 in poetry mode) + +------------------------------------------------------------------- +Tue Aug 16 17:58:42 UTC 2022 - Marcus Rueckert + +- Update to 1.65.0 + - Features + - Add support for stable prefixes for MSC2285 (private read + receipts). (#13273) + - Add new unstable error codes + ORG.MATRIX.MSC3848.ALREADY_JOINED, + ORG.MATRIX.MSC3848.NOT_JOINED, and + ORG.MATRIX.MSC3848.INSUFFICIENT_POWER described in MSC3848. + (#13343) + - Use stable prefixes for MSC3827. (#13370) + - Add a new module API method to translate a room alias into a + room ID. (#13428) + - Add a new module API method to create a room. (#13429) + - Add remote join capability to the module API's + update_room_membership method (in a backwards compatible + manner). (#13441) + - Bugfixes + - Update the version of the LDAP3 auth provider module included + in the matrixdotorg/synapse DockerHub images and the Debian + packages hosted on packages.matrix.org to 0.2.2. This version + fixes a regression in the module. (#13470) + - Fix a bug introduced in Synapse v1.41.0 where the /hierarchy + API returned non-standard information (a room_id field under + each entry in children_state). (#13365) + - Fix a bug introduced in Synapse 0.24.0 that would respond + with the wrong error status code to /joined_members requests + when the requester is not a current member of the room. + Contributed by @andrewdoh. (#13374) + - Fix bug in handling of typing events for appservices. + Contributed by Nick @ Beeper (@Fizzadar). (#13392) + - Fix a bug introduced in Synapse 1.57.0 where rooms listed in + exclude_rooms_from_sync in the configuration file would not + be properly excluded from incremental syncs. (#13408) + - Fix a bug in the experimental faster-room-joins support which + could cause it to get stuck in an infinite loop. (#13353) + - Faster room joins: fix a bug which caused rejected events to + become un-rejected during state syncing. (#13413) + - Faster room joins: fix error when running out of servers to + sync partial state with, so that Synapse raises the intended + error instead. (#13432) + - Updates to the Docker image + - Make Docker images build on armv7 by installing cryptography + dependencies in the 'requirements' stage. Contributed by + Jasper Spaans. (#13372) + - Improved Documentation + - Update the 'registration tokens' page to acknowledge that the + relevant MSC was merged into version 1.2 of the Matrix + specification. Contributed by @moan0s. (#11897) + - Document which HTTP resources support gzip compression. + (#13221) + - Add steps describing how to elevate an existing user to + administrator by manipulating the database. (#13230) + - Fix wrong headline for url_preview_accept_language in + documentation. (#13437) + - Remove redundant 'Contents' section from the Configuration + Manual. Contributed by @dklimpel. (#13438) + - Update documentation for config setting macaroon_secret_key. + (#13443) + - Update outdated information on sso_mapping_providers + documentation. (#13449) + - Fix example code in module documentation of + password_auth_provider_callbacks. (#13450) + - Make the configuration for the cache clearer. (#13481) + - Internal Changes + - Revert 'Remove the unspecced room_id field in the /hierarchy + response. (#13365)' to give more time for clients to update. + (#13501) + - Extend the release script to automatically push a new SyTest + branch, rather than having that be a manual process. (#12978) + - Make minor clarifications to the error messages given when we + fail to join a room via any server. (#13160) + - Enable Complement CI tests in the 'latest deps' test run. + (#13213) + - Fix long-standing bugged logic which was never hit in get_pdu + asking every remote destination even after it finds an event. + (#13346) + - Faster room joins: avoid blocking when pulling events with + partially missing prev events. (#13355) + - Instrument /messages for understandable traces in Jaeger. + (#13368) + - Remove an unused argument to get_relations_for_event. + (#13383) + - Add a merge-back command to the release script, which + automates merging the correct branches after a release. + (#13393) + - Adding missing type hints to tests. (#13397) + - Faster Room Joins: don't leave a stuck room partial state + flag if the join fails. (#13403) + - Refactor _resolve_state_at_missing_prevs to compute an + EventContext instead. (#13404, #13431) + - Faster Room Joins: prevent Synapse from answering federated + join requests for a room which it has not fully joined yet. + (#13416) + - Re-enable running Complement tests against Synapse with + workers. (#13420) + - Prevent unnecessary lookups to any external get_event cache. + Contributed by Nick @ Beeper (@Fizzadar). (#13435) + - Add some tracing to give more insight into local room joins. + (#13439) + - Rename class RateLimitConfig to RatelimitSettings and + FederationRateLimitConfig to FederationRatelimitSettings. + (#13442) + - Add some comments about how event push actions are stored. + (#13445, #13455) + - Improve rebuild speed for the "synapse-workers" docker image. + (#13447) + - Fix @tag_args being off-by-one with the arguments when + tagging a span (tracing). (#13452) + - Update type of EventContext.rejected. (#13460) + - Use literals in place of HTTPStatus constants in tests. + (#13463, #13469) + - Correct a misnamed argument in state res v2 internals. + (#13467) + +------------------------------------------------------------------- +Tue Aug 2 11:32:12 UTC 2022 - Marcus Rueckert + +- Update to 1.64.0 + As of this release, Synapse no longer allows the tasks of + verifying email address ownership, and password reset + confirmation, to be delegated to an identity server. For more + information, see the upgrade notes. + + Synapse v1.66.0 will remove the ability to delegate the tasks of + verifying email address ownership, and password reset + confirmation, to an identity server. + + If you require your homeserver to verify e-mail addresses or to + support password resets via e-mail, please configure your + homeserver with SMTP access so that it can send e-mails on its + own behalf. Consult the configuration documentation for more + information. + + - Features + - Improve error messages when media thumbnails cannot be + served. (#13038) + - Allow pagination from remote event after discovering it from + MSC3030 /timestamp_to_event. (#13205) + - Add a room_type field in the responses for the list room and + room details admin APIs. Contributed by @andrewdoh. (#13208) + - Add support for room version 10. (#13220) + - Add per-room rate limiting for room joins. For each room, + Synapse now monitors the rate of join events in that room, + and throttles additional joins if that rate grows too large. + (#13253, #13254, #13255, #13276) + - Support Implicit TLS (TLS without using a STARTTLS upgrade, + typically on port 465) for sending emails, enabled by the new + option force_tls. Contributed by Jan Schär. (#13317) + - Bugfixes + - Fix a bug introduced in Synapse 1.15.0 where adding a user + through the Synapse Admin API with a phone number would fail + if the enable_email_notifs and email_notifs_for_new_users + options were enabled. Contributed by @thomasweston12. + (#13263) + - Fix a bug introduced in Synapse 1.40.0 where a user invited + to a restricted room would be briefly unable to join. + (#13270) + - Fix a long-standing bug where, in rare instances, Synapse + could store the incorrect state for a room after a state + resolution. (#13278) + - Fix a bug introduced in v1.18.0 where the synapse_pushers + metric would overcount pushers when they are replaced. + (#13296) + - Disable autocorrection and autocapitalisation on the username + text field shown during registration when using SSO. (#13350) + - Update locked version of frozendict to 2.3.3, which has fixes + for memory leaks affecting /sync. (#13284, #13352) + - Improved Documentation + - Provide an example of using the Admin API. Contributed by + @jejo86. (#13231) + - Move the documentation for how URL previews work to the URL + preview module. (#13233, #13261) + - Add another contrib script to help set up worker processes. + Contributed by @villepeh. (#13271) + - Document that certain config options were added or changed in + Synapse 1.62. Contributed by @behrmann. (#13314) + - Document the new rc_invites.per_issuer throttling option + added in Synapse 1.63. (#13333) + - Mention that BuildKit is needed when building Docker images + for tests. (#13338) + - Improve Caddy reverse proxy documentation. (#13344) + - Deprecations and Removals + - Drop tables that were formerly used for groups/communities. + (#12967) + - Drop support for delegating email verification to an external + server. (#13192) + - Drop support for calling /_matrix/client/v3/account/3pid/bind + without an id_access_token, which was not permitted by the + spec. Contributed by @Vetchu. (#13239) + - Stop building .deb packages for Ubuntu 21.10 (Impish Indri), + which has reached end of life. (#13326) + - Internal Changes + - Use lower transaction isolation level when purging rooms to + avoid serialization errors. Contributed by Nick @ Beeper. + (#12942) + - Remove code which incorrectly attempted to reconcile state + with remote servers when processing incoming events. (#12943) + - Make the AS login method call Auth.get_user_by_req for + checking the AS token. (#13094) + - Always use a version of canonicaljson that supports the C + implementation of frozendict. (#13172) + - Add prometheus counters for ephemeral events and to device + messages pushed to app services. Contributed by Brad @ + Beeper. (#13175) + - Refactor receipts servlet logic to avoid duplicated code. + (#13198) + - Preparation for database schema simplifications: populate + state_key and rejection_reason for existing rows in the + events table. (#13215) + - Remove unused database table event_reference_hashes. (#13218) + - Further reduce queries used sending events when creating new + rooms. Contributed by Nick @ Beeper (@Fizzadar). (#13224) + - Call the v2 identity service /3pid/unbind endpoint, rather + than v1. Contributed by @Vetchu. (#13240) + - Use an asynchronous cache wrapper for the get event cache. + Contributed by Nick @ Beeper (@Fizzadar). (#13242, #13308) + - Optimise federation sender and appservice pusher event stream + processing queries. Contributed by Nick @ Beeper (@Fizzadar). + (#13251) + - Log the stack when waiting for an entire room to be + un-partial stated. (#13257) + - Fix spurious warning when fetching state after a missing prev + event. (#13258) + - Clean-up tests for notifications. (#13260) + - Do not fail build if complement with workers fails. (#13266) + - Don't pull out state in compute_event_context for + unconflicted state. (#13267, #13274) + - Reduce the rebuild time for the complement-synapse docker + image. (#13279) + - Don't pull out the full state when creating an event. + (#13281, #13307) + - Upgrade from Poetry 1.1.12 to 1.1.14, to fix bugs when + locking packages. (#13285) + - Make DictionaryCache expire full entries if they haven't been + queried in a while, even if specific keys have been queried + recently. (#13292) + - Use HTTPStatus constants in place of literals in tests. + (#13297) + - Improve performance of query + _get_subset_users_in_room_with_profiles. (#13299) + - Up batch size of bulk_get_push_rules and + _get_joined_profiles_from_event_ids. (#13300) + - Remove unnecessary json.dumps from tests. (#13303) + - Reduce memory usage of sending dummy events. (#13310) + - Prevent formatting changes of #3679 from appearing in git + blame. (#13311) + - Change get_users_in_room and get_rooms_for_user caches to + enable pruning of old entries. (#13313) + - Validate federation destinations and log an error if a + destination is invalid. (#13318) + - Fix FederationClient.get_pdu() returning events from the + cache as outliers instead of original events we saw over + federation. (#13320) + - Reduce memory usage of state caches. (#13323) + - Reduce the amount of state we store in the state_cache. + (#13324) + - Add missing type hints to open tracing module. (#13328, + #13345, #13362) + - Remove old base slaved store and de-duplicate cache ID + generators. Contributed by Nick @ Beeper (@Fizzadar). + (#13329, #13349) + - When reporting metrics is enabled, use ~8x less data to + describe DB transaction metrics. (#13342) + - Faster room joins: skip soft fail checks while Synapse only + has partial room state, since the current membership of event + senders may not be accurately known. (#13354) + +------------------------------------------------------------------- +Wed Jul 20 13:54:45 UTC 2022 - Marcus Rueckert + +- Update to 1.63.1 + - Features + - Add a rate limit for local users sending invites. (#13125) + - Implement MSC3827: Filtering of /publicRooms by room type. + (#13031) + - Improve validation logic in the account data REST endpoints. + (#13148) + - Bugfixes + - Fix a bug introduced in Synapse 1.63.0 where push actions + were incorrectly calculated for appservice users. This caused + performance issues on servers with large numbers of + appservices. (#13332) + - Fix a long-standing bug where application services were not + able to join remote federated rooms without a profile. + (#13131) + - Fix a long-standing bug where _get_state_map_for_room might + raise errors when third party event rules callbacks are + present. (#13174) + - Fix a long-standing bug where the synapse_port_db script + could fail to copy rows with negative row ids. (#13226) + - Fix a bug introduced in 1.54.0 where appservices would not + receive room-less EDUs, like presence, when both MSC2409 and + MSC3202 are enabled. (#13236) + - Fix a bug introduced in 1.62.0 where rows were not deleted + from event_push_actions table on large servers. (#13194) + - Fix a bug introduced in 1.62.0 where notification counts + would get stuck after a highlighted message. (#13223) + - Fix exception when using experimental MSC3030 + /timestamp_to_event endpoint to look for remote federated + imported events before room creation. (#13197) + - Fix MSC3202-enabled appservices not receiving to-device + messages, preventing messages from being decrypted. (#13235) + - Updates to the Docker image + - Bump the version of lxml in matrix.org Docker images Debian + packages from 4.8.0 to 4.9.1. (#13207) + - Improved Documentation + - Clarify that homeserver server names are included in the + reported data when the report_stats config option is enabled. + (#13321) + - Add an explanation of the --report-stats argument to the + docs. (#13029) + - Add a helpful example bash script to the contrib directory + for creating multiple worker configuration files of the same + type. Contributed by @villepeh. (#13032) + - Add missing links to config options. (#13166) + - Add documentation for homeserver usage statistics collection. + (#13086) + - Add documentation for the existing databases option in the + homeserver configuration manual. (#13212) + - Clean up references to sample configuration and redirect + users to the configuration manual instead. (#13077, #13139) + - Document how the Synapse team does reviews. (#13132) + - Fix wrong section header for + allow_public_rooms_over_federation in the homeserver config + documentation. (#13116) + - Deprecations and Removals + - Remove obsolete and for 8 years unused + RoomEventsStoreTestCase. Contributed by @arkamar. (#13200) + - Internal Changes + - Add type annotations to synapse.logging, tests.server and + tests.utils. (#13028, #13103, #13159, #13136) + - Enforce type annotations for tests.test_server. (#13135) + - Support temporary experimental return values for spam checker + module callbacks. (#13044) + - Add support to complement.sh for skipping the docker build. + (#13143, #13158) + - Add support to complement.sh for setting the log level using + the SYNAPSE_TEST_LOG_LEVEL environment variable. (#13152) + - Enable Complement testing in the 'Twisted Trunk' CI runs. + (#13079, #13157) + - Improve startup times in Complement test runs against + workers, particularly in CPU-constrained environments. + (#13127) + - Update config used by Complement to allow device name lookup + over federation. (#13167) + - Faster room joins: handle race between persisting an event + and un-partial stating a room. (#13100) + - Faster room joins: fix race in recalculation of current room + state. (#13151) + - Faster room joins: skip waiting for full state when + processing incoming events over federation. (#13144) + - Raise a DependencyError on missing dependencies instead of a + ConfigError. (#13113) + - Avoid stripping line breaks from SQL sent to the database. + (#13129) + - Apply ratelimiting earlier in processing of /send requests. + (#13134) + - Improve exception handling when processing events received + over federation. (#13145) + - Check that auto_vacuum is disabled when porting a SQLite + database to Postgres, as VACUUMs must not be performed + between runs of the script. (#13195) + - Reduce DB usage of /sync when a large number of unread + messages have recently been sent in a room. (#13119, #13153) + - Reduce memory consumption when processing incoming events in + large rooms. (#13078, #13222) + - Reduce number of queries used to get profile information. + Contributed by Nick @ Beeper (@Fizzadar). (#13209) + - Reduce number of events queried during room creation. + Contributed by Nick @ Beeper (@Fizzadar). (#13210) + - More aggressively rotate push actions. (#13211) + - Add max_line_length setting for Python files to the + .editorconfig. Contributed by @sumnerevans @ Beeper. (#13228) + +------------------------------------------------------------------- +Tue Jul 5 12:48:31 UTC 2022 - Marcus Rueckert + +- Update to 1.62.0 + Authors of spam-checker plugins should consult the upgrade notes + to learn about the enriched signatures for spam checker + callbacks, which are supported with this release of Synapse. + + - Features + - Port the spam-checker API callbacks to a new, richer API. + This is part of an ongoing change to let spam-checker modules + inform users of the reason their event or operation is + rejected. (#12857, #13047) + - Allow server admins to customise the response of the + /.well-known/matrix/client endpoint. (#13035) + - Add metrics measuring the CPU and DB time spent in state + resolution. (#13036) + - Speed up fetching of device list changes in /sync and + /keys/changes. (#13045, #13098) + - Improve URL previews for sites which only provide Twitter + Card metadata, e.g. LWN.net. (#13056) + - Bugfixes + - Update the version of the ldap3 plugin included in the + matrixdotorg/synapse DockerHub images and the Debian packages + hosted on packages.matrix.org to 0.2.1. This fixes a bug with + usernames containing uppercase characters. (#13156) + - Fix a bug introduced in Synapse 1.62.0rc1 affecting unread + counts for users on small servers. (#13168) + - Fix unread counts for users on large servers. Introduced in + v1.62.0rc1. (#13140) + - Fix DB performance when deleting old push notifications. + Introduced in v1.62.0rc1. (#13141) + - Update MSC3786 implementation to check state_key. (#12939) + - Fix a bug introduced in Synapse 1.58 where Synapse would not + report full version information when installed from a git + checkout. This is a best-effort affair and not guaranteed to + be stable. (#12973) + - Fix a bug introduced in Synapse 1.60 where Synapse would fail + to start if the sqlite3 module was not available. (#12979) + - Fix a bug where non-standard information was required when + requesting the /hierarchy API over federation. Introduced in + Synapse v1.41.0. (#12991) + - Fix a long-standing bug which meant that rate limiting was + not restrictive enough in some cases. (#13018) + - Fix a bug introduced in Synapse 1.58 where profile requests + for a malformed user ID would ccause an internal error. + Synapse now returns 400 Bad Request in this situation. + (#13041) + - Fix some inconsistencies in the event authentication code. + (#13087, #13088) + - Fix a long-standing bug where room directory requests would + cause an internal server error if given a malformed room + alias. (#13106) + - Improved Documentation + - Add documentation for how to configure Synapse with Workers + using Docker Compose. Includes example worker config and + docker-compose.yaml. Contributed by @Thumbscrew. (#12737) + - Ensure the Poetry cheat sheet is available in the online + documentation. (#13022) + - Mention removed community/group worker endpoints in + upgrade.md. Contributed by @olmari. (#13023) + - Add instructions for running Complement with + gotestfmt-formatted output locally. (#13073) + - Update OpenTracing docs to reference the configuration manual + rather than the configuration file. (#13076) + - Update information on downstream Debian packages. (#13095) + - Remove documentation for the Delete Group Admin API which no + longer exists. (#13112) + - Deprecations and Removals + - Remove the unspecced DELETE /directory/list/room/{roomId} + endpoint, which hid rooms from the public room directory. + Instead, PUT to the same URL with a visibility of "private". + (#13123) + - Internal Changes + - Add tests for cancellation of GET /rooms/$room_id/members and + GET /rooms/$room_id/state requests. (#12674) + - Report login failures due to unknown third party identifiers + in the same way as failures due to invalid passwords. This + prevents an attacker from using the error response to + determine if the identifier exists. Contributed by Daniel + Aloni. (#12738) + - Merge the Complement testing Docker images into a single, + multi-purpose image. (#12881, #13075) + - Simplify the database schema for event_edges. (#12893) + - Clean up the test code for client disconnection. (#12929) + - Remove code generating comments in configuration. (#12941) + - Add Cross-Origin-Resource-Policy: cross-origin header to + content repository's thumbnail and download endpoints. + (#12944) + - Replace noop background updates with DELETE delta. (#12954, + #13050) + - Use lower isolation level when inserting read receipts to + avoid serialization errors. Contributed by Nick @ Beeper. + (#12957) + - Reduce the amount of state we pull from the DB. (#12963) + - Enable testing against PostgreSQL databases in Complement CI. + (#12965, #13034) + - Fix an inaccurate comment. (#12969) + - Remove the delete_device method and always call + delete_devices. (#12970) + - Use a GitHub form for issues rather than a hard-to-read, + easy-to-ignore template. (#12982) + - Move MSC3715 behind an experimental config flag. (#12984) + - Add type hints to tests. (#12985, #13099) + - Refactor macaroon tokens generation and move the unsubscribe + link in notification emails to /_synapse/client/unsubscribe. + (#12986) + - Fix documentation for running complement tests. (#12990) + - Faster joins: add issue links to the TODO comments in the + code. (#13004) + - Reduce DB usage of /sync when a large number of unread + messages have recently been sent in a room. (#13005, #13096, + #13118) + - Replaced usage of PyJWT with methods from Authlib in + org.matrix.login.jwt. Contributed by Hannes Lerchl. (#13011) + - Modernize the contrib/graph/ scripts. (#13013) + - Remove redundant room_version parameters from event auth + functions. (#13017) + - Decouple synapse.api.auth_blocking.AuthBlocking from + synapse.api.auth.Auth. (#13021) + - Add type annotations to + synapse.storage.databases.main.devices. (#13025) + - Set default sync_response_cache_duration to two minutes. + (#13042) + - Rename CI test runs. (#13046) + - Increase timeout of complement CI test runs. (#13048) + - Refactor entry points so that they all have a main function. + (#13052) + - Refactor the Dockerfile-workers configuration script to use + Jinja2 templates in Synapse workers' Supervisord blocks. + (#13054) + - Add headers to individual options in config documentation to + allow for linking. (#13055) + - Make Complement CI logs easier to read. (#13057, #13058, + #13069) + - Don't instantiate modules with keyword arguments. (#13060) + - Fix type checking errors against Twisted trunk. (#13061) + - Allow MSC3030 timestamp_to_event calls from anyone on + world-readable rooms. (#13062) + - Add a CI job to check that schema deltas are in the correct + folder. (#13063) + - Avoid rechecking event auth rules which are independent of + room state. (#13065) + - Reduce the duplication of code that invokes the rate limiter. + (#13070) + - Add a Subject Alternative Name to the certificate generated + for Complement tests. (#13071) + - Add more tests for room upgrades. (#13074) + - Pin dependencies maintained by matrix.org to semantic version + bounds. (#13082) + - Correctly report prometheus DB stats for + get_earliest_token_for_stats. (#13085) + - Fix a long-standing bug where a finished logging context + would be re-started when Synapse failed to persist an event + from federation. (#13089) + - Simplify the alias deletion logic as an application service. + (#13093) + - Add type annotations to tests.test_server. (#13124) +- Drop PyJWT dependency. Replaced by Authlib +- Implement upper version limits to match pyproject.toml +- Refreshed patches for new code: + bump-dependencies.patch + matrix-synapse-1.4.1-paths.patch + +------------------------------------------------------------------- +Tue Jun 28 15:55:03 UTC 2022 - Marcus Rueckert + +- Update to 1.61.1 (boo#1201229) + This patch release fixes a security issue regarding URL previews, + affecting all prior versions of Synapse. Server administrators + are encouraged to update Synapse as soon as possible. We are not + aware of these vulnerabilities being exploited in the wild. + + Server administrators who are unable to update Synapse may use + the workarounds described in the linked GitHub Security Advisory + below. + + The following issue is fixed in 1.61.1. + + GHSA-22p3-qrh9-cx32 / CVE-2022-31052 + + Synapse instances with the url_preview_enabled homeserver config + option set to true are affected. URL previews of some web pages + can lead to unbounded recursion, causing the request to either + fail, or in some cases crash the running Synapse process. + + Requesting URL previews requires authentication. Nevertheless, it + is possible to exploit this maliciously, either by malicious + users on the homeserver, or by remote users sending URLs that a + local user's client may automatically request a URL preview for. + + Homeservers with the url_preview_enabled configuration option set + to false (the default) are unaffected. Instances with the + enable_media_repo configuration option set to false are also + unaffected, as this also disables URL preview functionality. + + Fixed by fa1308061802ac7b7d20e954ba7372c5ac292333. + +------------------------------------------------------------------- +Fri Jun 17 10:00:40 UTC 2022 - Marcus Rueckert + +- force python 3.10 on TW + +------------------------------------------------------------------- +Tue Jun 14 15:39:50 UTC 2022 - Marcus Rueckert + +- update the dependencies + - drop PyNaCL dependency as it is not longer needed + - refreshed some of the version dependencies to use poetry.lock + for version numbers instead of the pyproject.toml + +------------------------------------------------------------------- +Tue Jun 14 15:37:21 UTC 2022 - Marcus Rueckert + +- Update to 1.61.0 + This release removes support for the non-standard feature known + both as 'groups' and as 'communities', which have been superseded + by Spaces. + + - Features + - Add new media_retention options to the homeserver config for + routinely cleaning up non-recently accessed media. (#12732, + #12972, #12977) + - Experimental support for MSC3772: Push rule for mutually + related events. (#12740, #12859) + - Update to the check_event_for_spam module callback: Deprecate + the current callback signature, replace it with a new + signature that is both less ambiguous (replacing booleans + with explicit allow/block) and more powerful (ability to + return explicit error codes). (#12808) + - Add storage and module API methods to get monthly active + users (and their corresponding appservices) within an + optionally specified time range. (#12838, #12917) + - Support the new error code + ORG.MATRIX.MSC3823.USER_ACCOUNT_SUSPENDED from MSC3823. + (#12845, #12923) + - Add a configurable background job to delete stale devices. + (#12855) + - Improve URL previews for pages with empty elements. (#12951) + - Allow updating a user's password using the admin API without + logging out their devices. Contributed by @jcgruenhage. + (#12952) + - Bugfixes + - Always send an access_token in /thirdparty/ requests to + appservices, as required by the Application Service API + specification. (#12746) + - Implement MSC3816: sending the root event in a thread should + count as having 'participated' in it. (#12766) + - Delete events from the federation_inbound_events_staging + table when a room is purged through the admin API. (#12784) + - Fix a bug where we did not correctly handle invalid device + list updates over federation. Contributed by Carl Bordum + Hansen. (#12829) + - Fix a bug which allowed multiple async operations to access + database locks concurrently. Contributed by @sumnerevans @ + Beeper. (#12832) + - Fix an issue introduced in Synapse 0.34 where the + /notifications endpoint would only return notifications if a + user registered at least one pusher. Contributed by Famedly. + (#12840) + - Fix a bug where servers using a Postgres database would fail + to backfill from an insertion event when MSC2716 is enabled + (experimental_features.msc2716_enabled). (#12843) + - Fix MSC3787 rooms being omitted from room directory, room + summary and space hierarchy responses. (#12858) + - Fix a bug introduced in Synapse 1.54.0 which could sometimes + cause exceptions when handling federated traffic. (#12877) + - Fix a bug introduced in Synapse 1.59.0 which caused room + deletion to fail with a foreign key violation error. (#12889) + - Fix a long-standing bug which caused the /messages endpoint + to return an incorrect end attribute when there were no more + events. Contributed by @Vetchu. (#12903) + - Fix a bug introduced in Synapse 1.58.0 where /sync would fail + if the most recent event in a room was a redaction of an + event that has since been purged. (#12905) + - Fix a potential memory leak when generating thumbnails. + (#12932) + - Fix a long-standing bug where a URL preview would break if + the image failed to download. (#12950) + - Improved Documentation + - Mention removed community/group worker endpoints in + upgrade.md. Contributed by @olmari. (#13023) + - Fix typographical errors in documentation. (#12863) + - Fix documentation incorrectly stating the sendToDevice + endpoint can be directed at generic workers. Contributed by + Nick @ Beeper. (#12867) + - Deprecations and Removals + - Remove support for the non-standard groups/communities + feature from Synapse. (#12553, #12558, #12563, #12895, + #12897, #12899, #12900, #12936, #12966) + - Remove contributed kick_users.py script. This is broken under + Python 3, and is not added to the environment when pip + installing Synapse. (#12908) + - Remove contrib/jitsimeetbridge. This was an unused experiment + that hasn't been meaningfully changed since 2014. (#12909) + - Remove unused contrib/experiements/cursesio.py script, which + fails to run under Python 3. (#12910) + - Remove unused contrib/experiements/test_messaging.py script. + This fails to run on Python 3. (#12911) + - Internal Changes + - Test Synapse against Complement with workers. (#12810, + #12933) + - Reduce the amount of state we pull from the DB. (#12811, + #12964) + - Try other homeservers when re-syncing state for rooms with + partial state. (#12812) + - Resume state re-syncing for rooms with partial state after a + Synapse restart. (#12813) + - Remove Mutual Rooms' (MSC2666) endpoint dependency on the + User Directory. (#12836) + - Experimental: expand check_event_for_spam with ability to + return additional fields. This enables spam-checker + implementations to experiment with mechanisms to give users + more information about why they are blocked and whether any + action is needed from them to be unblocked. (#12846) + - Remove dont_notify from the .m.rule.room.server_acl rule. + (#12849) + - Remove the unstable /hierarchy endpoint from MSC2946. + (#12851) + - Pull out less state when handling gaps in room DAG. (#12852, + #12904) + - Clean-up the push rules datastore. (#12856) + - Correct a type annotation in the URL preview source code. + (#12860) + - Update pyjwt dependency to 2.4.0. (#12865) + - Enable the /account/whoami endpoint on synapse worker + processes. Contributed by Nick @ Beeper. (#12866) + - Enable the batch_send endpoint on synapse worker processes. + Contributed by Nick @ Beeper. (#12868) + - Don't generate empty AS transactions when the AS is flagged + as down. Contributed by Nick @ Beeper. (#12869) + - Fix up the variable state_store naming. (#12871) + - Faster room joins: when querying the current state of the + room, wait for state to be populated. (#12872) + - Avoid running queries which will never result in deletions. + (#12879) + - Use constants for EDU types. (#12884) + - Reduce database load of /sync when presence is enabled. + (#12885) + - Refactor have_seen_events to reduce memory consumed when + processing federation traffic. (#12886) + - Refactor receipt linearization code. (#12888) + - Add type annotations to synapse.logging.opentracing. (#12894) + - Remove PyNaCl occurrences directly used in Synapse code. + (#12902) + - Bump types-jsonschema from 4.4.1 to 4.4.6. (#12912) + - Rename storage classes. (#12913) + - Preparation for database schema simplifications: stop reading + from event_edges.room_id. (#12914) + - Check if we are in a virtual environment before overriding + the PYTHONPATH environment variable in the demo script. + (#12916) + - Improve the logging when signature checks on events fail. + (#12925) + +------------------------------------------------------------------- +Tue May 31 16:57:15 UTC 2022 - Marcus Rueckert + +- Update to 1.60.0 + This release of Synapse adds a unique index to the + state_group_edges table, in order to prevent accidentally + introducing duplicate information (for example, because a + database backup was restored multiple times). If your Synapse + database already has duplicate rows in this table, this could + fail with an error and require manual remediation. + + Additionally, the signature of the check_event_for_spam module + callback has changed. The previous signature has been deprecated + and remains working for now. Module authors should update their + modules to use the new signature where possible. + + See the upgrade notes for more details. + https://github.com/matrix-org/synapse/blob/develop/docs/upgrade.md#upgrading-to-v1600 + + - Features + - Add an option allowing users to use their password to + reauthenticate for privileged actions even though password + login is disabled. (#12883) + - Measure the time taken in spam-checking callbacks and expose + those measurements as metrics. (#12513) + - Add a default_power_level_content_override config option to + set default room power levels per room preset. (#12618) + - Add support for MSC3787: Allowing knocks to restricted rooms. + (#12623) + - Send USER_IP commands on a different Redis channel, in order + to reduce traffic to workers that do not process these + commands. (#12672, #12809) + - Synapse will now reload cache config when it receives a + SIGHUP signal. (#12673) + - Add a config options to allow for auto-tuning of caches. + (#12701) + - Update MSC2716 implementation to process marker events from + the current state to avoid markers being lost in timeline + gaps for federated servers which would cause the imported + history to be undiscovered. (#12718) + - Add a drop_federated_event callback to SpamChecker to + disregard inbound federated events before they take up much + processing power, in an emergency. (#12744) + - Implement MSC3818: Copy room type on upgrade. (#12786, + #12792) + - Update to the check_event_for_spam module callback. Deprecate + the current callback signature, replace it with a new + signature that is both less ambiguous (replacing booleans + with explicit allow/block) and more powerful (ability to + return explicit error codes). (#12808) + - Bugfixes + - Fix a bug introduced in Synapse 1.60.0rc1 that would break + some imports from synapse.module_api. (#12918) + - Explicitly close ijson coroutines once we are done with them, + instead of leaving the garbage collector to close them. + (#12875) + - Fix a bug introduced in Synapse 1.7.0 that would prevent + events from being sent to clients if there's a retention + policy in the room when the support for retention policies is + disabled. (#12611) + - Fix a bug introduced in Synapse 1.57.0 where /messages would + throw a 500 error when querying for a non-existent room. + (#12683) + - Add a unique index to state_group_edges to prevent duplicates + being accidentally introduced and the consequential impact to + performance. (#12687) + - Fix a long-standing bug where an empty room would be created + when a user with an insufficient power level tried to upgrade + a room. (#12696) + - Fix a bug introduced in Synapse 1.30.0 where empty rooms + could be automatically created if a monthly active users + limit is set. (#12713) + - Fix push to dismiss notifications when read on another + client. Contributed by @SpiritCroc @ Beeper. (#12721) + - Fix poor database performance when reading the cache + invalidation stream for large servers with lots of workers. + (#12747) + - Delete events from the federation_inbound_events_staging + table when a room is purged through the admin API. (#12770) + - Give a meaningful error message when a client tries to create + a room with an invalid alias localpart. (#12779) + - Fix a bug introduced in 1.43.0 where a file (providers.json) + was never closed. Contributed by @arkamar. (#12794) + - Fix a long-standing bug where finished log contexts would be + re-started when failing to contact remote homeservers. + (#12803) + - Fix a bug, introduced in Synapse 1.21.0, that led to media + thumbnails being unusable before the index has been added in + the background. (#12823) + - Updates to the Docker image + - Fix the docker file after a dependency update. (#12853) + - Improved Documentation + - Fix a typo in the Media Admin API documentation. (#12715) + - Update the OpenID Connect example for Keycloak to be + compatible with newer versions of Keycloak. Contributed by + @nhh. (#12727) + - Fix typo in server listener documentation. (#12742) + - Link to the configuration manual from the welcome page of the + documentation. (#12748) + - Fix typo in run_background_tasks_on option name in + configuration manual documentation. (#12749) + - Add information regarding the rc_invites ratelimiting option + to the configuration docs. (#12759) + - Add documentation for cancellation of request processing. + (#12761) + - Recommend using docker to run tests against postgres. + (#12765) + - Add missing user directory endpoint from the generic worker + documentation. Contributed by @olmari. (#12773) + - Add additional info to documentation of config option + cache_autotuning. (#12776) + - Update configuration manual documentation to document + size-related suffixes. (#12777) + - Fix invalid YAML syntax in the example documentation for the + url_preview_accept_language config option. (#12785) + - Deprecations and Removals + - Require a body in POST requests to + /rooms/{roomId}/receipt/{receiptType}/{eventId}, as required + by the Matrix specification. This breaks compatibility with + Element Android 1.2.0 and earlier: users of those clients + will be unable to send read receipts. (#12709) + - Internal Changes + - Improve URL previews by not including the content of media + tags in the generated description. (#12887) + - Improve event caching mechanism to avoid having multiple + copies of an event in memory at a time. (#10533) + - Preparation for faster-room-join work: return subsets of room + state which we already have, immediately. (#12498) + - Add @cancellable decorator, for use on endpoint methods that + can be cancelled when clients disconnect. (#12586, #12588, + #12630, #12694, #12698, #12699, #12700, #12705) + - Enable cancellation of GET /rooms/$room_id/members, GET + /rooms/$room_id/state and GET + /rooms/$room_id/state/$event_type/* requests. (#12708) + - Improve documentation of the synapse.push module. (#12676) + - Refactor functions to on PushRuleEvaluatorForEvent. (#12677) + - Preparation for database schema simplifications: stop writing + to event_reference_hashes. (#12679) + - Remove code which updates unused database column + application_services_state.last_txn. (#12680) + - Refactor EventContext class. (#12689) + - Remove an unneeded class in the push code. (#12691) + - Consolidate parsing of relation information from events. + (#12693) + - Convert namespace class Codes into a string enum. (#12703) + - Optimize private read receipt filtering. (#12711) + - Drop the logging level of status messages for the URL preview + cache expiry job from INFO to DEBUG. (#12720) + - Downgrade some OIDC errors to warnings in the logs, to reduce + the noise of Sentry reports. (#12723) + - Update configs used by Complement to allow more invites/3PID + validations during tests. (#12731) + - Fix a long-standing bug where the user directory background + process would fail to make forward progress if a user + included a null codepoint in their display name or avatar. + (#12762) + - Tweak the mypy plugin so that @cached can accept + on_invalidate=None. (#12769) + - Move methods that call add_push_rule to the PushRuleStore + class. (#12772) + - Make handling of federation Authorization header (more) + compliant with RFC7230. (#12774) + - Refactor resolve_state_groups_for_events to not pull out full + state when no state resolution happens. (#12775) + - Do not keep going if there are 5 back-to-back background + update failures. (#12781) + - Fix federation when using the demo scripts. (#12783) + - The hash_password script now fails when it is called without + specifying a config file. Contributed by @jae1911. (#12789) + - Improve and fix type hints. (#12567, #12477, #12717, #12753, + #12695, #12734, #12716, #12726, #12790, #12833) + - Update EventContext get_current_event_ids and + get_prev_event_ids to accept state filters and update calls + where possible. (#12791) + - Remove Caddy from the Synapse workers image used in + Complement. (#12818) + - Add Complement's shared registration secret to the Complement + worker image. This fixes tests that depend on it. (#12819) + - Support registering Application Services when running with + workers under Complement. (#12826) + - Disable 'faster room join' Complement tests when testing + against Synapse with workers. (#12842) + +------------------------------------------------------------------- +Wed May 18 12:10:11 UTC 2022 - Marcus Rueckert + +- Update to 1.59.1 + This release fixes a long-standing issue which could prevent + Synapse's user directory for updating properly. + + - Bugfixes + - Fix a long-standing bug where the user directory background + process would fail to make forward progress if a user + included a null codepoint in their display name or avatar. + Contributed by Nick @ Beeper. (#12762) + +------------------------------------------------------------------- +Tue May 17 10:27:39 UTC 2022 - Marcus Rueckert + +- Update to 1.59.0 + Synapse 1.59 makes several changes that server administrators + should be aware of: + + - Device name lookup over federation is now disabled by default. + (#12616) + - The synapse.app.appservice and synapse.app.user_dir worker + application types are now deprecated. (#12452, #12654) + + See the upgrade notes for more details. + + Additionally, this release removes the non-standard m.login.jwt + login type from Synapse. It can be replaced with + org.matrix.login.jwt for identical behaviour. This is only used + if jwt_config.enabled is set to true in the configuration. + (#12597) + + - Features + - Support MSC3266 room summaries over federation. (#11507) + - Implement changes to MSC2285 (hidden read receipts). + Contributed by @SimonBrandner. (#12168, #12635, #12636, + #12670) + - Extend the module API to allow modules to change actions for + existing push rules of local users. (#12406) + - Add the notify_appservices_from_worker configuration option + (superseding notify_appservices) to allow a generic worker to + be designated as the worker to send traffic to Application + Services. (#12452) + - Add the update_user_directory_from_worker configuration + option (superseding update_user_directory) to allow a generic + worker to be designated as the worker to update the user + directory. (#12654) + - Add new enable_registration_token_3pid_bypass configuration + option to allow registrations via token as an alternative to + verifying a 3pid. (#12526) + - Implement MSC3786: Add a default push rule to ignore + m.room.server_acl events. (#12601) + - Add new mau_appservice_trial_days configuration option to + specify a different trial period for users registered via an + appservice. (#12619) + - Bugfixes + - Fix DB performance regression introduced in Synapse + 1.59.0rc2. (#12745) + - Fix a bug introduced in Synapse 1.58.0 where /sync would fail + if the most recent event in a room was rejected. (#12729) + - Fix a bug introduced in Synapse 1.48.0 where the latest + thread reply provided failed to include the proper bundled + aggregations. (#12273) + - Fix a bug introduced in Synapse 1.22.0 where attempting to + send a large amount of read receipts to an application + service all at once would result in duplicate content and + abnormally high memory usage. Contributed by Brad & Nick @ + Beeper. (#12544) + - Fix a bug introduced in Synapse 1.57.0 which could cause + Failed to calculate hosts in room errors to be logged for + outbound federation. (#12570) + - Fix a long-standing bug where status codes would almost + always get logged as 200!, irrespective of the actual status + code, when clients disconnect before a request has finished + processing. (#12580) + - Fix race when persisting an event and deleting a room that + could lead to outbound federation breaking. (#12594) + - Fix a bug introduced in Synapse 1.53.0 where bundled + aggregations for annotations/edits were incorrectly + calculated. (#12633) + - Fix a long-standing bug where rooms containing power levels + with string values could not be upgraded. (#12657) + - Prevent memory leak from reoccurring when presence is + disabled. (#12656) + - Updates to the Docker image + - Explicitly opt-in to using BuildKit-specific features in the + Dockerfile. This fixes issues with building images in some + GitLab CI environments. (#12541) + - Update the "Build docker images" GitHub Actions workflow to + use docker/metadata-action to generate docker image tags, + instead of a custom shell script. Contributed by @henryclw. + (#12573) + - Improved Documentation + - Update SQL statements and replace use of old table + user_stats_historical in docs for Synapse Admins. (#12536) + - Add missing linebreak to pipx install instructions. (#12579) + - Add information about the TCP replication module to docs. + (#12621) + - Fixes to the formatting of README.rst. (#12627) + - Fix docs on how to run specific Complement tests using the + complement.sh test runner. (#12664) + - Deprecations and Removals + - Remove unstable identifiers from MSC3069. (#12596) + - Remove the unspecified m.login.jwt login type and the + unstable uk.half-shot.msc2778.login.application_service from + - MSC2778. (#12597) + - Synapse now requires at least Python 3.7.1 (up from 3.7.0), + for compatibility with the latest Twisted trunk. (#12613) + - Internal Changes + - Use supervisord to supervise Postgres and Caddy in the + Complement image to reduce restart time. (#12480) + - Immediately retry any requests that have backed off when a + server comes back online. (#12500) + - Use make_awaitable instead of defer.succeed for return values + of mocks in tests. (#12505) + - Consistently check if an object is a frozendict. (#12564) + - Protect module callbacks with read semantics against + cancellation. (#12568) + - Improve comments and error messages around access tokens. + (#12577) + - Improve docstrings for the receipts store. (#12581) + - Use constants for read-receipts in tests. (#12582) + - Log status code of cancelled requests as 499 and avoid + logging stack traces for them. (#12587, #12663) + - Remove special-case for twisted logger from default log + config. (#12589) + - Use getClientAddress instead of the deprecated getClientIP. + (#12599) + - Add link to documentation in Grafana Dashboard. (#12602) + - Reduce log spam when running multiple event persisters. + (#12610) + - Add extra debug logging to federation sender. (#12614) + - Prevent remote homeservers from requesting local user device + names by default. (#12616) + - Add a consistency check on events which we read from the + database. (#12620) + - Remove use of the constantly library and switch to enums for + EventRedactBehaviour. Contributed by @andrewdoh. (#12624) + - Remove unused code related to receipts. (#12632) + - Minor improvements to the scripts for running Synapse in + worker mode under Complement. (#12637) + - Move pympler back in to the all extras. (#12652) + - Fix spelling of M_UNRECOGNIZED in comments. (#12665) + - Release script: confirm the commit to be tagged before + tagging. (#12556) + - Fix a typo in the announcement text generated by the Synapse + release development script. (#12612) + - Typechecking + - Fix scripts-dev to pass typechecking. (#12356) + - Add some type hints to datastore. (#12485) + - Remove unused # type: ignores. (#12531) + - Allow unused # type: ignore comments in bleeding edge CI + jobs. (#12576) + - Remove redundant lines of config from mypy.ini. (#12608) + - Update to mypy 0.950. (#12650) + - Use Concatenate to better annotate _do_execute. (#12666) + - Use ParamSpec to refine type hints. (#12667) + - Fix mypy against latest pillow stubs. (#12671) + +------------------------------------------------------------------- +Thu May 5 18:33:27 UTC 2022 - Marcus Rueckert + +- Update to 1.58.1 + This patch release includes a fix to the Debian packages, + installing the systemd and cache_memory extra package groups, + which were incorrectly omitted in v1.58.0. This primarily + prevented Synapse from starting when the + systemd.journal.JournalHandler log handler was configured. See + #12631 for further information. + + Otherwise, no significant changes since 1.58.0. + +------------------------------------------------------------------- +Tue May 3 11:14:28 UTC 2022 - Marcus Rueckert + +- Update to 1.58.0 + As of this release, the groups/communities feature in Synapse is + now disabled by default. See #11584 for details. As mentioned in + the upgrade notes, this feature will be removed in Synapse 1.61. + + - Features + - Implement MSC3383 for including the destination in + server-to-server authentication headers. Contributed by @Bubu + and @jcgruenhage for Famedly. (#11398) + - Docker images and Debian packages from matrix.org now contain + a locked set of Python dependencies, greatly improving build + reproducibility. (Board, #11537) + - Enable processing of device list updates asynchronously. + (#12365, #12465) + - Implement MSC2815 to allow room moderators to view redacted + event content. Contributed by @tulir @ Beeper. (#12427) + - Build Debian packages for Ubuntu 22.04 "Jammy Jellyfish". + (#12543) + - Bugfixes + - Fix a bug introduced in Synapse 1.58.0rc1 where the main + process could consume excessive amounts of CPU and memory + while handling sentry logging failures. (#12554) + - Fix a bug introduced in Synapse 1.58.0rc1 where opentracing + contexts were not correctly sent to whitelisted remote + servers with device lists updates. (#12555) + - Prevent a sync request from removing a user's busy presence + status. (#12213) + - Fix bug with incremental sync missing events when + rejoining/backfilling. Contributed by Nick @ Beeper. (#12319) + - Fix a long-standing bug which incorrectly caused GET + /_matrix/client/v3/rooms/{roomId}/event/{eventId} to return + edited events rather than the original. (#12476) + - Fix a bug introduced in Synapse 1.27.0 where the admin API + for deleting forward extremities would always return a count + of 1, no matter how many extremities were deleted. (#12496) + - Fix a long-standing bug where the image thumbnails embedded + into email notifications were broken. (#12510) + - Fix a bug in the implementation of MSC3202 where Synapse + would use the field name device_unused_fallback_keys, rather + than device_unused_fallback_key_types. (#12520) + - Fix a bug introduced in Synapse 0.99.3 which could cause + Synapse to consume large amounts of RAM when back-paginating + in a large room. (#12522) + - Improved Documentation + - Fix rendering of the documentation site when using the + 'print' feature. (#12340) + - Add a manual documenting config file options. (#12368, + #12527) + - Update documentation to reflect that both the + run_background_tasks_on option and the options for moving + stream writers off of the main process are no longer + experimental. (#12451) + - Update worker documentation and replace old federation_reader + with generic_worker. (#12457) + - Strongly recommend Poetry for development. (#12475) + - Add some example configurations for workers and update + architectural diagram. (#12492) + - Fix a broken link in README.rst. (#12495) + - Add HAProxy delegation example with CORS headers to docs. + (#12501) + - Remove extraneous comma in User Admin API's device deletion + section so that the example JSON is actually valid and works. + Contributed by @olmari. (#12533) + - Deprecations and Removals + - The groups/communities feature in Synapse is now disabled by + default. (#12344) + - Remove unstable identifiers from MSC3440. (#12382) + - Internal Changes + - Reduce unnecessary work when handling remote device list + updates. (#12557) + - Preparation for faster-room-join work: start a background + process to resynchronise the room state after a room join. + (#12394) + - Preparation for faster-room-join work: Implement a tracking + mechanism to allow functions to wait for full room state to + arrive. (#12399) + - Remove an unstable identifier from MSC3083. (#12395) + - Run CI in the locked Poetry environment, and remove + corresponding tox jobs. (#12425, #12434, #12438, #12441, + #12449, #12478, #12514, #12472) + - Change Mutual Rooms' unstable_features flag to + uk.half-shot.msc2666.mutual_rooms which matches the current + iteration of MSC2666. (#12445) + - Fix typo in the release script help string. (#12450) + - Fix a minor typo in the Debian changelogs generated by the + release script. (#12497) + - Reintroduce the list of targets to the linter script, to + avoid linting unwanted local-only directories during + development. (#12455) + - Limit length of device_id to less than 512 characters. + (#12454) + - Dockerfile-workers: reduce the amount we install in the + image. (#12464) + - Dockerfile-workers: give the master its own log config. + (#12466) + - complement-synapse-workers: factor out separate entry point + script. (#12467) + - Back out experimental implementation of MSC2314. (#12474) + - Fix grammatical error in federation error response when the + room version of a room is unknown. (#12483) + - Remove unnecessary configuration overrides in tests. (#12511) + - Refactor the relations code for clarity. (#12519) + - Add type hints so docker and stubs directories pass mypy + --disallow-untyped-defs. (#12528) + - Update delay_cancellation to accept any awaitable, rather + than just Deferreds. (#12468) + - Handle cancellation in + EventsWorkerStore._get_events_from_cache_or_db. (#12529) +- port to pyproject, wheel and poetry based builds +- refreshed patch matrix-synapse-1.4.1-paths.patch +- moved dont-bump-cryptography-with-system-openssl.patch + to bump-dependencies.patch to reflect better that the patch is + not cryptography specific and update the patch to patch the + pyproject.toml. + +------------------------------------------------------------------- +Thu Apr 21 10:19:32 UTC 2022 - Marcus Rueckert + +- Update to 1.57.1 + - Updates to the Docker image + - Include version 0.2.0 of the Synapse LDAP Auth Provider + module in the Docker image. This matches the version that was + present in the Docker image for Synapse v1.56.0. + +------------------------------------------------------------------- +Tue Apr 19 13:18:59 UTC 2022 - Marcus Rueckert + +- Update to 1.57.0 + This version includes a change to the way transaction IDs are + managed for application services. If your deployment uses a + dedicated worker for application service traffic, it must be + stopped when the database is upgraded (which normally happens + when the main process is upgraded), to ensure the change is made + safely without any risk of reusing transaction IDs. + + See the upgrade notes for more details. + https://github.com/matrix-org/synapse/blob/v1.57.0rc1/docs/upgrade.md#upgrading-to-v1570 + + - Features + - Send device list changes to application services as specified + by MSC3202, using unstable prefixes. The + msc3202_transaction_extensions experimental homeserver config + option must be enabled and org.matrix.msc3202: true must be + present in the application service registration file for + device list changes to be sent. The "left" field is currently + always empty. (#11881) + - Optimise fetching large quantities of missing room state over + federation. (#12040) + - Offload the update_client_ip background job from the main + process to the background worker, when using Redis-based + replication. (#12251) + - Move update_client_ip background job from the main process to + the background worker. (#12252) + - Add a module callback to react to new 3PID (email address, + phone number) associations. (#12302) + - Add a configuration option to remove a specific set of rooms + from sync responses. (#12310) + - Add a module callback to react to account data changes. + (#12327) + - Allow setting user admin status using the module API. + Contributed by Famedly. (#12341) + - Reduce overhead of restarting synchrotrons. (#12367, #12372) + - Update /messages to use historic pagination tokens if no from + query parameter is given. (#12370) + - Add a module API for reading and writing global account data. + (#12391) + - Support the stable v1 endpoint for /relations, per MSC2675. + (#12403) + - Include bundled aggregations in search results (MSC3666). + (#12436) + - Bugfixes + - Fix a long-standing bug where updates to the server notices + user profile (display name/avatar URL) in the configuration + would not be applied to pre-existing rooms. Contributed by + Jorge Florian. (#12115) + - Fix a long-standing bug where events from ignored users were + still considered for bundled aggregations. (#12235, #12338) + - Fix non-member state events not resolving for historical + events when used in MSC2716 /batch_send + state_events_at_start. (#12329) + - Fix a long-standing bug affecting URL previews that would + generate a 500 response instead of a 403 if the previewed URL + includes a port that isn't allowed by the relevant blacklist. + (#12333) + - Default to private room visibility rather than public when a + client does not specify one, according to spec. (#12350) + - Fix a spec compliance issue where requests to the + /publicRooms federation API would specify limit as a string. + (#12364, #12410) + - Fix a bug introduced in Synapse 1.49.0 which caused the + synapse_event_persisted_position metric to have invalid + values. (#12390) + - Updates to the Docker image + - Bundle locked versions of dependencies into the Docker image. + (#12385, #12439) + - Fix up healthcheck generation for workers docker image. + (#12405) + - Improved Documentation + - Clarify documentation for running SyTest against Synapse, + including use of Postgres and worker mode. (#12271) + - Document the behaviour of LoggingTransaction.call_after and + LoggingTransaction.call_on_exception methods when + transactions are retried. (#12315) + - Update dead links in check-newsfragment.sh to point to the + correct documentation URL. (#12331) + - Upgrade the version of mdbook in CI to 0.4.17. (#12339) + - Updates to the Room DAG concepts development document to + clarify that we mark events as outliers because we don't have + any state for them. (#12345) + - Update the link to Redis pub/sub documentation in the workers + documentation. (#12369) + - Remove documentation for converting a legacy structured + logging configuration to the new format. (#12392) + - Deprecations and Removals + - Remove the unused and unstable /aggregations endpoint which + was removed from MSC2675. (#12293) + - Internal Changes + - Remove lingering unstable references to MSC2403 (knocking). + (#12165) + - Avoid trying to calculate the state at outlier events. + (#12191, #12316, #12330, #12332, #12409) + - Omit sending "offline" presence updates to application + services after they are initially configured. (#12193) + - Switch to using a sequence to generate AS transaction IDs. + Contributed by Nick @ Beeper. If running synapse with a + dedicated appservice worker, this MUST be stopped before + upgrading the main process and database. (#12209) + - Add missing type hints for storage. (#12267) + - Add missing type definitions for scripts in docker folder. + Contributed by Jorge Florian. (#12280) + - Move MSC2654 support behind an experimental configuration + flag. (#12295) + - Update docstrings to explain how to decipher live and + historic pagination tokens. (#12317) + - Add ground work for speeding up device list updates for users + in large numbers of rooms. (#12321) + - Fix typechecker problems exposed by signedjson 1.1.2. + (#12326) + - Remove the tox packaging job: it will be redundant once + #11537 lands. (#12334) + - Ignore .envrc for direnv users. (#12335) + - Remove the (broadly unused, dev-only) dockerfile for pg + tests. (#12336) + - Remove redundant get_success calls in test code. (#12346) + - Add type annotations for tests/unittest.py. (#12347) + - Move single-use methods out of TestCase. (#12348) + - Remove broken and unused development scripts. (#12349, + #12351, #12355) + - Convert Linearizer tests from inlineCallbacks to async. + (#12353) + - Update docstrings for ReadWriteLock tests. (#12354) + - Refactor Linearizer, convert methods to async and use an + async context manager. (#12357) + - Fix a long-standing bug where Linearizers could get stuck if + a cancellation were to happen at the wrong time. (#12358) + - Make StreamToken.from_string and RoomStreamToken.parse + propagate cancellations instead of replacing them with + SynapseErrors. (#12366) + - Add type hints to tests files. (#12371) + - Allow specifying the Postgres database's port when running + unit tests with Postgres. (#12376) + - Remove temporary pin of signedjson<=1.1.1 that was added in + Synapse 1.56.0. (#12379) + - Add opentracing spans to calls to external cache. (#12380) + - Lay groundwork for using poetry to manage Synapse's + dependencies. (#12381, #12407, #12412, #12418) + - Make missing importlib_metadata dependency explicit. (#12384, + #12400) + - Update type annotations for compatiblity with + prometheus_client 0.14. (#12389) + - Remove support for the unstable identifiers specified in + MSC3288. (#12398) + - Add missing type hints to configuration classes. (#12402) + - Add files used to build the Docker image used for complement + testing into the Synapse repository. (#12404) + - Do not include groups in the sync response when disabled. + (#12408) + - Improve type hints related to HTTP query parameters. (#12415) + - Stop maintaining a list of lint targets. (#12420) + - Make synapse._scripts pass type checks. (#12421, #12422) + - Add some type hints to datastore. (#12423) + - Enable certificate checking during complement tests. (#12435) + - Explicitly specify the tls extra for Twisted dependency. + (#12444) +- refreshed patches: + dont-bump-cryptography-with-system-openssl.patch + matrix-synapse-1.4.1-paths.patch + +------------------------------------------------------------------- +Tue Apr 5 14:16:27 UTC 2022 - Marcus Rueckert + +- Update to 1.56.0 + Synapse will now refuse to start up if open registration is + enabled, in order to help mitigate abuse across the federation. + If you would like to provide registration to anyone, consider + adding email, recaptcha or token-based verification in order to + prevent automated registration from bad actors. This check can be + disabled by setting the enable_registration_without_verification + option in your homeserver configuration file to true. More + details are available in the upgrade notes. + + Synapse will additionally now refuse to start when using + PostgreSQL with a non-C values for COLLATE and CTYPE, unless the + config flag allow_unsafe_locale, found in the database section of + the configuration file, is set to true. See the upgrade notes for + details. + + - Features + - Allow modules to store already existing 3PID associations. + (#12195) + - Allow registering server administrators using the module API. + Contributed by Famedly. (#12250) + - Bugfixes + - Fix a long-standing bug which caused the + /_matrix/federation/v1/state and + /_matrix/federation/v1/state_ids endpoints to return + incorrect or invalid data when called for an event which we + have stored as an "outlier". (#12087) + - Fix a long-standing bug where events from ignored users would + still be considered for relations. (#12227, #12232, #12285) + - Fix a bug introduced in Synapse 1.53.0 where an unnecessary + query could be performed when fetching bundled aggregations + for threads. (#12228) + - Fix a bug introduced in Synapse 1.52.0 where admins could not + deactivate and GDPR-erase a user if Synapse was configured + with limits on avatars. (#12261) + - Improved Documentation + - Fix the link to the module documentation in the legacy spam + checker warning message. (#12231) + - Remove incorrect prefixes in the worker documentation for + some endpoints. (#12243) + - Correct check_username_for_spam annotations and docs. + (#12246) + - Correct Authentik OpenID typo, and add notes on + troubleshooting. Contributed by @IronTooch. (#12275) + - HAProxy reverse proxy guide update to stop sending + IPv4-mapped address to homeserver. Contributed by @villepeh. + (#12279) + - Internal Changes + - Bump the version of black for compatibility with the latest + click release. (#12320) + - Rename shared_rooms to mutual_rooms (MSC2666), as per + proposal changes. (#12036) + - Remove check on update_user_directory for shared rooms + handler (MSC2666), and update/expand documentation. (#12038) + - Refactor create_new_client_event to use a new parameter, + state_event_ids, which accurately describes the usage with + MSC2716 instead of abusing auth_event_ids. (#12083, #12304) + - Refuse to start if registration is enabled without email, + captcha, or token-based verification unless the new config + flag enable_registration_without_verification is set to true. + (#12091, #12322) + - Add tests for database transaction callbacks. (#12198) + - Handle cancellation in DatabasePool.runInteraction. (#12199) + - Add missing type hints for cache storage. (#12216) + - Add missing type hints for storage. (#12248, #12255) + - Add type hints to tests files. (#12224, #12240, #12256) + - Use type stubs for psycopg2. (#12269) + - Improve type annotations for execute_values. (#12311) + - Clean-up logic around rebasing URLs for URL image previews. + (#12219) + - Use the ignored_users table in additional places instead of + re-parsing the account data. (#12225) + - Refactor the relations endpoints to add a RelationsHandler. + (#12237) + - Generate announcement links in the release script. (#12242) + - Improve error message when dependencies check finds a broken + installation. (#12244) + - Compress metrics HTTP resource when enabled. Contributed by + Nick @ Beeper. (#12258) + - Refuse to start if the PostgreSQL database has a non-C + locale, unless the config flag allow_unsafe_db_locale is set + to true. (#12262, #12288) + - Optionally include account validity expiration information to + experimental MSC3720 account status responses. (#12266) + - Add a new cache _get_membership_from_event_id to speed up + push rule calculations in large rooms. (#12272) + - Re-enable Complement concurrency in CI. (#12283) + - Remove unused test utilities. (#12291) + - Enhance logging for inbound federation events. (#12301) + - Fix compatibility with the recently-released Jinja 3.1. + (#12313) + - Avoid trying to calculate the state at outlier events. + (#12314) +- refreshed patches: + dont-bump-cryptography-with-system-openssl.patch + matrix-synapse-1.4.1-paths.patch +- synced dependencies with package changes + +------------------------------------------------------------------- +Thu Mar 24 23:29:03 UTC 2022 - Marcus Rueckert + +- Update to 1.55.2 + This patch version reverts the earlier fixes from Synapse 1.55.1, + which could cause problems in certain deployments, and instead + adds a cap to the version of Jinja to be installed. Again, this + is to fix an incompatibility with version 3.1.0 of the Jinja + library, and again, deployments of Synapse using the + matrixdotorg/synapse Docker image or Debian packages from + packages.matrix.org are not affected. + + - Internal Changes + - Pin Jinja to <3.1.0, as Synapse fails to start with Jinja + 3.1.0. (#12297) + - Revert changes from 1.55.1 as they caused problems with older + versions of Jinja (#12296) +- Changes from 1.55.1 + This is a patch release that fixes an incompatibility with + version 3.1.0 of the Jinja library, released on March 24th, 2022. + Deployments of Synapse using the matrixdotorg/synapse Docker + image or Debian packages from packages.matrix.org are not + affected. + + - Internal Changes + - Remove uses of the long-deprecated jinja2.Markup which would + prevent Synapse from starting with Jinja 3.1.0 or above + installed. (#12289) + +------------------------------------------------------------------- +Tue Mar 22 19:59:01 UTC 2022 - Marcus Rueckert + +- Update to 1.55.0 + This release removes a workaround introduced in Synapse 1.50.0 + for Mjolnir compatibility. This breaks compatibility with Mjolnir + 1.3.1 and earlier. (#11700); Mjolnir users should upgrade Mjolnir + before upgrading Synapse to this version. + + This release also moves the location of the synctl script; see + the upgrade notes for more details. + + - Features + - Add third-party rules callbacks check_can_shutdown_room and + check_can_deactivate_user. (#12028) + - Improve performance of logging in for large accounts. + (#12132) + - Add experimental env var SYNAPSE_ASYNC_IO_REACTOR that causes + Synapse to use the asyncio reactor for Twisted. (#12135) + - Support the stable identifiers from MSC3440: threads. + (#12151) + - Add a new Jinja2 template filter to extract the local part of + an email address. (#12212) + - Bugfixes + - Use the proper serialization format for bundled thread + aggregations. The bug has existed since Synapse v1.48.0. + (#12090) + - Fix a long-standing bug when redacting events with relations. + (#12113, #12121, #12130, #12189) + - Fix a bug introduced in Synapse 1.7.2 whereby background + updates are never run with the default background batch size. + (#12157) + - Fix a bug where non-standard information was returned from + the /hierarchy API. Introduced in Synapse v1.41.0. (#12175) + - Fix a bug introduced in Synapse 1.54.0 that broke background + updates on sqlite homeservers while search was disabled. + (#12215) + - Fix a long-standing bug when a filter argument with + event_fields which did not include the unsigned field could + result in a 500 error on /sync. (#12234) + - Improved Documentation + - Fix complexity checking config example in Resource + Constrained Devices docs page. (#11998) + - Improve documentation for demo scripts. (#12143) + - Updates to the Room DAG concepts development document. + (#12179) + - Document that the typing, to_device, account_data, receipts, + and presence stream writer can only be used on a single + worker. (#12196) + - Document that contributors can sign off privately by email. + (#12204) + - Deprecations and Removals + - Remove workaround introduced in Synapse 1.50.0 for Mjolnir + compatibility. Breaks compatibility with Mjolnir 1.3.1 and + earlier. (#11700) + - **synctl has been moved into into synapse._scripts and is + exposed as an entry point; see upgrade notes. (#12140) + - Remove backwards compatibilty with pagination tokens from the + /relations and /aggregations endpoints generated from Synapse + < v1.52.0. (#12138) + - The groups/communities feature in Synapse has been + deprecated. (#12200) + - Internal Changes + - Tweak copy for default Single Sign-On account details + template to better adhere to mobile app store guidelines. + (#12265, #12260) + - Simplify the ApplicationService class' set of public methods + related to interest checking. (#11915) + - Add config settings for background update parameters. + (#11980) + - Correct type hints for txredis. (#12042) + - Limit the size of aggregation_key on annotations. (#12101) + - Add type hints to tests files. (#12108, #12146, #12207, + #12208) + - Move scripts to Synapse package and expose as setuptools + entry points. (#12118) + - Add support for cancellation to ReadWriteLock. (#12120) + - Fix data validation to compare to lists, not sequences. + (#12128) + - Fix CI not attaching source distributions and wheels to the + GitHub releases. (#12131) + - Remove unused mocks from test_typing. (#12136) + - Give scripts-dev scripts suffixes for neater CI config. + (#12137) + - Move the snapcraft configuration file to contrib. (#12142) + - Enable MSC3030 Complement tests in CI. (#12144) + - Enable MSC2716 Complement tests in CI. (#12145) + - Add test for ObservableDeferred's cancellation behaviour. + (#12149) + - Use ParamSpec in type hints for synapse.logging.context. + (#12150) + - Prune unused jobs from tox config. (#12152) + - Move CI checks out of tox, to facilitate a move to using + poetry. (#12153) + - Avoid generating state groups for local out-of-band leaves. + (#12154) + - Avoid trying to calculate the state at outlier events. + (#12155, #12173, #12202) + - Fix some type annotations. (#12156) + - Add type hints for ObservableDeferred attributes. (#12159) + - Use a prebuilt Action for the tests-done CI job. (#12161) + - Reduce number of DB queries made during processing of /sync. + (#12163) + - Add delay_cancellation utility function, which behaves like + stop_cancellation but waits until the original Deferred + resolves before raising a CancelledError. (#12180) + - Retry HTTP replication failures, this should prevent 502's + when restarting stateful workers (main, event persisters, + stream writers). Contributed by Nick @ Beeper. (#12182) + - Add cancellation support to @cached and @cachedList + decorators. (#12183) + - Remove unused variables. (#12187) + - Add combined test for HTTP pusher and push rule. Contributed + by Nick @ Beeper. (#12188) + - Rename HomeServer.get_tcp_replication to + get_replication_command_handler. (#12192) + - Remove some dead code. (#12197) + - Fix a misleading comment in the function + check_event_for_spam. (#12203) + - Remove unnecessary pass statements. (#12206) + - Update the SSO username picker template to comply with SIWA + guidelines. (#12210) + - Improve code documentation for the typing stream over + replication. (#12211) +- refreshed patches: + dont-bump-cryptography-with-system-openssl.patch + matrix-synapse-1.4.1-paths.patch + +------------------------------------------------------------------- +Tue Mar 8 18:44:40 UTC 2022 - Marcus Rueckert + +- Update to 1.54.0 + Please note that this will be the last release of Synapse that is + compatible with Mjolnir 1.3.1 and earlier. Administrators of + servers which have the Mjolnir module installed are advised to + upgrade Mjolnir to version 1.3.2 or later. + + - Features + - Add support for MSC3202: sending one-time key counts and + fallback key usage states to Application Services. (#11617) + - Improve the generated URL previews for some web pages. + Contributed by @AndrewRyanChama. (#11985) + - Track cache invalidations in Prometheus metrics, as already + happens for cache eviction based on size or time. (#12000) + - Implement experimental support for MSC3720 (account status + endpoints). (#12001, #12067) + - Enable modules to set a custom display name when registering + a user. (#12009) + - Advertise Matrix 1.1 and 1.2 support on + /_matrix/client/versions. (#12020, (#12022) + - Support only the stable identifier for MSC3069's is_guest on + /_matrix/client/v3/account/whoami. (#12021) + - Use room version 9 as the default room version (per MSC3589). + (#12058) + - Add module callbacks to react to user deactivation status + changes (i.e. deactivations and reactivations) and profile + updates. (#12062) + - Bugfixes + - Fix a bug introduced in Synapse 1.54.0rc1 preventing the new + module callbacks introduced in this release from being + registered by modules. (#12141) + - Fix a bug introduced in Synapse 1.54.0rc1 where runtime + dependency version checks would mistakenly check development + dependencies if they were present and would not accept + pre-release versions of dependencies. (#12129, #12177) + - Fix a bug introduced in Synapse 1.48.0 where an edit of the + latest event in a thread would not be properly applied to the + thread summary. (#11992) + - Fix long-standing bug where the get_rooms_for_user cache was + not correctly invalidated for remote users when the server + left a room. (#11999) + - Fix a 500 error with Postgres when looking backwards with the + MSC3030 /timestamp_to_event?dir=b endpoint. (#12024) + - Properly fix a long-standing bug where wrong data could be + inserted into the event_search table when using SQLite. This + could block running synapse_port_db with an argument of type + 'int' is not iterable error. This bug was partially fixed by + a change in Synapse 1.44.0. (#12037) + - Fix slow performance of /logout in some cases where refresh + tokens are in use. The slowness existed since the initial + implementation of refresh tokens in version 1.38.0. (#12056) + - Fix a long-standing bug where Synapse would make additional + failing requests over federation for missing data. (#12077) + - Fix occasional Unhandled error in Deferred error message. + (#12089) + - Fix a bug introduced in Synapse 1.51.0 where incoming + federation transactions containing at least one EDU would be + dropped if debug logging was enabled for synapse.8631_debug. + (#12098) + - Fix a long-standing bug which could cause push notifications + to malfunction if use_frozen_dicts was set in the + configuration. (#12100) + - Fix an extremely rare, long-standing bug in ReadWriteLock + that would cause an error when a newly unblocked writer + completes instantly. (#12105) + - Make a POST to /rooms//receipt/m.read/ + only trigger a push notification if the count of unread + messages is different to the one in the last successfully + sent push. This reduces server load and load on the receiving + device. (#11835) + - Updates to the Docker image + - The Docker image no longer automatically creates a temporary + volume at /data. This is not expected to affect normal usage. + (#11997) + - Use Python 3.9 in Docker images by default. (#12112) + - Improved Documentation + - Document support for the to_device, account_data, receipts, + and presence stream writers for workers. (#11599) + - Explain the meaning of spam checker callbacks' return values. + (#12003) + - Clarify information about external Identity Provider IDs. + (#12004) + - Deprecations and Removals + - Deprecate using synctl with the config option + synctl_cache_factor and print a warning if a user still uses + this option. (#11865) + - Remove support for the legacy structured logging + configuration (please see the the upgrade notes if you are + using structured: true in the Synapse configuration). + (#12008) + - Drop support for MSC3283 unstable flags now that the stable + flags are supported. (#12018) + - Remove the unstable /spaces endpoint from MSC2946. (#12073) + - Internal Changes + - Update release script to insert the previous version when + writing "No significant changes" line in the changelog. + (#12127) + - Relax the version guard for "packaging" added in #12088. + (#12166) + - Make the get_room_version method use get_room_version_id to + benefit from caching. (#11808) + - Remove unnecessary condition on knock -> leave auth rule + check. (#11900) + - Add tests for device list changes between local users. + (#11972) + - Optimise calculating device_list changes in /sync. (#11974) + - Add missing type hints to storage classes. (#11984) + - Refactor the search code for improved readability. (#11991) + - Move common deduplication code down into + _auth_and_persist_outliers. (#11994) + - Limit concurrent joins from applications services. (#11996) + - Preparation for faster-room-join work: when parsing the + send_join response, get the m.room.create event from state, + not auth_chain. (#12005, #12039) + - Preparation for faster-room-join work: parse MSC3706 fields + in send_join response. (#12011) + - Preparation for faster-room-join work: persist information on + which events and rooms have partial state to the database. + (#12012) + - Preparation for faster-room-join work: Support for calling + /federation/v1/state on a remote server. (#12013) + - Configure tox to use venv rather than virtualenv. (#12015) + - Fix bug in StateFilter.return_expanded() and add some tests. + (#12016) + - Use Matrix v1.1 endpoints (/_matrix/client/v3/auth/...) in + fallback auth HTML forms. (#12019) + - Update the olddeps CI job to use an old version of + markupsafe. (#12025) + - Upgrade Mypy to version 0.931. (#12030) + - Remove legacy HomeServer.get_datastore(). (#12031, #12070) + - Minor typing fixes. (#12034, #12069) + - After joining a room, create a dedicated logcontext to + process the queued events. (#12041) + - Tidy up GitHub Actions config which builds distributions for + PyPI. (#12051) + - Move configuration out of setup.cfg. (#12052, #12059) + - Fix error message when a worker process fails to talk to + another worker process. (#12060) + - Fix using the complement.sh script without specifying a + directory or a branch. Contributed by Nico on behalf of + Famedly. (#12063) + - Add type hints to tests/rest/client. (#12066, #12072, #12084, + #12094) + - Add some logging to /sync to try and track down #11916. + (#12068) + - Inspect application dependencies using importlib.metadata or + its backport. (#12088) + - Use assertEqual instead of the deprecated assertEquals in + test code. (#12092) + - Move experimental support for MSC3440 to /versions. (#12099) + - Add stop_cancellation utility function to stop Deferreds from + being cancelled. (#12106) + - Improve exception handling for concurrent execution. (#12109) + - Advertise support for Python 3.10 in packaging files. + (#12111) + - Move CI checks out of tox, to facilitate a move to using + poetry. (#12119) +- bump dependencies to follow upstream + ijson >= 3.1.4 from 3.1 + packaging >= 16.1 +- refreshed patches: + - dont-bump-cryptography-with-system-openssl.patch + +------------------------------------------------------------------- +Tue Feb 22 12:11:45 UTC 2022 - Marcus Rueckert + +- Update to 1.53.0 + - Features + - Add experimental support for sending to-device messages to + application services, as specified by MSC2409. (#11215, + #11966) + - Add a background database update to purge account data for + deactivated users. (#11655) + - Experimental support for MSC3666: including bundled + aggregations in server side search results. (#11837) + - Enable cache time-based expiry by default. The expiry_time + config flag has been superseded by expire_caches and + cache_entry_ttl. (#11849) + - Add a callback to allow modules to allow or forbid a 3PID + (email address, phone number) from being associated to a + local account. (#11854) + - Stabilize support and remove unstable endpoints for MSC3231. + Clients must switch to the stable identifier and endpoint. + See the upgrade notes for more information. (#11867) + - Allow modules to retrieve the current instance's server name + and worker name. (#11868) + - Use a dedicated configurable rate limiter for 3PID invites. + (#11892) + - Support the stable API endpoint for MSC3283: new settings in + /capabilities endpoint. (#11933, #11989) + - Support the dir parameter on the /relations endpoint, per + MSC3715. (#11941) + - Experimental implementation of MSC3706: extensions to + /send_join to support reduced response size. (#11967) + - Bugfixes + - Fix MSC2716 historical messages backfilling in random order + on remote homeservers. (#11114) + - Fix a bug introduced in Synapse 1.51.0 where incoming + federation transactions containing at least one EDU would be + dropped if debug logging was enabled for synapse.8631_debug. + (#11890) + - Fix a long-standing bug where some unknown endpoints would + return HTML error pages instead of JSON M_UNRECOGNIZED + errors. (#11930) + - Implement an allow list of content types for which we will + attempt to preview a URL. This prevents Synapse from making + useless longer-lived connections to streaming media servers. + (#11936) + - Fix a long-standing bug where pagination tokens from /sync + and /messages could not be provided to the /relations API. + (#11952) + - Require that modules register their callbacks using keyword + arguments. (#11975) + - Fix a long-standing bug where M_WRONG_ROOM_KEYS_VERSION + errors would not include the specced current_version field. + (#11988) + - Improved Documentation + - Fix typo in User Admin API: unpind -> unbind. (#11859) + - Document images returned by the User List Media Admin API can + include those generated by URL previews. (#11862) + - Remove outdated MSC1711 FAQ document. (#11907) + - Correct the structured logging configuration example. + Contributed by Brad Jones. (#11946) + - Add information on the Synapse release cycle. (#11954) + - Fix broken link in the README to the admin API for password + reset. (#11955) + - Deprecations and Removals + - Drop support for webclient listeners and configuring + web_client_location to a non-HTTP(S) URL. Deprecated + configurations are a configuration error. (#11895) + - Remove deprecated user_may_create_room_with_invites spam + checker callback. See the upgrade notes for more information. + (#11950) + - No longer build .deb packages for Ubuntu 21.04 Hirsute Hippo, + which has now EOLed. (#11961) + - Internal Changes + - Enhance user registration test helpers to make them more + useful for tests involving application services and devices. + (#11615, #11616) + - Improve performance when fetching bundled aggregations for + multiple events. (#11660, #11752) + - Fix type errors introduced by new annotations in the + Prometheus Client library. (#11832) + - Add missing type hints to replication code. (#11856, #11938) + - Ensure that opentracing scopes are activated and closed at + the right time. (#11869) + - Improve opentracing for incoming federation requests. + (#11870) + - Improve internal docstrings in synapse.util.caches. (#11876) + - Do not needlessly clear the get_users_in_room and + get_users_in_room_with_profiles caches when any room state + changes. (#11878) + - Convert ApplicationServiceTestCase to use simple_async_mock. + (#11880) + - Remove experimental changes to the default push rules which + were introduced in Synapse 1.19.0 but never enabled. (#11884) + - Disable coverage calculation for olddeps build. (#11888) + - Preparation to support sending device list updates to + application services. (#11905) + - Add a test that checks users receive their own device list + updates down /sync. (#11909) + - Run Complement tests sequentially. (#11910) + - Various refactors to the application service notifier code. + (#11911, #11912) + - Tests: replace mocked Authenticator with the real thing. + (#11913) + - Various refactors to the typing notifications code. (#11914) + - Use the proper type for the Content-Length header in the + UploadResource. (#11927) + - Remove an unnecessary ignoring of type hints due to fixes in + upstream packages. (#11939) + - Add missing type hints. (#11953) + - Fix an import cycle in synapse.event_auth. (#11965) + - Unpin frozendict but exclude the known bad version 2.1.2. + (#11969) + - Prepare for rename of default Complement branch. (#11971) + - Fetch Synapse's version using a helper from matrix-common. + (#11979) +- refresh patches: + dont-bump-cryptography-with-system-openssl.patch + matrix-synapse-1.4.1-paths.patch + +------------------------------------------------------------------- +Wed Feb 9 23:24:56 UTC 2022 - Marcus Rueckert + +- Update to 1.52.0 + + Note that Twisted 22.1.0 has recently been released, which fixes + a security issue within the Twisted library. We do not believe + Synapse is affected by this vulnerability, though we advise + server administrators who installed Synapse via pip to upgrade + Twisted with pip install --upgrade Twisted treq as a matter of + good practice. The Docker image matrixdotorg/synapse and the + Debian packages from packages.matrix.org are using the updated + library. + + - Features + - Remove account data (including client config, push rules and + ignored users) upon user deactivation. (#11621, #11788, + #11789) + - Add an admin API to reset connection timeouts for remote + server. (#11639) + - Add an admin API to get a list of rooms that federate with a + given remote homeserver. (#11658) + - Add a config flag to inhibit M_USER_IN_USE during + registration. (#11743) + - Add a module callback to set username at registration. + (#11790) + - Allow configuring a maximum file size as well as a list of + allowed content types for avatars. (#11846) + - Bugfixes + - Include the bundled aggregations in the /sync response, per + MSC2675. (#11612) + - Fix a long-standing bug when previewing Reddit URLs which do + not contain an image. (#11767) + - Fix a long-standing bug that media streams could cause + long-lived connections when generating URL previews. (#11784) + - Include a prev_content field in state events sent to + Application Services. Contributed by @totallynotvaishnav. + (#11798) + - Fix a bug introduced in Synapse 0.33.3 causing requests to + sometimes log strings such as HTTPStatus.OK instead of + integer status codes. (#11827) + - Improved Documentation + - Update pypi installation docs to indicate that we now support + Python 3.10. (#11820) + - Add missing steps to the contribution submission process in + the documentation. Contributed by @sequentialread. (#11821) + - Remove not needed old table of contents in documentation. + (#11860) + - Consolidate the access_token information at the top of each + relevant page in the Admin API documentation. (#11861) + - Deprecations and Removals + - Drop support for Python 3.6, which is EOL. (#11683) + - Remove the experimental_msc1849_support_enabled flag as the + features are now stable. (#11843) + - Internal Changes + - Preparation for database schema simplifications: add + state_key and rejection_reason columns to events table. + (#11792) + - Add FrozenEvent.get_state_key and use it in a couple of + places. (#11793) + - Preparation for database schema simplifications: stop reading + from event_reference_hashes. (#11794) + - Drop unused table public_room_list_stream. (#11795) + - Preparation for reducing Postgres serialization errors: allow + setting transaction isolation level. Contributed by Nick @ + Beeper. (#11799, #11847) + - Docker: skip the initial amd64-only build and go straight to + multiarch. (#11810) + - Run Complement on the Github Actions VM and not inside a + Docker container. (#11811) + - Log module names at startup. (#11813) + - Improve type safety of bundled aggregations code. (#11815) + - Correct a type annotation in the event validation logic. + (#11817, #11830) + - Minor updates and documentation for database schema delta + files. (#11823) + - Workaround a type annotation problem in prometheus_client + 0.13.0. (#11834) + - Minor performance improvement in room state lookup. (#11836) + - Fix some indentation inconsistencies in the sample config. + (#11838) + - Add type hints to tests/rest/admin. (#11851) + +------------------------------------------------------------------- +Thu Feb 3 12:08:51 UTC 2022 - Marcus Rueckert + +- With the previous change we would not need use_python anymore + because we also can find now the packages that provide python3-X + + But i keep the conditional around for e.g. testing with python + 3.10. + +------------------------------------------------------------------- +Thu Feb 3 12:04:47 UTC 2022 - Marcus Rueckert + +- Replace requires_eq with requires_peq: (boo#1195316) + The only difference between the 2 macros is that the new macro + also considers provides so we can track package names over + renames. + +------------------------------------------------------------------- +Tue Jan 25 13:44:47 UTC 2022 - Marcus Rueckert + +- Update to 1.51.0 + + Synapse 1.51.0 deprecates webclient listeners and non-HTTP(S) + web_client_locations. Support for these will be removed in + Synapse 1.53.0, at which point Synapse will not be capable of + directly serving a web client for Matrix. See the upgrade notes. + + - Features + - Add track_puppeted_user_ips config flag to record client IP + addresses against puppeted users, and include the puppeted + users in monthly active user counts. (#11561, #11749, #11757) + - Include whether the requesting user has participated in a + thread when generating a summary for MSC3440. (#11577) + - Return an M_FORBIDDEN error code instead of M_UNKNOWN when a + spam checker module prevents a user from creating a room. + (#11672) + - Add a flag to the synapse_review_recent_signups script to + ignore and filter appservice users. (#11675, #11770) + - Bugfixes + - Fix a bug introduced in Synapse 1.40.0 that caused Synapse to + fail to process incoming federation traffic after handling a + large amount of events in a v1 room. (#11806) + - Fix a long-standing issue which could cause Synapse to + incorrectly accept data in the unsigned field of events + - received over federation. (#11530) + - Fix a long-standing bug where Synapse wouldn't cache a + response indicating that a remote user has no devices. + (#11587) + - Fix an error that occurs whilst trying to get the federation + status of a destination server that was working normally. + This admin API was newly introduced in Synapse v1.49.0. + (#11593) + - Fix bundled aggregations not being included in the /sync + response, per MSC2675. (#11612, #11659, #11791) + - Fix the /_matrix/client/v1/room/{roomId}/hierarchy endpoint + returning incorrect fields which have been present since + Synapse 1.49.0. (#11667) + - Fix preview of some GIF URLs (like tenor.com). Contributed by + Philippe Daouadi. (#11669) + - Fix a bug where only the first 50 rooms from a space were + returned from the /hierarchy API. This has existed since the + introduction of the API in Synapse v1.41.0. (#11695) + - Fix a bug introduced in Synapse v1.18.0 where password reset + and address validation emails would not be sent if their + subject was configured to use the 'app' template variable. + Contributed by @br4nnigan. (#11710, #11745) + - Make the 'List Rooms' Admin API sort stable. Contributed by + Daniël Sonck. (#11737) + - Fix a long-standing bug where space hierarchy over federation + would only work correctly some of the time. (#11775) + - Fix a bug introduced in Synapse v1.46.0 that prevented + on_logged_out module callbacks from being correctly awaited + by Synapse. (#11786) + - Improved Documentation + - Warn against using a Let's Encrypt certificate for TLS/DTLS + TURN server client connections, and suggest using ZeroSSL + certificate instead. This works around client-side + connectivity errors caused by WebRTC libraries that reject + Let's Encrypt certificates. Contibuted by @AndrewFerr. + (#11686) + - Document the new SYNAPSE_TEST_PERSIST_SQLITE_DB environment + variable in the contributing guide. (#11715) + - Document that the minimum supported PostgreSQL version is now + 10. (#11725) + - Fix typo in demo docs: differnt. (#11735) + - Update room spec URL in config files. (#11739) + - Mention python3-venv and libpq-dev dependencies in the + contribution guide. (#11740) + - Update documentation for configuring login with Facebook. + (#11755) + - Update installation instructions to note that Python 3.6 is + no longer supported. (#11781) + - Deprecations and Removals + - Remove the unstable /send_relation endpoint. (#11682) + - Remove python_twisted_reactor_pending_calls Prometheus + metric. (#11724) + - Remove the password_hash field from the response dictionaries + of the Users Admin API. (#11576) + - Deprecate support for webclient listeners and non-HTTP(S) + web_client_location configuration. (#11774, #11783) + - Internal Changes + - Run pyupgrade --py37-plus --keep-percent-format on Synapse. + (#11685) + - Use buildkit's cache feature to speed up docker builds. + (#11691) + - Use auto_attribs and native type hints for attrs classes. + (#11692, #11768) + - Remove debug logging for #4422, which has been closed since + Synapse 0.99. (#11693) + - Remove fallback code for Python 2. (#11699) + - Add a test for an edge case in the /sync logic. (#11701) + - Add the option to write SQLite test dbs to disk when running + tests. (#11702) + - Improve Complement test output for Gitub Actions. (#11707) + - Fix docstring on add_account_data_for_user. (#11716) + - Complement environment variable name change and update + .gitignore. (#11718) + - Simplify calculation of Prometheus metrics for garbage + collection. (#11723) + - Improve accuracy of python_twisted_reactor_tick_time + Prometheus metric. (#11724, #11771) + - Minor efficiency improvements when inserting many values into + the database. (#11742) + - Invite PR authors to give themselves credit in the changelog. + (#11744) + - Add optional debugging to investigate issue 8631. (#11760) + - Remove log_function utility function and its uses. (#11761) + - Add a unit test that checks both client and webclient + resources will function when simultaneously enabled. (#11765) + - Allow overriding complement commit using COMPLEMENT_REF. + (#11766) + - Add some comments and type annotations for + _update_outliers_txn. (#11776) + +------------------------------------------------------------------- +Mon Jan 24 14:41:42 UTC 2022 - Marcus Rueckert + +- Update to 1.50.2 + + Please note that we now only support Python 3.7+ and PostgreSQL + 10+ (if applicable), because Python 3.6 and PostgreSQL 9.6 have + reached end-of-life. + + - Bugfixes + - Fix a bug introduced in Synapse 1.40.0 that caused Synapse to + fail to process incoming federation traffic after handling a + large amount of events in a v1 room. (#11806) + +------------------------------------------------------------------- +Tue Jan 18 17:11:16 UTC 2022 - Marcus Rueckert + +- Update to 1.50.1 + + Please note that we now only support Python 3.7+ and PostgreSQL + 10+ (if applicable), because Python 3.6 and PostgreSQL 9.6 have + reached end-of-life. + + - Bugfixes: + - Fix a bug introduced in Synapse 1.50.0rc1 that could cause + Matrix clients to be unable to connect to Synapse instances + with the webclient resource enabled. (#11764) + +------------------------------------------------------------------- +Tue Jan 18 16:24:25 UTC 2022 - Marcus Rueckert + +- you shall not commit your python 3.10 test. Back to 3.8 + +------------------------------------------------------------------- +Tue Jan 18 11:57:01 UTC 2022 - Marcus Rueckert + +- bump minimum python in the BuildRequires to 3.8 + +------------------------------------------------------------------- +Tue Jan 18 11:53:13 UTC 2022 - Marcus Rueckert + +- Update to 1.50.0 + + Please note that we now only support Python 3.7+ and PostgreSQL + 10+ (if applicable), because Python 3.6 and PostgreSQL 9.6 have + reached end-of-life. + + - Features + - Allow guests to send state events per MSC3419. (#11378) + - Add experimental support for part of MSC3202: allowing + application services to masquerade as specific devices. + (#11538) + - Add admin API to get users' account data. (#11664) + - Include the room topic in the stripped state included with + invites and knocking. (#11666) + - Send and handle cross-signing messages using the stable + prefix. (#10520) + - Support unprefixed versions of fallback key property names. + (#11541) + - Bugfixes + - Fix a bug introduced in Synapse v1.0.0 whereby some device + list updates would not be sent to remote homeservers if there + were too many to send at once. (#11729) + - Fix a bug introduced in Synapse v1.50.0rc1 whereby outbound + federation could fail because too many EDUs were produced for + device updates. (#11730) + - Fix a long-standing bug where relations from other rooms + could be included in the bundled aggregations of an event. + (#11516) + - Fix a long-standing bug which could cause AssertionErrors to + be written to the log when Synapse was restarted after + purging events from the database. (#11536, #11642) + - Fix a bug introduced in Synapse 1.17.0 where a pusher created + for an email with capital letters would fail to be created. + (#11547) + - Fix a long-standing bug where responses included bundled + aggregations when they should not, per MSC2675. (#11592, + #11623) + - Fix a long-standing bug that some unknown endpoints would + return HTML error pages instead of JSON M_UNRECOGNIZED + errors. (#11602) + - Fix a bug introduced in Synapse 1.19.3 which could sometimes + cause AssertionErrors when backfilling rooms over federation. + (#11632) + - Improved Documentation + - Document that now the minimum supported PostgreSQL version is + 10. (#11725) + - Update Synapse install command for FreeBSD as the package is + now prefixed with py38. Contributed by @itchychips. (#11267) + - Document the usage of refresh tokens. (#11427) + - Add details for how to configure a TURN server when behind a + NAT. Contibuted by @AndrewFerr. (#11553) + - Add references for using Postgres to the Docker + documentation. (#11640) + - Fix the documentation link in newly-generated configuration + files. (#11678) + - Correct the documentation for nginx to use a case-sensitive + url pattern. Fixes an error introduced in v1.21.0. (#11680) + - Clarify SSO mapping provider documentation by writing def or + async def before the names of methods, as appropriate. + (#11681) + - Deprecations and Removals + - Replace mock package by its standard library version. + (#11588) + - Drop support for Python 3.6 and Ubuntu 18.04. (#11633) + - Internal Changes + - Fix a typechecker problem related to our (ab)use of + nacl.signing.SigningKeys. (#11714) + - Allow specific, experimental events to be created without + prev_events. Used by MSC2716. (#11243) + - A test helper (wait_for_background_updates) no longer depends + on classes defining a store property. (#11331) + - Add type hints to synapse.appservice. (#11360) + - Add missing type hints to synapse.config module. (#11480) + - Add test to ensure we share the same state_group across the + whole historical batch when using the MSC2716 /batch_send + endpoint. (#11487) + - Refactor tests.util.setup_test_homeserver and + tests.server.setup_test_homeserver. (#11503) + - Move glob_to_regex and re_word_boundary to + matrix-python-common. (#11505, #11687) + - Use HTTPStatus constants in place of literals in + tests.rest.client.test_auth. (#11520) + - Add a receipt types constant for m.read. (#11531) + - Clean up synapse.rest.admin. (#11535) + - Add missing errcode to parse_string and parse_boolean. + (#11542) + - Use HTTPStatus constants in place of literals in + synapse.http. (#11543) + - Add missing type hints to storage classes. (#11546, #11549, + #11551, #11555, #11575, #11589, #11594, #11652, #11653, + #11654, #11657) + - Fix an inaccurate and misleading comment in the /sync code. + (#11550) + - Add missing type hints to synapse.logging.context. (#11556) + - Stop populating unused database column + state_events.prev_state. (#11558) + - Minor efficiency improvements in event persistence. (#11560) + - Add some safety checks that storage functions are used + correctly. (#11564, #11580) + - Make get_device return None if the device doesn't exist + rather than raising an exception. (#11565) + - Split the HTML parsing code from the URL preview resource + code. (#11566) + - Remove redundant COALESCE()s around COUNT()s in database + queries. (#11570) + - Add missing type hints to synapse.http. (#11571) + - Add MSC2716 and MSC3030 to /versions -> unstable_features to + detect server support. (#11582) + - Add type hints to synapse/tests/rest/admin. (#11590) + - Drop end-of-life Python 3.6 and Postgres 9.6 from CI. + (#11595) + - Update black version and run it on all the files. (#11596) + - Add opentracing type stubs and fix associated mypy errors. + (#11603, #11622) + - Improve OpenTracing support for requests which use a + ResponseCache. (#11607) + - Improve OpenTracing support for incoming HTTP requests. + (#11618) + - A number of improvements to opentracing support. (#11619) + - Refactor the way that the outlier flag is set on events + received over federation. (#11634) + - Improve the error messages from get_create_event_for_room. + (#11638) + - Remove redundant get_current_events_token method. (#11643) + - Convert namedtuples to attrs. (#11665, #11574) + - Update the /capabilities response to include whether support + for MSC3440 is available. (#11690) + - Send the Accept header in HTTP requests made using + SimpleHttpClient.get_json. (#11677) + - Work around Mjolnir compatibility issue by adding an import + for glob_to_regex in synapse.util, where it moved from. + (#11696) + +------------------------------------------------------------------- +Fri Jan 7 22:44:45 UTC 2022 - Marcus Rueckert + +- use frozendict >= 2.1.3 as it should fix the issue people saw on + debian and that library version fixes other python modules for us + +------------------------------------------------------------------- +Tue Dec 28 03:45:30 UTC 2021 - Aleksa Sarai + +- Add explicit minimum versions for more dependencies. + +------------------------------------------------------------------- +Tue Dec 21 18:39:09 UTC 2021 - Marcus Rueckert + +- Update to 1.49.2 + - Bugfixes + - Fix a performance regression in /sync handling, introduced in + 1.49.0. (#11583) + - Internal Changes + - Work around a build problem on Debian Buster. (#11625) + +------------------------------------------------------------------- +Tue Dec 14 14:29:19 UTC 2021 - Marcus Rueckert + +- Update to 1.49.0 + The wiki has been migrated to the documentation website We've + decided to move the existing, somewhat stagnant pages from the + GitHub wiki to the documentation website. + + This was done for two reasons. The first was to ensure that + changes are checked by multiple authors before being committed + (everyone makes mistakes!) and the second was visibility of the + documentation. Not everyone knows that Synapse has some very + useful information hidden away in its GitHub wiki pages. Bringing + them to the documentation website should help with visibility, as + well as keep all Synapse documentation in one, easily-searchable + location. + + Note that contributions to the documentation website happen + through GitHub pull requests. Please visit + #synapse-dev:matrix.org if you need help with the process! + + - Features + - Add MSC3030 experimental client and federation API endpoints + to get the closest event to a given timestamp. (#9445) + - Include bundled relation aggregations during a limited /sync + request and /relations request, per MSC2675. (#11284, #11478) + - Add plugin support for controlling database background + updates. (#11306, #11475, #11479) + - Support the stable API endpoints for MSC2946: the room + /hierarchy endpoint. (#11329) + - Add admin API to get some information about federation status + with remote servers. (#11407) + - Support expiry of refresh tokens and expiry of the overall + session when refresh tokens are in use. (#11425) + - Stabilise support for MSC2918 refresh tokens as they have now + been merged into the Matrix specification. (#11435, #11522) + - Update MSC2918 refresh token support to confirm with the + latest revision: accept the refresh_tokens parameter in the + request body rather than in the URL parameters. (#11430) + - Support configuring the lifetime of non-refreshable access + tokens separately to refreshable access tokens. (#11445) + - Expose synapse_homeserver and synapse_worker commands as + entry points to run Synapse's main process and worker + processes, respectively. Contributed by @Ma27. (#11449) + - synctl stop will now wait for Synapse to exit before + returning. (#11459, #11490) + - Extend the "delete room" admin api to work correctly on rooms + which have previously been partially deleted. (#11523) + - Add support for the + /_matrix/client/v3/login/sso/redirect/{idpId} API from Matrix + v1.1. This endpoint was overlooked when support for v3 + endpoints was added in Synapse 1.48.0rc1. (#11451) + - Bugfixes + - Fix using MSC2716 batch sending in combination with event + persistence workers. Contributed by @tulir at Beeper. + (#11220) + - Fix a long-standing bug where all requests that read events + from the database could get stuck as a result of losing the + database connection, properly this time. Also fix a race + condition introduced in the previous insufficient fix in + Synapse 1.47.0. (#11376) + - The /send_join response now includes the stable event field + instead of the unstable field from MSC3083. (#11413) + - Fix a bug introduced in Synapse 1.47.0 where send_join could + fail due to an outdated ijson version. (#11439, #11441, + #11460) + - Fix a bug introduced in Synapse 1.36.0 which could cause + problems fetching event-signing keys from trusted key + servers. (#11440) + - Fix a bug introduced in Synapse 1.47.1 where the media + repository would fail to work if the media store path + contained any symbolic links. (#11446) + - Fix an LruCache corruption bug, introduced in Synapse 1.38.0, + that would cause certain requests to fail until the next + Synapse restart. (#11454) + - Fix a long-standing bug where invites from ignored users were + included in incremental syncs. (#11511) + - Fix a regression in Synapse 1.48.0 where presence workers + would not clear their presence updates over replication on + shutdown. (#11518) + - Fix a regression in Synapse 1.48.0 where the module API's + looping_background_call method would spam errors to the logs + when given a non-async function. (#11524) + - Updates to the Docker image + - Update Dockerfile-workers to healthcheck all workers in the + container. (#11429) + - Improved Documentation + - Update the media repository documentation. (#11415) + - Update section about backward extremities in the room DAG + concepts doc to correct the misconception about backward + extremities indicating whether we have fetched an events' + prev_events. (#11469) + - Internal Changes + - Add Final annotation to string constants in + synapse.api.constants so that they get typed as Literals. + (#11356) + - Add a check to ensure that users cannot start the Synapse + master process when worker_app is set. (#11416) + - Add a note about postgres memory management and hugepages to + postgres doc. (#11467) + - Add missing type hints to synapse.config module. (#11465) + - Add missing type hints to synapse.federation. (#11483) + - Add type annotations to tests.storage.test_appservice. + (#11488, #11492) + - Add type annotations to some of the configuration surrounding + refresh tokens. (#11428) + - Add type hints to synapse/tests/rest/admin. (#11501) + - Add type hints to storage classes. (#11411) + - Add wiki pages to documentation website. (#11402) + - Clean up tests.storage.test_main to remove use of legacy + code. (#11493) + - Clean up tests.test_visibility to remove legacy code. + (#11495) + - Convert status codes to HTTPStatus in synapse.rest.admin. + (#11452, #11455) + - Extend the scripts-dev/sign_json script to support signing + events. (#11486) + - Improve internal types in push code. (#11409) + - Improve type annotations in synapse.module_api. (#11029) + - Improve type hints for LruCache. (#11453) + - Preparation for database schema simplifications: disambiguate + queries on state_key. (#11497) + - Refactor backfilled into specific behavior function arguments + (_persist_events_and_state_updates and downstream calls). + (#11417) + - Refactor get_version_string to fix-up types and duplicated + code. (#11468) + - Refactor various parts of the /sync handler. (#11494, #11515) + - Remove unnecessary json.dumps from tests.rest.admin. (#11461) + - Save the OpenID Connect session ID on login. (#11482) + - Update and clean up recently ported documentation pages. + (#11466) + +------------------------------------------------------------------- +Tue Nov 30 14:59:49 UTC 2021 - Marcus Rueckert + +- Update to 1.48.0 + This release removes support for the long-deprecated + trust_identity_server_for_password_resets configuration flag. + This release also fixes some performance issues with some + background database updates introduced in Synapse 1.47.0. + - Features + - Experimental support for the thread relation defined in + MSC3440. (#11161) + - Support filtering by relation senders & types per MSC3440. + (#11236) + - Add support for the /_matrix/client/v3 and /_matrix/media/v3 + APIs from Matrix v1.1. (#11318, #11371) + - Support the stable version of MSC2778: the + m.login.application_service login type. Contributed by + @tulir. (#11335) + - Add a new version of delete room admin API DELETE + /_synapse/admin/v2/rooms/ to run it in the + background. Contributed by @dklimpel. (#11223) + - Allow the admin Delete Room API to block a room without the + need to join it. (#11228) + - Add an admin API to un-shadow-ban a user. (#11347) + - Add an admin API to run background database schema updates. + (#11352) + - Add an admin API for blocking a room. (#11324) + - Update the JWT login type to support custom a sub claim. + (#11361) + - Store and allow querying of arbitrary event relations. + (#11391) + - Bugfixes + - Fix a long-standing bug wherein display names or avatar URLs + containing null bytes cause an internal server error when + stored in the DB. (#11230) + - Prevent MSC2716 historical state events from being pushed to + an application service via /transactions. (#11265) + - Fix a long-standing bug where uploading extremely thin images + (e.g. 1000x1) would fail. Contributed by @Neeeflix. (#11288) + - Fix a bug, introduced in Synapse 1.46.0, which caused the + check_3pid_auth and on_logged_out callbacks in legacy + password authentication provider modules to not be + registered. Modules using the generic module interface were + not affected. (#11340) + - Fix a bug introduced in 1.41.0 where space hierarchy + responses would be incorrectly reused if multiple users were + to make the same request at the same time. (#11355) + - Fix a bug introduced in 1.45.0 where the read_templates + method of the module API would error. (#11377) + - Fix an issue introduced in 1.47.0 which prevented servers + re-joining rooms they had previously left, if their signing + keys were replaced. (#11379) + - Fix a bug introduced in 1.13.0 where creating and publishing + a room could cause errors if room_list_publication_rules is + configured. (#11392) + - Improve performance of various background database updates. + (#11421, #11422) + - Improved Documentation + - Suggest users of the Debian packages add configuration to + /etc/matrix-synapse/conf.d/ to prevent, upon upgrade, being + asked to choose between their configuration and the + maintainer's. (#11281) + - Fix typos in the documentation for the username_available + admin API. Contributed by Stanislav Motylkov. (#11286) + - Add Single Sign-On, SAML and CAS pages to the documentation. + (#11298) + - Change the word 'Home server' as one word 'homeserver' in + documentation. (#11320) + - Fix missing quotes for wildcard domains in + federation_certificate_verification_whitelist. (#11381) + - Deprecations and Removals + - Remove deprecated trust_identity_server_for_password_resets + configuration flag. (#11333, #11395) + - Internal Changes + - Add type annotations to synapse.metrics. (#10847) + - Split out federated PDU retrieval function into a non-cached + version. (#11242) + - Clean up code relating to to-device messages and sending + ephemeral events to application services. (#11247) + - Fix a small typo in the error response when a relation type + other than 'm.annotation' is passed to GET + /rooms/{room_id}/aggregations/{event_id}. (#11278) + - Drop unused database tables room_stats_historical and + user_stats_historical. (#11280) + - Require all files in synapse/ and tests/ to pass mypy unless + specifically excluded. (#11282, #11285, #11359) + - Add missing type hints to synapse.app. (#11287) + - Remove unused parameters on + FederationEventHandler._check_event_auth. (#11292) + - Add type hints to synapse._scripts. (#11297) + - Fix an issue which prevented the + remove_deleted_devices_from_device_inbox background database + schema update from running when updating from a recent + Synapse version. (#11303) + - Add type hints to storage classes. (#11307, #11310, #11311, + #11312, #11313, #11314, #11316, #11322, #11332, #11339, + #11342) + - Add type hints to synapse.util. (#11321, #11328) + - Improve type annotations in Synapse's test suite. (#11323, + #11330) + - Test that room alias deletion works as intended. (#11327) + - Add type annotations for some methods and properties in the + module API. (#11341) + - Fix running scripts-dev/complement.sh, which was broken in + v1.47.0rc1. (#11368) + - Rename internal functions for token generation to better + reflect what they do. (#11369, #11370) + - Add type hints to configuration classes. (#11377) + - Publish a develop image to Docker Hub. (#11380) + - Keep fallback key marked as used if it's re-uploaded. + (#11382) + - Use auto_attribs on the attrs class RefreshTokenLookupResult. + (#11386) + - Rename unstable access_token_lifetime configuration option to + refreshable_access_token_lifetime to make it clear it only + concerns refreshable access tokens. (#11388) + - Do not run the broken MSC2716 tests when running + scripts-dev/complement.sh. (#11389) + - Remove dead code from supporting ACME. (#11393) + - Refactor including the bundled relations when serializing an + event. (#11408) + +------------------------------------------------------------------- +Sun Nov 28 18:35:03 UTC 2021 - Marcus Rueckert + +- bump ijson to make it clear that we really need 3.1 + https://github.com/matrix-org/synapse/pull/11439 + +------------------------------------------------------------------- +Tue Nov 23 14:45:19 UTC 2021 - Marcus Rueckert + +- Update to 1.47.1 (boo#1193005) + This release fixes a security issue in the media store, affecting + all prior releases of Synapse. Server administrators are + encouraged to update Synapse as soon as possible. We are not + aware of these vulnerabilities being exploited in the wild. + Server administrators who are unable to update Synapse may use + the workarounds described in the linked GitHub Security Advisory + below. + + - Security Advisory: + GHSA-3hfw-x7gx-437c / CVE-2021-41281: Path traversal when + downloading remote media. + Synapse instances with the media repository enabled can be + tricked into downloading a file from a remote server into an + arbitrary directory, potentially outside the media store + directory. The last two directories and file name of the path + are chosen randomly by Synapse and cannot be controlled by an + attacker, which limits the impact. Homeservers with the media + repository disabled are unaffected. Homeservers configured with + a federation whitelist are also unaffected. Fixed by + 91f2bd090. + +------------------------------------------------------------------- +Wed Nov 17 14:19:53 UTC 2021 - Marcus Rueckert + +- Update to 1.47.0 + - Deprecations and Removals + - The user_may_create_room_with_invites module callback is now + deprecated. Please refer to the upgrade notes for more + information. (#11206) + - Remove deprecated admin API to delete rooms (POST + /_synapse/admin/v1/rooms//delete). (#11213) + - Features + - Advertise support for Client-Server API r0.6.1. (#11097) + - Add search by room ID and room alias to the List Room admin + API. (#11099) + - Add an on_new_event third-party rules callback to allow + Synapse modules to act after an event has been sent into a + room. (#11126) + - Add a module API method to update a user's membership in a + room. (#11147) + - Add metrics for thread pool usage. (#11178) + - Support the stable room type field for MSC3288. (#11187) + - Add a module API method to retrieve the current state of a + room. (#11204) + - Calculate a default value for public_baseurl based on + server_name. (#11210) + - Add support for serving /.well-known/matrix/server files, to + redirect federation traffic to port 443. (#11211) + - Add admin APIs to pause, start and check the status of + background updates. (#11263) + - Bugfixes + - Fix a bug introduced in 1.47.0rc1 which caused worker + processes to not halt startup in the presence of outstanding + database migrations. (#11346) + - Fix a bug introduced in 1.47.0rc1 which prevented the 'remove + deleted devices from device_inbox column' background process + from running when updating from a recent Synapse version. + (#11303, #11353) + - Fix a long-standing bug which allowed hidden devices to + receive to-device messages, resulting in unnecessary database + bloat. (#10097) + - Fix a long-standing bug where messages in the device_inbox + table for deleted devices would persist indefinitely. + Contributed by @dklimpel and @JohannesKleine. (#10969, + #11212) + - Do not accept events if a third-party rule + check_event_allowed callback raises an exception. (#11033) + - Fix long-standing bug where verification requests could fail + in certain cases if a federation whitelist was in place but + did not include your own homeserver. (#11129) + - Allow an empty list of state_events_at_start to be sent when + using the MSC2716 /batch_send endpoint and the author of the + historical messages is already part of the current room state + at the given ?prev_event_id. (#11188) + - Fix a bug introduced in Synapse 1.45.0 which prevented the + synapse_review_recent_signups script from running. + Contributed by @samuel-p. (#11191) + - Delete to_device messages for hidden devices that will never + be read, reducing database size. (#11199) + - Fix a long-standing bug wherein a missing Content-Type header + when downloading remote media would cause Synapse to throw an + error. (#11200) + - Fix a long-standing bug which could result in serialization + errors and potentially duplicate transaction data when + sending ephemeral events to application services. Contributed + by @Fizzadar at Beeper. (#11207) + - Fix a bug introduced in Synapse 1.35.0 which made it + impossible to join rooms that return a send_join response + containing floats. (#11217) + - Fix long-standing bug where cross signing keys were not + included in the response to /r0/keys/query the first time a + remote user was queried. (#11234) + - Fix a long-standing bug where all requests that read events + from the database could get stuck as a result of losing the + database connection. (#11240) + - Fix a bug preventing Synapse from being rolled back to an + earlier version when using workers. (#11255, #11276) + - Fix a bug introduced in Synapse 1.37.1 which caused a remote + event being processed by a worker to not get processed on + restart if the worker was killed. (#11262) + - Only allow old Element/Riot Android clients to send read + receipts without a request body. All other clients must + include a request body as required by the specification. + Contributed by @rogersheu. (#11157) + - Updates to the Docker image + - Avoid changing user ID when started as a non-root user, and + no explicit UID is set. (#11209) + - Improved Documentation + - Improve example HAProxy config in the docs to properly handle + HTTP Host headers with port information. This is required for + federation over port 443 to work correctly. (#11128) + - Add documentation for using Authentik as an OpenID Connect + Identity Provider. Contributed by @samip5. (#11151) + - Clarify lack of support for Windows. (#11198) + - Improve code formatting and fix a few typos in docs. + Contributed by @sumnerevans at Beeper. (#11221) + - Add documentation for using LemonLDAP as an OpenID Connect + Identity Provider. Contributed by @l00ptr. (#11257) + - Internal Changes + - Add type annotations for the log_function decorator. (#10943) + - Add type hints to synapse.events. (#11098) + - Remove and document unnecessary RoomStreamToken checks in + application service ephemeral event code. (#11137) + - Add type hints so that synapse.http passes mypy checks. + (#11164) + - Update scripts to pass Shellcheck lints. (#11166) + - Add knock information in admin export. Contributed by Rafael + Gonçalves. (#11171) + - Add tests to check that + ClientIpStore.get_last_client_ip_by_device and + get_user_ip_and_agents combine database and in-memory data + correctly. (#11179) + - Refactor Filter to check different fields depending on the + data type. (#11194) + - Improve type hints for the relations datastore. (#11205) + - Replace outdated links in the pull request checklist with + links to the rendered documentation. (#11225) + - Fix a bug in unit test test_block_room_and_not_purge. + (#11226) + - In ObservableDeferred, run observers in the order they were + registered. (#11229) + - Minor speed up to start up times and getting updates for + groups by adding missing index to + local_group_updates.stream_id. (#11231) + - Add twine and towncrier as dev dependencies, as they're used + by the release script. (#11233) + - Allow stream_writers.typing config to be a list of one + worker. (#11237) + - Remove debugging statement in tests. (#11239) + - Fix MSC2716 historical messages backfilling in random order + on remote homeservers. (#11244) + - Add an additional test for the cachedList method decorator. + (#11246) + - Make minor correction to the type of auth_checkers callbacks. + (#11253) + - Clean up trivial aspects of the Debian package build tooling. + (#11269, #11273) + - Blacklist new SyTest that checks that key uploads are valid + pending the validation being implemented in Synapse. (#11270) + +------------------------------------------------------------------- +Tue Nov 2 19:25:21 UTC 2021 - Marcus Rueckert + +- Update to 1.46.0 + The cause of the performance regression affecting Synapse 1.44 + has been identified and fixed. (#11177) + - Features + - Add support for Ubuntu 21.10 "Impish Indri". (#11024) + - Port the Password Auth Providers module interface to the new + generic interface. (#10548, #11180) + - Experimental support for the thread relation defined in + MSC3440. (#11088, #11181, #11192) + - Users admin API can now also modify user type in addition to + allowing it to be set on user creation. (#11174) + - Bugfixes + - Fix a bug introduced in v1.46.0rc1 where URL previews of some + XML documents would fail. (#11196) + - Newly-created public rooms are now only assigned an alias if + the room's creation has not been blocked by permission + settings. Contributed by @AndrewFerr. (#10930) + - Fix a long-standing bug which meant that events received over + federation were sometimes incorrectly accepted into the room + state. (#11001, #11009, #11012) + - Fix 500 error on /messages when the server accumulates more + than 5 backwards extremities at a given depth for a room. + (#11027) + - Fix a bug where setting a user's external_id via the admin + API returns 500 and deletes user's existing external mappings + if that external ID is already mapped. (#11051) + - Fix a long-standing bug where users excluded from the user + directory were added into the directory if they belonged to a + room which became public or private. (#11075) + - Fix a long-standing bug when attempting to preview URLs which + are in the windows-1252 character encoding. (#11077, #11089) + - Fix broken export-data admin command and add test script + checking the command to CI. (#11078) + - Show an error when timestamp in seconds is provided to the + /purge_media_cache Admin API. (#11101) + - Fix local users who left all their rooms being removed from + the user directory, even if the search_all_users config + option was enabled. (#11103) + - Fix a bug which caused the module API's + get_user_ip_and_agents function to always fail on workers. + get_user_ip_and_agents was introduced in 1.44.0 and did not + function correctly on worker processes at the time. (#11112) + - Identity server connection is no longer ignoring + ip_range_whitelist. (#11120) + - Fix a bug introduced in Synapse 1.45.0 breaking the + configuration file parsing script. (#11145) + - Fix a performance regression introduced in 1.44.0 which could + cause client requests to time out when making large numbers + of outbound requests. (#11177, #11190) + - Resolve and share state_groups for all MSC2716 historical + events in batch. (#10975) + - Improved Documentation + - Fix broken links relating to module API deprecation in the + upgrade notes. (#11069) + - Add more information about what happens when a user is + deactivated. (#11083) + - Clarify the the sample log config can be copied from the + documentation without issue. (#11092) + - Update the admin API documentation with an updated list of + the characters allowed in registration tokens. (#11093) + - Document Synapse's behaviour when dealing with multiple + modules registering the same callbacks and/or handlers for + the same HTTP endpoints. (#11096) + - Fix instances of [example]{.title-ref} in the upgrade + documentation as a result of prior RST to Markdown + conversion. (#11118) + - Document the version of Synapse each module callback was + introduced in. (#11132) + - Document the version of Synapse that introduced each module + API method. (#11183) + - Internal Changes + - Fix spurious warnings about losing the logging context on the + ReplicationCommandHandler when losing the replication + connection. (#10984) + - Include rejected status when we log events. (#11008) + - Add some extra logging to the event persistence code. + (#11014) + - Rearrange the internal workings of the incremental user + directory updates. (#11035) + - Fix a long-standing bug where users excluded from the + directory could still be added to the + users_who_share_private_rooms table after a regular user + joins a private room. (#11143) + - Add and improve type hints. (#10972, #11055, #11066, #11076, + #11095, #11109, #11121, #11146) + - Mark the Synapse package as containing type annotations and + fix export declarations so that Synapse pluggable modules may + be type checked against Synapse. (#11054) + - Remove dead code from MediaFilePaths. (#11056) + - Be more lenient when parsing oEmbed response versions. + (#11065) + - Create a separate module for the retention configuration. + (#11070) + - Clean up some of the federation event authentication code for + clarity. (#11115, #11116, #11122) + - Add docstrings and comments to the application service + ephemeral event sending code. (#11138) + - Update the sign_json script to support inline configuration + of the signing key. (#11139) + - Fix broken link in the docker image README. (#11144) + - Always dump logs from unit tests during CI runs. (#11068) + - Add tests for MediaFilePaths class. (#11057) + - Simplify the user admin API tests. (#11048) + - Add a test for the workaround introduced in #11042 concerning + the behaviour of third-party rule modules and SynapseErrors. + (#11071) + +------------------------------------------------------------------- +Thu Oct 21 12:34:00 UTC 2021 - Marcus Rueckert + +- Update to 1.45.1 + - Bugfixes + - Revert change to counting of deactivated users towards the + monthly active users limit, introduced in 1.45.0rc1. (#11127) + +------------------------------------------------------------------- +Wed Oct 20 09:47:52 UTC 2021 - Marcus Rueckert + +- Update to 1.45.0 + - Known Issues + - A suspected performance regression which was first reported + after the release of 1.44.0 remains unresolved. + - We have not been able to identify a probable cause. Affected + users report that setting up a federation sender worker + appears to alleviate symptoms of the regression. + - Features + - Add MSC3069 support to /account/whoami. (#9655) + - Support autodiscovery of oEmbed previews. (#10822) + - Add a user_may_send_3pid_invite spam checker callback for + modules to allow or deny 3PID invites. (#10894) + - Add a spam checker callback to allow or deny room joins. + (#10910) + - Include an update_synapse_database script in the + distribution. Contributed by @Fizzadar at Beeper. (#10954) + - Include exception information in JSON logging output. + Contributed by @Fizzadar at Beeper. (#11028) + - Bugfixes + - Fix a long-standing bug when using multiple event persister + workers where events were not correctly sent down /sync due + to a race. (#11045) + - Fix a bug introduced in Synapse 1.45.0rc1 where the user + directory would stop updating if it processed an event from a + - user not in the users table. (#11053) + - Fix a bug introduced in Synapse 1.44.0 when logging errors + during oEmbed processing. (#11061) + - Fix a minor bug in the response to + /_matrix/client/r0/voip/turnServer. Contributed by + @lukaslihotzki. (#10922) + - Fix a bug where empty yyyy-mm-dd/ directories would be left + behind in the media store's url_cache_thumbnails/ directory. + (#10924) + - Fix a bug introduced in Synapse v1.40.0 where the signature + checks for room version 8 and 9 could be applied to earlier + room versions in some situations. (#10927) + - Fix a long-standing bug wherein deactivated users still count + towards the monthly active users limit. (#10947) + - Fix a long-standing bug which meant that events received over + federation were sometimes incorrectly accepted into the room + state. (#10956) + - Fix a long-standing bug where rebuilding the user directory + wouldn't exclude support and deactivated users. (#10960) + - Fix MSC2716 /batch_send endpoint rejecting subsequent batches + with unknown batch ID error in existing room versions from + the room creator. (#10962) + - Fix a bug that could leak local users' per-room nicknames and + avatars when the user directory is rebuilt. (#10981) + - Fix a long-standing bug where the remainder of a batch of + user directory changes would be silently dropped if the + server left a room early in the batch. (#10982) + - Correct a bugfix introduced in Synapse v1.44.0 that would + catch the wrong error if a connection is lost before a + response could be written to it. (#10995) + - Fix a long-standing bug where local users' per-room + nicknames/avatars were visible to anyone who could see you in + the user directory. (#11002) + - Fix a long-standing bug where a user's per-room + nickname/avatar would overwrite their profile in the user + directory when a room was made public. (#11003) + - Work around a regression, introduced in Synapse v1.39.0, that + caused SynapseErrors raised by the experimental third-party + rules module callback check_event_allowed to be ignored. + (#11042) + - Fix a bug in MSC2716 insertion events in rooms that could + cause cross-talk/conflicts between batches. (#10877) + - Internal Changes + - Add an 'approximate difference' method to StateFilter. + (#10825) + - Fix inconsistent behavior of get_last_client_by_ip when + reporting data that has not been stored in the database yet. + (#10970) + - Fix a bug introduced in Synapse 1.21.0 that causes + opentracing and Prometheus metrics for replication requests + to be measured incorrectly. (#10996) + - Ensure that cache config tests do not share state. (#11036) + - Improve type hinting in synapse.util. (#10888) + - Add further type hints to synapse.storage.util. (#10892) + - Fix type hints to be compatible with an upcoming change to + Twisted. (#10895) + - Update utility code to handle C implementations of + frozendict. (#10902) + - Drop old functionality which maintained database + compatibility with Synapse versions before v1.31. (#10903) + - Clean-up configuration helper classes for the ServerConfig + class. (#10915) + - Use direct references to config flags. (#10916, #10959, + #10985) + - Clean up some of the federation event authentication code for + clarity. (#10926, #10940, #10986, #10987, #10988, #11010, + #11011) + - Refactor various parts of the codebase to use RoomVersion + objects instead of room version identifier strings. (#10934) + - Refactor user directory tests in preparation for upcoming + changes. (#10935) + - Include the event id in the logcontext when handling PDUs + received over federation. (#10936) + - Fix logged errors in unit tests. (#10939) + - Fix a broken test to ensure that consent configuration works + during registration. (#10945) + - Add type hints to filtering classes. (#10958) + - Add type-hint to HomeserverTestcase.setup_test_homeserver. + (#10961) + - Fix the test utility function create_room_as so that + is_public=True will explicitly set the visibility parameter + of room creation requests to public. Contributed by + @AndrewFerr. (#10963) + - Make the release script more robust and transparent. (#10966) + - Refactor MSC2716 /batch_send mega function into smaller + handler functions. (#10974) + - Log stack traces when a missing opentracing span is detected. + (#10983) + - Update GHA config to run tests against Python 3.10 and + PostgreSQL 14. (#10992) + - Fix a long-standing bug where ReadWriteLocks could drop + logging contexts on exit. (#10993) + - Add a CODEOWNERS file to automatically request reviews from + the @matrix-org/synapse-core team on new pull requests. + (#10994) + - Add further type hints to synapse.state. (#11004) + - Remove the deprecated BaseHandler object. (#11005) + - Bump mypy version for CI to 0.910, and pull in new type stubs + for dependencies. (#11006) + - Fix CI to run the unit tests without optional deps. (#11017) + - Ensure that cache config tests do not share state. (#11019) + - Add additional type hints to synapse.server_notices. (#11021) + - Add additional type hints for synapse.push. (#11023) + - When installing the optional developer dependencies, also + include the dependencies needed for type-checking and unit + testing. (#11034) + - Remove unnecessary list comprehension from synapse_port_db to + satisfy code style requirements. (#11043) + - Improved Documentation + - Reword changelog to clarify concerns about a suspected + performance regression in 1.44.0. (#11117) + - Change wording ("reference homeserver") in Synapse repository + documentation. Contributed by @maxkratz. (#10971) + - Fix a dead URL in development documentation (SAML) and change + wording from "Riot" to "Element". Contributed by @maxkratz. + (#10973) + - Add additional content to the Welcome and Overview page of + the documentation. (#10990) + - Update links to MSCs in documentation. Contributed by + @dklimpel. (#10991) + +------------------------------------------------------------------- +Tue Oct 5 13:44:42 UTC 2021 - Marcus Rueckert + +- Update to 1.44.0 + - Features + - Only allow the MSC2716 /batch_send?chunk_id=xxx endpoint to + connect to an already existing insertion event. (#10776) + - Improve oEmbed URL previews by processing the author name, + photo, and video information. (#10814, #10819) + - Speed up responding with large JSON objects to requests. + (#10868, #10905) + - Add a user_may_create_room_with_invites spam checker callback + to allow modules to allow or deny a room creation request + based on the invites and/or 3PID invites it includes. + (#10898) + - Bugfixes + - Fix a bug introduced in Synapse v1.40.0 where changing a + user's display name or avatar in a restricted room would + cause an authentication error. (#10933) + - Fix /admin/whois/{user_id} endpoint, which was broken in + v1.44.0rc1. (#10968) + - Fix a bug introduced in v1.44.0rc1 which caused the + experimental MSC2716 /batch_send endpoint to return a 500 + error. (#10938) + - Fix a bug introduced in v1.44.0rc1 which prevented sending + presence events to application services. (#10944) + - Fix a long-standing bug that caused an AssertionError when + purging history in certain rooms. Contributed by @Kokokokoka. + (#10690) + - Fix a long-standing bug which caused deactivated users that + were later reactivated to be missing from the user directory. + (#10782) + - Fix a long-standing bug that caused unbanning a user by + sending a membership event to fail. Contributed by + @aaronraimist. (#10807) + - Fix a long-standing bug where logging contexts would go + missing when federation requests time out. (#10810) + - Fix a long-standing bug causing an error in the deprecated + /initialSync endpoint when using the undocumented from and to + parameters. (#10827) + - Fix a bug causing the remove_stale_pushers background job to + repeatedly fail and log errors. This bug affected Synapse + servers that had been upgraded from version 1.28 or older and + are using SQLite. (#10843) + - Fix a long-standing bug in Unicode support of the room search + admin API breaking search for rooms with non-ASCII + characters. (#10859) + - Fix a bug introduced in Synapse 1.37.0 which caused knock + membership events which we sent to remote servers to be + incorrectly stored in the local database. (#10873) + - Fix invalidating one-time key count cache after claiming + keys. The bug was introduced in Synapse v1.41.0. Contributed + by Tulir at Beeper. (#10875) + - Fix a long-standing bug causing application service users to + be subject to MAU blocking if the MAU limit had been reached, + even if configured not to be blocked. (#10881) + - Fix a long-standing bug which could cause events pulled over + federation to be incorrectly rejected. (#10907) + - Fix a long-standing bug causing URL cache files to be stored + in storage providers. Server admins may safely delete the + url_cache/ and url_cache_thumbnails/ directories from any + configured storage providers to reclaim space. (#10911) + - Fix a long-standing bug leading to race conditions when + creating media store and config directories. (#10913) + - Improved Documentation + - Minor updates to the installation instructions. (#10919) + - Fix some crashes in the Module API example code, by adding + JSON encoding/decoding. (#10845) + - Add developer documentation about experimental configuration + flags. (#10865) + - Properly remove deleted files from GitHub pages when + generating the documentation. (#10869) + - Internal Changes + - Fix GitHub Actions config so we can run sytest on synapse + from parallel branches. (#10659) + - Split out MSC2716 meta events to their own fields in the + /batch_send response. (#10777) + - Add missing type hints to REST servlets. (#10785, #10817) + - Simplify the internal logic which maintains the user + directory database tables. (#10796) + - Use direct references to config flags. (#10812, #10885, + #10893, #10897) + - Specify the type of token in generic "Invalid token" error + messages. (#10815) + - Make StateFilter frozen so it is hashable. (#10816) + - Fix a long-standing bug where an m.room.message event + containing a null byte would cause an internal server error. + (#10820) + - Add type hints to the state database. (#10823) + - Opt out of cache expiry for + get_users_who_share_room_with_user, to hopefully improve + /sync performance when you + - haven't synced recently. (#10826) + - Track cache eviction rates more finely in Prometheus's + monitoring. (#10829) + - Add missing type hints to synapse.handlers. (#10831, #10856) + - Extend the Module API to let plug-ins check whether an ID is + local and to access IP + User Agent data. (#10833) + - Factor out PNG image data to a constant to be used in several + tests. (#10834) + - Add a test to ensure state events sent by modules get + persisted correctly. (#10835) + - Rename MSC2716 fields and event types from chunk to batch to + match the /batch_send endpoint. (#10838) + - Rename MSC2716 /batch_send query parameter from ?prev_event + to more obvious usage with ?prev_event_id. (#10839) + - Add type hints to synapse.http.site. (#10867) + - Include outlier status when we log V2 or V3 events. (#10879) + - Break down Grafana's cache expiry time series based on reason + for eviction, c.f. #10829. (#10880) + - Clean up some of the federation event authentication code for + clarity. (#10883, #10884, #10896, #10901) + - Allow the . and ~ characters when creating registration + tokens as per the change to MSC3231. (#10887) + - Clean up some unnecessary parentheses in places around the + codebase. (#10889) + - Improve type hinting in the user directory code. (#10891) + - Update development testing script test_postgresql.sh to use a + supported Python version and make re-runs quicker. (#10906) + - Document and summarize changes in schema version 61 – 64. + (#10917) + - Update release script to sign the newly created git tags. + (#10925) + - Fix Debian builds due to dh-virtualenv no longer being able + to build their docs. (#10931) + +------------------------------------------------------------------- +Tue Sep 21 13:41:59 UTC 2021 - Marcus Rueckert + +- Update to 1.43.0 + This release drops support for the deprecated, unstable API for + MSC2858, as well as the undocumented experimental.msc2858_enabled + config option. Client authors should update their clients to use + the stable API, available since Synapse 1.30. + + - Features + - Allow room creators to send historical events specified by + MSC2716 in existing room versions. (#10566) + - Add config option to use non-default manhole password and + keys. (#10643) + - Skip final GC at shutdown to improve restart performance. + (#10712) + - Allow configuration of the oEmbed URLs used for URL previews. + (#10714, #10759) + - Prefer room version 9 for restricted rooms per the room + version capabilities API. (#10772) + - Bugfixes + - Added opentracing logging to help debug #9424. (#10828) + - Fix a long-standing bug where room avatars were not included + in email notifications. (#10658) + - Fix a bug where the ordering algorithm was skipping the + origin_server_ts step in the spaces summary resulting in + unstable room orderings. (#10730) + - Fix edge case when persisting events into a room where there + are multiple events we previously hadn't calculated auth + chains for (and hadn't marked as needing to be calculated). + (#10743) + - Fix a bug which prevented calls to /createRoom that included + the room_alias_name parameter from being handled by worker + processes. (#10757) + - Fix a bug which prevented user registration via SSO to + require consent tracking for SSO mapping providers that don't + prompt for Matrix ID selection. Contributed by @AndrewFerr. + (#10733) + - Only return the stripped state events for the m.space.child + events in a room for the spaces summary from MSC2946. + (#10760) + - Properly handle room upgrades of spaces. (#10774) + - Fix a bug which generated invalid homeserver config when the + frontend_proxy worker type was passed to the Synapse + Worker-based Complement image. (#10783) + - Improved Documentation + - Minor fix to the media_repository developer documentation. + Contributed by @cuttingedge1109. (#10556) + - Update the documentation to note that the /spaces and + /hierarchy endpoints can be routed to workers. (#10648) + - Clarify admin API documentation on undoing room deletions. + (#10735) + - Split up the modules documentation and add examples for + module developers. (#10758) + - Correct 2 typographical errors in the Log Contexts + documentation. (#10795) + - Fix a wording mistake in the sample configuration. + Contributed by @BramvdnHeuvel:nltrix.net. (#10804) + - Deprecations and Removals + - Remove the unstable MSC2858 API, including the undocumented + experimental.msc2858_enabled config option. The unstable API + has been deprecated since Synapse 1.35. Client authors should + update their clients to use the stable API introduced in + Synapse 1.30 if they have not already done so. (#10693) + - Internal Changes + - Add OpenTracing logging to help debug stuck messages (as + described by issue #9424). (#10704) + - Add type annotations to the synapse.util package. (#10601) + - Ensure rooms.creator field is always populated for easy + lookup in MSC2716 usage later. (#10697) + - Add missing type hints to REST servlets. (#10707, #10728, + #10736) + - Do not include rooms with unknown room versions in the spaces + summary results. (#10727) + - Additional error checking for the preset field when creating + a room. (#10738) + - Clean up some of the federation event authentication code for + clarity. (#10744, #10745, #10746, #10771, #10773, #10781) + - Add an index to presence_stream to hopefully speed up + startups a little. (#10748) + - Refactor event size checking code to simplify searching the + codebase for the origins of certain error strings that are + occasionally emitted. (#10750) + - Move tests relating to rooms having encryption out of the + user directory tests. (#10752) + - Use attrs internally for the URL preview code & update + documentation. (#10753) + - Minor speed ups when joining large rooms over federation. + (#10754, #10755, #10756, #10780, #10784) + - Add a constant for m.federate. (#10775) + - Add a script to update the Debian changelog in a Docker + container for systems that are not Debian-based. (#10778) + - Change the format of authenticated users in logs when a user + is being puppeted by and admin user. (#10779) + - Remove fixed and flakey tests from the Sytest blacklist. + (#10788) + - Improve internal details of the user directory code. (#10789) + - Use direct references to config flags. (#10798) + - Ensure the Rust reporter passes type checking with + jaeger-client 4.7's type annotations. (#10799) + +------------------------------------------------------------------- +Tue Sep 21 11:34:59 UTC 2021 - Marcus Rueckert + +- disable 10719-Fix-instert-of-duplicate-key-into-event_json.patch + until upstream decided if they want to accept it + +------------------------------------------------------------------- +Tue Sep 7 16:11:58 UTC 2021 - Marcus Rueckert + +- Update to 1.42.0 + This version of Synapse removes deprecated room-management admin + APIs, removes out-of-date email pushers, and improves error + handling for fallback templates for user-interactive + authentication. For more information on these points, server + administrators are encouraged to read the upgrade notes. + + - Features + - Support room version 9 from MSC3375. (#10747) + - Add support for MSC3231: Token authenticated registration. + Users can be required to submit a token during registration + to authenticate themselves. Contributed by Callum Brown. + (#10142) + - Add support for MSC3283: Expose enable_set_displayname in + capabilities. (#10452) + - Port the PresenceRouter module interface to the new generic + interface. (#10524) + - Add pagination to the spaces summary based on updates to + MSC2946. (#10613, #10725) + - Bugfixes + - Validate new m.room.power_levels events. Contributed by + @aaronraimist. (#10232) + - Display an error on User-Interactive Authentication fallback + pages when authentication fails. Contributed by Callum Brown. + (#10561) + - Remove pushers when deleting an e-mail address from an + account. Pushers for old unlinked emails will also be + deleted. (#10581, #10734) + - Reject Client-Server /keys/query requests which provide + device_ids incorrectly. (#10593) + - Rooms with unsupported room versions are no longer returned + via /sync. (#10644) + - Enforce the maximum length for per-room display names and + avatar URLs. (#10654) + - Fix a bug which caused the synapse_user_logins_total + Prometheus metric not to be correctly initialised on restart. + (#10677) + - Improve ServerNoticeServlet to avoid duplicate requests and + add unit tests. (#10679) + - Fix long-standing issue which caused an error when a + thumbnail is requested and there are multiple thumbnails with + the same quality rating. (#10684) + - Fix a regression introduced in v1.41.0 which affected the + performance of concurrent fetches of large sets of events, in + extreme cases causing the process to hang. (#10703) + - Fix a regression introduced in Synapse 1.41 which broke email + transmission on Systems using older versions of the Twisted + library. (#10713) + - Improved Documentation + - Add documentation on how to connect Django with Synapse using + OpenID Connect and django-oauth-toolkit. Contributed by + @HugoDelval. (#10192) + - Advertise https://matrix-org.github.io/synapse documentation + in the README and CONTRIBUTING files. (#10595) + - Fix some of the titles not rendering in the OpenID Connect + documentation. (#10639) + - Minor clarifications to the documentation for reverse + proxies. (#10708) + - Remove table of contents from the top of installation and + contributing documentation pages. (#10711) + - Deprecations and Removals + - Remove deprecated Shutdown Room and Purge Room Admin API. + (#8830) + - Internal Changes + - Print a warning when using one of the deprecated template_dir + settings. (#10768) + - Improve type hints for the proxy agent and SRV resolver + modules. Contributed by @dklimpel. (#10608) + - Clean up some of the federation event authentication code for + clarity. (#10614, #10615, #10624, #10640) + - Add a comment asking developers to leave a reason when + bumping the database schema version. (#10621) + - Remove not needed database updates in modify user admin API. + (#10627) + - Convert room member storage tuples to attrs classes. (#10629, + #10642) + - Use auto-attribs for the attrs classes used in sync. (#10630) + - Make backfill and get_missing_events use the same codepath. + (#10645) + - Improve the performance of the /hierarchy API (from MSC2946) + by caching responses received over federation. (#10647) + - Run a nightly CI build against Twisted trunk. (#10651, + #10672) + - Do not print out stack traces for network errors when + fetching data over federation. (#10662) + - Simplify tests for device admin rest API. (#10664) + - Add missing type hints to REST servlets. (#10665, #10666, + #10674) + - Flatten the tests.synapse.rests package by moving the + contents of v1 and v2_alpha into the parent. (#10667) + - Update complement.sh to rebuild the base Docker image when + run with workers. (#10686) + - Split the event-processing methods in FederationHandler into + a separate FederationEventHandler. (#10692) + - Remove unused compare_digest function. (#10706) + +------------------------------------------------------------------- +Thu Sep 2 09:52:14 UTC 2021 - Jan Zerebecki + +- Add 10719-Fix-instert-of-duplicate-key-into-event_json.patch + +------------------------------------------------------------------- +Tue Aug 31 14:21:51 UTC 2021 - Marcus Rueckert + +- Update to 1.41.1 (boo#1190037 boo#1190038) + Due to the two security issues highlighted below, server + administrators are encouraged to update Synapse. We are not aware + of these vulnerabilities being exploited in the wild. + + - Security advisory + The following issues are fixed in v1.41.1. + + - GHSA-3x4c-pq33-4w3q / CVE-2021-39164: Enumerating a private + room's list of members and their display names. + + If an unauthorized user both knows the Room ID of a private + room and that room's history visibility is set to shared, + then they may be able to enumerate the room's members, + including their display names. + + The unauthorized user must be on the same homeserver as a + user who is a member of the target room. + + Fixed by 52c7a51cf. + + - GHSA-jj53-8fmw-f2w2 / CVE-2021-39163: Disclosing a private + room's name, avatar, topic, and number of members. + + If an unauthorized user knows the Room ID of a private room, + then its name, avatar, topic, and number of members may be + disclosed through Group / Community features. + + The unauthorized user must be on the same homeserver as a + user who is a member of the target room, and their homeserver + must allow non-administrators to create groups + (enable_group_creation in the Synapse configuration; off by + default). + + Fixed by cb35df940a, #10723. + + - Bugfixes + - Fix a regression introduced in Synapse 1.41 which broke email + transmission on systems using older versions of the Twisted + library. (#10713) + +------------------------------------------------------------------- +Tue Aug 24 16:07:40 UTC 2021 - Marcus Rueckert + +- Update to 1.41.0 + - Features + - Enable room capabilities (MSC3244) by default and set room + version 8 as the preferred room version when creating + restricted rooms. (#10571) + - Add get_userinfo_by_id method to ModuleApi. (#9581) + - Initial local support for MSC3266, Room Summary over the + unstable /rooms/{roomIdOrAlias}/summary API. (#10394) + - Experimental support for MSC3288, sending room_type to the + identity server for 3pid invites over the /store-invite API. + (#10435) + - Add support for sending federation requests through a proxy. + Contributed by @Bubu and @dklimpel. (#10475) + - Add support for "marker" events which makes historical events + discoverable for servers that already have all of the + scrollback history (part of MSC2716). (#10498) + - Add a configuration setting for the time a /sync response is + cached for. (#10513) + - The default logging handler for new installations is now + PeriodicallyFlushingMemoryHandler, a buffered logging handler + which periodically flushes itself. (#10518) + - Add support for new redaction rules for historical events + specified in MSC2716. (#10538) + - Add a setting to disable TLS when sending email. (#10546) + - Add pagination to the spaces summary based on updates to + MSC2946. (#10549, #10560, #10569, #10574, #10575, #10579, + #10583) + - Admin API to delete several media for a specific user. + Contributed by @dklimpel. (#10558, #10628) + - Add support for routing /createRoom to workers. (#10564) + - Update the Synapse Grafana dashboard. (#10570) + - Add an admin API (GET /_synapse/admin/username_available) to + check if a username is available (regardless of registration + settings). (#10578) + - Allow editing a user's external_ids via the "Edit User" admin + API. Contributed by @dklimpel. (#10598) + - The Synapse manhole no longer needs coroutines to be wrapped + in defer.ensureDeferred. (#10602) + - Add option to allow modules to run periodic tasks on all + instances, rather than just the one configured to run + background tasks. (#10638) + - Bugfixes + - Add some clarification to the sample config file. Contributed + by @Kentokamoto. (#10129) + - Fix a long-standing bug where protocols which are not + implemented by any appservices were incorrectly returned via + GET /_matrix/client/r0/thirdparty/protocols. (#10532) + - Fix exceptions in logs when failing to get remote room list. + (#10541) + - Fix longstanding bug which caused the user "status" to be + reset when the user went offline. Contributed by @dklimpel. + (#10550) + - Allow public rooms to be previewed in the spaces summary APIs + from MSC2946. (#10580) + - Fix a bug introduced in v1.37.1 where an error could occur in + the asynchronous processing of PDUs when the queue was empty. + (#10592) + - Fix errors on /sync when read receipt data is a string. Only + affects homeservers with the experimental flag for MSC2285 + enabled. Contributed by @SimonBrandner. (#10606) + - Additional validation for the spaces summary API to avoid + errors like ValueError: Stop argument for islice() must be + None or an integer. The missing validation has existed since + v1.31.0. (#10611) + - Revert behaviour introduced in v1.38.0 that strips + org.matrix.msc2732.device_unused_fallback_key_types from + /sync when its value is empty. This field should instead + always be present according to MSC2732. (#10623) + - Improved Documentation + - Add documentation for configuration a forward proxy. (#10443) + - Updated the reverse proxy documentation to highlight the + homserver configuration that is needed to make Synapse aware + that is is intentionally reverse proxied. (#10551) + - Update CONTRIBUTING.md to fix index links and the + instructions for SyTest in docker. (#10599) + - Deprecations and Removals + - No longer build .deb packages for Ubuntu 20.10 LTS Groovy + Gorilla, which has now EOLed. (#10588) + - The template_dir configuration settings in the sso, + account_validity and email sections of the configuration file + are now deprecated in favour of the global + templates.custom_template_directory setting. See the upgrade + notes for more information. (#10596) + - Internal Changes + - Improve event caching mechanism to avoid having multiple + copies of an event in memory at a time. (#10119) + - Reduce errors in PostgreSQL logs due to concurrent + serialization errors. (#10504) + - Include room ID in ignored EDU log messages. Contributed by + @ilmari. (#10507) + - Add pagination to the spaces summary based on updates to + MSC2946. (#10527, #10530) + - Fix CI to not break when run against branches rather than + pull requests. (#10529) + - Mark all events stemming from the MSC2716 /batch_send + endpoint as historical. (#10537) + - Clean up some of the federation event authentication code for + clarity. (#10539, #10591) + - Convert Transaction and Edu objects to attrs. (#10542) + - Update /batch_send endpoint to only return state_events + created by the state_events_from_before passed in. (#10552) + - Update contributing.md to warn against rebasing an open PR. + (#10563) + - Remove the unused public rooms replication stream. (#10565) + - Clarify error message when failing to join a restricted room. + (#10572) + - Remove references to BuildKite in favour of GitHub Actions. + (#10573) + - Move /batch_send endpoint defined by MSC2716 to the /v2_alpha + directory. (#10576) + - Allow multiple custom directories in read_templates. (#10587) + - Re-organize the synapse.federation.transport.server module to + create smaller files. (#10590) + - Flatten the synapse.rest.client package by moving the + contents of v1 and v2_alpha into the parent. (#10600) + - Build Debian packages for Debian 12 (Bookworm). (#10612) + - Fix up a couple of links to the database schema + documentation. (#10620) + - Fix a broken link to the upgrade notes. (#10631) + +------------------------------------------------------------------- +Tue Aug 10 13:38:13 UTC 2021 - Marcus Rueckert + +- Update to 1.40.0 + - Features + - Support MSC3289: room version 8. (#10449) + - Add support for MSC2033: device_id on /account/whoami. + (#9918) + - Update support for MSC2716 - Incrementally importing history + into existing rooms. (#10245, #10432, #10463) + - Update support for MSC3083 to consider changes in the MSC + around which servers can issue join events. (#10254, #10447, + #10489) + - Initial support for MSC3244, Room version capabilities over + the /capabilities API. (#10283) + - Add a buffered logging handler which periodically flushes + itself. (#10407, #10515) + - Add support for https connections to a proxy server. + Contributed by @Bubu and @dklimpel. (#10411) + - Support for MSC2285 (hidden read receipts). Contributed by + @SimonBrandner. (#10413) + - Email notifications now state whether an invitation is to a + room or a space. (#10426) + - Allow setting transaction limit for database connections. + (#10440, #10511) + - Add creation_ts to "list users" admin API. (#10448) + - Bugfixes + - Mark the experimental room version from MSC2716 as unstable. + (#10449) + - Fix the PeriodicallyFlushingMemoryHandler inhibiting + application shutdown because of its background thread. + (#10517) + - Fix a bug introduced in Synapse v1.40.0rc1 that could cause + Synapse to respond with an error when clients would update + read receipts. (#10531) + - Improve character set detection in URL previews by supporting + underscores (in addition to hyphens). Contributed by + @srividyut. (#10410) + - Fix events being incorrectly rejected over federation if they + reference auth events that the server needed to fetch. + (#10439) + - Fix synapse_federation_server_oldest_inbound_pdu_in_staging + Prometheus metric to not report a max age of 51 years when + the queue is empty. (#10455) + - Fix a bug which caused an explicit assignment of power-level + 0 to a user to be misinterpreted in rare circumstances. + (#10499) + - Improved Documentation + - Fix broken links in upgrade.md. Contributed by @dklimpel. + (#10543) + - Fix hierarchy of providers on the OpenID page. (#10445) + - Consolidate development documentation to docs/development/. + (#10453) + - Add some developer docs to explain room DAG concepts like + outliers, state_groups, depth, etc. (#10464) + - Document how to use Complement while developing a new Synapse + feature. (#10483) + - Internal Changes + - Fix release script to open the correct URL for the release. + (#10516) + - Prune inbound federation queues for a room if they get too + large. (#10390) + - Add type hints to synapse.federation.transport.client module. + (#10408) + - Remove shebang line from module files. (#10415) + - Drop backwards-compatibility code that was required to + support Ubuntu Xenial. (#10429) + - Use a docker image cache for the prerequisites for the debian + package build. (#10431) + - Improve servlet type hints. (#10437, #10438) + - Replace usage of or_ignore in simple_insert with + simple_upsert usage, to stop spamming postgres logs with + spurious ERROR messages. (#10442) + - Update the tests-done Github Actions status. (#10444, #10512) + - Update type annotations to work with forthcoming Twisted + 21.7.0 release. (#10446, #10450) + - Cancel redundant GHA workflows when a new commit is pushed. + (#10451) + - Mitigate media repo XSS attacks on IE11 via the non-standard + X-Content-Security-Policy header. (#10468) + - Additional type hints in the state handler. (#10482) + - Update syntax used to run complement tests. (#10488) + - Fix up type annotations to work with Twisted 21.7. (#10490) + - Improve type annotations for ObservableDeferred. (#10491) + - Extend release script to also tag and create GitHub releases. + (#10496) + - Fix a bug which caused production debian packages to be + incorrectly marked as 'prerelease'. (#10500) + +------------------------------------------------------------------- +Thu Jul 29 11:49:07 UTC 2021 - Marcus Rueckert + +- Update to 1.39.0 + The Third-Party Event Rules module interface has been deprecated + in favour of the generic module interface introduced in Synapse + v1.37.0. Support for the old interface is planned to be removed + in September 2021. See the upgrade notes for more information. + + - Features + - Add the ability to override the account validity feature with + a module. (#9884) + - The spaces summary API now returns any joinable rooms, not + only rooms which are world-readable. (#10298, #10305) + - Add a new version of the R30 phone-home metric, which removes + a false impression of retention given by the old R30 metric. + (#10332, #10427) + - Allow providing credentials to http_proxy. (#10360) + - Bugfixes + - Fix a bug introduced in Synapse 1.38 which caused an + exception at startup when SAML authentication was enabled. + (#10477) + - Fix a long-standing bug where Synapse would not inform + clients that a device had exhausted its one-time-key pool, + potentially causing problems decrypting events. (#10485) + - Fix reporting old R30 stats as R30v2 stats. + Introduced in v1.39.0rc1. (#10486) + - Always include device_one_time_keys_count key in /sync + response to work around a bug in Element Android that broke + encryption for new devices. (#10457) + - Fix error while dropping locks on shutdown. Introduced in + v1.38.0. (#10433) + - Add base starting insertion event when no chunk ID is + specified in the historical batch send API. (#10250) + - Fix historical batch send endpoint (MSC2716) rejecting + batches with messages from multiple senders. (#10276) + - Fix purging rooms that other homeservers are still sending + events for. Contributed by @ilmari. (#10317) + - Fix errors during backfill caused by previously purged + redaction events. Contributed by Andreas Rammhold (@andir). + (#10343) + - Fix the user directory becoming broken (and noisy errors + being logged) when knocking and room statistics are in use. + (#10344) + - Fix newly added + synapse_federation_server_oldest_inbound_pdu_in_staging + prometheus metric to measure age rather than timestamp. + (#10355) + - Fix PostgreSQL sometimes using table scans for queries + against state_groups_state table, taking a long time and a + large amount of IO. (#10359) + - Fix make_room_admin failing for users that have left a + private room. (#10367) + - Fix a number of logged errors caused by remote servers being + down. (#10400, #10414) + - Responses from /make_{join,leave,knock} no longer include + signatures, which will turn out to be invalid after events + are returned to /send_{join,leave,knock}. (#10404) + - Improved Documentation + - Updated installation dependencies for newer macOS versions + and ARM Macs. Contributed by Luke Walsh. (#9971) + - Simplify structure of room admin API. (#10313) + - Refresh the logcontext dev documentation. (#10353), (#10337) + - Add delegation example for caddy in the reverse proxy + documentation. Contributed by @moritzdietz. (#10368) + - Fix and clarify some links in docs and contrib. (#10370), + (#10322), (#10399) + - Make deprecation notice of the spam checker doc more obvious. + (#10395) + - Add instructions on installing Debian packages for release + candidates. (#10396) + - Deprecations and Removals + - Remove functionality associated with the unused + room_stats_historical and user_stats_historical tables. + Contributed by @xmunoz. (#9721) + - The third-party event rules module interface is deprecated in + favour of the generic module interface introduced in Synapse + v1.37.0. See the upgrade notes for more information. (#10386) + - Internal Changes + - Fix an error which prevented the Github Actions workflow to + build the docker images from running. (#10461) + - Fix release script to correctly version debian changelog when + doing RCs. (#10465) + - Move docker image build to Github Actions. (#10416) + - Convert room_depth.min_depth column to a BIGINT. (#10289) + - Add tests to characterise the current behaviour of R30 + phone-home metrics. (#10315) + - Rebuild event context and auth when processing specific + results from ThirdPartyEventRules modules. (#10316) + - Minor change to the code that populates user_daily_visits. + (#10324) + - Re-enable Sytests that were disabled for the 1.37.1 release. + (#10345, #10357) + - Run pyupgrade on the codebase. (#10347, #10348) + - Switch application_services_txns.txn_id database column to + BIGINT. (#10349) + - Convert internal type variable syntax to reflect wider + ecosystem use. (#10350, #10380, #10381, #10382, #10418) + - Make the Github Actions workflow configuration more + efficient. (#10383) + - Add type hints to get_{domain,localpart}_from_id. (#10385) + - When building Debian packages for prerelease versions, set + the Section accordingly. (#10391) + - Add type hints and comments to event auth code. (#10393) + - Stagger sending of presence update to remote servers, + reducing CPU spikes caused by starting many connections to + remote servers at once. (#10398) + - Remove unused events_by_room code (tech debt). (#10421) + - Add a github actions job which records success of other jobs. + (#10430) + +------------------------------------------------------------------- +Thu Jul 22 16:20:00 UTC 2021 - Marcus Rueckert + +- Update to 1.38.1 + Always include device_one_time_keys_count key in /sync response + to work around a bug in Element Android that broke encryption for + new devices. (#10457) + +------------------------------------------------------------------- +Fri Jul 16 15:32:21 UTC 2021 - Marcus Rueckert + +- oidc can be enabled on TW as the Authlib package is in the distro + +------------------------------------------------------------------- +Fri Jul 16 14:48:15 UTC 2021 - Marcus Rueckert + +- drop all conditionals that were enabled anyway +- rename remaining conditionals to have a synapse_ prefix + +------------------------------------------------------------------- +Wed Jul 14 15:03:02 UTC 2021 - Marcus Rueckert + +- Update to 1.38.0 + This release includes a database schema update which could result + in elevated disk usage. See the upgrade notes for more + information. + + - Features + - Implement refresh tokens as specified by MSC2918. (#9450) + - Add support for evicting cache entries based on last access + time. (#10205) + - Omit empty fields from the /sync response. Contributed by + @deepbluev7. (#10214) + - Improve validation on federation send_{join,leave,knock} + endpoints. (#10225, #10243) + - Add SSO external_ids to the Query User Account admin API. + (#10261) + - Mark events received over federation which fail a spam check + as "soft-failed". (#10263) + - Add metrics for new inbound federation staging area. (#10284) + - Add script to print information about recently registered + users. (#10290) + - Bugfixes + - Fix bug where inbound federation in a room could be delayed + due to not correctly dropping a lock. Introduced in v1.37.1. + (#10336) + - Fix a long-standing bug which meant that invite rejections + and knocks were not sent out over federation in a timely + manner. (#10223) + - Fix a bug introduced in v1.26.0 where only users who have set + profile information could be deactivated with erasure + enabled. (#10252) + - Fix a long-standing bug where Synapse would return errors + after 231 events were handled by the server. (#10264, #10267, + #10282, #10286, #10291, #10314, #10326) + - Fix the prometheus synapse_federation_server_pdu_process_time + metric. Broke in v1.37.1. (#10279) + - Ensure that inbound events from federation that were being + processed when Synapse was restarted get promptly processed + on start up. (#10303) + - Improved Documentation + - Update links to documentation in the sample config. + Contributed by @dklimpel. (#10287) + - Fix broken links in INSTALL.md. Contributed by @dklimpel. + (#10331) + - Move the upgrade notes to docs/upgrade.md and convert them to + markdown. (#10166) + - Choose Welcome & Overview as the default page for synapse + documentation website. (#10242) + - Adjust the URL in the README.rst file to point to + irc.libera.chat. (#10258) + - Fix homeserver config option name in presence router + documentation. (#10288) + - Fix link pointing at the wrong section in the modules + documentation page. (#10302) + - Internal Changes + - Drop Origin and Accept from the value of the + Access-Control-Allow-Headers response header. (#10114) + - Add type hints to the federation servlets. (#10213) + - Improve the reliability of auto-joining remote rooms. + (#10237) + - Update the release script to use the semver terminology and + determine the release branch based on the next version. + (#10239) + - Fix type hints for computing auth events. (#10253) + - Improve the performance of the spaces summary endpoint by + only recursing into spaces (and not rooms in general). + (#10256) + - Move event authentication methods from Auth to + EventAuthHandler. (#10268) + - Re-enable a SyTest after it has been fixed. (#10292) + +------------------------------------------------------------------- +Wed Jun 30 14:03:06 UTC 2021 - Marcus Rueckert + +- Update to 1.37.1 + This release resolves issues (such as #9490) where one busy room + could cause head-of-line blocking, starving Synapse from + processing events in other rooms, and causing all federated + traffic to fall behind. Synapse 1.37.1 processes inbound + federation traffic asynchronously, ensuring that one busy room + won't impact others. Please upgrade to Synapse 1.37.1 as soon as + possible, in order to increase resilience to other traffic + spikes. + + - Features + - Handle inbound events from federation asynchronously. + (#10269, #10272) + +------------------------------------------------------------------- +Tue Jun 29 10:44:06 UTC 2021 - Marcus Rueckert + +- Update to 1.37.0 + This release deprecates the current spam checker interface. See + the upgrade notes for more information on how to update to the + new generic module interface. + + This release also removes support for fetching and renewing TLS + certificates using the ACME v1 protocol, which has been fully + decommissioned by Let's Encrypt on June 1st 2021. Admins + previously using this feature should use a reverse proxy to + handle TLS termination, or use an external ACME client (such as + certbot) to retrieve a certificate and key and provide them to + Synapse using the tls_certificate_path and tls_private_key_path + configuration settings. + + - Features + - Implement "room knocking" as per MSC2403. Contributed by + @Sorunome and anoa. (#6739, #9359, #10167, #10212, #10227) + - Add experimental support for backfilling history into rooms + (MSC2716). (#9247) + - Implement a generic interface for third-party plugin modules. + (#10062, #10206) + - Implement config option sso.update_profile_information to + sync SSO users' profile information with the identity + provider each time they login. Currently only displayname is + supported. (#10108) + - Ensure that errors during startup are written to the logs and + the console. (#10191) + - Bugfixes + - Fix a bug introduced in Synapse v1.25.0 that prevented the + ip_range_whitelist configuration option from working for + federation and identity servers. Contributed by @mikure. + (#10115) + - Remove a broken import line in Synapse's admin_cmd worker. + Broke in Synapse v1.33.0. (#10154) + - Fix a bug introduced in Synapse v1.21.0 which could cause + /sync to return immediately with an empty response. (#10157, + #10158) + - Fix a minor bug in the response to + /_matrix/client/r0/user/{user}/openid/request_token causing + expires_in to be a float instead of an integer. Contributed + by @lukaslihotzki. (#10175) + - Always require users to re-authenticate for dangerous + operations: deactivating an account, modifying an account + password, and adding 3PIDs. (#10184) + - Fix a bug introduced in Synpase v1.7.2 where remote server + count metrics collection would be incorrectly delayed on + startup. Found by @heftig. (#10195) + - Fix a bug introduced in Synapse v1.35.1 where an allow key of + a m.room.join_rules event could be applied for incorrect room + versions and configurations. (#10208) + - Fix performance regression in responding to user key requests + over federation. Introduced in Synapse v1.34.0rc1. (#10221) + - Improved Documentation + - Add a new guide to decoding request logs. (#8436) + - Mention in the sample homeserver config that you may need to + configure max upload size in your reverse proxy. Contributed + by @aaronraimist. (#10122) + - Fix broken links in documentation. (#10180) + - Deploy a snapshot of the documentation website upon each new + Synapse release. (#10198) + - Deprecations and Removals + - The current spam checker interface is deprecated in favour of + a new generic modules system. See the upgrade notes for more + information on how to update to the new system. (#10062, + #10210, #10238) + - Stop supporting the unstable spaces prefixes from MSC1772. + (#10161) + - Remove Synapse's support for automatically fetching and + renewing certificates using the ACME v1 protocol. This + protocol has been fully turned off by Let's Encrypt for + existing installations on June 1st 2021. Admins previously + using this feature should use a reverse proxy to handle TLS + termination, or use an external ACME client (such as certbot) + to retrieve a certificate and key and provide them to Synapse + using the tls_certificate_path and tls_private_key_path + configuration settings. (#10194) + - Internal Changes + - Update the database schema versioning to support gradual + migration away from legacy tables. (#9933) + - Add type hints to the federation servlets. (#10080) + - Improve OpenTracing for event persistence. (#10134, #10193) + - Clean up the interface for injecting OpenTracing over HTTP. + (#10143) + - Limit the number of in-flight /keys/query requests from a + single device. (#10144) + - Refactor EventPersistenceQueue. (#10145) + - Document SYNAPSE_TEST_LOG_LEVEL to see the logger output when + running tests. (#10148) + - Update the Complement build tags in GitHub Actions to test + currently experimental features. (#10155) + - Add a synapse_federation_soft_failed_events_total metric to + track how often events are soft failed. (#10156) + - Fetch the corresponding complement branch when performing CI. + (#10160) + - Add some developer documentation about boolean columns in + database schemas. (#10164) + - Add extra logging fields to better debug where events are + being soft failed. (#10168) + - Add debug logging for when we enter and exit Measure blocks. + (#10183) + - Improve comments in structured logging code. (#10188) + - Update MSC3083 support with modifications from the MSC. + (#10189) + - Remove redundant DNS lookup limiter. (#10190) + - Upgrade black linting tool to 21.6b0. (#10197) + - Expose OpenTracing trace id in response headers. (#10199) +- refresh patches to apply cleanly again: + dont-bump-cryptography-with-system-openssl.patch + matrix-synapse-1.4.1-paths.patch + +------------------------------------------------------------------- +Tue Jun 15 18:04:01 UTC 2021 - Marcus Rueckert + +- Update to 1.36.0 + - Features + - Add new endpoint /_matrix/client/r0/rooms/{roomId}/aliases + from Client-Server API r0.6.1 (previously MSC2432). (#9224) + - Improve performance of incoming federation transactions in + large rooms. (#9953, #9973) + - Rewrite logic around verifying JSON object and fetching + server keys to be more performant and use less memory. + (#10035) + - Add new admin APIs for unprotecting local media from + quarantine. Contributed by @dklimpel. (#10040) + - Add new admin APIs to remove media by media ID from + quarantine. Contributed by @dklimpel. (#10044) + - Make reason and score parameters optional for reporting + content. Implements MSC2414. Contributed by Callum Brown. + (#10077) + - Add support for routing more requests to workers. (#10084) + - Report OpenTracing spans for database activity. (#10113, + #10136, #10141) + - Significantly reduce memory usage of joining large remote + rooms. (#10117) + - Bugfixes + - Fix a bug which caused presence updates to stop working some + time after a restart, when using a presence writer worker. + Broke in v1.33.0. (#10149) + - Fix a bug when using federation sender worker where it would + send out more presence updates than necessary, leading to + high resource usage. Broke in v1.33.0. (#10163) + - Fix a bug where Synapse could send the same presence update + to a remote twice. (#10165) + - Fixed a bug causing replication requests to fail when + receiving a lot of events via federation. (#10082) + - Fix a bug in the force_tracing_for_users option introduced in + Synapse v1.35 which meant that the OpenTracing spans produced + were missing most tags. (#10092) + - Fixed a bug that could cause Synapse to stop notifying + application services. Contributed by Willem Mulder. (#10107) + - Fix bug where the server would attempt to fetch the same + history in the room from a remote server multiple times in + parallel. (#10116) + - Fix a bug introduced in Synapse 1.33.0 which caused + replication requests to fail when receiving a lot of very + large events via federation. (#10118) + - Fix bug when using workers where pagination requests failed + if a remote server returned zero events from /backfill. + Introduced in 1.35.0. (#10133) + - Improved Documentation + - Clarify security note regarding hosting Synapse on the same + domain as other web applications. (#9221) + - Update CAPTCHA documentation to mention turning off the + verify origin feature. Contributed by @aaronraimist. (#10046) + - Tweak wording of database recommendation in INSTALL.md. + Contributed by @aaronraimist. (#10057) + - Add initial infrastructure for rendering Synapse + documentation with mdbook. (#10086) + - Convert the remaining Admin API documentation files to + markdown. (#10089) + - Make a link in docs use HTTPS. Contributed by @RhnSharma. + (#10130) + - Fix broken link in Docker docs. (#10132) + - Deprecations and Removals + - Remove the experimental spaces_enabled flag. The spaces + features are always available now. (#10063) + - Internal Changes + - Tell CircleCI to build Docker images from main branch. + (#9906) + - Simplify naming convention for release branches to only + include the major and minor version numbers. (#10013) + - Add parse_strings_from_args for parsing an array from query + parameters. (#10048, #10137) + - Remove some dead code regarding TLS certificate handling. + (#10054) + - Remove redundant, unmaintained convert_server_keys script. + (#10055) + - Improve the error message printed by synctl when synapse + fails to start. (#10059) + - Fix GitHub Actions lint for newsfragments. (#10069) + - Update opentracing to inject the right context into the + carrier. (#10074) + - Fix up BatchingQueue implementation. (#10078) + - Log method and path when dropping request due to size limit. + (#10091) + - In Github Actions workflows, summarize the Sytest results in + an easy-to-read format. (#10094) + - Make /sync do fewer state resolutions. (#10102) + - Add missing type hints to the admin API servlets. (#10105) + - Improve opentracing annotations for Notifier. (#10111) + - Enable Prometheus metrics for the jaeger client library. + (#10112) + - Work to improve the responsiveness of /sync requests. + (#10124) + - OpenTracing: use a consistent name for background processes. + (#10135) + +------------------------------------------------------------------- +Thu Jun 3 15:16:29 UTC 2021 - Marcus Rueckert + +- Update to 1.35.1: + - Bugfixes + - Fix a bug introduced in v1.35.0 where invite-only rooms would + be shown to all users in a space, regardless of if the user + had access to it. (#10109) + +------------------------------------------------------------------- +Tue Jun 1 16:27:57 UTC 2021 - Marcus Rueckert + +- Update to 1.35.0 + - Deprecations and Removals + - The core Synapse development team plan to drop support for + the unstable API of MSC2858, including the undocumented + experimental.msc2858_enabled config option, in August 2021. + Client authors should ensure that their clients are updated + to use the stable API (which has been supported since Synapse + 1.30) well before that time, to give their users time to + upgrade. (#10101) + - Features + - Add experimental support to allow a user who could join a + restricted room to view it in the spaces summary. (#9922, + #10007, #10038) + - Reduce memory usage when joining very large rooms over + federation. (#9958) + - Add a configuration option which allows enabling opentracing + by user id. (#9978) + - Enable experimental support for MSC2946 (spaces summary API) + and MSC3083 (restricted join rules) by default. (#10011) + - Bugfixes + - Fixed a bug causing replication requests to fail when + receiving a lot of events via federation. Introduced in + v1.33.0. (#10082) + - Fix HTTP response size limit to allow joining very large + rooms over federation. Introduced in v1.33.0. (#10093) + - Fix a bug introduced in v1.35.0rc1 when calling the spaces + summary API via a GET request. (#10079) + - Fix a bug introduced in v1.26.0 which meant that + synapse_port_db would not correctly initialise some postgres + sequences, requiring manual updates afterwards. (#9991) + - Fix synctl's --no-daemonize parameter to work correctly with + worker processes. (#9995) + - Fix a validation bug introduced in v1.34.0 in the ordering of + spaces in the space summary API. (#10002) + - Fixed deletion of new presence stream states from database. + (#10014, #10033) + - Fixed a bug with very high resolution image uploads throwing + internal server errors. (#10029) + - Updates to the Docker image + - Fix bug introduced in Synapse 1.33.0 which caused a + Permission denied: '/homeserver.log' error when starting + Synapse with the generated log configuration. Contributed by + Sergio Miguéns Iglesias. (#10045) + - Improved Documentation + - Add hardened systemd files as proposed in #9760 and added + them to contrib/. Change the docs to reflect the presence of + these files. (#9803) + - Clarify documentation around SSO mapping providers generating + unique IDs and localparts. (#9980) + - Updates to the PostgreSQL documentation (postgres.md). + (#9988, #9989) + - Fix broken link in user directory documentation. Contributed + by @junquera. (#10016) + - Add missing room state entry to the table of contents of room + admin API. (#10043) + - Deprecations and Removals + - Removed support for the deprecated tls_fingerprints + configuration setting. Contributed by Jerin J Titus. (#9280) + - Internal Changes + - Log method and path when dropping request due to size limit. + (#10091) + - Allow sending full presence to users via workers other than + the one that called ModuleApi.send_local_online_presence_to. + (#9823) + - Update comments in the space summary handler. (#9974) + - Minor enhancements to the @cachedList descriptor. (#9975) + - Split multipart email sending into a dedicated handler. + (#9977) + - Run black on files in the scripts directory. (#9981) + - Add missing type hints to synapse.util module. (#9982) + - Simplify a few helper functions. (#9984, #9985, #9986) + - Remove unnecessary property from SQLBaseStore. (#9987) + - Remove keylen param on LruCache. (#9993) + - Update the Grafana dashboard in contrib/. (#10001) + - Add a batching queue implementation. (#10017) + - Reduce memory usage when verifying signatures on large + numbers of events at once. (#10018) + - Properly invalidate caches for destination retry timings + every (instead of expiring entries every 5 minutes). (#10036) + - Fix running complement tests with Synapse workers. (#10039) + - Fix typo in get_state_ids_for_event docstring where the + return type was incorrect. (#10050) +- new dependency python3-ijson +- refresh patches to apply cleanly again + dont-bump-cryptography-with-system-openssl.patch + matrix-synapse-1.4.1-paths.patch + +------------------------------------------------------------------- +Sun May 30 17:50:21 UTC 2021 - Marcus Rueckert + +- fix requires on Tumbleweed. the %if is ugly but there is no + better solution right now short of adding our own macro to + generates the requires based on the provides of other packages. + +------------------------------------------------------------------- +Wed May 19 15:50:36 UTC 2021 - Marcus Rueckert + +- Switch package to use sysuser +- Cleanup duplicated buildrequires and switch to %requires_eq for + the base python as well + +------------------------------------------------------------------- +Mon May 17 12:18:10 UTC 2021 - Marcus Rueckert + +- Update to 1.34.0 + This release deprecates the room_invite_state_types configuration + setting. See the upgrade notes for instructions on updating your + configuration file to use the new room_prejoin_state setting. + + This release also deprecates the POST + /_synapse/admin/v1/rooms//delete admin API route. Server + administrators are encouraged to update their scripts to use the + new DELETE /_synapse/admin/v1/rooms/ route instead. + + - Features + - Add experimental option to track memory usage of the caches. + (#9881) + - Add support for DELETE /_synapse/admin/v1/rooms/. + (#9889) + - Add limits to how often Synapse will GC, ensuring that large + servers do not end up GC thrashing if gc_thresholds has not + been correctly set. (#9902) + - Improve performance of sending events for worker-based + deployments using Redis. (#9905, #9950, #9951) + - Improve performance after joining a large room when presence + is enabled. (#9910, #9916) + - Support stable identifiers for MSC1772 Spaces. m.space.child + events will now be taken into account when populating the + experimental spaces summary response. Please see the upgrade + notes if you have customised room_invite_state_types in your + configuration. (#9915, #9966) + - Improve performance of backfilling in large rooms. (#9935) + - Add a config option to allow you to prevent device display + names from being shared over federation. Contributed by + @aaronraimist. (#9945) + - Update support for MSC2946: Spaces Summary. (#9947, #9954) + - Bugfixes + - Fix a bug introduced in v1.32.0 where the associated + connection was improperly logged for SQL logging statements. + (#9895) + - Correct the type hint for the user_may_create_room_alias + method of spam checkers. It is provided a RoomAlias, not a + str. (#9896) + - Fix bug where user directory could get out of sync if room + visibility and membership changed in quick succession. + (#9910) + - Include the origin_server_ts property in the experimental + MSC2946 support to allow clients to properly sort rooms. + (#9928) + - Fix bugs introduced in v1.23.0 which made the PostgreSQL port + script fail when run with a newly-created SQLite database. + (#9930) + - Fix a bug introduced in Synapse 1.29.0 which caused + m.room_key_request to-device messages sent from one user to + another to be dropped. (#9961, #9965) + - Fix a bug introduced in v1.27.0 preventing users and + appservices exempt from ratelimiting from creating rooms with + many invitees. (#9968) + - Updates to the Docker image + - Add startup_delay to docker healthcheck to reduce waiting + time for coming online and update the documentation with + extra options. Contributed by @maquis196. (#9913) + - Improved Documentation + - Add port argument to the Postgres database sample config + section. (#9911) + - Deprecations and Removals + - Mark as deprecated POST + /_synapse/admin/v1/rooms//delete. (#9889) + - Internal Changes + - Reduce the length of Synapse's access tokens. (#5588) + - Export jemalloc stats to Prometheus if it is being used. + (#9882) + - Add type hints to presence handler. (#9885) + - Reduce memory usage of the LRU caches. (#9886) + - Add type hints to the synapse.handlers module. (#9896) + - Time response time for external cache requests. (#9904) + - Minor fixes to the make_full_schema.sh script. (#9931) + - Move database schema files into a common directory. (#9932) + - Add debug logging for lost/delayed to-device messages. + (#9959) +- enable cache_memory feature: new BR Pympler + +------------------------------------------------------------------- +Tue May 11 13:46:25 UTC 2021 - Marcus Rueckert + +- Update to 1.33.2 + Due to the security issue highlighted below, server + administrators are encouraged to update Synapse. We are not aware + of these vulnerabilities being exploited in the wild. + + Security advisory + This release fixes a denial of service attack (CVE-2021-29471) + against Synapse's push rules implementation. Server admins are + encouraged to upgrade. + + - Internal Changes + - Unpin attrs dependency. (#9946) + +------------------------------------------------------------------- +Thu May 6 14:44:02 UTC 2021 - Marcus Rueckert + +- Update to 1.33.1 + - Bugfixes + - Fix bug where /sync would break if using the latest version + of attrs dependency, by pinning to a previous version. + (#9937) +- sync BuildRequires with synapse/python_dependencies.py + - Jinja2 dep is now always required + +------------------------------------------------------------------- +Wed May 5 18:45:30 UTC 2021 - Marcus Rueckert + +- Update to 1.33.0 + - Features + - Update experimental support for MSC3083: restricting room + access via group membership. (#9800, #9814) + - Add experimental support for handling presence on a worker. + (#9819, #9820, #9828, #9850) + - Return a new template when an user attempts to renew their + account multiple times with the same token, stating that + their account is set to expire. This replaces the invalid + token template that would previously be shown in this case. + This change concerns the optional account validity feature. + (#9832) + - Bugfixes + - Fix tight loop when handling presence replication when using + workers. Introduced in v1.33.0rc1. (#9900) + - Fixes the OIDC SSO flow when using a public_baseurl value + including a non-root URL path. (#9726) + - Fix thumbnail generation for some sites with non-standard + content types. Contributed by @rkfg. (#9788) + - Add some sanity checks to identity server passed to 3PID + bind/unbind endpoints. (#9802) + - Limit the size of HTTP responses read over federation. + (#9833) + - Fix a bug which could cause Synapse to get stuck in a loop of + resyncing device lists. (#9867) + - Fix a long-standing bug where errors from federation did not + propagate to the client. (#9868) + - Improved Documentation + - Add a note to the docker docs mentioning that we mirror + upstream's supported Docker platforms. (#9801) + - Internal Changes + - Add a dockerfile for running Synapse in worker-mode under + Complement. (#9162) + - Apply pyupgrade across the codebase. (#9786) + - Move some replication processing out of generic_worker. + (#9796) + - Replace HomeServer.get_config() with inline references. + (#9815) + - Rename some handlers and config modules to not duplicate the + top-level module. (#9816) + - Fix a long-standing bug which caused max_upload_size to not + be correctly enforced. (#9817) + - Reduce CPU usage of the user directory by reusing existing + calculated room membership. (#9821) + - Small speed up for joining large remote rooms. (#9825) + - Introduce flake8-bugbear to the test suite and fix some of + its lint violations. (#9838) + - Only store the raw data in the in-memory caches, rather than + objects that include references to e.g. the data stores. + (#9845) + - Limit length of accepted email addresses. (#9855) + - Remove redundant synapse.types.Collection type definition. + (#9856) + - Handle recently added rate limits correctly when using + --no-rate-limit with the demo scripts. (#9858) + - Disable invite rate-limiting by default when running the unit + tests. (#9871) + - Pass a reactor into SynapseSite to make testing easier. + (#9874) + - Make DomainSpecificString an attrs class. (#9875) + - Add type hints to synapse.api.auth and + synapse.api.auth_blocking modules. (#9876) + - Remove redundant _PushHTTPChannel test class. (#9878) + - Remove backwards-compatibility code for Python versions < + 3.6. (#9879) + - Small performance improvement around handling new local + presence updates. (#9887) +- refreshed patches: + dont-bump-cryptography-with-system-openssl.patch + matrix-synapse-1.4.1-paths.patch + +------------------------------------------------------------------- +Thu Apr 22 11:12:46 UTC 2021 - Marcus Rueckert + +- Update to v1.32.2 + - Bugfixes + - Fix a regression in Synapse 1.32.0 and 1.32.1 which caused + LoggingContext errors in plugins. (#9857) + +------------------------------------------------------------------- +Wed Apr 21 14:08:11 UTC 2021 - Marcus Rueckert + +- Update to v1.32.1 + + This release fixes a regression in Synapse 1.32.0 that caused + connected Prometheus instances to become unstable. If you ran + Synapse 1.32.0 with Prometheus metrics, first upgrade to Synapse + 1.32.1 and follow these instructions to clean up any excess + writeahead logs. + + - Bugfixes + - Fix a regression in Synapse 1.32.0 which caused Synapse to + report large numbers of Prometheus time series, potentially + overwhelming Prometheus instances. (#9854) + +------------------------------------------------------------------- +Tue Apr 20 17:15:24 UTC 2021 - Marcus Rueckert + +- Update to v1.32.0 + This release removes the deprecated GET + /_synapse/admin/v1/users/ admin API. Please use the v2 + API instead, which has improved capabilities. + + This release requires Application Services to use type + m.login.application_services when registering users via the + /_matrix/client/r0/register endpoint to comply with the spec. + Please ensure your Application Services are up to date. + + - Features + - Add a Synapse module for routing presence updates between + users. (#9491) + - Add an admin API to manage ratelimit for a specific user. + (#9648) + - Include request information in structured logging output. + (#9654) + - Add order_by to the admin API GET /_synapse/admin/v2/users. + Contributed by @dklimpel. (#9691) + - Replace the room_invite_state_types configuration setting + with room_prejoin_state. (#9700) + - Add experimental support for MSC3083: restricting room access + via group membership. (#9717, #9735) + - Update experimental support for Spaces: include m.room.create + in the room state sent with room-invites. (#9710) + - Synapse now requires Python 3.6 or later. It also requires + Postgres 9.6 or later or SQLite 3.22 or later. (#9766) + - Bugfixes + - Fix the log lines of nested logging contexts. Broke in + 1.32.0rc1. (#9829) + - Prevent synapse_forward_extremities and + synapse_excess_extremity_events Prometheus metrics from + initially reporting zero-values after startup. (#8926) + - Fix recently added ratelimits to correctly honour the + application service rate_limited flag. (#9711) + - Fix longstanding bug which caused duplicate key value + violates unique constraint + "remote_media_cache_thumbnails_media_origin_media_id_thumbna_key" + errors. (#9725) + - Fix bug where sharded federation senders could get stuck + repeatedly querying the DB in a loop, using lots of CPU. + (#9770) + - Fix duplicate logging of exceptions thrown during federation + transaction processing. (#9780) + - Updates to the Docker image + - Move opencontainers labels to the final Docker image such + that users can inspect them. (#9765) + - Improved Documentation + - Make the allowed_local_3pids regex example in the sample + config stricter. (#9719) + - Deprecations and Removals + - Remove old admin API GET /_synapse/admin/v1/users/. + (#9401) + - Make /_matrix/client/r0/register expect a type of + m.login.application_service when an Application Service + registers a user, to align with the relevant spec. (#9548) + - Internal Changes + - Replace deprecated imp module with successor importlib. + Contributed by Cristina Muñoz. (#9718) + - Experiment with GitHub Actions for CI. (#9661) + - Introduce flake8-bugbear to the test suite and fix some of + its lint violations. (#9682) + - Update scripts-dev/complement.sh to use a local checkout of + Complement, allow running a subset of tests and have it use + Synapse's Complement test blacklist. (#9685) + - Improve Jaeger tracing for to_device messages. (#9686) + - Add release helper script for automating part of the Synapse + release process. (#9713) + - Add type hints to expiring cache. (#9730) + - Convert various testcases to HomeserverTestCase. (#9736) + - Start linting mypy with no_implicit_optional. (#9742) + - Add missing type hints to federation handler and server. + (#9743) + - Check that a ConfigError is raised, rather than simply + Exception, when appropriate in homeserver config file + generation tests. (#9753) + - Fix incompatibility with tox 2.5. (#9769) + - Enable Complement tests for MSC2946: Spaces Summary API. + (#9771) + - Use mock from the standard library instead of a separate + package. (#9772) + - Update Black configuration to target Python 3.6. (#9781) + - Add option to skip unit tests when building Debian packages. + (#9793) + +------------------------------------------------------------------- +Tue Apr 6 13:17:11 UTC 2021 - Marcus Rueckert + +- Update to 1.31.0 + Note: As announced in v1.25.0, and in line with the deprecation + policy for platform dependencies, this is the last release to + support Python 3.5 and PostgreSQL 9.5. Future versions of Synapse + will require Python 3.6+ and PostgreSQL 9.6+, as per our + deprecation policy. + + - Features + - Add support to OpenID Connect login for requiring attributes + on the userinfo response. Contributed by Hubbte King. (#9609) + - Add initial experimental support for a "space summary" API. + (#9643, #9652, #9653) + - Add support for the busy presence state as described in + MSC3026. (#9644) + - Add support for credentials for proxy authentication in the + HTTPS_PROXY environment variable. (#9657) + - Bugfixes + - Fix a longstanding bug that could cause issues when editing a + reply to a message. (#9585) + - Fix the /capabilities endpoint to return m.change_password as + disabled if the local password database is not used for + authentication. Contributed by @dklimpel. (#9588) + - Check if local passwords are enabled before setting them for + the user. (#9636) + - Fix a bug where federation sending can stall due to + concurrent access database exceptions when it falls behind. + (#9639) + - Fix a bug introduced in Synapse 1.30.1 which meant the + suggested pip incantation to install an updated cryptography + was incorrect. (#9699) + - Updates to the Docker image + - Speed up Docker builds and make it nicer to test against + Complement while developing (install all dependencies before + copying the project). (#9610) + - Include opencontainers labels in the Docker image. (#9612) + - Improved Documentation + - Add a document describing the deprecation policy for platform + dependencies. (#9723) + - Clarify that register_new_matrix_user is present also when + installed via non-pip package. (#9074) + - Update source install documentation to mention platform + prerequisites before the source install steps. (#9667) + - Improve worker documentation for fallback/web auth endpoints. + (#9679) + - Update the sample configuration for OIDC authentication. + (#9695) + - Internal Changes + - Revert using dmypy run in lint script. (#9720) + - Pin flake8-bugbear's version. (#9734) + - Preparatory steps for removing redundant outlier data from + event_json.internal_metadata column. (#9411) + - Add type hints to the caching module. (#9442) + - Introduce flake8-bugbear to the test suite and fix some of + its lint violations. (#9499, #9659) + - Add additional type hints to the Homeserver object. (#9631, + #9638, #9675, #9681) + - Only save remote cross-signing and device keys if they're + different from the current ones. (#9634) + - Rename storage function to fix spelling and not conflict with + another function's name. (#9637) + - Improve performance of federation catch up by sending the + latest events in the room to the remote, rather than just the + last event sent by the local server. (#9640, #9664) + - In the federation_client commandline client, stop + automatically adding the URL prefix, so that servlets on + other prefixes can be tested. (#9645) + - In the federation_client commandline client, handle inline + signing_keys in homeserver.yaml. (#9647) + - Fixed some antipattern issues to improve code quality. + (#9649) + - Add a storage method for pulling all current user presence + state from the database. (#9650) + - Import HomeServer from the proper module. (#9665) + - Increase default join ratelimiting burst rate. (#9674) + - Add type hints to third party event rules and visibility + modules. (#9676) + - Bump mypy-zope to 0.2.13 to fix "Cannot determine consistent + method resolution order (MRO)" errors when running mypy a + second time. (#9678) + - Use interpreter from $PATH via /usr/bin/env instead of + absolute paths in various scripts. (#9689) + - Make it possible to use dmypy. (#9692) + - Suppress "CryptographyDeprecationWarning: int_from_bytes is + deprecated". (#9698) + - Use dmypy run in lint script for improved performance in + type-checking while developing. (#9701) + - Fix undetected mypy error when using Python 3.6. (#9703) + - Fix type-checking CI on develop. (#9709) + +------------------------------------------------------------------- +Fri Mar 26 12:39:34 UTC 2021 - Marcus Rueckert + +- Update to 1.30.1 + This release is identical to Synapse 1.30.0, with the exception + of explicitly setting a minimum version of Python's Cryptography + library to ensure that users of Synapse are protected from the + recent OpenSSL security advisories, especially CVE-2021-3449. + - Internal Changes + - Enforce that `cryptography` dependency is up to date to + ensure it has the most recent openssl patches. (#9697) + +- Note: we do not bump the cryptography dependency in our package + as we use the system OpenSSL which gets the fix. + + Add dont-bump-cryptography-with-system-openssl.patch to comment + out the dependency because otherwise the newer version + requirement is enforced on startup + +------------------------------------------------------------------- +Mon Mar 22 14:02:31 UTC 2021 - Marcus Rueckert + +- Update to 1.30.0 + Note that this release deprecates the ability for appservices to + call POST /_matrix/client/r0/register without the body parameter + type. Appservice developers should use a type value of + m.login.application_service as per the spec. In future releases, + calling this endpoint with an access token - but without a + m.login.application_service type - will fail. + + - Features + - Add prometheus metrics for number of users successfully + registering and logging in. (#9510, #9511, #9573) + - Add synapse_federation_last_sent_pdu_time and + synapse_federation_last_received_pdu_time prometheus metrics, + which monitor federation delays by reporting the timestamps + of messages sent and received to a set of remote servers. + (#9540) + - Add support for generating JSON Web Tokens dynamically for + use as OIDC client secrets. (#9549) + - Optimise handling of incomplete room history for incoming + federation. (#9601) + - Finalise support for allowing clients to pick an SSO Identity + Provider (MSC2858). (#9617) + - Tell spam checker modules about the SSO IdP a user registered + through if one was used. (#9626) + - Bugfixes + - Fix long-standing bug when generating thumbnails for some + images with transparency: TypeError: cannot unpack + non-iterable int object. (#9473) + - Purge chain cover indexes for events that were purged prior + to Synapse v1.29.0. (#9542, #9583) + - Fix bug where federation requests were not correctly retried + on 5xx responses. (#9567) + - Fix re-activating an account via the admin API when local + passwords are disabled. (#9587) + - Fix a bug introduced in Synapse 1.20 which caused incoming + federation transactions to stack up, causing slow recovery + from outages. (#9597) + - Fix a bug introduced in v1.28.0 where the OpenID Connect + callback endpoint could error with a MacaroonInitException. + (#9620) + - Fix Internal Server Error on GET + /_synapse/client/saml2/authn_response request. (#9623) + - Updates to the Docker image + - Use jemalloc if available in docker. (#8553) + - Improved Documentation + - Add relayd entry to reverse proxy example configurations. + (#9508) + - Improve the SAML2 upgrade notes for 1.27.0. (#9550) + - Link to the "List user's media" admin API from the media + admin API docs. (#9571) + - Clarify the spam checker modules documentation example to + mention that parse_config is a required method. (#9580) + - Clarify the sample configuration for stats settings. (#9604) + - Deprecations and Removals + - The synapse_federation_last_sent_pdu_age and + synapse_federation_last_received_pdu_age prometheus metrics + have been removed. They are replaced by + synapse_federation_last_sent_pdu_time and + synapse_federation_last_received_pdu_time. (#9540) + - Registering an Application Service user without using the + m.login.application_service login type will be unsupported in + an upcoming Synapse release. (#9559) + - Internal Changes + - Add tests to ResponseCache. (#9458) + - Add type hints to purge room and server notice admin API. + (#9520) + - Add extra logging to ObservableDeferred when callbacks throw + exceptions. (#9523) + - Fix incorrect type hints. (#9528, #9543, #9591, #9608, #9618) + - Add an additional test for purging a room. (#9541) + - Add a .git-blame-ignore-revs file with the hashes of + auto-formatting. (#9560) + - Increase the threshold before which outbound federation to a + server goes into "catch up" mode, which is expensive for the + remote server to handle. (#9561) + - Fix spurious errors reported by the config-lint.sh script. + (#9562) + - Fix type hints and tests for BlacklistingAgentWrapper and + BlacklistingReactorWrapper. (#9563) + - Do not have mypy ignore type hints from unpaddedbase64. + (#9568) + - Improve efficiency of calculating the auth chain in large + rooms. (#9576) + - Convert synapse.types.Requester to an attrs class. (#9586) + - Add logging for redis connection setup. (#9590) + - Improve logging when processing incoming transactions. + (#9596) + - Remove unused stats.retention setting, and emit a warning if + stats are disabled. (#9604) + - Prevent attempting to bundle aggregations for state events in + /context APIs. (#9619) + +------------------------------------------------------------------- +Mon Mar 8 21:27:57 UTC 2021 - Marcus Rueckert + +- Update to 1.29.0 + Note that synapse now expects an X-Forwarded-Proto header when + used with a reverse proxy. Please see UPGRADE.rst for more + details on this change. + + - Features + - Add rate limiters to cross-user key sharing requests. (#8957) + - Add order_by to the admin API GET + /_synapse/admin/v1/users//media. Contributed by + @dklimpel. (#8978) + - Add some configuration settings to make users' profile data + more private. (#9203) + - The no_proxy and NO_PROXY environment variables are now + respected in proxied HTTP clients with the lowercase form + taking precedence if both are present. Additionally, the + lowercase https_proxy environment variable is now respected + in proxied HTTP clients on top of existing support for the + uppercase HTTPS_PROXY form and takes precedence if both are + present. Contributed by Timothy Leung. (#9372) + - Add a configuration option, + user_directory.prefer_local_users, which when enabled will + make it more likely for users on the same server as you to + appear above other users. (#9383, #9385) + - Add support for regenerating thumbnails if they have been + deleted but the original image is still stored. (#9438) + - Add support for X-Forwarded-Proto header when using a reverse + proxy. (#9472, #9501, #9512, #9539) + - Bugfixes + - Fix a bug where users' pushers were not all deleted when they + deactivated their account. (#9285, #9516) + - Fix a bug where a lot of unnecessary presence updates were + sent when joining a room. (#9402) + - Fix a bug that caused multiple calls to the experimental + shared_rooms endpoint to return stale results. (#9416) + - Fix a bug in single sign-on which could cause a "No session + cookie found" error. (#9436) + - Fix bug introduced in v1.27.0 where allowing a user to choose + their own username when logging in via single sign-on did not + work unless an idp_icon was defined. (#9440) + - Fix a bug introduced in v1.26.0 where some sequences were not + properly configured when running synapse_port_db. (#9449) + - Fix deleting pushers when using sharded pushers. (#9465, + #9466, #9479, #9536) + - Fix missing startup checks for the consistency of certain + PostgreSQL sequences. (#9470) + - Fix a long-standing bug where the media repository could leak + file descriptors while previewing media. (#9497) + - Properly purge the event chain cover index when purging + history. (#9498) + - Fix missing chain cover index due to a schema delta not being + applied correctly. Only affected servers that ran development + versions. (#9503) + - Fix a bug introduced in v1.25.0 where /_synapse/admin/join/ + would fail when given a room alias. (#9506) + - Prevent presence background jobs from running when presence + is disabled. (#9530) + - Fix rare edge case that caused a background update to fail if + the server had rejected an event that had duplicate auth + events. (#9537) + - Improved Documentation + - Update the example systemd config to propagate reloads to + individual units. (#9463) + - Internal Changes + - Add documentation and type hints to parse_duration. (#9432) + - Remove vestiges of uploads_path configuration setting. + (#9462) + - Add a comment about systemd-python. (#9464) + - Test that we require validated email for email pushers. + (#9496) + - Allow python to generate bytecode for synapse. (#9502) + - Fix incorrect type hints. (#9515, #9518) + - Add type hints to device and event report admin API. (#9519) + - Add type hints to user admin API. (#9521) + - Bump the versions of mypy and mypy-zope used for static type + checking. (#9529) + +------------------------------------------------------------------- +Thu Feb 25 22:00:48 UTC 2021 - Marcus Rueckert + +- Update to 1.28.0 + This release fixes the documentation included in v1.27.0 around + the callback URI for SAML2 identity providers. If your server is + configured to use single sign-on via a SAML2 IdP, you may need to + make configuration changes. Please review UPGRADE.rst for more + details on these changes. + + Removal warning + - The v1 list accounts API is deprecated and will be removed in a + future release. This API was undocumented and misleading. It + can be replaced by the v2 list accounts API, which has been + available since Synapse 1.7.0 (2019-12-13). + + - Please check if you're using any scripts which use the admin + API and replace GET /_synapse/admin/v1/users/ with GET + /_synapse/admin/v2/users. + + - Features + - New admin API to get the context of an event: + /_synapse/admin/rooms/{roomId}/context/{eventId}. (#9150) + - Further improvements to the user experience of registration + via single sign-on. (#9300, #9301) + - Add hook to spam checker modules that allow checking file + uploads and remote downloads. (#9311) + - Add support for receiving OpenID Connect authentication + responses via form POSTs rather than GETs. (#9376) + - Add the shadow-banning status to the admin API for user info. + (#9400) + - Bugfixes + - Fix long-standing bug where sending email notifications would + fail for rooms that the server had since left. (#9257) + - Fix bug in Synapse 1.27.0rc1 which meant the "session + expired" error page during SSO registration was badly + formatted. (#9296) + - Assert a maximum length for some parameters for spec + compliance. (#9321, #9393) + - Fix additional errors when previewing URLs: "AttributeError + 'NoneType' object has no attribute 'xpath'" and "ValueError: + Unicode strings with encoding declaration are not supported. + Please use bytes input or XML fragments without + declaration.". (#9333) + - Fix a bug causing Synapse to impose the wrong type + constraints on fields when processing responses from + appservices to /_matrix/app/v1/thirdparty/user/{protocol}. + (#9361) + - Fix bug where Synapse would occasionally stop reconnecting to + Redis after the connection was lost. (#9391) + - Fix a long-standing bug when upgrading a room: "TypeError: + '>' not supported between instances of 'NoneType' and 'int'". + (#9395) + - Reduce the amount of memory used when generating the URL + preview of a file that is larger than the max_spider_size. + (#9421) + - Fix a long-standing bug in the deduplication of old presence, + resulting in no deduplication. (#9425) + - The ui_auth.session_timeout config option can now be + specified in terms of number of seconds/minutes/etc/. + Contributed by Rishabh Arya. (#9426) + - Fix a bug introduced in v1.27.0: "TypeError: int() argument + must be a string, a bytes-like object or a number, not + 'NoneType." related to the user directory. (#9428) + - Updates to the Docker image + - Drop support for ARMv7 in Docker images. (#9433) + - Improved Documentation + - Reorganize CHANGELOG.md. (#9281) + - Add note to auto_join_rooms config option explaining existing + rooms must be publicly joinable. (#9291) + - Correct name of Synapse's service file in TURN howto. (#9308) + - Fix the braces in the oidc_providers section of the sample + config. (#9317) + - Update installation instructions on Fedora. (#9322) + - Add HTTP/2 support to the nginx example configuration. + Contributed by David Vo. (#9390) + - Update docs for using Gitea as OpenID provider. (#9404) + - Document that pusher instances are shardable. (#9407) + - Fix erroneous documentation from v1.27.0 about updating the + SAML2 callback URL. (#9434) + - Deprecations and Removals + - Deprecate old admin API GET + /_synapse/admin/v1/users/. (#9429) + - Internal Changes + - Revert change in v1.28.0rc1 to remove the deprecated SAML + endpoint. (#9474) + - Fix 'object name reserved for internal use' errors with + recent versions of SQLite. (#9003) + - Add experimental support for running Synapse with PyPy. + (#9123) + - Deny access to additional IP addresses by default. (#9240) + - Update the Cursor type hints to better match PEP 249. (#9299) + - Add debug logging for SRV lookups. Contributed by @Bubu. + (#9305) + - Improve logging for OIDC login flow. (#9307) + - Share the code for handling required attributes between the + CAS and SAML handlers. (#9326) + - Clean up the code to load the metadata for OpenID Connect + identity providers. (#9362) + - Convert tests to use HomeserverTestCase. (#9377, #9396) + - Update the version of black used to 20.8b1. (#9381) + - Allow OIDC config to override discovered values. (#9384) + - Remove some dead code from the acceptance of room invites + path. (#9394) + - Clean up an unused method in the presence handler code. + (#9408) + +------------------------------------------------------------------- +Tue Feb 16 14:12:41 UTC 2021 - Marcus Rueckert + +- Update to 1.27.0 + Note that this release includes a change in Synapse to use Redis + as a cache ─ as well as a pub/sub mechanism ─ if Redis support is + enabled for workers. No action is needed by server + administrators, and we do not expect resource usage of the Redis + instance to change dramatically. + + This release also changes the callback URI for OpenID Connect + (OIDC) identity providers. If your server is configured to use + single sign-on via an OIDC/OAuth2 IdP, you may need to make + configuration changes. Please review UPGRADE.rst for more details + on these changes. + + This release also changes escaping of variables in the HTML + templates for SSO or email notifications. If you have customised + these templates, please review UPGRADE.rst for more details on + these changes. + + - Features + - Further improvements to the user experience of registration + via single sign-on. (#9297) + - Add an admin API for getting and deleting forward extremities + for a room. (#9062) + - Add an admin API for retrieving the current room state of a + room. (#9168) + - Add experimental support for allowing clients to pick an SSO + Identity Provider (MSC2858). (#9183, #9242) + - Add an admin API endpoint for shadow-banning users. (#9209) + - Add ratelimits to the 3PID /requestToken APIs. (#9238) + - Add support to the OpenID Connect integration for adding the + user's email address. (#9245) + - Add ratelimits to invites in rooms and to specific users. + (#9258) + - Improve the user experience of setting up an account via + single-sign on. (#9262, #9272, #9275, #9276, #9277, #9286, + #9287) + - Add phone home stats for encrypted messages. (#9283) + - Update the redirect URI for OIDC authentication. (#9288) + - Bugfixes + - Fix ratelimiting introduced in v1.27.0rc1 for invites to + respect the ratelimit flag on application services. (#9302) + - Do not automatically calculate public_baseurl since it can be + wrong in some situations. Reverts behaviour introduced in + v1.26.0. (#9313) + - Fix spurious errors in logs when deleting a non-existant + pusher. (#9121) + - Fix a long-standing bug where Synapse would return a 500 + error when a thumbnail did not exist (and auto-generation of + thumbnails was not enabled). (#9163) + - Fix a long-standing bug where an internal server error was + raised when attempting to preview an HTML document in an + unknown character encoding. (#9164) + - Fix a long-standing bug where invalid data could cause errors + when calculating the presentable room name for push. (#9165) + - Fix bug where we sometimes didn't detect that Redis + connections had died, causing workers to not see new data. + (#9218) + - Fix a bug where None was passed to Synapse modules instead of + an empty dictionary if an empty module config block was + provided in the homeserver config. (#9229) + - Fix a bug in the make_room_admin admin API where it failed if + the admin with the greatest power level was not in the room. + Contributed by Pankaj Yadav. (#9235) + - Prevent password hashes from getting dropped if a client + failed threepid validation during a User Interactive Auth + stage. Removes a workaround for an ancient bug in Riot Web + + +- no longer have a 2nd changes file for the test package. OBS uses + the main changes file now. + +------------------------------------------------------------------- +Thu Jan 28 01:01:53 UTC 2021 - Marcus Rueckert + +- Update to 1.26.0 + This release brings a new schema version for Synapse and rolling + back to a previous version is not trivial. Please review + UPGRADE.rst for more details on these changes and for general + upgrade guidance. + + - Features + - Add support for multiple SSO Identity Providers. (#9015, + #9017, #9036, #9067, #9081, #9082, #9105, #9107, #9109, + #9110, #9127, #9153, #9154, #9177) + - During user-interactive authentication via single-sign-on, + give a better error if the user uses the wrong account on the + SSO IdP. (#9091) + - Give the public_baseurl a default value, if it is not + explicitly set in the configuration file. (#9159) + - Improve performance when calculating ignored users in large + rooms. (#9024) + - Implement MSC2176 in an experimental room version. (#8984) + - Add an admin API for protecting local media from quarantine. + (#9086) + - Remove a user's avatar URL and display name when deactivated + with the Admin API. (#8932) + - Update /_synapse/admin/v1/users//joined_rooms to + work for both local and remote users. (#8948) + - Add experimental support for handling to-device messages on + worker processes. (#9042, #9043, #9044, #9130) + - Add experimental support for handling /keys/claim and + /room_keys APIs on worker processes. (#9068) + - Add experimental support for handling /devices API on worker + processes. (#9092) + - Add experimental support for moving off receipts and account + data persistence off master. (#9104, #9166) + - Bugfixes + - Fix receipts and account data not being sent down sync. + Introduced in v1.26.0rc1. (#9193, #9195) + - Fix chain cover update to handle events with duplicate auth + events. Introduced in v1.26.0rc1. (#9210) + - Fix a long-standing issue where an internal server error + would occur when requesting a profile over federation that + did not include a display name / avatar URL. (#9023) + - Fix a long-standing bug where some caches could grow larger + than configured. (#9028) + - Fix error handling during insertion of client IPs into the + database. (#9051) + - Fix bug where we didn't correctly record CPU time spent in + on_new_event block. (#9053) + - Fix a minor bug which could cause confusing error messages + from invalid configurations. (#9054) + - Fix incorrect exit code when there is an error at startup. + (#9059) + - Fix JSONDecodeError spamming the logs when sending + transactions to remote servers. (#9070) + - Fix "Failed to send request" errors when a client provides an + invalid room alias. (#9071) + - Fix bugs in federation catchup logic that caused outbound + federation to be delayed for large servers after start up. + Introduced in v1.8.0 and v1.21.0. (#9114, #9116) + - Fix corruption of pushers data when a postgres bouncer is + used. (#9117) + - Fix minor bugs in handling the clientRedirectUrl parameter + for SSO login. (#9128) + - Fix "Unhandled error in Deferred: BodyExceededMaxSize" errors + when .well-known files that are too large. (#9108) + - Fix "UnboundLocalError: local variable 'length' referenced + before assignment" errors when the response body exceeds the + expected size. This bug was introduced in v1.25.0. (#9145) + - Fix a long-standing bug "ValueError: invalid literal for + int() with base 10" when /publicRooms is requested with an + invalid server parameter. (#9161) + - Improved Documentation + - Add some extra docs for getting Synapse running on macOS. + (#8997) + - Correct a typo in the systemd-with-workers documentation. + (#9035) + - Correct a typo in INSTALL.md. (#9040) + - Add missing user_mapping_provider configuration to the + Keycloak OIDC example. Contributed by @chris-ruecker. (#9057) + - Quote pip install packages when extras are used to avoid + shells interpreting bracket characters. (#9151) + - Deprecations and Removals + - Remove broken and unmaintained demo/webserver.py script. + (#9039) + - Internal Changes + - Add an oidc- prefix to any idp_ids which are given in the + oidc_providers configuration. (#9189) + - Bump minimum psycopg2 version to v2.8. (#9204) + - Improve efficiency of large state resolutions. (#8868, #9029, + #9115, #9118, #9124) + - Various clean-ups to the structured logging and logging + context code. (#8939) + - Ensure rejected events get added to some metadata tables. + (#9016) + - Ignore date-rotated homeserver logs saved to disk. (#9018) + - Remove an unused column from access_tokens table. (#9025) + - Add a -noextras factor to tox.ini, to support running the + tests with no optional dependencies. (#9030) + - Fix running unit tests when optional dependencies are not + installed. (#9031) + - Allow bumping schema version when using split out state + database. (#9033) + - Configure the linters to run on a consistent set of files. + (#9038) + - Various cleanups to device inbox store. (#9041) + - Drop unused database tables. (#9055) + - Remove unused SynapseService class. (#9058) + - Remove unnecessary declarations in the tests for the admin + API. (#9063) + - Remove SynapseRequest.get_user_agent. (#9069) + - Remove redundant Homeserver.get_ip_from_request method. + (#9080) + - Add type hints to media repository. (#9093) + - Fix the wrong arguments being passed to + BlacklistingAgentWrapper from MatrixFederationAgent. + Contributed by Timothy Leung. (#9098) + - Reduce the scope of caught exceptions in + BlacklistingAgentWrapper. (#9106) + - Improve UsernamePickerTestCase. (#9112) + - Remove dependency on distutils. (#9125) + - Enforce that replication HTTP clients are called with keyword + arguments only. (#9144) + - Fix the Python 3.5 / old dependencies build in CI. (#9146) + - Replace the old perspectives option in the Synapse docker + config file template with trusted_key_servers. (#9157) + +------------------------------------------------------------------- +Mon Jan 25 09:28:42 UTC 2021 - Ben Greiner + +- Remove python singlespec macro usage: This package only builds + against the primary python3 flavor. No need to pull in and expand + legacy python36 +- Remove Leap 42 python2 handling in matrix-synapse-test.spec + +------------------------------------------------------------------- +Wed Jan 13 12:28:54 UTC 2021 - Marcus Rueckert + +- Update to 1.25.0 + Ending Support for Python 3.5 and Postgres 9.5 With this release, + the Synapse team is announcing a formal deprecation policy for + our platform dependencies, like Python and PostgreSQL: + + All future releases of Synapse will follow the upstream + end-of-life schedules. + + Which means: + + This is the last release which guarantees support for Python 3.5. + We will end support for PostgreSQL 9.5 early next month. We will + end support for Python 3.6 and PostgreSQL 9.6 near the end of the + year. Crucially, this means we will not produce .deb packages + for Debian 9 (Stretch) or Ubuntu 16.04 (Xenial) beyond the + transition period described below. + + The website https://endoflife.date/ has convenient summaries of + the support schedules for projects like Python and PostgreSQL. + + If you are unable to upgrade your environment to a supported + version of Python or Postgres, we encourage you to consider using + the Synapse Docker images instead. + + Transition Period We will make a good faith attempt to avoid + breaking compatibility in all releases through the end of March + 2021. However, critical security vulnerabilities in dependencies + or other unanticipated circumstances may arise which necessitate + breaking compatibility earlier. + + We intend to continue producing .deb packages for Debian 9 + (Stretch) and Ubuntu 16.04 (Xenial) through the transition + period. + + Removal warning The old Purge Room API and Shutdown Room API are + deprecated and will be removed in a future release. They will be + replaced by the Delete Room APIe + + POST /_synapse/admin/v1/rooms//delete replaces + POST /_synapse/admin/v1/purge_room and + POST /_synapse/admin/v1/shutdown_room/. + + - Features + - Add an admin API that lets server admins get power in rooms + in which local users have power. (#8756) + - Add optional HTTP authentication to replication endpoints. + (#8853) + - Improve the error messages printed as a result of + configuration problems for extension modules. (#8874) + - Add the number of local devices to Room Details Admin API. + Contributed by @dklimpel. (#8886) + - Add X-Robots-Tag header to stop web crawlers from indexing + media. Contributed by Aaron Raimist. (#8887) + - Spam-checkers may now define their methods as async. (#8890) + - Add support for allowing users to pick their own user ID + during a single-sign-on login. (#8897, #8900, #8911, #8938, + #8941, #8942, #8951) + - Add an email.invite_client_location configuration option to + send a web client location to the invite endpoint on the + identity server which allows customisation of the email + template. (#8930) + - The search term in the list room and list user Admin APIs is + now treated as case-insensitive. (#8931) + - Apply an IP range blacklist to push and key revocation + requests. (#8821, #8870, #8954) + - Add an option to allow re-use of user-interactive + authentication sessions for a period of time. (#8970) + - Allow running the redact endpoint on workers. (#8994) + - Bugfixes + - Fix HTTP proxy support when using a proxy that is on a + blacklisted IP. Introduced in v1.25.0rc1. Contributed by + @Bubu. (#9084) + - Fix bug where we might not correctly calculate the current + state for rooms with multiple extremities. (#8827) + - Fix a long-standing bug in the register admin endpoint + (/_synapse/admin/v1/register) when the mac field was not + provided. The endpoint now properly returns a 400 error. + Contributed by @edwargix. (#8837) + - Fix a long-standing bug on Synapse instances supporting + Single-Sign-On, where users would be prompted to enter their + password to confirm certain actions, even though they have + not set a password. (#8858) + - Fix a longstanding bug where a 500 error would be returned if + the Content-Length header was not provided to the upload + media resource. (#8862) + - Add additional validation to pusher URLs to be compliant with + the specification. (#8865) + - Fix the error code that is returned when a user tries to + register on a homeserver on which new-user registration has + been disabled. (#8867) + - Fix a bug where PUT /_synapse/admin/v2/users/ failed + to create a new user when avatar_url is specified. Bug + introduced in Synapse v1.9.0. (#8872) + - Fix a 500 error when attempting to preview an empty HTML + file. (#8883) + - Fix occasional deadlock when handling SIGHUP. (#8918) + - Fix login API to not ratelimit application services that have + ratelimiting disabled. (#8920) + - Fix bug where we ratelimited auto joining of rooms on + registration (using auto_join_rooms config). (#8921) + - Fix a bug where deactivated users appeared in the user + directory when their profile information was updated. (#8933, + #8964) + - Fix bug introduced in Synapse v1.24.0 which would cause an + exception on startup if both enabled and localdb_enabled were + set to False in the password_config setting of the + configuration file. (#8937) + - Fix a bug where 500 errors would be returned if the + m.room_history_visibility event had invalid content. (#8945) + - Fix a bug causing common English words to not be considered + for a user directory search. (#8959) + - Fix bug where application services couldn't register new + ghost users if the server had reached its MAU limit. (#8962) + - Fix a long-standing bug where a m.image event without a url + would cause errors on push. (#8965) + - Fix a small bug in v2 state resolution algorithm, which could + also cause performance issues for rooms with large numbers of + power levels. (#8971) + - Add validation to the sendToDevice API to raise a missing + parameters error instead of a 500 error. (#8975) + - Add validation of group IDs to raise a 400 error instead of a + 500 eror. (#8977) + - Improved Documentation + - Fix the "Event persist rate" section of the included grafana + dashboard by adding missing prometheus rules. (#8802) + - Combine related media admin API docs. (#8839) + - Fix an error in the documentation for the SAML username + mapping provider. (#8873) + - Clarify comments around template directories in + sample_config.yaml. (#8891) + - Moved instructions for database setup, adjusted heading + levels and improved syntax highlighting in INSTALL.md. + Contributed by fossterer. (#8987) + - Update the example value of group_creation_prefix in the + sample configuration. (#8992) + - Link the Synapse developer room to the development section in + the docs. (#9002) + - Deprecations and Removals + - Deprecate Shutdown Room and Purge Room Admin APIs. (#8829) + - Internal Changes + - Properly store the mapping of external ID to Matrix ID for + CAS users. (#8856, #8958) + - Remove some unnecessary stubbing from unit tests. (#8861) + - Remove unused FakeResponse class from unit tests. (#8864) + - Pass room_id to get_auth_chain_difference. (#8879) + - Add type hints to push module. (#8880, #8882, #8901, #8940, + #8943, #9020) + - Simplify logic for handling user-interactive-auth via + single-sign-on servers. (#8881) + - Skip the SAML tests if the requirements (pysaml2 and xmlsec1) + aren't available. (#8905) + - Fix multiarch docker image builds. (#8906) + - Don't publish latest docker image until all archs are built. + (#8909) + - Various clean-ups to the structured logging and logging + context code. (#8916, #8935) + - Automatically drop stale forward-extremities under some + specific conditions. (#8929) + - Refactor test utilities for injecting HTTP requests. (#8946) + - Add a maximum size of 50 kilobytes to .well-known lookups. + (#8950) + - Fix bug in generate_log_config script which made it write + empty files. (#8952) + - Clean up tox.ini file; disable coverage checking for non-test + runs. (#8963) + - Add type hints to the admin and room list handlers. (#8973) + - Add type hints to the receipts and user directory handlers. + (#8976) + - Drop the unused local_invites table. (#8979) + - Add type hints to the base storage code. (#8980) + - Support using PyJWT v2.0.0 in the test suite. (#8986) + - Fix tests.federation.transport.RoomDirectoryFederationTests + and ensure it runs in CI. (#8998) + - Add type hints to the crypto module. (#8999) + +------------------------------------------------------------------- +Wed Dec 9 11:34:37 UTC 2020 - Marcus Rueckert + +- Update to 1.24.0 + + Due to the two security issues highlighted below, server + administrators are encouraged to update Synapse. We are not aware + of these vulnerabilities being exploited in the wild. + + - Security + - There is a denial of service attack (CVE-2020-26257) against + the federation APIs in which future events will not be + correctly sent to other servers over federation. This affects + all servers that participate in open federation. (Fixed in + #8776). + - Synapse may be affected by OpenSSL CVE-2020-1971. + Synapse administrators should ensure that they have the + latest versions of the cryptography Python package installed. + - Features + - Add admin API for logging in as a user. (#8617) + - Allow specification of the SAML IdP if the metadata returns + multiple IdPs. (#8630) + - Add support for re-trying generation of a localpart for + OpenID Connect mapping providers. (#8801, #8855) + - Allow the Date header through CORS. Contributed by Nicolas + Chamo. (#8804) + - Add a config option, push.group_by_unread_count, which + controls whether unread message counts in push notifications + are defined as "the number of rooms with unread messages" or + "total unread messages". (#8820) + - Add force_purge option to delete-room admin api. (#8843) + - Bugfixes + - Fix a regression in v1.24.0rc1 which failed to allow SAML + mapping providers which were unable to redirect users to an + additional page. (#8878) + - Fix a bug where appservices may be sent an excessive amount + of read receipts and presence. Broke in v1.22.0. (#8744) + - Fix a bug in some federation APIs which could lead to + unexpected behaviour if different parameters were set in the + URI and the request body. (#8776) + - Fix a bug where synctl could spawn duplicate copies of a + worker. Contributed by Waylon Cude. (#8798) + - Allow per-room profiles to be used for the server notice + user. (#8799) + - Fix a bug where logging could break after a call to SIGHUP. + (#8817) + - Fix register_new_matrix_user failing with "Bad Request" when + trailing slash is included in server URL. Contributed by + @angdraug. (#8823) + - Fix a minor long-standing bug in login, where we would offer + the password login type if a custom auth provider supported + it, even if password login was disabled. (#8835) + - Fix a long-standing bug which caused Synapse to require + unspecified parameters during user-interactive + authentication. (#8848) + - Fix a bug introduced in v1.20.0 where the user-agent and IP + address reported during user registration for CAS, OpenID + Connect, and SAML were of the wrong form. (#8784) + - Improved Documentation + - Clarify the usecase for a msisdn delegate. Contributed by + Adrian Wannenmacher. (#8734) + - Remove extraneous comma from JSON example in User Admin API + docs. (#8771) + - Update turn-howto.md with troubleshooting notes. (#8779) + - Fix the example on how to set the Content-Type header in + nginx for the Client Well-Known URI. (#8793) + - Improve the documentation for the admin API to list all media + in a room with respect to encrypted events. (#8795) + - Update the formatting of the push section of the homeserver + config file to better align with the code style guidelines. + (#8818) + - Improve documentation how to configure prometheus for + workers. (#8822) + - Update example prometheus console. (#8824) + - Deprecations and Removals + - Remove old /_matrix/client/*/admin endpoints which were + deprecated since Synapse 1.20.0. (#8785) + - Disable pretty printing JSON responses for curl. Users who + want pretty-printed output should use jq in combination with + curl. Contributed by @tulir. (#8833) + - Internal Changes + - Add a maximum version for pysaml2 on Python 3.5. (#8898) + - Add support for the prometheus_client newer than 0.9.0. + Contributed by Jordan Bancino. (#8875) + - Simplify the way the HomeServer object caches its internal + attributes. (#8565, #8851) + - Add an example and documentation for clock skew to the SAML2 + sample configuration to allow for clock/time difference + between the homserver and IdP. Contributed by @localguru. + (#8731) + - Generalise RoomMemberHandler._locally_reject_invite to apply + to more flows than just invite. (#8751) + - Generalise RoomStore.maybe_store_room_on_invite to handle + other, non-invite membership events. (#8754) + - Refactor test utilities for injecting HTTP requests. (#8757, + #8758, #8759, #8760, #8761, #8777) + - Consolidate logic between the OpenID Connect and SAML code. + (#8765) + - Use TYPE_CHECKING instead of magic MYPY variable. (#8770) + - Add a commandline script to sign arbitrary json objects. + (#8772) + - Minor log line improvements for the SSO mapping code used to + generate Matrix IDs from SSO IDs. (#8773) + - Add additional error checking for OpenID Connect and SAML + mapping providers. (#8774, #8800) + - Add type hints to HTTP abstractions. (#8806, #8812) + - Remove unnecessary function arguments and add typing to + several membership replication classes. (#8809) + - Optimise the lookup for an invite from another homeserver + when trying to reject it. (#8815) + - Add tests for password_auth_providers. (#8819) + - Drop redundant database index on event_json. (#8845) + - Simplify uk.half-shot.msc2778.login.application_service login + handler. (#8847) + - Refactor password_auth_provider support code. (#8849) + - Add missing ordering to background database updates. (#8850) + - Allow for specifying a room version when creating a room in + unit tests via RestHelper.create_room_as. (#8854) + +------------------------------------------------------------------- +Wed Nov 18 13:59:26 UTC 2020 - Marcus Rueckert + +- Update to 1.23.0 + This release changes the way structured logging is configured. + See the [upgrade notes](UPGRADE.rst#upgrading-to-v1230) for details. + + Note: We are aware of a trivially exploitable denial of service + vulnerability in versions of Synapse prior to 1.20.0. Complete + details will be disclosed on Monday, November 23rd. If you have + not upgraded recently, please do so. + + - Features + - Add a push rule that highlights when a jitsi conference is + created in a room. (#8286) + - Add an admin api to delete a single file or files that were + not used for a defined time from server. Contributed by + @dklimpel. (#8519) + - Split admin API for reported events (GET + /_synapse/admin/v1/event_reports) into detail and list + endpoints. This is a breaking change to #8217 which was + introduced in Synapse v1.21.0. Those who already use this API + should check their scripts. Contributed by @dklimpel. (#8539) + - Support generating structured logs via the standard logging + configuration. (#8607, #8685) + - Add an admin API to allow server admins to list users' + pushers. Contributed by @dklimpel. (#8610, #8689) + - Add an admin API GET /_synapse/admin/v1/users//media + to get information about uploaded media. Contributed by + @dklimpel. (#8647) + - Add an admin API for local user media statistics. Contributed + by @dklimpel. (#8700) + - Add displayname to Shared-Secret Registration for admins. + (#8722) + - Bugfixes + - Fix fetching of E2E cross signing keys over federation when + only one of the master key and device signing key is cached + already. (#8455) + - Fix a bug where Synapse would blindly forward bad responses + from federation to clients when retrieving profile + information. (#8580) + - Fix a bug where the account validity endpoint would silently + fail if the user ID did not have an expiration time. It now + returns a 400 error. (#8620) + - Fix email notifications for invites without local state. + (#8627) + - Fix handling of invalid group IDs to return a 400 rather than + log an exception and return a 500. (#8628) + - Fix handling of User-Agent headers that are invalid UTF-8, + which caused user agents of users to not get correctly + recorded. (#8632) + - Fix a bug in the joined_rooms admin API if the user has never + joined any rooms. The bug was introduced, along with the API, + in v1.21.0. (#8643) + - Fix exception during handling multiple concurrent requests + for remote media when using multiple media repositories. + (#8682) + - Fix bug that prevented Synapse from recovering after losing + connection to the database. (#8726) + - Fix bug where the /_synapse/admin/v1/send_server_notice API + could send notices to non-notice rooms. (#8728) + - Fix PostgreSQL port script fails when DB has no backfilled + events. Broke in v1.21.0. (#8729) + - Fix PostgreSQL port script to correctly handle foreign key + constraints. Broke in v1.21.0. (#8730) + - Fix PostgreSQL port script so that it can be run again after + a failure. Broke in v1.21.0. (#8755) + - Improved Documentation + - Instructions for Azure AD in the OpenID Connect + documentation. Contributed by peterk. (#8582) + - Improve the sample configuration for single sign-on + providers. (#8635) + - Fix the filepath of Dex's example config and the link to + Dex's Getting Started guide in the OpenID Connect docs. + (#8657) + - Note support for Python 3.9. (#8665) + - Minor updates to docs on running tests. (#8666) + - Interlink prometheus/grafana documentation. (#8667) + - Notes on SSO logins and media_repository worker. (#8701) + - Document experimental support for running multiple event + persisters. (#8706) + - Add information regarding the various sources of, and + expected contributions to, Synapse's documentation to + CONTRIBUTING.md. (#8714) + - Migrate documentation docs/admin_api/event_reports to + markdown. (#8742) + - Add some helpful hints to the README for new Synapse + developers. Contributed by @chagai95. (#8746) + - Internal Changes + - Optimise /createRoom with multiple invited users. (#8559) + - Implement and use an `@lru_cache` decorator. (#8595) + - Don't instansiate Requester directly. (#8614) + - Type hints for RegistrationStore. (#8615) + - Change schema to support access tokens belonging to one user + but granting access to another. (#8616) + - Remove unused OPTIONS handlers. (#8621) + - Run mypy as part of the lint.sh script. (#8633) + - Correct Synapse's PyPI package name in the OpenID Connect + installation instructions. (#8634) + - Catch exceptions during initialization of password_providers. + Contributed by Nicolai Søborg. (#8636) + - Fix typos and spelling errors in the code. (#8639) + - Reduce number of OpenTracing spans started. (#8640, #8668, + #8670) + - Add field total to device list in admin API. (#8644) + - Add more type hints to the application services code. (#8655, + #8693) + - Tell Black to format code for Python 3.5. (#8664) + - Don't pull event from DB when handling replication traffic. + (#8669) + - Abstract some invite-related code in preparation for landing + knocking. (#8671, #8688) + - Clarify representation of events in logfiles. (#8679) + - Don't require hiredis package to be installed to run unit + tests. (#8680) + - Fix typing info on cache call signature to accept + on_invalidate. (#8684) + - Fail tests if they do not await coroutines. (#8690) + - Improve start time by adding an index to + e2e_cross_signing_keys.stream_id. (#8694) + - Re-organize the structured logging code to separate the TCP + transport handling from the JSON formatting. (#8697) + - Use Python 3.8 in Docker images by default. (#8698) + - Remove the "draft" status of the Room Details Admin API. + (#8702) + - Improve the error returned when a non-string displayname or + avatar_url is used when updating a user's profile. (#8705) + - Block attempts by clients to send server ACLs, or redactions + of server ACLs, that would result in the local server being + blocked from the room. (#8708) + - Add metrics the allow the local sysadmin to track 3PID + /requestToken requests. (#8712) + - Consolidate duplicated lists of purged tables that are + checked in tests. (#8713) + - Add some mdui:UIInfo element examples for saml2_config in the + homeserver config. (#8718) + - Improve the error message returned when a remote server + incorrectly sets the Content-Type header in response to a + JSON request. (#8719) + - Speed up repeated state resolutions on the same room by + caching event ID to auth event ID lookups. (#8752) + +------------------------------------------------------------------- +Fri Oct 30 16:04:21 UTC 2020 - Marcus Rueckert + +- Update to 1.22.1 + - Fix a bug where an appservice may not be forwarded events for a + room it was recently invited to. Broke in v1.22.0. (#8676) + - Fix Object of type frozendict is not JSON serializable + exceptions when using third-party event rules. Broke in + v1.22.0. (#8678) + +------------------------------------------------------------------- +Tue Oct 27 12:19:54 UTC 2020 - Marcus Rueckert + +- Update to 1.22.0 + - Features + - Add a configuration option for always using the "userinfo + endpoint" for OpenID Connect. This fixes support for some + identity providers, e.g. GitLab. Contributed by Benjamin + Koch. (#7658) + - Add ability for ThirdPartyEventRules modules to query and + manipulate whether a room is in the public rooms directory. + (#8292, #8467) + - Add support for olm fallback keys (MSC2732). (#8312, #8501) + - Add support for running background tasks in a separate worker + process. (#8369, #8458, #8489, #8513, #8544, #8599) + - Add support for device dehydration (MSC2697). (#8380) + - Add support for MSC2409, which allows sending typing, read + receipts, and presence events to appservices. (#8437, #8590) + - Change default room version to "6", per MSC2788. (#8461) + - Add the ability to send non-membership events into a room via + the ModuleApi. (#8479) + - Increase default upload size limit from 10M to 50M. + Contributed by @Akkowicz. (#8502) + - Add support for modifying event content in ThirdPartyRules + modules. (#8535, #8564) + - Bugfixes + - Fix bugs where ephemeral events were not sent to appservices. + Broke in v1.22.0rc1. (#8648, #8656) + - Fix user_daily_visits table to not have duplicate rows per + user/device due to multiple user agents. Broke in v1.22.0rc1. + (#8654) + - Fix a longstanding bug where invalid ignored users in account + data could break clients. (#8454) + - Fix a bug where backfilling a room with an event that was + missing the redacts field would break. (#8457) + - Don't attempt to respond to some requests if the client has + already disconnected. (#8465) + - Fix message duplication if something goes wrong after + persisting the event. (#8476) + - Fix incremental sync returning an incorrect prev_batch token + in timeline section, which when used to paginate returned + events that were included in the incremental sync. Broken + since v0.16.0. (#8486) + - Expose the uk.half-shot.msc2778.login.application_service to + clients from the login API. This feature was added in + v1.21.0, but was not exposed as a potential login flow. + (#8504) + - Fix error code for /profile/{userId}/displayname to be + M_BAD_JSON. (#8517) + - Fix a bug introduced in v1.7.0 that could cause Synapse to + insert values from non-state m.room.retention events into the + room_retention database table. (#8527) + - Fix not sending events over federation when using sharded + event writers. (#8536) + - Fix a long standing bug where email notifications for + encrypted messages were blank. (#8545) + - Fix increase in the number of There was no active span... + errors logged when using OpenTracing. (#8567) + - Fix a bug that prevented errors encountered during execution + of the synapse_port_db from being correctly printed. (#8585) + - Fix appservice transactions to only include a maximum of 100 + persistent and 100 ephemeral events. (#8606) + - Updates to the Docker image + - Added multi-arch support (arm64,arm/v7) for the docker + images. Contributed by @maquis196. (#7921) + - Add support for passing commandline args to the synapse + process. Contributed by @samuel-p. (#8390) + - Improved Documentation + - Update the directions for using the manhole with coroutines. + (#8462) + - Improve readme by adding new shield.io badges. (#8493) + - Added note about docker in manhole.md regarding which ip + address to bind to. Contributed by @maquis196. (#8526) + - Document the new behaviour of the allowed_lifetime_min and + allowed_lifetime_max settings in the room retention + configuration. (#8529) + - Deprecations and Removals + - Drop unused device_max_stream_id table. (#8589) + - Internal Changes + - Check for unreachable code with mypy. (#8432) + - Add unit test for event persister sharding. (#8433) + - Allow events to be sent to clients sooner when using sharded + event persisters. (#8439, #8488, #8496, #8499) + - Configure public_baseurl when using demo scripts. (#8443) + - Add SQL logging on queries that happen during startup. + (#8448) + - Speed up unit tests when using PostgreSQL. (#8450) + - Remove redundant database loads of stream_ordering for events + we already have. (#8452) + - Reduce inconsistencies between codepaths for membership and + non-membership events. (#8463) + - Combine SpamCheckerApi with the more generic ModuleApi. + (#8464) + - Additional testing for ThirdPartyEventRules. (#8468) + - Add -d option to ./scripts-dev/lint.sh to lint files that + have changed since the last git commit. (#8472) + - Unblacklist some sytests. (#8474) + - Include the log level in the phone home stats. (#8477) + - Remove outdated sphinx documentation, scripts and + configuration. (#8480) + - Clarify error message when plugin config parsers raise an + error. (#8492) + - Remove the deprecated Handlers object. (#8494) + - Fix a threadsafety bug in unit tests. (#8497) + - Add user agent to user_daily_visits table. (#8503) + - Add type hints to various parts of the code base. (#8407, + #8505, #8507, #8547, #8562, #8609) + - Remove unused code from the test framework. (#8514) + - Apply some internal fixes to the HomeServer class to make its + code more idiomatic and statically-verifiable. (#8515) + - Factor out common code between + RoomMemberHandler._locally_reject_invite and + EventCreationHandler.create_event. (#8537) + - Improve database performance by executing more queries + without starting transactions. (#8542) + - Rename Cache to DeferredCache, to better reflect its purpose. + (#8548) + - Move metric registration code down into LruCache. (#8561, + #8591) + - Replace DeferredCache with the lighter-weight LruCache where + possible. (#8563) + - Add virtualenv-generated folders to .gitignore. (#8566) + - Add get_immediate method to DeferredCache. (#8568) + - Fix mypy not properly checking across the codebase, + additionally, fix a typing assertion error in + handlers/auth.py. (#8569) + - Fix synmark benchmark runner. (#8571) + - Modify DeferredCache.get() to return Deferreds instead of + ObservableDeferreds. (#8572) + - Adjust a protocol-type definition to fit sqlite3 assertions. + (#8577) + - Support macOS on the synmark benchmark runner. (#8578) + - Update mypy static type checker to 0.790. (#8583, #8600) + - Re-organize the structured logging code to separate the TCP + transport handling from the JSON formatting. (#8587) + - Remove extraneous unittest logging decorators from unit + tests. (#8592) + - Minor optimisations in caching code. (#8593, #8594) + +------------------------------------------------------------------- +Thu Oct 15 17:16:29 UTC 2020 - Marcus Rueckert + +- prepare to support more optional features in the buildrequires + (oidc/redis). failing atm due to missing libraries + +------------------------------------------------------------------- +Thu Oct 15 16:45:55 UTC 2020 - Marcus Rueckert + +- Update to 1.21.2 + - Security advisory + - HTML pages served via Synapse were vulnerable to cross-site + scripting (XSS) attacks. All server administrators are + encouraged to upgrade. (#8444) (CVE-2020-26891) + - This fix was originally included in v1.21.0 but was missing a + security advisory. This was reported by Denis Kasak. + - Bugfixes + - Fix rare bug where sending an event would fail due to a racey + assertion. (#8530) + - An updated version of the authlib dependency is included in + the Docker and Debian images to fix an issue using OpenID + Connect. See #8534 for details. + +------------------------------------------------------------------- +Wed Oct 14 16:09:43 UTC 2020 - Marcus Rueckert + +- Update to 1.21.1 + This release fixes a regression in v1.21.0 that prevented debian + packages from being built. It is otherwise identical to v1.21.0. + +------------------------------------------------------------------- +Mon Oct 12 17:08:13 UTC 2020 - Marcus Rueckert + +- Update to 1.21.0 + - Features + - Convert additional templates from inline HTML to Jinja2 + templates. (#8444) + - Require the user to confirm that their password should be + reset after clicking the email confirmation link. (#8004) + - Add an admin API GET /_synapse/admin/v1/event_reports to read + entries of table event_reports. Contributed by @dklimpel. + (#8217) + - Consolidate the SSO error template across all configuration. + (#8248, #8405) + - Add a configuration option to specify a whitelist of domains + that a user can be redirected to after validating their email + or phone number. (#8275, #8417) + - Add experimental support for sharding event persister. + (#8294, #8387, #8396, #8419) + - Add the room topic and avatar to the room details admin API. + (#8305) + - Add an admin API for querying rooms where a user is a member. + Contributed by @dklimpel. (#8306) + - Add uk.half-shot.msc2778.login.application_service login type + to allow appservices to login. (#8320) + - Add a configuration option that allows existing users to log + in with OpenID Connect. Contributed by @BBBSnowball and + @OmmyZhang. (#8345) + - Add prometheus metrics for replication requests. (#8406) + - Support passing additional single sign-on parameters to the + client. (#8413) + - Add experimental reporting of metrics on expensive rooms for + state-resolution. (#8420) + - Add experimental prometheus metric to track numbers of + "large" rooms for state resolutiom. (#8425) + - Add prometheus metrics to track federation delays. (#8430) + - Bugfixes + - Fix duplication of events on high traffic servers, caused by + PostgreSQL could not serialize access due to concurrent + update errors. (#8456) + - Fix a regression in v1.21.0rc1 which broke thumbnails of + remote media. (#8438) + - Do not expose the experimental + uk.half-shot.msc2778.login.application_service flow in the + login API, which caused a compatibility problem with Element + iOS. (#8440) + - Fix malformed log line in new federation "catch up" logic. + (#8442) + - Fix DB query on startup for negative streams which caused + long start up times. Introduced in #8374. (#8447) + - Fix a bug in the media repository where remote thumbnails + with the same size but different crop methods would overwrite + each other. Contributed by @deepbluev7. (#7124) + - Fix inconsistent handling of non-existent push rules, and + stop tracking the enabled state of removed push rules. + (#7796) + - Fix a longstanding bug when storing a media file with an + empty upload_name. (#7905) + - Fix messages not being sent over federation until an event is + sent into the same room. (#8230, #8247, #8258, #8272, #8322) + - Fix a longstanding bug where files that could not be + thumbnailed would result in an Internal Server Error. (#8236, + #8435) + - Upgrade minimum version of canonicaljson to version 1.4.0, to + fix an unicode encoding issue. (#8262) + - Fix longstanding bug which could lead to incomplete database + upgrades on SQLite. (#8265) + - Fix stack overflow when stderr is redirected to the logging + system, and the logging system encounters an error. (#8268) + - Fix a bug which cause the logging system to report errors, if + DEBUG was enabled and no context filter was applied. (#8278) + - Fix edge case where push could get delayed for a user until a + later event was pushed. (#8287) + - Fix fetching malformed events from remote servers. (#8324) + - Fix UnboundLocalError from occuring when appservices send a + malformed register request. (#8329) + - Don't send push notifications to expired user accounts. + (#8353) + - Fix a regression in v1.19.0 with reactivating users through + the admin API. (#8362) + - Fix a bug where during device registration the length of the + device name wasn't limited. (#8364) + - Include guest_access in the fields that are checked for null + bytes when updating room_stats_state. Broke in v1.7.2. + (#8373) + - Fix theoretical race condition where events are not sent down + /sync if the synchrotron worker is restarted without + restarting other workers. (#8374) + - Fix a bug which could cause errors in rooms with malformed + membership events, on servers using sqlite. (#8385) + - Fix "Re-starting finished log context" warning when receiving + an event we already had over federation. (#8398) + - Fix incorrect handling of timeouts on outgoing HTTP requests. + (#8400) + - Fix a regression in v1.20.0 in the synapse_port_db script + regarding the ui_auth_sessions_ips table. (#8410) + - Remove unnecessary 3PID registration check when resetting + password via an email address. Bug introduced in v0.34.0rc2. + (#8414) + - Improved Documentation + - Add /_synapse/client to the reverse proxy documentation. + (#8227) + - Add note to the reverse proxy settings documentation about + disabling Apache's mod_security2. Contributed by Julian + Fietkau (@jfietkau). (#8375) + - Improve description of server_name config option in + homserver.yaml. (#8415) + - Deprecations and Removals + - Drop support for prometheus_client older than 0.4.0. (#8426) + - Internal Changes + - Fix tests on distros which disable TLSv1.0. Contributed by + @danc86. (#8208) + - Simplify the distributor code to avoid unnecessary work. + (#8216) + - Remove the populate_stats_process_rooms_2 background job and + restore functionality to populate_stats_process_rooms. + (#8243) + - Clean up type hints for PaginationConfig. (#8250, #8282) + - Track the latest event for every destination and room for + catch-up after federation outage. (#8256) + - Fix non-user visible bug in implementation of + MultiWriterIdGenerator.get_current_token_for_writer. (#8257) + - Switch to the JSON implementation from the standard library. + (#8259) + - Add type hints to synapse.util.async_helpers. (#8260) + - Simplify tests that mock asynchronous functions. (#8261) + - Add type hints to StreamToken and RoomStreamToken classes. + (#8279) + - Change StreamToken.room_key to be a RoomStreamToken instance. + (#8281) + - Refactor notifier code to correctly use the max event stream + position. (#8288) + - Use slotted classes where possible. (#8296) + - Support testing the local Synapse checkout against the + Complement homeserver test suite. (#8317) + - Update outdated usages of metaclass to python 3 syntax. + (#8326) + - Move lint-related dependencies to package-extra field, update + CONTRIBUTING.md to utilise this. (#8330, #8377) + - Use the admin_patterns helper in additional locations. + (#8331) + - Fix test logging to allow braces in log output. (#8335) + - Remove __future__ imports related to Python 2 compatibility. + (#8337) + - Simplify super() calls to Python 3 syntax. (#8344) + - Fix bad merge from release-v1.20.0 branch to develop. (#8354) + - Factor out a _send_dummy_event_for_room method. (#8370) + - Improve logging of state resolution. (#8371) + - Add type annotations to SimpleHttpClient. (#8372) + - Refactor ID generators to use async with syntax. (#8383) + - Add EventStreamPosition type. (#8388) + - Create a mechanism for marking tests "logcontext clean". + (#8399) + - A pair of tiny cleanups in the federation request code. + (#8401) + - Add checks on startup that PostgreSQL sequences are + consistent with their associated tables. (#8402) + - Do not include appservice users when calculating the total + MAU for a server. (#8404) + - Typing fixes for synapse.handlers.federation. (#8422) + - Various refactors to simplify stream token handling. (#8423) + - Make stream token serializing/deserializing async. (#8427) + +------------------------------------------------------------------- +Thu Sep 24 19:02:21 UTC 2020 - Marcus Rueckert + +- Update to 1.20.1 + - Bugfixes + - Fix a bug introduced in v1.20.0 which caused the + synapse_port_db script to fail. (#8386) + - Fix a bug introduced in v1.20.0 which caused variables to be + incorrectly escaped in Jinja2 templates. (#8394) + +------------------------------------------------------------------- +Fri Sep 18 16:29:17 UTC 2020 - Marcus Rueckert + +- Update to 1.20.0 + - Removal warning + - Some older clients used a disallowed character (:) in the + client_secret parameter of various endpoints. The incorrect + behaviour was allowed for backwards compatibility, but is now + being removed from Synapse as most users have updated their + client. Further context can be found at #6766. + - Historically, the Synapse Admin API has been accessible under + the prefixes: + /_matrix/client/api/v1/admin, + /_matrix/client/unstable/admin, + /_matrix/client/r0/admin + /_synapse/admin + + In a future release, we will be dropping support for + accessing Synapse's Admin API using the /_matrix/client/* + prefixes. This makes it easier for homeserver admins to lock + down external access to the Admin API endpoints. + - Features + - Add flags to the /versions endpoint for whether new rooms + default to using E2EE. (#8343) + - Add an endpoint to query your shared rooms with another user + as an implementation of MSC2666. (#7785) + - Iteratively encode JSON to avoid blocking the reactor. + (#8013, #8116) + - Add support for shadow-banning users (ignoring any message + send requests). (#8034, #8092, #8095, #8142, #8152, #8157, + #8158, #8176) + - Use the default template file when its equivalent is not + found in a custom template directory. (#8037, #8107, #8252) + - Add unread messages count to sync responses, as specified in + MSC2654. (#8059, #8254, #8270, #8274) + - Optimise /federation/v1/user/devices/ API by only returning + devices with encryption keys. (#8198) + - Bugfixes + - Fix rate limiting of federation /send requests. (#8342) + - Fix a longstanding bug where back pagination over federation + could get stuck if it failed to handle a received event. + (#8349) + - Partially mitigate bug where newly joined servers couldn't + get past events in a room when there is a malformed event. + (#8350) + - Fix joining rooms over federation that include malformed + events. (#8324) + - Fix a bug introduced in v1.20.0rc1 where the wrong exception + was raised when invalid JSON data is encountered. (#8291) + - Fix a bug introduced in v1.20.0rc1 causing some features + related to notifications to misbehave following the + implementation of unread counts. (#8280) + - Fix a memory leak by limiting the length of time that + messages will be queued for a remote server that has been + unreachable. (#7864) + - Fix Re-starting finished log context PUT-nnnn warning when + event persistence failed. (#8081) + - Synapse now correctly enforces the valid characters in the + client_secret parameter used in various endpoints. (#8101) + - Fix a bug introduced in v1.7.2 impacting message retention + policies that would allow federated homeservers to dictate a + retention period that's lower than the configured minimum + allowed duration in the configuration file. (#8104) + - Fix a long-standing bug where invalid JSON would be accepted + by Synapse. (#8106) + - Fix a bug introduced in Synapse v1.12.0 which could cause + /sync requests to fail with a 404 if you had a very old + outstanding room invite. (#8110) + - Return a proper error code when the rooms of an invalid group + are requested. (#8129) + - Fix a bug which could cause a leaked postgres connection if + synapse was set to daemonize. (#8131) + - Clarify the error code if a user tries to register with a + numeric ID. This bug was introduced in v1.15.0. (#8135) + - Fix a bug where appservices with ratelimiting disabled would + still be ratelimited when joining rooms. This bug was + introduced in v1.19.0. (#8139) + - Fix logging in via OpenID Connect with a provider that uses + integer user IDs. (#8190) + - Fix a longstanding bug where user directory updates could + break when unexpected profile data was included in events. + (#8223) + - Fix a longstanding bug where stats updates could break when + unexpected profile data was included in events. (#8226) + - Fix slow start times for large servers by removing a table + scan of the users table from startup code. (#8271) + - Improved Documentation + - Link to matrix-synapse-rest-password-provider in the password + provider documentation. (#8111) + - Updated documentation to note that Synapse does not follow + HTTP 308 redirects due to an upstream library not supporting + them. Contributed by Ryan Cole. (#8120) + - Explain better what GDPR-erased means when deactivating a + user. (#8189) + - Internal Changes + - Blacklist MSC2753 SyTests until it is implemented. (#8285) + - Add filter name to the /users admin API, which filters by + user ID or displayname. Contributed by Awesome Technologies + Innovationslabor GmbH. (#7377, #8163) + - Reduce run times of some unit tests by advancing the reactor + a fewer number of times. (#7757) + - Don't fail /submit_token requests on incorrect session ID if + request_token_inhibit_3pid_errors is turned on. (#7991) + - Convert various parts of the codebase to async/await. (#8071, + #8072, #8074, #8075, #8076, #8087, #8100, #8119, #8121, + #8133, #8156, #8162, #8166, #8168, #8173, #8191, #8192, + #8193, #8194, #8195, #8197, #8199, #8200, #8201, #8202, + #8207, #8213, #8214) + - Remove some unused database functions. (#8085) + - Add type hints to various parts of the codebase. (#8090, + #8127, #8187, #8241, #8140, #8183, #8232, #8235, #8237, + #8244) + - Return the previous stream token if a non-member event is a + duplicate. (#8093, #8112) + - Separate get_current_token into two since there are two + different use cases for it. (#8113) + - Remove ChainedIdGenerator. (#8123) + - Reduce the amount of whitespace in JSON stored and sent in + responses. (#8124) + - Update the test federation client to handle streaming + responses. (#8130) + - Micro-optimisations to get_auth_chain_ids. (#8132) + - Refactor StreamIdGenerator and MultiWriterIdGenerator to have + the same interface. (#8161) + - Add functions to MultiWriterIdGen used by events stream. + (#8164, #8179) + - Fix tests that were broken due to the merge of 1.19.1. + (#8167) + - Make SlavedIdTracker.advance have the same interface as + MultiWriterIDGenerator. (#8171) + - Remove unused is_guest parameter from, and add safeguard to, + MessageHandler.get_room_data. (#8174, #8181) + - Standardize the mypy configuration. (#8175) + - Refactor some of LoginRestServlet's helper methods, and move + them to AuthHandler for easier reuse. (#8182) + - Fix wait_for_stream_position to allow multiple waiters on + same stream ID. (#8196) + - Make MultiWriterIDGenerator work for streams that use + negative values. (#8203) + - Refactor queries for device keys and cross-signatures. + (#8204, #8205, #8222, #8224, #8225, #8231, #8233, #8234) + - Fix type hints for functions decorated with @cached. (#8240) + - Remove obsolete order field from federation send queues. + (#8245) + - Stop sub-classing from object. (#8249) + - Add more logging to debug slow startup. (#8264) + - Do not attempt to upgrade database schema on worker + processes. (#8266, #8276) + +------------------------------------------------------------------- +Fri Sep 18 16:23:29 UTC 2020 - Marcus Rueckert + +- Update to synapse 1.19.3 + - Bugfixes + - Partially mitigate bug where newly joined servers couldn't + get past events in a room when there is a malformed event. + (#8350) + +------------------------------------------------------------------- +Wed Sep 16 14:03:45 UTC 2020 - Marcus Rueckert + +- Update to synapse 1.19.2 + - Bugfixes + - Fix joining rooms over federation that include malformed + events. (#8324) + +------------------------------------------------------------------- +Thu Aug 27 13:10:02 UTC 2020 - Marcus Rueckert + +- Update to synapse to 1.19.1 + - Bugfixes + - Fix a bug introduced in v1.19.0 where appservices with + ratelimiting disabled would still be ratelimited when joining + rooms. (#8139) + - Fix a bug introduced in v1.19.0 that would cause e.g. profile + updates to fail due to incorrect application of rate limits + on join requests. (#8153) + +------------------------------------------------------------------- +Mon Aug 17 14:36:41 UTC 2020 - Marcus Rueckert + +- Update to synapse 1.19.0 + - Features + - Add option to allow server admins to join rooms which fail + complexity checks. Contributed by @lugino-emeritus. (#7902) + - Add an option to purge room or not with delete room admin + endpoint (POST /_synapse/admin/v1/rooms//delete). + Contributed by @dklimpel. (#7964) + - Add rate limiting to users joining rooms. (#8008) + - Add a /health endpoint to every configured HTTP listener that + can be used as a health check endpoint by load balancers. + (#8048) + - Allow login to be blocked based on the values of SAML + attributes. (#8052) + - Allow guest access to the GET + /_matrix/client/r0/rooms/{room_id}/members endpoint, + according to MSC2689. Contributed by Awesome Technologies + Innovationslabor GmbH. (#7314) + - Bugfixes + - Fix a bug introduced in Synapse v1.7.2 which caused + inaccurate membership counts in the room directory. (#7977) + - Fix a long standing bug: 'Duplicate key value violates unique + constraint "event_relations_id"' when message retention is + configured. (#7978) + - Fix "no create event in auth events" when trying to reject + invitation after inviter leaves. Bug introduced in Synapse + v1.10.0. (#7980) + - Fix various comments and minor discrepencies in server + notices code. (#7996) + - Fix a long standing bug where HTTP HEAD requests resulted in + a 400 error. (#7999) + - Fix a long-standing bug which caused two copies of some log + lines to be written when synctl was used along with a + MemoryHandler logger. (#8011, #8012) + - Updates to the Docker image + - We no longer publish Docker images with the -py3 tag suffix, + as announced in the upgrade notes. (#8056) + - Improved Documentation + - Document how to set up a client .well-known file and fix + several pieces of outdated documentation. (#7899) + - Improve workers docs. (#7990, #8000) + - Fix typo in docs/workers.md. (#7992) + - Add documentation for how to undo a room shutdown. (#7998, + #8010) + - Internal Changes + - Reduce the amount of whitespace in JSON stored and sent in + responses. Contributed by David Vo. (#7372) + - Switch to the JSON implementation from the standard library + and bump the minimum version of the canonicaljson library to + 1.2.0. (#7936, #7979) + - Convert various parts of the codebase to async/await. (#7947, + #7948, #7949, #7951, #7963, #7973, #7975, #7976, #7981, + #7987, #7989, #8003, #8014, #8016, #8027, #8031, #8032, + #8035, #8042, #8044, #8045, #8061, #8062, #8063, #8066, + #8069, #8070) + - Move some database-related log lines from the default logger + to the database/transaction loggers. (#7952) + - Add a script to detect source code files using non-unix line + terminators. (#7965, #7970) + - Log the SAML session ID during creation. (#7971) + - Implement new experimental push rules for some users. (#7997) + - Remove redundant and unreliable signature check for v1 + Identity Service lookup responses. (#8001) + - Improve the performance of the register endpoint. (#8009) + - Reduce less useful output in the newsfragment CI step. Add a + link to the changelog section of the contributing guide on + error. (#8024) + - Rename storage layer objects to be more sensible. (#8033) + - Change the default log config to reduce disk I/O and storage + for new servers. (#8040) + - Add an assertion on prev_events in create_new_client_event. + (#8041) + - Add a comment to ServerContextFactory about the use of + SSLv23_METHOD. (#8043) + - Log OPTIONS requests at DEBUG rather than INFO level to + reduce amount logged at INFO. (#8049) + - Reduce amount of outbound request logging at INFO level. + (#8050) + - It is no longer necessary to explicitly define filters in the + logging configuration. (Continuing to do so is redundant but + harmless.) (#8051) + - Add and improve type hints. (#8058, #8064, #8060, #8067) + +------------------------------------------------------------------- +Thu Jul 30 11:40:22 UTC 2020 - Aleksa Sarai + +- Update to synapse 1.18.0. + * Features + + Include room states on invite events that are sent to application + services. + + Add delete room admin endpoint (POST /_synapse/admin/v1/rooms//delete). + + Add experimental support for running multiple federation sender + processes. + + Add the option to validate the iss and aud claims for JWT logins. + + Add support for handling registration requests across multiple client + reader workers. + + Add an admin API to list the users in a room. Contributed by Awesome + Technologies Innovationslabor GmbH. + + Allow email subjects to be customised through Synapse's configuration. + + Add the ability to re-activate an account from the admin API. + + Add experimental support for running multiple pusher workers. + + Add experimental support for moving typing off master. + + Report CPU metrics to prometheus for time spent processing replication + commands. + + Support oEmbed for media previews. + + Abort federation requests where the client disconnects before the + ratelimiter expires. + + Cache responses to /_matrix/federation/v1/state_ids to reduce duplicated + work. + * Bugfixes + * Fix detection of out of sync remote device lists when receiving events + from remote users. + * Fix bug where Synapse fails to process an incoming event over federation + if the server is missing too much of the event's auth chain. + * Fix a bug causing Synapse to misinterpret the value off for + encryption_enabled_by_default_for_room_type in its configuration file(s) + if that value isn't surrounded by quotes. This bug was introduced in + v1.16.0. + * Fix bug where we did not always pass in app_name or server_name to email + templates, including e.g. for registration emails. + * Errors which occur while using the non-standard JWT login now return the + proper error: 403 Forbidden with an error code of M_FORBIDDEN. + * Fix "AttributeError: 'str' object has no attribute 'get'" error message + when applying per-room message retention policies. The bug was introduced + in Synapse 1.7.0. + * Fix a bug introduced in Synapse 1.10.0 which could cause a "no create + event in auth events" error during room creation. + * Fix a bug which allowed empty rooms to be rejoined over federation. + * Fix 'Unable to find a suitable guest user ID' error when using multiple + client_reader workers. + * Fix a long standing bug where the tracing of async functions with + opentracing was broken. + * Fix "TypeError in synapse.notifier" exceptions. + * Fix deprecation warning due to invalid escape sequences. + + +------------------------------------------------------------------- +Mon Jul 13 11:55:06 UTC 2020 - Marcus Rueckert + +- allow newer prometheus client (follow up to change in the code) + +------------------------------------------------------------------- +Mon Jul 13 11:19:25 UTC 2020 - Marcus Rueckert + +- Update to 1.17.0 + - Bugfixes + - Fix inconsistent handling of upper and lower case in email + addresses when used as identifiers for login, etc. + Contributed by @dklimpel. (#7021) + - Fix "Tried to close a non-active scope!" error messages when + opentracing is enabled. (#7732) + - Fix incorrect error message when database CTYPE was set + incorrectly. (#7760) + - Fix to not ignore set_tweak actions in Push Rules that have + no value, as permitted by the specification. (#7766) + - Fix synctl to handle empty config files correctly. + Contributed by @kotovalexarian. (#7779) + - Fixes a long standing bug in worker mode where worker + information was saved in the devices table instead of the + original IP address and user agent. (#7797) + - Fix 'stuck invites' which happen when we are unable to reject + a room invite received over federation. (#7804, #7809, #7810) + - Updates to the Docker image + - Include libwebp in the Docker file to properly handle webp + image uploads. (#7791) + - Improved Documentation + - Improve the documentation of the non-standard JSON web token + login type. (#7776) + - Update doc links for caddy. Contributed by Nicolai Søborg. + (#7789) + - Internal Changes + - Refactor getting replication updates from database. (#7740) + - Send push notifications with a high or low priority depending + upon whether they may generate user-observable effects. + (#7765) + - Use symbolic names for replication stream names. (#7768) + - Add early returns to _check_for_soft_fail. (#7769) + - Fix up synapse.handlers.federation to pass mypy. (#7770) + - Convert the appserver handler to async/await. (#7775) + - Allow to use higher versions of prometheus_client <0.9.0 + which are expected to introduce no breaking changes. + Contributed by Oliver Kurz. (#7780) + - Update linting scripts and codebase to be compatible with + isort v5. (#7786) + - Stop populating unused table local_invites. (#7793) + - Ensure that strings (not bytes) are passed into JSON + serialization. (#7799) + - Switch from simplejson to the standard library json. (#7800) + - Add signing_key property to HomeServer to save code + duplication. (#7805) + - Improve stacktraces from exceptions in background processes. + (#7808) + - Fix various spelling errors in comments and log lines. + (#7811) + +------------------------------------------------------------------- +Fri Jul 10 12:03:25 UTC 2020 - Marcus Rueckert + +- Update to 1.16.1 + - Drop table local_rejections_stream which was incorrectly added + in Synapse 1.16.0. (#7816, b1beb3ff5) + +------------------------------------------------------------------- +Wed Jul 8 10:28:25 UTC 2020 - Marcus Rueckert + +- Update to 1.16.0 + - Features + - Add an option to enable encryption by default for new rooms. + (#7639) + - Add support for running multiple media repository workers. + See docs/workers.md for instructions. (#7706) + - Media can now be marked as safe from quarantined. (#7718) + - Expand the configuration options for auto-join rooms. (#7763) + - Bugfixes + - Remove user_id from the response to GET + /_matrix/client/r0/presence/{userId}/status to match the + specification. (#7606) + - In worker mode, ensure that replicated data has not already + been received. (#7648) + - Fix intermittent exception during startup, introduced in + Synapse 1.14.0. (#7663) + - Include a user-agent for federation and well-known requests. + (#7677) + - Accept the proper field (phone) for the m.id.phone identifier + type. The legacy field of number is still accepted as a + fallback. Bug introduced in v0.20.0. (#7687) + - Fix "Starting db txn 'get_completed_ui_auth_stages' from + sentinel context" warning. The bug was introduced in 1.13.0. + (#7688) + - Compare the URI and method during user interactive + authentication (instead of the URI twice). Bug introduced in + 1.13.0. (#7689) + - Fix a long standing bug where the response to the GET + room_keys/version endpoint had the incorrect type for the + etag field. (#7691) + - Fix logged error during device resync in opentracing. Broke + in v1.14.0. (#7698) + - Do not break push rule evaluation when receiving an event + with a non-string body. This is a long-standing bug. (#7701) + - Fixs a long standing bug which resulted in an exception: + "TypeError: argument of type 'ObservableDeferred' is not + iterable". (#7708) + - The synapse_port_db script no longer fails when the + ui_auth_sessions table is non-empty. This bug has existed + since v1.13.0. (#7711) + - Synapse will now fetch media from the proper specified URL + (using the r0 prefix instead of the unspecified v1). (#7714) + - Fix the tables ignored by synapse_port_db to be in sync the + current database schema. (#7717) + - Fix missing Content-Length on HTTP responses from the metrics + handler. (#7730) + - Fix large state resolutions from stalling Synapse for seconds + at a time. (#7735, #7746) + - Improved Documentation + - Spelling correction in sample_config.yaml. (#7652) + - Added instructions for how to use Keycloak via OpenID Connect + to authenticate with Synapse. (#7659) + - Corrected misspelling of PostgreSQL. (#7724) + - Deprecations and Removals + - Deprecate m.login.jwt login method in favour of + org.matrix.login.jwt, as m.login.jwt is not part of the + Matrix spec. (#7675) + - Internal Changes + - Refactor getting replication updates from database. (#7636) + - Clean-up the login fallback code. (#7657) + - Increase the default SAML session expiry time to 15 minutes. + (#7664) + - Convert the device message and pagination handlers to + async/await. (#7678) + - Convert typing handler to async/await. (#7679) + - Require parameterized package version to be at least 0.7.0. + (#7680) + - Refactor handling of listeners configuration settings. + (#7681) + - Replace uses of six.iterkeys/iteritems/itervalues with + keys()/items()/values(). (#7692) + - Add support for using rust-python-jaeger-reporter library to + reduce jaeger tracing overhead. (#7697) + - Make Tox actions work on Debian 10. (#7703) + - Replace all remaining uses of six with native Python 3 + equivalents. Contributed by @ilmari. (#7704) + - Fix broken link in sample config. (#7712) + - Speed up state res v2 across large state differences. (#7725) + - Convert directory handler to async/await. (#7727) + - Move flake8 to the end of scripts-dev/lint.sh as it takes the + longest and could cause the script to exit early. (#7738) + - Explain the "test" conditional requirement for dependencies + is not all of the modules necessary to run the unit tests. + (#7751) + - Add some metrics for inbound and outbound federation + latencies: synapse_federation_server_pdu_process_time and + synapse_event_processing_lag_by_event. (#7755)(#7771) + +------------------------------------------------------------------- +Thu Jul 2 15:34:54 UTC 2020 - Marcus Rueckert + +- Update to 1.15.2 + - Security + - A malicious homeserver could force Synapse to reset the state + in a room to a small subset of the correct state. This + affects all Synapse deployments which federate with untrusted + servers. (96e9afe6) + - HTML pages served via Synapse were vulnerable to clickjacking + attacks. This predominantly affects homeservers with + single-sign-on enabled, but all server administrators are + encouraged to upgrade. (ea26e9a9) + +------------------------------------------------------------------- +Tue Jun 16 18:36:01 UTC 2020 - Marcus Rueckert + +- Update to 1.15.1 + - Fix a bug introduced in v1.15.0 that would crash Synapse on + start when using certain password auth providers. (#7684) + - Fix a bug introduced in v1.15.0 which meant that some 3PID + management endpoints were not accessible on the correct URL. + +------------------------------------------------------------------- +Thu Jun 11 14:28:57 UTC 2020 - Marcus Rueckert + +- Update to 1.15.0 + - Features + - Advertise support for Client-Server API r0.6.0 and remove + related unstable feature flags. (#6585) + - Add an option to disable autojoining rooms for guest + accounts. (#6637) + - For SAML authentication, add the ability to pass email + addresses to be added to new users' accounts via SAML + attributes. Contributed by Christopher Cooper. (#7385) + - Add admin APIs to allow server admins to manage users' + devices. Contributed by @dklimpel. (#7481) + - Add support for generating thumbnails for WebP images. + Previously, users would see an empty box instead of preview + image. Contributed by @WGH-. (#7586) + - Support the standardized m.login.sso user-interactive + authentication flow. (#7630) + - Bugfixes + - Allow new users to be registered via the admin API even if + the monthly active user limit has been reached. Contributed + by @dklimpel. (#7263) + - Fix email notifications not being enabled for new users when + created via the Admin API. (#7267) + - Fix str placeholders in an instance of + PrepareDatabaseException. Introduced in Synapse v1.8.0. + (#7575) + - Fix a bug in automatic user creation during first time login + with m.login.jwt. Regression in v1.6.0. Contributed by @olof. + (#7585) + - Fix a bug causing the cross-signing keys to be ignored when + resyncing a device list. (#7594) + - Fix metrics failing when there is a large number of active + background processes. (#7597) + - Fix bug where returning rooms for a group would fail if it + included a room that the server was not in. (#7599) + - Fix duplicate key violation when persisting read markers. + (#7607) + - Prevent an entire iteration of the device list resync loop + from failing if one server responds with a malformed result. + (#7609) + - Fix exceptions when fetching events from a remote host fails. + (#7622) + - Make synctl restart start synapse if it wasn't running. + (#7624) + - Pass device information through to the login endpoint when + using the login fallback. (#7629) + - Advertise the m.login.token login flow when OpenID Connect is + enabled. (#7631) + - Fix bug in account data replication stream. (#7656) + - Improved Documentation + - Update the OpenBSD installation instructions. (#7587) + - Advertise Python 3.8 support in setup.py. (#7602) + - Add a link to #synapse:matrix.org in the troubleshooting + section of the README. (#7603) + - Clarifications to the admin api documentation. (#7647) + - Internal Changes + - Convert the identity handler to async/await. (#7561) + - Improve query performance for fetching state from a + PostgreSQL database. Contributed by @ilmari. (#7567) + - Speed up processing of federation stream RDATA rows. (#7584) + - Add comment to systemd example to show postgresql dependency. + (#7591) + - Refactor Ratelimiter to limit the amount of expensive config + value accesses. (#7595) + - Convert groups handlers to async/await. (#7600) + - Clean up exception handling in SAML2ResponseResource. (#7614) + - Check that all asynchronous tasks succeed and general cleanup + of MonthlyActiveUsersTestCase and TestMauLimit. (#7619) + - Convert get_user_id_by_threepid to async/await. (#7620) + - Switch to upstream dh-virtualenv rather than our fork for + Debian package builds. (#7621) + - Update CI scripts to check the number in the newsfile + fragment. (#7623) + - Check if the localpart of a Matrix ID is reserved for guest + users earlier in the registration flow, as well as when + responding to requests to /register/available. (#7625) + - Minor cleanups to OpenID Connect integration. (#7628) + - Attempt to fix flaky test: + PhoneHomeStatsTestCase.test_performance_100. (#7634) + - Fix typos of m.olm.curve25519-aes-sha2 and + m.megolm.v1.aes-sha2 in comments, test files. (#7637) + - Convert user directory, state deltas, and stats handlers to + async/await. (#7640) + - Remove some unused constants. (#7644) + - Fix type information on assert_*_is_admin methods. (#7645) + - Convert registration handler to async/await. (#7649) + +------------------------------------------------------------------- +Thu Jun 4 20:54:32 UTC 2020 - Marcus Rueckert + +- make sure we do not pull too new prometheus bindings + +------------------------------------------------------------------- +Thu May 28 11:05:04 UTC 2020 - Marcus Rueckert + +- Update to 1.14.0 + - Features + - Synapse's cache factor can now be configured in + homeserver.yaml by the caches.global_factor setting. + Additionally, caches.per_cache_factors controls the cache + factors for individual caches. (#6391) + - Add OpenID Connect login/registration support. Contributed by + Quentin Gliech, on behalf of les Connecteurs. (#7256, #7457) + - Add room details admin endpoint. Contributed by Awesome + Technologies Innovationslabor GmbH. (#7317) + - Allow for using more than one spam checker module at once. + (#7435) + - Add additional authentication checks for m.room.power_levels + event per MSC2209. (#7502) + - Implement room version 6 per MSC2240. (#7506) + - Add highly experimental option to move event persistence off + master. (#7281, #7374, #7436, #7440, #7475, #7490, #7491, + #7492, #7493, #7495, #7515, #7516, #7517, #7542) + - Bugfixes + - Fix cache config to not apply cache factor to event cache. + Regression in v1.14.0rc1. (#7578) + - Fix bug where ReplicationStreamer was not always started when + replication was enabled. Bug introduced in v1.14.0rc1. + (#7579) + - Fix specifying individual cache factors for caches with + special characters in their name. Regression in v1.14.0rc1. + (#7580) + - Fix a bug where event updates might not be sent over + replication to worker processes after the stream falls + behind. (#7384) + - Allow expired user accounts to log out their device sessions. + (#7443) + - Fix a bug that would cause Synapse not to resync out-of-sync + device lists. (#7453) + - Prevent rooms with 0 members or with invalid version strings + from breaking group queries. (#7465) + - Workaround for an upstream Twisted bug that caused Synapse to + become unresponsive after startup. (#7473) + - Fix Redis reconnection logic that can result in missed + updates over replication if master reconnects to Redis + without restarting. (#7482) + - When sending m.room.member events, omit displayname and + avatar_url if they aren't set instead of setting them to + null. Contributed by Aaron Raimist. (#7497) + - Fix incorrect method label on + synapse_http_matrixfederationclient_{requests,responses} + prometheus metrics. (#7503) + - Ignore incoming presence events from other homeservers if + presence is disabled locally. (#7508) + - Fix a long-standing bug that broke the update remote profile + background process. (#7511) + - Hash passwords as early as possible during password reset. + (#7538) + - Fix bug where a local user leaving a room could fail under + rare circumstances. (#7548) + - Fix "Missing RelayState parameter" error when using user + interactive authentication with SAML for some SAML providers. + (#7552) + - Fix exception 'GenericWorkerReplicationHandler' object has no + attribute 'send_federation_ack', introduced in v1.13.0. + (#7564) + - synctl now warns if it was unable to stop Synapse and will + not attempt to start Synapse if nothing was stopped. + Contributed by Romain Bouyé. (#6590) + - Documentation + - Fix the OIDC client_auth_method value in the sample config. + (#7581) + - Update information about mapping providers for SAML and + OpenID. (#7458) + - Add additional reverse proxy example for Caddy v2. + Contributed by Jeff Peeler. (#7463) + - Fix copy-paste error in ServerNoticesConfig docstring. + Contributed by @ptman. (#7477) + - Improve the formatting of reverse_proxy.md. (#7514) + - Change the systemd worker service to check that the worker + config file exists instead of silently failing. Contributed + by David Vo. (#7528) + - Minor clarifications to the TURN docs. (#7533) + - Internal changes + - Add typing annotations in synapse.federation. (#7382) + - Convert the room handler to async/await. (#7396) + - Improve performance of get_e2e_cross_signing_key. (#7428) + - Improve performance of mark_as_sent_devices_by_remote. + (#7429, #7562) + - Add type hints to the SAML handler. (#7445) + - Remove storage method get_hosts_in_room that is no longer + called anywhere. (#7448) + - Fix some typos in the notice_expiry templates. (#7449) + - Convert the federation handler to async/await. (#7459) + - Convert the search handler to async/await. (#7460) + - Add type hints to synapse.event_auth. (#7505) + - Convert the room member handler to async/await. (#7507) + - Add type hints to room member handler. (#7513) + - Fix typing annotations in tests.replication. (#7518) + - Remove some redundant Python 2 support code. (#7519) + - All endpoints now respond with a 200 OK for OPTIONS requests. + (#7534, #7560) + - Synapse now exports detailed allocator statistics and basic + GC timings as Prometheus metrics (pypy_gc_time_seconds_total + and pypy_memory_bytes) when run under PyPy. Contributed by + Ivan Shapovalov. (#7536) + - Remove Ubuntu Cosmic and Disco from the list of distributions + which we provide .debs for, due to end-of-life. (#7539) + - Make worker processes return a stubbed-out response to GET + /presence requests. (#7545) + - Optimise some references to hs.config. (#7546) + - On upgrade room only send canonical alias once. (#7547) + - Fix some indentation inconsistencies in the sample config. + (#7550) + - Include synapse.http.site in type checking. (#7553) + - Fix some test code to not mangle stacktraces, to make it + easier to debug errors. (#7554) + - Refresh apt cache when building dh_virtualenv docker image. + (#7555) + - Stop logging some expected HTTP request errors as exceptions. + (#7556, #7563) + - Convert sending mail to async/await. (#7557) + - Simplify reap_monthly_active_users. (#7558) + +------------------------------------------------------------------- +Tue May 19 14:54:57 UTC 2020 - Marcus Rueckert + +- Update to 1.13.0 + This release brings some potential changes necessary for certain + configurations of Synapse: + + - If your Synapse is configured to use SSO and have a custom + sso_redirect_confirm_template_dir configuration option set, you + will need to duplicate the new sso_auth_confirm.html, + sso_auth_success.html and sso_account_deactivated.html + templates into that directory. + - Synapse plugins using the complete_sso_login method of + synapse.module_api.ModuleApi should instead switch to the + async/await version, complete_sso_login_async, which includes + additional checks. The former version is now deprecated. + - A bug was introduced in Synapse 1.4.0 which could cause the + room directory to be incomplete or empty if Synapse was + upgraded directly from v1.2.1 or earlier, to versions between + v1.4.0 and v1.12.x. + + Please review UPGRADE.rst for more details on these changes and + for general upgrade guidance. + + For the complete list of changes please refer to + https://github.com/matrix-org/synapse/releases/tag/v1.13.0 + +------------------------------------------------------------------- +Thu Apr 23 15:51:48 UTC 2020 - Marcus Rueckert + +- Update to 1.12.4 + - Features: + - Always send users their own device updates. (#7160) + - Add support for handling GET requests for account_data on a + worker. (#7311) + - Bugfixes: + - Fix a bug that prevented cross-signing with users on + worker-mode synapses. (#7255) + - Do not treat display names as globs in push rules. (#7271) + - Fix a bug with cross-signing devices belonging to remote + users who did not share a room with any user on the local + homeserver. (#7289) + +------------------------------------------------------------------- +Fri Apr 3 12:21:52 UTC 2020 - Marcus Rueckert + +- Update to 1.12.3 + - Remove the pin to Pillow 7.0 which was introduced in Synapse + 1.12.2, and correctly fix the issue with building the Debian + packages. (#7212) + +------------------------------------------------------------------- +Thu Apr 2 18:27:05 UTC 2020 - Marcus Rueckert + +- Update to 1.12.2 + - This release fixes an issue with building the debian packages. + +------------------------------------------------------------------- +Thu Apr 2 16:28:51 UTC 2020 - Marcus Rueckert + +- Update to 1.12.1 + - Fix starting workers when federation sending not split out. + (#7133). Introduced in v1.12.0. + - Avoid importing sqlite3 when using the postgres backend. + Contributed by David Vo. (#7155). Introduced in v1.12.0rc1. + - Fix a bug which could cause outbound federation traffic to stop + working if a client uploaded an incorrect e2e device signature. + (#7177). Introduced in v1.11.0. + +------------------------------------------------------------------- +Tue Mar 24 15:31:47 UTC 2020 - Marcus Rueckert + +- use %requires_eq for runtime dependencies to make sure we always + use the versions we built with. we ran into cases where the + distro package was new enough according to the setup dependencies + but those were not up2date with the actual code. + +------------------------------------------------------------------- +Mon Mar 23 14:36:36 UTC 2020 - Marcus Rueckert + +- Update to 1.12.0 + Synapse may be vulnerable to request-smuggling attacks when it is + used with a reverse-proxy. The vulnerabilties are fixed in + Twisted 20.3.0, and are described in + [CVE-2020-10108](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10108) + and + [CVE-2020-10109](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10109). + For a good introduction to this class of request-smuggling + attacks, see + https://portswigger.net/research/http-desync-attacks-request-smuggling-reborn. + + We are not aware of these vulnerabilities being exploited in the + wild, and do not believe that they are exploitable with current + versions of any reverse proxies. Nevertheless, we recommend that + all Synapse administrators ensure that they have the latest + versions of the Twisted library to ensure that their installation + remains secure. + + - Features + - Changes related to room alias management + ([MSC2432](https://github.com/matrix-org/matrix-doc/pull/2432)): + - Publishing/removing a room from the room directory now + requires the user to have a power level capable of + modifying the canonical alias, instead of the room aliases. + ([\#6965](https://github.com/matrix-org/synapse/issues/6965)) + - Validate the `alt_aliases` property of canonical alias + events. + ([\#6971](https://github.com/matrix-org/synapse/issues/6971)) + - Users with a power level sufficient to modify the canonical + alias of a room can now delete room aliases. + ([\#6986](https://github.com/matrix-org/synapse/issues/6986)) + - Implement updated authorization rules and redaction rules + for aliases events, from + [MSC2261](https://github.com/matrix-org/matrix-doc/pull/2261) + and + [MSC2432](https://github.com/matrix-org/matrix-doc/pull/2432). + ([\#7037](https://github.com/matrix-org/synapse/issues/7037)) + - Stop sending m.room.aliases events during room creation and + upgrade. + ([\#6941](https://github.com/matrix-org/synapse/issues/6941)) + - Synapse no longer uses room alias events to calculate room + names for push notifications. + ([\#6966](https://github.com/matrix-org/synapse/issues/6966)) + - The room list endpoint no longer returns a list of aliases. + ([\#6970](https://github.com/matrix-org/synapse/issues/6970)) + - Remove special handling of aliases events from + [MSC2260](https://github.com/matrix-org/matrix-doc/pull/2260) + added in v1.10.0rc1. + ([\#7034](https://github.com/matrix-org/synapse/issues/7034)) + - Expose the `synctl`, `hash_password` and `generate_config` + commands in the snapcraft package. Contributed by @devec0. + ([\#6315](https://github.com/matrix-org/synapse/issues/6315)) + - Check that server_name is correctly set before running + database updates. + ([\#6982](https://github.com/matrix-org/synapse/issues/6982)) + - Break down monthly active users by `appservice_id` and emit + via Prometheus. + ([\#7030](https://github.com/matrix-org/synapse/issues/7030)) + - Render a configurable and comprehensible error page if + something goes wrong during the SAML2 authentication process. + ([\#7058](https://github.com/matrix-org/synapse/issues/7058), + [\#7067](https://github.com/matrix-org/synapse/issues/7067)) + - Add an optional parameter to control whether other sessions + are logged out when a user's password is modified. + ([\#7085](https://github.com/matrix-org/synapse/issues/7085)) + - Add prometheus metrics for the number of active pushers. + ([\#7103](https://github.com/matrix-org/synapse/issues/7103), + [\#7106](https://github.com/matrix-org/synapse/issues/7106)) + - Improve performance when making HTTPS requests to sygnal, + sydent, etc, by sharing the SSL context object between + connections. + ([\#7094](https://github.com/matrix-org/synapse/issues/7094)) + - Bugfixes + - When a user's profile is updated via the admin API, also + generate a displayname/avatar update for that user in each + room. + ([\#6572](https://github.com/matrix-org/synapse/issues/6572)) + - Fix a couple of bugs in email configuration handling. + ([\#6962](https://github.com/matrix-org/synapse/issues/6962)) + - Fix an issue affecting worker-based deployments where + replication would stop working, necessitating a full restart, + after joining a large room. + ([\#6967](https://github.com/matrix-org/synapse/issues/6967)) + - Fix `duplicate key` error which was logged when rejoining a + room over federation. + ([\#6968](https://github.com/matrix-org/synapse/issues/6968)) + - Prevent user from setting 'deactivated' to anything other + than a bool on the v2 PUT /users Admin API. + ([\#6990](https://github.com/matrix-org/synapse/issues/6990)) + - Fix py35-old CI by using native tox package. + ([\#7018](https://github.com/matrix-org/synapse/issues/7018)) + - Fix a bug causing `org.matrix.dummy_event` to be included in + responses from `/sync`. + ([\#7035](https://github.com/matrix-org/synapse/issues/7035)) + - Fix a bug that renders UTF-8 text files incorrectly when + loaded from media. Contributed by @TheStranjer. + ([\#7044](https://github.com/matrix-org/synapse/issues/7044)) + - Fix a bug that would cause Synapse to respond with an error + about event visibility if a client tried to request the state + of a room at a given token. + ([\#7066](https://github.com/matrix-org/synapse/issues/7066)) + - Repair a data-corruption issue which was introduced in + Synapse 1.10, and fixed in Synapse 1.11, and which could + cause `/sync` to return with 404 errors about missing events + and unknown rooms. + ([\#7070](https://github.com/matrix-org/synapse/issues/7070)) + - Fix a bug causing account validity renewal emails to be sent + even if the feature is turned off in some cases. + ([\#7074](https://github.com/matrix-org/synapse/issues/7074)) + - Improved Documentation + - Updated CentOS8 install instructions. Contributed by Richard + Kellner. + ([\#6925](https://github.com/matrix-org/synapse/issues/6925)) + - Fix `POSTGRES_INITDB_ARGS` in the + `contrib/docker/docker-compose.yml` example docker-compose + configuration. + ([\#6984](https://github.com/matrix-org/synapse/issues/6984)) + - Change date in [INSTALL.md](./INSTALL.md#tls-certificates) + for last date of getting TLS certificates to November 2019. + ([\#7015](https://github.com/matrix-org/synapse/issues/7015)) + - Document that the fallback auth endpoints must be routed to + the same worker node as the register endpoints. + ([\#7048](https://github.com/matrix-org/synapse/issues/7048)) + - Deprecations and Removals + - Remove the unused query_auth federation endpoint per + [MSC2451](https://github.com/matrix-org/matrix-doc/pull/2451). + ([\#7026](https://github.com/matrix-org/synapse/issues/7026)) + - Internal Changes + - Add type hints to `logging/context.py`. + ([\#6309](https://github.com/matrix-org/synapse/issues/6309)) + - Add some clarifications to `README.md` in the database schema + directory. + ([\#6615](https://github.com/matrix-org/synapse/issues/6615)) + - Refactoring work in preparation for changing the event + redaction algorithm. + ([\#6874](https://github.com/matrix-org/synapse/issues/6874), + [\#6875](https://github.com/matrix-org/synapse/issues/6875), + [\#6983](https://github.com/matrix-org/synapse/issues/6983), + [\#7003](https://github.com/matrix-org/synapse/issues/7003)) + - Improve performance of v2 state resolution for large rooms. + ([\#6952](https://github.com/matrix-org/synapse/issues/6952), + [\#7095](https://github.com/matrix-org/synapse/issues/7095)) + - Reduce time spent doing GC, by freezing objects on startup. + ([\#6953](https://github.com/matrix-org/synapse/issues/6953)) + - Minor perfermance fixes to `get_auth_chain_ids`. + ([\#6954](https://github.com/matrix-org/synapse/issues/6954)) + - Don't record remote cross-signing keys in the `devices` + table. + ([\#6956](https://github.com/matrix-org/synapse/issues/6956)) + - Use flake8-comprehensions to enforce good hygiene of + list/set/dict comprehensions. + ([\#6957](https://github.com/matrix-org/synapse/issues/6957)) + - Merge worker apps together. + ([\#6964](https://github.com/matrix-org/synapse/issues/6964), + [\#7002](https://github.com/matrix-org/synapse/issues/7002), + [\#7055](https://github.com/matrix-org/synapse/issues/7055), + [\#7104](https://github.com/matrix-org/synapse/issues/7104)) + - Remove redundant `store_room` call from + `FederationHandler._process_received_pdu`. + ([\#6979](https://github.com/matrix-org/synapse/issues/6979)) + - Update warning for incorrect database collation/ctype to + include link to documentation. + ([\#6985](https://github.com/matrix-org/synapse/issues/6985)) + - Add some type annotations to the database storage classes. + ([\#6987](https://github.com/matrix-org/synapse/issues/6987)) + - Port `synapse.handlers.presence` to async/await. + ([\#6991](https://github.com/matrix-org/synapse/issues/6991), + [\#7019](https://github.com/matrix-org/synapse/issues/7019)) + - Add some type annotations to the federation base & client + classes. + ([\#6995](https://github.com/matrix-org/synapse/issues/6995)) + - Port `synapse.rest.keys` to async/await. + ([\#7020](https://github.com/matrix-org/synapse/issues/7020)) + - Add a type check to `is_verified` when processing room keys. + ([\#7045](https://github.com/matrix-org/synapse/issues/7045)) + - Add type annotations and comments to the auth handler. + ([\#7063](https://github.com/matrix-org/synapse/issues/7063)) + +------------------------------------------------------------------- +Tue Mar 3 21:43:02 UTC 2020 - Marcus Rueckert + +- Update to 1.11.1 + This release includes a security fix impacting installations + using Single Sign-On (i.e. SAML2 or CAS) for authentication. + Administrators of such installations are encouraged to upgrade as + soon as possible. + + - Bugfixes + - Add a confirmation step to the SSO login flow before + redirecting users to the redirect URL. + ([b2bd54a2](https://github.com/matrix-org/synapse/commit/b2bd54a2e31d9a248f73fadb184ae9b4cbdb49f9), + [65c73cdf](https://github.com/matrix-org/synapse/commit/65c73cdfec1876a9fec2fd2c3a74923cd146fe0b), + [a0178df1](https://github.com/matrix-org/synapse/commit/a0178df10422a76fd403b82d2b2a4ed28a9a9d1e)) + - Fixed set a user as an admin with the admin API `PUT + /_synapse/admin/v2/users/`. Contributed by + @dklimpel. + ([\#6910](https://github.com/matrix-org/synapse/issues/6910)) + - Fix bug introduced in Synapse 1.11.0 which sometimes caused + errors when joining rooms over federation, with `'coroutine' + object has no attribute 'event_id'`. + ([\#6996](https://github.com/matrix-org/synapse/issues/6996)) + +------------------------------------------------------------------- +Fri Feb 21 15:12:49 UTC 2020 - Marcus Rueckert + +- track series file to make updating patches easier + +------------------------------------------------------------------- +Fri Feb 21 12:58:18 UTC 2020 - Aleksa Sarai + +- Update to 1.11.0. + + * Limit the number of events that can be requested by the backfill federation + API to 100. + * Reject device display names over 100 characters in length to prevent abuse. + * Implement new aliases endpoint as per MSC2432. + * Stop sending m.room.alias events wheng adding / removing aliases. Check + alt_aliases in the latest m.room.canonical_alias event when deleting an + alias. + * Change the default power levels of invites, tombstones and server ACLs for + new rooms. + + The full changelog is included in + /usr/share/doc/packages/matrix-synapse/CHANGES.md. + +------------------------------------------------------------------- +Tue Feb 18 01:44:41 UTC 2020 - Aleksa Sarai + +- Update to 1.10.1. + + * Fix a bug introduced in Synapse 1.10.0 which would cause room state to be + cleared in the database if Synapse was upgraded direct from 1.2.1 or + earlier to 1.10.0. + + The full changelog is included in + /usr/share/doc/packages/matrix-synapse/CHANGES.md. + +------------------------------------------------------------------- +Wed Feb 12 16:01:46 UTC 2020 - Marcus Rueckert + +- bump requires on python3-signedjson to follow code change + +------------------------------------------------------------------- +Wed Feb 12 13:51:08 UTC 2020 - Aleksa Sarai + +- Update to 1.10.0. + + WARNING to client developers: As of this release Synapse validates + client_secret parameters in the Client-Server API as per the spec. See #6766 + for details. + + + Add experimental support for updated authorization rules for aliases + events, from MSC2260. + + Variety of E2EE improvements, most notably: + * Fix bug where querying a remote user's device keys that weren't cached + resulted in only returning a single device. + * Fix bug where Synapse didn't invalidate cache of remote users' devices + when Synapse left a room. + * Detect unknown remote devices and mark cache as stale. + * Attempt to resync remote users' devices when detected as stale. + * When a client asks for a remote user's device keys check if the local + cache for that user has been marked as potentially stale. + * Detect unexpected sender keys on remote encrypted events and resync + device lists. + * Fix an issue with cross-signing where device signatures were not sent to + remote servers. + + The full changelog is included in + /usr/share/doc/packages/matrix-synapse/CHANGES.md. + +------------------------------------------------------------------- +Tue Jan 28 14:34:39 UTC 2020 - Marcus Rueckert + +- update to 1.9.1 + Fix bug where setting mau_limit_reserved_threepids config would + cause Synapse to refuse to start. (#6793) + +------------------------------------------------------------------- +Thu Jan 23 16:06:38 UTC 2020 - Marcus Rueckert + +- package cleanup + - make sure we have all libraries to actually install the package: + - buildrequires all runtime requirements + - (build)require python3-typing_extensions + - having it use the python package name is not really useful here. + - refreshed and renamed better-paths.patch to + matrix-synapse-1.4.1-paths.patch + - also fix existing synapse user + - group to synapse instead of nogroup + - home directory to /var/lib/matrix-synapse + - shell to /bin/false (which actually exists) + - improvements to the logging configuration: + - install copy of the current /etc/matrix-synapse/log.yaml as + /etc/matrix-synapse/log.systemd.yaml + - install /etc/matrix-synapse/log.file.yaml which logs to + /var/log/matrix-synapse/homeserver.log + - add the log directory /var/log/matrix-synapse/ + - added README.SUSE + - better way to bootstrap a new config: + 1. ExecStartPre would have never worked anyway + 2. added %{_sbindir}/matrix-synapse-generate-config + Usage: + %{_sbindir}/matrix-synapse-generate-config servername + - fix group and shell for the synapse user + - added better-paths.patch + - put the pid file into /run/matrix-synapse/ + - use a default logging config in /etc/matrix-synapse/log.yaml + to have systemd logging by default + - use full path in the service file + - actually use source 50 instead of the service file in the tarball + - make permissions tighter on the config files as it contains + passwords and other secrets: + root:synapse u=rwX,g=rX,o= + +------------------------------------------------------------------- +Thu Jan 23 13:45:22 UTC 2020 - Aleksa Sarai + +- Update to 1.9.0. + + WARNING: As of this release, Synapse no longer supports versions of SQLite + before 3.11, and will refuse to start when configured to use an older + version. Administrators are recommended to migrate their database to Postgres + (see instructions here). + + WARNING: If your Synapse deployment uses workers, note that the reverse-proxy + configurations for the synapse.app.media_repository, + synapse.app.federation_reader and synapse.app.event_creator workers have + changed, with the addition of a few paths (see the updated configurations + here). Existing configurations will continue to work. + + + Allow admin to create or modify a user. + + Add new quarantine media admin APIs to quarantine by media ID or by user + who uploaded the media. + + Add a new admin API to list and filter rooms on the server. + + Add org.matrix.e2e_cross_signing to unstable_features in /versions. + + The full changelog is included in + /usr/share/doc/packages/matrix-synapse/CHANGES.md. + +------------------------------------------------------------------- +Fri Jan 10 13:41:50 UTC 2020 - Aleksa Sarai + +- Update to 1.8.0. + + WARNING: As of this release Synapse will refuse to start if the log_file + config option is specified. Support for the option was removed in v1.3.0. + + * Add v2 APIs for the send_join and send_leave federation endpoints (as + described in MSC1802). + * Add a develop script to generate full SQL schemas. + * Add custom SAML username mapping functinality through an external provider + plugin. + * Automatically delete empty groups/communities. + * Add option limit_profile_requests_to_users_who_share_rooms to prevent + requirement of a local user sharing a room with another user to query their + profile information. + * Add an export_signing_key script to extract the public part of signing keys + when rotating them. + * Add experimental config option to specify multiple databases. + * Raise an error if someone tries to use the log_file config option. + + The full changelog is included in + /usr/share/doc/packages/matrix-synapse/CHANGES.md. + +------------------------------------------------------------------- +Wed Jan 1 03:26:40 UTC 2020 - Aleksa Sarai + +- Update to 1.7.3. + + * Fix exceptions caused by state resolution choking on malformed events. + + The full changelog is included in + /usr/share/doc/packages/matrix-synapse/CHANGES.md. + +------------------------------------------------------------------- +Sat Dec 21 00:57:27 UTC 2019 - Aleksa Sarai + +- Use packaged service file not the one in the repo (the one in the repo is + completely broken for openSUSE). + +------------------------------------------------------------------- +Fri Dec 20 18:09:31 UTC 2019 - Aleksa Sarai + +- Update to 1.7.2. + + * Fix a regression introduced in Synapse 1.7.1 which caused errors when + attempting to backfill rooms over federation. + * Fix a bug introduced in Synapse 1.7.0 which caused an error on startup when + upgrading from versions before 1.3.0. + + The full changelog is included in + /usr/share/doc/packages/matrix-synapse/CHANGES.md. + +------------------------------------------------------------------- +Wed Dec 18 12:02:59 UTC 2019 - Aleksa Sarai + +- Update to 1.7.1. + + This update fixes several major security issues. Users are very strongly + recommended to update as soon as possible. + + * Fix a bug which could cause room events to be incorrectly authorized using + events from a different room. + * Fix a bug causing responses to the /context client endpoint to not use the + pruned version of the event. + * Fix a cause of state resets in room versions 2 onwards. + * Fix a bug which could cause the federation server to incorrectly return + errors when handling certain obscure event graphs. + + The full changelog is included in + /usr/share/doc/packages/matrix-synapse/CHANGES.md. + +------------------------------------------------------------------- +Fri Dec 13 13:23:59 UTC 2019 - Aleksa Sarai + +- Update to 1.7.0. + + * Implement per-room message retention policies. + * Add etag and count fields to key backup endpoints to help clients guess if + there are new keys. + * Configure privacy-preserving settings by default for the room directory. + * Add ephemeral messages support by partially implementing MSC2228. + * Add support for MSC 2367, which allows specifying a reason on all + membership events. + + The full changelog is included in + /usr/share/doc/packages/matrix-synapse/CHANGES.md. + + https://github.com/matrix-org/synapse/releases/tag/v1.7.0 + Please make sure to read the Upgrade notes referenced in the + above. + +------------------------------------------------------------------- +Thu Nov 28 17:41:02 UTC 2019 - Aleksa Sarai + +- Drop matrix-synapse-ldap from enabled conditional requirements, because the + package is not longer available in openSUSE repos. If someone really wants + the feature they can help re-package it. + +------------------------------------------------------------------- +Thu Nov 28 12:04:57 UTC 2019 - Aleksa Sarai + +- Update to 1.6.1. + + * Clean up local threepids from user on account deactivation. + * Fix startup error when http proxy is defined. + + The full changelog is included in + /usr/share/doc/packages/matrix-synapse/CHANGES.md. + +------------------------------------------------------------------- +Thu Nov 28 08:48:16 UTC 2019 - Aleksa Sarai + +- Update to 1.6.0. + + + Add federation support for cross-signing. + + Increase default room version from 4 to 5, thereby enforcing server key + validity period checks. + + Add support for outbound http proxying via http_proxy/HTTPS_PROXY env vars. + + Implement label-based filtering on /sync and /messages (MSC2326). + + The full changelog is included in + /usr/share/doc/packages/matrix-synapse/CHANGES.md. + +------------------------------------------------------------------- +Mon Nov 18 11:16:03 UTC 2019 - Aleksa Sarai + +- Update to 1.5.1. + + * Limit the length of data returned by url previews, to prevent DoS attacks. + + The full changelog is included in + /usr/share/doc/packages/matrix-synapse/CHANGES.md. + +------------------------------------------------------------------- +Wed Oct 30 02:20:29 UTC 2019 - Aleksa Sarai + +- Update to 1.5.0. + + + Improve quality of thumbnails for 1-bit/8-bit color palette images. + + Add ability to upload cross-signing signatures. + + Allow uploading of cross-signing keys. + + CAS login now provides a default display name for users if a + displayname_attribute is set in the configuration file. + + Reject all pending invites for a user during deactivation. + + Add config option to suppress client side resource limit alerting. + + * Improve signature checking on some federation APIs. + + The full changelog is included in + /usr/share/doc/packages/matrix-synapse/CHANGES.md. + +------------------------------------------------------------------- +Fri Oct 18 13:36:18 UTC 2019 - Aleksa Sarai + +- Update to 1.4.1. + + * Fix bug where redacted events were sometimes incorrectly censored in the + database, breaking APIs that attempted to fetch such events. + + The full changelog is included in + /usr/share/doc/packages/matrix-synapse/CHANGES.md. + +------------------------------------------------------------------- +Thu Oct 3 22:16:13 UTC 2019 - Aleksa Sarai + +- Do not include ACME support by default (txacme is broken in openSUSE). +- Update to 1.4.0. boo#1153017 + + * Significant improvements to data privacy. + * Expansion of OpenTracing support. + * Enable "forward extremities" mitigation by default. + + The full changelog is included in + /usr/share/doc/packages/matrix-synapse/CHANGES.md. + +------------------------------------------------------------------- +Thu Jul 25 16:18:56 UTC 2019 - Aleksa Sarai + +- Update to 1.2.0. + + * Add support for OpenTracing. + * Add default push rule to ignore reactions. + * Enable aggregations (reactions and edits) support by default. + + The full changelog is included in + /usr/share/doc/packages/matrix-synapse/CHANGES.md. +- Remove unneeded patches: + - 0001-requirements-prometheus_client.patch + +------------------------------------------------------------------- +Fri Jul 5 15:29:57 UTC 2019 - Aleksa Sarai + +- Update to 1.1.0. + + As of v1.1.0, Synapse no longer supports Python 2, nor Postgres version 9.4. + Thus, we no longer package a Python 2 version of this package. Some other key + changes include: + + * Add monthly active users to phonehome stats. + * Allow server admins to define implementations of extra rules for allowing + or denying incoming events. + * Add --data-dir and --open-private-ports options. + * The minimum TLS version used for outgoing federation requests can now be + set with federation_client_minimum_tls_version. + * Optimise devices changed query to not pull unnecessary rows from the + database, reducing database load. + + The full changelog is included in + /usr/share/doc/packages/matrix-synapse/CHANGES.md. +- Rebase patches: + * 0001-requirements-prometheus_client.patch + +------------------------------------------------------------------- +Fri Jun 28 08:16:05 UTC 2019 - Aleksa Sarai + +- Obsolete the old split-Python packages, so that upgrading works smoothly. + +------------------------------------------------------------------- +Tue Jun 25 10:48:03 UTC 2019 - Aleksa Sarai + +- Un-Requires prometheus_client<0.4.0. The Requires made it impossible to use + matrix-synapse on openSUSE for very little good reason (prometheus metrics + will still work on post-0.4.0 prometheus_client, but with changed names). + Debian and many other distributions do the same here. + + 0001-requirements-prometheus_client.patch + +------------------------------------------------------------------- +Wed Jun 12 02:26:48 UTC 2019 - Aleksa Sarai + +- Update to 1.0.0. + + This is the first stable release of synapse. It includes a large number of + changes but the highlights are: + + * Ability to configured default room version (with the default now being v4, + which has improved state resolution algorithms and event IDs). + * The complete removal of "perspectives" support, with all homeservers now + being required to use valid TLS certificates (there has been a transition + period for several months from the release of 0.99). + * Experimental support for "relations" (reactions and edits). + + The full changelog is included in + /usr/share/doc/packages/matrix-synapse/CHANGES.md. + +------------------------------------------------------------------- +Fri May 31 00:04:50 UTC 2019 - Aleksa Sarai + +- Update to 0.99.5.2. + + Fix bug where we leaked extremities when we soft failed events, leading to + performance degradation. + + The full changelog is included in + /usr/share/doc/packages/matrix-synapse/CHANGES.md. + +------------------------------------------------------------------- +Tue May 28 01:18:34 UTC 2019 - Aleksa Sarai + +- Rework testing to use a separate specfile for testing matrix-synapse. + +------------------------------------------------------------------- +Thu May 23 00:13:47 UTC 2019 - Aleksa Sarai + +- Update to 0.99.5.1. + + The full changelog is included in + /usr/share/doc/packages/matrix-synapse/CHANGES.md. + +------------------------------------------------------------------- +Wed May 15 13:19:23 UTC 2019 - Aleksa Sarai + +- Update to 0.99.4. + + The full changelog is included in + /usr/share/doc/packages/matrix-synapse/CHANGES.md. + +------------------------------------------------------------------- +Wed May 8 00:47:56 UTC 2019 - Aleksa Sarai + +- Update to 0.99.3.2. + + This includes two security fixes: + * Switch to using a cryptographically-secure random number generator for + token strings, ensuring they cannot be predicted by an attacker. + * Blacklist 0.0.0.0 and :: by default for URL previews. + + The full changelog is included in + /usr/share/doc/packages/matrix-synapse/CHANGES.md. + +------------------------------------------------------------------- +Sun Apr 14 18:35:48 UTC 2019 - Aleksa Sarai + +- Update to 0.99.3. + + The primary changes to previous versions are that self-signed certificates + will no longer be generated, and instead LetsEncrypt certificates will be + requested instead. Users are strongly recommended to update to this version, + because pre-0.99 servers (using self-signed certificates and the perspectives + system) will no longer be able to federate with post-1.0 servers. + + The full changelog is included in + /usr/share/doc/packages/matrix-synapse/CHANGES.md. + +------------------------------------------------------------------- +Wed Feb 20 11:42:00 UTC 2019 - Oliver Kurz + +- Fix build on python3 based repos + +------------------------------------------------------------------- +Sat Feb 2 15:32:06 UTC 2019 - fcrozat@suse.com + +- Fix systemd service to follow paths used by package and ensure + proper version version is used. +- Add explicit requires on python-lxml, required when using + url preview. + +------------------------------------------------------------------- +Mon Jan 14 07:44:26 UTC 2019 - ecsos@opensuse.org + +- For test purpose a matrix server will be start. But never been + stopped. Fix that server will be stoped after test. + +------------------------------------------------------------------- +Sun Jan 13 18:22:20 UTC 2019 - Oliver Kurz + +- Update to 0.34.1.1 + This release fixes CVE-2019-5885 and is recommended for all users of Synapse + 0.34.1. This release is compatible with Python 2.7 and 3.5+. Python 3.7 is + fully supported. + * Bugfixes + - Fix spontaneous logout on upgrade (#4374) + * Internal Changes + - Add better logging for unexpected errors while sending transactions + (#4361, #4362) + - Getting URL previews of IP addresses no longer fails on Python 3. + (#4215) + - drop undocumented dependency on dateutil (#4266) + - Update the example systemd config to use a virtualenv (#4273) + - Update link to kernel DCO guide (#4274) + - Make isort tox check print diff when it fails (#4283) + - Log room_id in Unknown room errors (#4297) + - Documentation improvements for coturn setup. Contributed by Krithin + Sitaram. (#4333) + - Update pull request template to use absolute links (#4341) + - Update README to not lie about required restart when updating TLS + certificates (#4343) + - Update debian packaging for compatibility with transitional package + (#4349) + - Fix command hint to generate a config file when trying to start without + a config file (#4353) + - Add better logging for unexpected errors while sending transactions + (#4358) + * Features + - Special-case a support user for use in verifying behaviour of a given + server. The support user does not appear in user directory or monthly + active user counts. (#4141, #4344) + - Support for serving .well-known files (#4262) + - Rework SAML2 authentication (#4265, #4267) + - SAML2 authentication: Initialise user display name from SAML2 data + (#4272) + - Synapse can now have its conditional/extra dependencies installed by + pip. This functionality can be used by using `pip install + matrix-synapse[feature]`, where feature is a comma separated list with + the possible values `email.enable_notifs`, `matrix-synapse-ldap3`, + `postgres`, `resources.consent`, `saml2`, `url_preview`, and `test`. If + you want to install all optional dependencies, you can use "all" + instead. (#4298, #4325, #4327) + - Add routes for reading account data. (#4303) + - Add opt-in support for v2 rooms (#4307) + - Add a script to generate a clean config file (#4315) + - Return server data in /login response (#4319) + * Bugfixes + - Fix contains_url check to be consistent with other instances in + code-base and check that value is an instance of string. (#3405) + - Fix CAS login when username is not valid in an MXID (#4264) + - Send CORS headers for /media/config (#4279) + - Add 'sandbox' to CSP for media reprository (#4284) + - Make the new landing page prettier. (#4294) + - Fix deleting E2E room keys when using old SQLite versions. (#4295) + - The metric synapse_admin_mau:current previously did not update when + config.mau_stats_only was set to True (#4305) + - Fixed per-room account data filters (#4309) + - Fix indentation in default config (#4313) + - Fix synapse:latest docker upload (#4316) + - Fix test_metric.py compatibility with prometheus_client 0.5. Contributed + by Maarten de Vries . (#4317) + - Avoid packaging _trial_temp directory in -py3 debian packages (#4326) + - Check jinja version for consent resource (#4327) + - fix NPE in /messages by checking if all events were filtered out (#4330) + - Fix `python -m synapse.config` on Python 3. (#4356) + * Deprecations and Removals + - Remove the deprecated v1/register API on Python 2. It was never ported + to Python 3. (#4334) + +------------------------------------------------------------------- +Sat Dec 29 10:11:21 UTC 2018 - Oliver Kurz + +- Switch to python3 by default on newer product versions as suggested by upstream + +------------------------------------------------------------------- +Sun Dec 23 10:00:29 UTC 2018 - ecsos@opensuse.org + +- Update to 0.34.0 + Synapse 0.34.0 is the first release to fully support Python 3. + Synapse will now run on Python versions 3.5 or 3.6 + (as well as 2.7). Support for Python 3.7 remains experimental. + + * Features + - Add 'sandbox' to CSP for media reprository (#4284) + - Make the new landing page prettier. (#4294) + - Fix deleting E2E room keys when using old SQLite versions. (#4295) + - Add a welcome page for the client API port. Credit to @krombel! (#4289) + - Remove Matrix console from the default distribution (#4290) + - Add option to track MAU stats (but not limit people) (#3830) + - Add an option to enable recording IPs for appservice users (#3831) + - Rename login type m.login.cas to m.login.sso (#4220) + - Add an option to disable search for homeservers that may not be interested in it. (#4230) + * Bugfixes + - Pushrules can now again be made with non-ASCII rule IDs. (#4165) + - The media repository now no longer fails to decode UTF-8 filenames when downloading remote media. (#4176) + - URL previews now correctly decode non-UTF-8 text if the header contains a synapse (#3897) + - Increase the timeout when filling missing events in federation requests (#3903) + - Improve the logging when handling a federation transaction (#3904, #3966) + - Improve logging of outbound federation requests (#3906, #3909) + - Fix the docker image building on python 3 (#3911) + - Add a regression test for logging failed HTTP requests on Python 3. (#3912) + - Comments and interface cleanup for on_receive_pdu (#3924) + - Fix spurious exceptions when remote http client closes conncetion (#3925) + - Log exceptions thrown by background tasks (#3927) + - Add a cache to get_destination_retry_timings (#3933, #3991) + - Automate pushes to docker hub (#3946) + - Require attrs 16.0.0 or later (#3947) + - Fix incompatibility with python3 on alpine (#3948) + - Run the test suite on the oldest supported versions of our dependencies in CI. (#3952) + - CircleCI now only runs merged jobs on PRs, and commit jobs on develop, master, and release branches. (#3957) + - Fix docstrings and add tests for state store methods (#3958) + - fix docstring for FederationClient.get_state_for_room (#3963) + - Run notify_app_services as a bg process (#3965) + - Clarifications in FederationHandler (#3967) + - Further reduce the docker image size (#3972) + - Build py3 docker images for docker hub too (#3976) + - Updated the installation instructions to point to the matrix-synapse package on PyPI. (#3985) + - Disable USE_FROZEN_DICTS for unittests by default. (#3987) + - Remove unused Jenkins and development related files from the repo. (#3988) + - Improve stacktraces in certain exceptions in the logs (#3989) + - Pin to prometheus_client<0.4 to avoid renaming all of our metrics (#4002) + +- Changes from 0.33.5.1 + * Internal Changes + - Fix incompatibility with older Twisted version in tests. Thanks @OlegGirko! (#3940) + +- Changes from 0.33.5 + * Features + - Python 3.5 and 3.6 support is now in beta. (#3576) + - Implement event_format filter param in /sync (#3790) + - Add synapse_admin_mau:registered_reserved_users metric to expose number of real reaserved users (#3846) + * Bugfixes + - Remove connection ID for replication prometheus metrics, as it creates a large number of new series. (#3788) + - guest users should not be part of mau total (#3800) + - Bump dependency on pyopenssl 16.x, to avoid incompatibility with recent Twisted. (#3804) + - Fix existing room tags not coming down sync when joining a room (#3810) + - Fix jwt import check (#3824) + - fix VOIP crashes under Python 3 (#3821) (#3835) + - Fix manhole so that it works with latest openssh clients (#3841) + - Fix outbound requests occasionally wedging, which can result in federation breaking between servers. (#3845) + - Show heroes if room name/canonical alias has been deleted (#3851) + - Fix handling of redacted events from federation (#3859) + - (#3874) + - Mitigate outbound federation randomly becoming wedged (#3875) + * Internal Changes + - CircleCI tests now run on the potential merge of a PR. (#3704) + - http/ is now ported to Python 3. (#3771) + - Improve human readable error messages for threepid registration/account update (#3789) + - Make /sync slightly faster by avoiding needless copies (#3795) + - handlers/ is now ported to Python 3. (#3803) + - Limit the number of PDUs/EDUs per federation transaction (#3805) + - Only start postgres instance for postgres tests on Travis CI (#3806) + - tests/ is now ported to Python 3. (#3808) + - crypto/ is now ported to Python 3. (#3822) + - rest/ is now ported to Python 3. (#3823) + - add some logging for the keyring queue (#3826) + - speed up lazy loading by 2-3x (#3827) + - Improved Dockerfile to remove build requirements after building reducing the image size. (#3834) + - Disable lazy loading for incremental syncs for now (#3840) + - federation/ is now ported to Python 3. (#3847) + - Log when we retry outbound requests (#3853) + - Removed some excess logging messages. (#3855) + - Speed up purge history for rooms that have been previously purged (#3856) + - Refactor some HTTP timeout code. (#3857) + - Fix running merged builds on CircleCI (#3858) + - Fix typo in replication stream exception. (#3860) + - Add in flight real time metrics for Measure blocks (#3871) + - Disable buffering and automatic retrying in treq requests to prevent timeouts. (#3872) + - mention jemalloc in the README (#3877) + - Remove unmaintained "nuke-room-from-db.sh" script (#3888) + +------------------------------------------------------------------- +Tue Sep 11 10:03:08 UTC 2018 - fcrozat@suse.com + +- Update to version 0.33.4: + * Features: + - Support profile API endpoints on workers (#3659) + - Server notices for resource limit blocking (#3680) + - Allow guests to use /rooms/:roomId/event/:eventId (#3724) + - Add mau_trial_days config param, so that users only get counted as MAU after N days. (#3749) + - Require twisted 17.1 or later (fixes #3741). (#3751) + * Bugfixes: + - Fix error collecting prometheus metrics when run on dedicated thread due to threading concurrency issues (#3722) + - Fix bug where we resent “limit exceeded” server notices repeatedly (#3747) + - Fix bug where we broke sync when using limit_usage_by_mau but hadn’t configured server notices (#3753) + - Fix ‘federation_domain_whitelist’ such that an empty list correctly blocks all outbound federation traffic (#3754) + - Fix tagging of server notice rooms (#3755, #3756) + - Fix ‘admin_uri’ config variable and error parameter to be ‘admin_contact’ to match the spec. (#3758) + - Don’t return non-LL-member state in incremental sync state blocks (#3760) + - Fix bug in sending presence over federation (#3768) + - Fix bug where preserved threepid user comes to sign up and server is mau blocked (#3777) + +------------------------------------------------------------------- +Thu Sep 6 12:24:04 UTC 2018 - fcrozat@suse.com + +- Update to version 0.33.3.1: + * SECURITY FIXES: + - Fix an issue where event signatures were not always correctly validated (#3796) + - Fix an issue where server_acls could be circumvented for incoming events (#3796) + +------------------------------------------------------------------- +Mon Aug 27 13:30:05 UTC 2018 - fcrozat@suse.com + +- Update to version 0.33.3: + * Features: + - Add support for the SNI extension to federation TLS connections. Thanks to @vojeroen! (#3439) + - Add /_media/r0/config (#3184) + - speed up /members API and add at and membership params as per MSC1227 (#3568) + - implement summary block in /sync response as per MSC688 (#3574) + - Add lazy-loading support to /messages as per MSC1227 (#3589) + - Add ability to limit number of monthly active users on the server (#3633) + - Support more federation endpoints on workers (#3653) + - Basic support for room versioning (#3654) + - Ability to disable client/server Synapse via conf toggle (#3655) + - Ability to whitelist specific threepids against monthly active user limiting (#3662) + - Add some metrics for the appservice and federation event sending loops (#3664) + - Where server is disabled, block ability for locked out users to read new messages (#3670) + - set admin uri via config, to be used in error messages where the user should contact the administrator (#3687) + - Synapse's presence functionality can now be disabled with the "use_presence" configuration option. (#3694) + - For resource limit blocked users, prevent writing into rooms (#3708) + * Bugfixes: + - Fix occasional glitches in the synapse_event_persisted_position metric (#3658) + - Fix bug on deleting 3pid when using identity servers that don't support unbind API (#3661) + - Make the tests pass on Twisted < 18.7.0 (#3676) + - Don’t ship recaptcha_ajax.js, use it directly from Google (#3677) + - Fixes test_reap_monthly_active_users so it passes under postgres (#3681) + - Fix mau blocking calulation bug on login (#3689) + - Fix missing yield in synapse.storage.monthly_active_users.initialise_reserved_users (#3692) + - Improve HTTP request logging to include all requests (#3700) + - Avoid timing out requests while we are streaming back the response (#3701) + - Support more federation endpoints on workers (#3705, #3713) + - Fix "Starting db txn 'get_all_updated_receipts' from sentinel context" warning (#3710) + - Fix bug where state_cache cache factor ignored environment variables (#3719) + * Deprecations and Removals: + - The Shared-Secret registration method of the legacy v1/register REST endpoint has been removed. For a replacement, please see the admin/register API documentation. (#3703) + +- Changes from version 0.33.2: + * Features: + - add support for the lazy_loaded_members filter as per MSC1227 (#2970) + - add support for the include_redundant_members filter param as per MSC1227 (#3331) + - Add metrics to track resource usage by background processes (#3553, #3556, #3604, #3610) + - Add code label to synapse_http_server_response_time_seconds prometheus metric (#3554) + - Add support for client_reader to handle more APIs (#3555, #3597) + - make the /context API filter & lazy-load aware as per MSC1227 (#3567) + - Add ability to limit number of monthly active users on the server (#3630) + - When we fail to join a room over federation, pass the error code back to the client. (#3639) + - Add a new /admin/register API for non-interactively creating users. (#3415) + * Bugfixes: + - Make /directory/list API return 404 for room not found instead of 400. Thanks to @fuzzmz! (#3620) + - Default inviter_display_name to mxid for email invites (#3391) + - Don't generate TURN credentials if no TURN config options are set (#3514) + - Correctly announce deleted devices over federation (#3520) + - Catch failures saving metrics captured by Measure, and instead log the faulty metrics information for further analysis. (#3548) + - Unicode passwords are now normalised before hashing, preventing the instance where two different devices or browsers might send a different UTF-8 sequence for the password. (#3569) + - Fix potential stack overflow and deadlock under heavy load (#3570) + - Respond with M_NOT_FOUND when profiles are not found locally or over federation. Fixes #3585 (#3585) + - Fix failure to persist events over federation under load (#3601) + - Fix updating of cached remote profiles (#3605) + - Fix 'tuple index out of range' error (#3607) + - Only import secrets when available (fix for py < 3.6) (#3626) + +------------------------------------------------------------------- +Thu Aug 9 07:04:39 UTC 2018 - okurz@suse.com + +- Update to 0.33.1 + * Bug Fixes: + * Fix a potential issue where servers could request events for rooms they + have not joined + * Fix a potential issue where users could see events in private rooms + before they joined + +------------------------------------------------------------------- +Fri Jul 20 19:32:51 UTC 2018 - okurz@suse.com + +- Update to 0.33.0 + * Bug Fixes: + * Use more portable syntax in our use of the attrs package, widening the supported versions (#3498) + * Fix queued federation requests being processed in the wrong order (#3533) + * Ensure that erasure requests are correctly honoured for publicly accessible rooms when accessed over federation. (#3546) + * Disable a noisy warning about logcontexts (#3561) + + * Features: + * Enforce the specified API for report_event (#3316) + * Include CPU time from database threads in request/block metrics. (#3496, #3501) + * Add CPU metrics for _fetch_event_list (#3497) + * optimisation for /sync (#3505, #3521) + * Optimisation to make handling incoming federation requests more efficient. (#3541) + +------------------------------------------------------------------- +Wed Jul 11 04:35:16 UTC 2018 - okurz@suse.com + +- Update to 0.32.2 + * Bug Fixes: + * Strip access_token from outgoing requests (#3327) + * Redact AS tokens in logs (#3349) + * Fix federation backfill from SQLite servers (#3355) + * Fix event-purge-by-ts admin API (#3363) + * Fix event filtering in get_missing_events handler (#3371) + * Synapse is now stricter regarding accepting events which it cannot + retrieve the prev_events for. (#3456) + * Fix bug where synapse would explode when receiving unicode in HTTP + User-Agent header (#3470) + * Invalidate cache on correct thread to avoid race (#3473) + + * Features: + * Add blacklist & whitelist of servers allowed to send events to a + room via ``m.room.server_acl`` event. + * Cache factor override system for specific caches (#3334) + * Add metrics to track appservice transactions (#3344) + * Try to log more helpful info when a sig verification fails (#3372) + * Synapse now uses the best performing JSON encoder/decoder according + to your runtime (simplejson on CPython, stdlib json on PyPy). (#3462) + * Add optional ip_range_whitelist param to AS registration files to + lock AS IP access (#3465) + * Reject invalid server names in federation requests (#3480) + * Reject invalid server names in homeserver.yaml (#3483) + +------------------------------------------------------------------- +Tue Jul 10 13:36:51 UTC 2018 - okurz@suse.com + +- Update to version 0.31.2: + * Bug Fixes: + * SECURITY UPDATE: Prevent unauthorised users from setting state events in + a room when there is no ``m.room.power_levels`` event in force in the + room. (PR #3397) + +- Change to package version format without leading "v" + +------------------------------------------------------------------- +Tue Jul 10 11:07:11 UTC 2018 - okurz@suse.com + +- Replace deprecated tar_scm by obs_scm + +------------------------------------------------------------------- +Sun Jun 10 13:37:54 UTC 2018 - okurz@suse.com + +- Update to version v0.31.1: + * Bug Fixes: + * Fix event filtering in get_missing_events handler (PR #3371) + (boo#1096833, CVE-2018-12291) + * Fix metric documentation tables (PR #3341) + * Fix LaterGauge error handling (694968f) + * Fix replication metrics (b7e7fd2) + * Fix federation backfill bugs (PR #3261) + * federation: fix LaterGauge usage (PR #3328) Thanks to @intelfx! + * Fix logcontext resource usage tracking (PR #3258) + * Fix error in handling receipts (PR #3235) + * Stop the transaction cache caching failures (PR #3255) + + * Features: + * Let users leave the server notice room after joining (PR #3287) + * Add in flight request metrics (PR #3252) + + * Changes: + * Switch to the Python Prometheus library (PR #3256, #3274) + * Cohort analytics (PR #3163, #3241, #3251) + * Add lxml to docker image for web previews (PR #3239) Thanks to @ptman! + * daily user type phone home stats (PR #3264) + * Docs on consent bits (PR #3268) + * Remove users from user directory on deactivate (PR #3277) + * Avoid sending consent notice to guest users (PR #3288) + * disable CPUMetrics if no /proc/self/stat (PR #3299) + * Add private IPv6 addresses to example config for url preview blacklist (PR #3317) Thanks to @thegcat! + * Allow overriding the server_notices user's avatar (PR #3273) + * Support for putting %(consent_uri)s in messages (PR #3271) + * Block attempts to send server notices to remote users (PR #3270) + * Docs on consent bits (PR #3268) + * ConsentResource to gather policy consent from users (PR #3213) + * Infrastructure for a server notices room (PR #3232) + * Send users a server notice about consent (PR #3236) + * Reject attempts to send event before privacy consent is given (PR #3257) + * Don't support limitless pagination (PR #3265) + +------------------------------------------------------------------- +Fri May 18 22:00:00 UTC 2018 - cunix@bitmessage.ch + +- Update to version v0.29.1: + * Potentially breaking change: + * Make Client-Server API return 401 for invalid token (PR #3161). Thanks to @NotAFile. + + * Bug Fixes: + * synapse fails to start under Twisted >= 18.4 (PR #3157) + * Fix a class of logcontext leaks (PR #3170) + * Fix a couple of logcontext leaks in unit tests (PR #3172) + * Fix logcontext leak in media repo (PR #3174) + * Escape label values in prometheus metrics (PR #3175, #3186) + * Fix 'Unhandled Error' logs with Twisted 18.4 (PR #3182) Thanks to @Half-Shot! + * Fix logcontext leaks in rate limiter (PR #3183) + * notifications: Convert next_token to string according to the spec (PR #3190) Thanks to @mujx! + * nuke-room-from-db.sh: fix deletion from search table (PR #3194) Thanks to @rubo77! + * add guard for None on purge_history api (PR #3160) Thanks to @krombel! + + * Features: + * Add a Dockerfile for synapse (PR #2846) Thanks to @kaiyou! + + * Changes: + * Update docker documentation (PR #3222) + + * nuke-room-from-db.sh: added postgresql option and help (PR #2337) Thanks to @rubo77! + * Part user from rooms on account deactivate (PR #3201) + * Make 'unexpected logging context' into warnings (PR #3007) + * Set Server header in SynapseRequest (PR #3208) + * remove duplicates from groups tables (PR #3129) + * Improve exception handling for background processes (PR #3138) + * Add missing consumeErrors to improve exception handling (PR #3139) + * reraise exceptions more carefully (PR #3142) + * Remove redundant call to preserve_fn (PR #3143) + * Trap exceptions thrown within run_in_background (PR #3144) + + * Refactor /context to reuse pagination storage functions (PR #3193) + * Refactor recent events func to use pagination func (PR #3195) + * Refactor pagination DB API to return concrete type (PR #3196) + * Refactor get_recent_events_for_room return type (PR #3198) + * Refactor sync APIs to reuse pagination API (PR #3199) + * Remove unused code path from member change DB func (PR #3200) + * Refactor request handling wrappers (PR #3203) + * transaction_id, destination defined twice (PR #3209) Thanks to @damir-manapov! + * Refactor event storage to prepare for changes in state calculations (PR #3141) + * Set Server header in SynapseRequest (PR #3208) + * Use deferred.addTimeout instead of time_bound_deferred (PR #3127, #3178) + * Use run_in_background in preference to preserve_fn (PR #3140) + + * Construct HMAC as bytes on py3 (PR #3156) Thanks to @NotAFile! + * run config tests on py3 (PR #3159) Thanks to @NotAFile! + * Open certificate files as bytes (PR #3084) Thanks to @NotAFile! + * Open config file in non-bytes mode (PR #3085) Thanks to @NotAFile! + * Make event properties raise AttributeError instead (PR #3102) Thanks to @NotAFile! + * Use six.moves.urlparse (PR #3108) Thanks to @NotAFile! + * Add py3 tests to tox with folders that work (PR #3145) Thanks to @NotAFile! + * Don't yield in list comprehensions (PR #3150) Thanks to @NotAFile! + * Move more xrange to six (PR #3151) Thanks to @NotAFile! + * make imports local (PR #3152) Thanks to @NotAFile! + * move httplib import to six (PR #3153) Thanks to @NotAFile! + * Replace stringIO imports with six (PR #3154, #3168) Thanks to @NotAFile! + * more bytes strings (PR #3155) Thanks to @NotAFile! + +------------------------------------------------------------------- +Mon May 14 20:32:40 UTC 2018 - okurz@suse.com + +- Fixed systemd service file installation +- Fixed rpmlint warnings +- Changed to specific "synapse" user and group + +------------------------------------------------------------------- +Fri May 4 11:18:46 UTC 2018 - okurz@suse.com + +- Update to version v0.28.1: + * SECURITY UPDATE + Clamp the allowed values of event depth received over federation to be + [0, 2^63 - 1]. This mitigates an attack where malicious events + injected with depth = 2^63 - 1 render rooms unusable. Depth is used to + determine the cosmetic ordering of events within a room, and so the ordering + of events in such a room will default to using stream_ordering rather than depth + (topological_ordering). + + This is a temporary solution to mitigate abuse in the wild, whilst a long term solution + is being implemented to improve how the depth parameter is used. + + Full details at + https://docs.google.com/document/d/1I3fi2S-XnpO45qrpCsowZv8P8dHcNZ4fsBsbOW7KABI/edit# + + Pin Twisted to <18.4 until we stop using the private _OpenSSLECCurve API. + + * Bug Fixes: + * Return 401 for invalid access_token on logout (PR #2938) Thanks to @dklug! + * Return a 404 rather than a 500 on rejoining empty rooms (PR #3080) + * fix federation_domain_whitelist (PR #3099) + * Avoid creating events with huge numbers of prev_events (PR #3113) + * Reject events which have lots of prev_events (PR #3118) + * Fix quarantine media admin API and search reindex (PR #3130) + * Fix media admin APIs (PR #3134) + + * Features: + * Add metrics for event processing lag (PR #3090) + * Add metrics for ResponseCache (PR #3092) + + * Changes: + * Synapse on PyPy (PR #2760) Thanks to @Valodim! + * move handling of auto_join_rooms to RegisterHandler (PR #2996) Thanks to @krombel! + * Improve handling of SRV records for federation connections (PR #3016) Thanks to @silkeh! + * Document the behaviour of ResponseCache (PR #3059) + * Preparation for py3 (PR #3061, #3073, #3074, #3075, #3103, #3104, #3106, #3107, #3109, #3110) Thanks to @NotAFile! + * update prometheus dashboard to use new metric names (PR #3069) Thanks to @krombel! + * use python3-compatible prints (PR #3074) Thanks to @NotAFile! + * Send federation events concurrently (PR #3078) + * Limit concurrent event sends for a room (PR #3079) + * Improve R30 stat definition (PR #3086) + * Send events to ASes concurrently (PR #3088) + * Refactor ResponseCache usage (PR #3093) + * Clarify that SRV may not point to a CNAME (PR #3100) Thanks to @silkeh! + * Use str(e) instead of e.message (PR #3103) Thanks to @NotAFile! + * Use six.itervalues in some places (PR #3106) Thanks to @NotAFile! + * Refactor store.have_events (PR #3117) + + +------------------------------------------------------------------- +Fri Apr 27 06:19:26 UTC 2018 - okurz@suse.com + +- Disable web-client for package self-test to get rid of unfulfilled dependency + +------------------------------------------------------------------- +Fri Apr 20 18:32:40 UTC 2018 - okurz@suse.com + +- Introduce package self-test based on _multibuild + +------------------------------------------------------------------- +Mon Apr 16 19:47:23 UTC 2018 - okurz@suse.com + +- Update to version v0.27.4: + * Bug fixes: + * URL quote path segments over federation (#3082) + * Add room_id to the response of rooms/{roomId}/join (PR #2986) Thanks to @jplatte! + * Fix replication after switch to simplejson (PR #3015) + * Fix replication after switch to simplejson (PR #3015) + * 404 correctly on missing paths via NoResource (PR #3022) + * Fix error when claiming e2e keys from offline servers (PR #3034) + * fix tests/storage/test_user_directory.py (PR #3042) + * use PUT instead of POST for federating groups/m.join_policy (PR #3070) Thanks to @krombel! + * postgres port script: fix state_groups_pkey error (PR #3072) + + * Features: + * Add joinability for groups (PR #3045) + * Implement group join API (PR #3046) + * Add counter metrics for calculating state delta (PR #3033) + * R30 stats (PR #3041) + * Measure time it takes to calculate state group ID (PR #3043) + * Add basic performance statistics to phone home (PR #3044) + * Add response size metrics (PR #3071) + * phone home cache size configurations (PR #3063) + + * Changes: + * Update canonicaljson dependency (#3095) + * Add a blurb explaining the main synapse worker (PR #2886) Thanks to @turt2live! + * Replace old style error catching with 'as' keyword (PR #3000) Thanks to @NotAFile! + * Use .iter* to avoid copies in StateHandler (PR #3006) + * Linearize calls to _generate_user_id (PR #3029) + * Remove last usage of ujson (PR #3030) + * Use simplejson throughout (PR #3048) + * Use static JSONEncoders (PR #3049) + * Remove uses of events.content (PR #3060) + * Improve database cache performance (PR #3068) + +------------------------------------------------------------------- +Thu Mar 29 05:51:42 UTC 2018 - okurz@suse.com + +- Update to version v0.27.2: + * Bug fixes: + * Fix bug which broke TCP replication between workers (PR #3015) + * Fix broken ldap_config config option (PR #2683) Thanks to @seckrv! + * Fix error message when user is not allowed to unban (PR #2761) Thanks to + @turt2live! + * Fix publicised groups GET API (singular) over federation (PR #2772) + * Fix user directory when using user_directory_search_all_users config + option (PR #2803, #2831) + * Fix error on /publicRooms when no rooms exist (PR #2827) + * Fix bug in quarantine_media (PR #2837) + * Fix url_previews when no Content-Type is returned from URL (PR #2845) + * Fix rare race in sync API when joining room (PR #2944) + * Fix slow event search, switch back from GIST to GIN indexes (PR #2769, + #2848) + + * Fix bug where an invalid event caused server to stop functioning + correctly, due to parsing and serializing bugs in ujson library. + + * Features: + * Add ability for ASes to override message send time (PR #2754) + * Add support for custom storage providers for media repository (PR #2867, + #2777, #2783, #2789, #2791, #2804, #2812, #2814, #2857, #2868, #2767) + * Add purge API features, see docs/admin_api/purge_history_api.rst for + full details (PR #2858, #2867, #2882, #2946, #2962, #2943) + * Add support for whitelisting 3PIDs that users can register. (PR #2813) + * Add /room/{id}/event/{id} API (PR #2766) + * Add an admin API to get all the media in a room (PR #2818) Thanks to + @turt2live! + * Add federation_domain_whitelist option (PR #2820, #2821) + + * Changes: + * Continue to factor out processing from main process and into worker + processes. See updated docs/workers.rst (PR #2892 - #2904, #2913, #2920 + - #2926, #2947, #2847, #2854, #2872, #2873, #2874, #2928, #2929, #2934, + #2856, #2976 - #2984, #2987 - #2989, #2991 - #2993, #2995, #2784) + * Ensure state cache is used when persisting events (PR #2864, #2871, + #2802, #2835, #2836, #2841, #2842, #2849) + * Change the default config to bind on both IPv4 and IPv6 on all platforms + (PR #2435) Thanks to @silkeh! + * No longer require a specific version of saml2 (PR #2695) Thanks to @okurz! + * Remove verbosity/log_file from generated config (PR #2755) + * Add and improve metrics and logging (PR #2770, #2778, #2785, #2786, + #2787, #2793, #2794, #2795, #2809, #2810, #2833, #2834, #2844, #2965, + #2927, #2975, #2790, #2796, #2838) + * When using synctl with workers, don't start the main synapse + automatically (PR #2774) + * Minor performance improvements (PR #2773, #2792) + * Use a connection pool for non-federation outbound connections (PR #2817) + * Make it possible to run unit tests against postgres (PR #2829) + * Update pynacl dependency to 1.2.1 or higher (PR #2888) Thanks to @bachp! + * Remove ability for AS users to call /events and /sync (PR #2948) + * Use bcrypt.checkpw (PR #2949) Thanks to @krombel! + +- Change spec-file to use service downloaded and recompressed file directly +- Remove patch synapse_python_dependencies_allow_higher_versions_of_pysaml2.patch + now included in upstream changes + +------------------------------------------------------------------- +Sun Jan 7 10:02:56 UTC 2018 - okurz@suse.com + +- Update to version v0.26.0: + * Bug fixes: + * Fix database port script (PR #2673) + * Fix internal server error on login with ldap_auth_provider (PR #2678) Thanks + to @jkolo! + * Fix error on sqlite 3.7 (PR #2697) + * Fix OPTIONS on preview_url (PR #2707) + * Fix error handling on dns lookup (PR #2711) + * Fix wrong avatars when inviting multiple users when creating room (PR #2717) + * Fix 500 when joining matrix-dev (PR #2719) + + * Features: + * Add ability for ASes to publicise groups for their users (PR #2686) + * Add all local users to the user_directory and optionally search them (PR + * #2723) + * Add support for custom login types for validating users (PR #2729) + + * Changes: + * Update example Prometheus config to new format (PR #2648) Thanks to + @krombel! + * Rename redact_content option to include_content in Push API (PR #2650) + * Declare support for r0.3.0 (PR #2677) + * Improve upserts (PR #2684, #2688, #2689, #2713) + * Improve documentation of workers (PR #2700) + * Improve tracebacks on exceptions (PR #2705) + * Allow guest access to group APIs for reading (PR #2715) + * Support for posting content in federation_client script (PR #2716) + * Delete devices and pushers on logouts etc (PR #2722) + + +------------------------------------------------------------------- +Mon Nov 20 14:37:18 UTC 2017 - okurz@suse.com + +- Update to version v0.25.1: + * Bug fixes: + * Fix login with LDAP and other password provider modules (PR #2678). Thanks to @jkolo! + * Fix port script (PR #2673) + * Fix port script (PR #2577) + * Fix error when running synapse with no logfile (PR #2581) + * Fix UI auth when deleting devices (PR #2591) + * Fix typo when checking if user is invited to group (PR #2599) + * Fix the port script to drop NUL values in all tables (PR #2611) + * Fix appservices being backlogged and not receiving new events due to a bug in + notify_interested_services (PR #2631) Thanks to @xyzz! + * Fix updating rooms avatar/display name when modified by admin (PR #2636) + * Thanks to @farialima! + * Fix bug in state group storage (PR #2649) + * Fix 500 on invalid utf-8 in request (PR #2663) + + * Features: + * Add is_public to groups table to allow for private groups (PR #2582) + * Add a route for determining who you are (PR #2668) Thanks to @turt2live! + * Add more features to the password providers (PR #2608, #2610, #2620, + #2622, #2623, #2624, #2626, #2628, #2629) + * Add a hook for custom rest endpoints (PR #2627) + * Add API to update group room visibility (PR #2651) + + * Changes: + * Ignore tags when generating URL preview descriptions (PR #2576) Thanks to + @maximevaillancourt! + * Register some /unstable endpoints in /r0 as well (PR #2579) Thanks to @krombel! + * Support /keys/upload on /r0 as well as /unstable (PR #2585) + * Front-end proxy: pass through auth header (PR #2586) + * Allow ASes to deactivate their own users (PR #2589) + * Remove refresh tokens (PR #2613) + * Automatically set default displayname on register (PR #2617) + * Log login requests (PR #2618) + * Always return is_public in the /groups/:group_id/rooms API (PR #2630) + * Avoid no-op media deletes (PR #2637) Thanks to @spantaleev! + * Fix various embarrassing typos around user_directory and add some doc. (PR #2643) + * Return whether a user is an admin within a group (PR #2647) + * Namespace visibility options for groups (PR #2657) + * Downcase UserIDs on registration (PR #2662) + * Cache failures when fetching URL previews (PR #2669) + + * Add patch synapse_python_dependencies_allow_higher_versions_of_pysaml2.patch + + +------------------------------------------------------------------- +Tue Nov 14 12:57:17 UTC 2017 - okurz@suse.com + +- Update to version v0.24.1: + * Bug fixes: + * Fix updating group profiles over federation (PR #2567) + * Fix handling SERVFAILs when doing AAAA lookups for federation (PR #2477) + * Fix incompatibility with newer versions of ujson (PR #2483) Thanks to + @jeremycline! + * Fix notification keywords that start/end with non-word chars (PR #2500) + * Fix stack overflow and logcontexts from linearizer (PR #2532) + * Fix 500 error when fields missing from power_levels event (PR #2552) + * Fix 500 error when we get an error handling a PDU (PR #2553) + * Fix regression in performance of syncs (PR #2470) + * Fix caching error in the push evaluator (PR #2332) + * Fix bug where pusherpool didn't start and broke some rooms (PR #2342) + * Fix port script for user directory tables (PR #2375) + * Fix device lists notifications when user rejoins a room (PR #2443, #2449) + * Fix sync to always send down current state events in timeline (PR #2451) + * Fix bug where guest users were incorrectly kicked (PR #2453) + * Fix bug talking to IPv6 only servers using SRV records (PR #2462) + * Fix synapse_port_db failure. Thanks to Pneumaticat! (PR #1904) + * Fix caching to not cache error responses (PR #1913) + * Fix APIs to make kick & ban reasons work (PR #1917) + * Fix bugs in the /keys/changes api (PR #1921) + * Fix bug where users couldn't forget rooms they were banned from (PR #1922) + * Fix issue with long language values in pushers API (PR #1925) + * Fix a race in transaction queue (PR #1930) + * Fix dynamic thumbnailing to preserve aspect ratio. Thanks to jkolo! (PR + #1945) + * Fix device list update to not constantly resync (PR #1964) + * Fix potential for huge memory usage when getting device that have + changed (PR #1969) + * Fix bug where pusher pool didn't start and caused issues when + interacting with some rooms (PR #2342) + * Fix bug with storing registration sessions that caused frequent CPU churn + (PR #2319) + * Fix users not getting notifications when AS listened to that user_id (PR + #2216) Thanks to @slipeer! + * Fix users without push set up not getting notifications after joining rooms + (PR #2236) + * Fix preview url API to trim long descriptions (PR #2243) + * Fix bug where we used cached but unpersisted state group as prev group, + resulting in broken state of restart (PR #2263) + * Fix removing of pushers when using workers (PR #2267) + * Fix CORS headers to allow Authorization header (PR #2285) Thanks to @krombel! + * Fix bug in anonymous usage statistic reporting (PR #2281) + * Fix API to allow clients to upload one-time-keys with new sigs (PR #2206) + * Fix bug where users got pushed for rooms they had muted (PR #2200) + * Fix nuke-room script to work with current schema (PR #1927) Thanks + @zuckschwerdt! + * Fix db port script to not assume postgres tables are in the public schema + (PR #2024) Thanks @jerrykan! + * Fix getting latest device IP for user with no devices (PR #2118) + * Fix rejection of invites to unreachable servers (PR #2145) + * Fix code for reporting old verify keys in synapse (PR #2156) + * Fix invite state to always include all events (PR #2163) + * Fix bug where synapse would always fetch state for any missing event (PR #2170) + * Fix a leak with timed out HTTP connections (PR #2180) + * Fix bug where we didn't time out HTTP requests to ASes (PR #2192) + * Fix joining rooms over federation where not all servers in the room saw the + new server had joined (PR #2094) + * Fix bug where current_state_events renamed to current_state_ids (PR #1849) + * Fix routing loop when fetching remote media (PR #1992) + * Fix current_state_events table to not lie (PR #1996) + * Fix CAS login to handle PartialDownloadError (PR #1997) + * Fix assertion to stop transaction queue getting wedged (PR #2010) + * Fix presence to fallback to last_active_ts if it beats the last sync time. + Thanks @Half-Shot! (PR #2014) + * Fix bug when federation received a PDU while a room join is in progress (PR + #2016) + * Fix resetting state on rejected events (PR #2025) + * Fix installation issues in readme. Thanks @ricco386 (PR #2037) + * Fix caching of remote servers' signature keys (PR #2042) + * Fix some leaking log context (PR #2048, #2049, #2057, #2058) + * Fix rejection of invites not reaching sync (PR #2056) + * Fix bug in handling of incoming device list updates over federation. + + * Features: + * Add Group Server (PR #2352, #2363, #2374, #2377, #2378, #2382, #2410, #2426, + #2430, #2454, #2471, #2472, #2544) + * Add support for channel notifications (PR #2501) + * Add basic implementation of backup media store (PR #2538) + * Add config option to auto-join new users to rooms (PR #2545) + * Add a frontend proxy worker (PR #2344) + * Add support for event_id_only push format (PR #2450) + * Add a PoC for filtering spammy events (PR #2456) + * Add a config option to block all room invites (PR #2457) + * Add a user directory API (PR #2252, and many more) + * Add shutdown room API to remove room from local server (PR #2291) + * Add API to quarantine media (PR #2292) + * Add new config option to not send event contents to push servers (PR #2301) + Thanks to @cjdelisle! + * Add per user rate-limiting overrides (PR #2208) + * Add config option to limit maximum number of events requested by ``/sync`` + and ``/messages`` (PR #2221) Thanks to @psaavedra! + * Add username availability checker API (PR #2183) + * Add read marker API (PR #2120) + * Add delete_devices API (PR #1993) + * Add phone number registration/login support (PR #1994, #2055) + * Add some administration functionalities. Thanks to morteza-araby! (PR #1784) + + * Changes: + * Make the spam checker a module (PR #2474) + * Delete expired url cache data (PR #2478) + * Ignore incoming events for rooms that we have left (PR #2490) + * Allow spam checker to reject invites too (PR #2492) + * Add room creation checks to spam checker (PR #2495) + * Spam checking: add the invitee to user_may_invite (PR #2502) + * Process events from federation for different rooms in parallel (PR #2520) + * Allow error strings from spam checker (PR #2531) + * Improve error handling for missing files in config (PR #2551) + * Make 'affinity' package optional, as it is not supported on some platforms + * Use bcrypt module instead of py-bcrypt (PR #2288) Thanks to @kyrias! + * Improve performance of generating push notifications (PR #2343, #2357, #2365, + #2366, #2371) + * Improve DB performance for device list handling in sync (PR #2362) + * Include a sample prometheus config (PR #2416) + * Document known to work postgres version (PR #2433) Thanks to @ptman! + * Improve performance of storing user IPs (PR #2307, #2308) + * Slightly improve performance of verifying access tokens (PR #2320) + * Slightly improve performance of event persistence (PR #2321) + * Increase default cache factor size from 0.1 to 0.5 (PR #2330) + * Various performance fixes (PR #2177, #2233, #2230, #2238, #2248, #2256, + #2274) + * Deduplicate sync filters (PR #2219) Thanks to @krombel! + * Correct a typo in UPGRADE.rst (PR #2231) Thanks to @aaronraimist! + * Add count of one time keys to sync stream (PR #2237) + * Only store event_auth for state events (PR #2247) + * Store URL cache preview downloads separately (PR #2299) + * Various small performance fixes (PR #2201, #2202, #2224, #2226, #2227, #2228, + #2229) + * Update username availability checker API (PR #2209, #2213) + * When purging, don't de-delta state groups we're about to delete (PR #2214) + * Documentation to check synapse version (PR #2215) Thanks to @hamber-dick! + * Add an index to event_search to speed up purge history API (PR #2218) + * Always mark remotes as up if we receive a signed request from them (PR #2190) + * Enable guest access for the 3pl/3pid APIs (PR #1986) + * Add setting to support TURN for guests (PR #2011) + * Various performance improvements (PR #2075, #2076, #2080, #2083, #2108, + #2158, #2176, #2185) + * Make synctl a bit more user friendly (PR #2078, #2127) Thanks @APwhitehat! + * Replace HTTP replication with TCP replication (PR #2082, #2097, #2098, + #2099, #2103, #2014, #2016, #2115, #2116, #2117) + * Support authenticated SMTP (PR #2102) Thanks @DanielDent! + * Add a counter metric for successfully-sent transactions (PR #2121) + * Propagate errors sensibly from proxied IS requests (PR #2147) + * Add more granular event send metrics (PR #2178) + * Use JSONSchema for validation of filters. Thanks @pik! (PR #1783) + * Reread log config on SIGHUP (PR #1982) + * Speed up public room list (PR #1989) + * Add helpful texts to logger config options (PR #1990) + * Minor ``/sync`` performance improvements. (PR #2002, #2013, #2022) + * Add some debug to help diagnose weird federation issue (PR #2035) + * Correctly limit retries for all federation requests (PR #2050, #2061) + * Don't lock table when persisting new one time keys (PR #2053) + * Reduce some CPU work on DB threads (PR #2054) + * Cache hosts in room (PR #2060) + * Batch sending of device list pokes (PR #2063) + * Speed up persist event path in certain edge cases (PR #2070) + * Reduce database table sizes (PR #1873, #1916, #1923, #1963) + * Update contrib/ to not use syutil. Thanks to andrewshadura! (PR #1907) + * Don't fetch current state when sending an event in common case (PR #1955) + + +------------------------------------------------------------------- +Tue Nov 14 12:52:53 UTC 2017 - okurz@suse.com + +- Update to version v0.24.1+4.632baf79: + * Disallow capital letters in userids + * Allow = in mxids and groupids + * Validate group ids when parsing + * Fix a logcontext leak in the media repo + * Correctly wire in update group profile over federation + * replace 'except:' with 'except Exception:' + * fix vars named `l` + * Bump version and changelog + * Add jitter to validity period of attestations + * Revert "Add jitter to validity period of attestations" + +------------------------------------------------------------------- +Tue Jul 4 08:39:45 UTC 2017 - jengelh@inai.de + +- Do not suppress errors from useradd procedure. +- Trim description to the essence of the package. It is not + supposed to be a manual or architectural document. +- Remove redundant %clean section. Replace %__-type macro + indirections. + +------------------------------------------------------------------- +Thu Jun 29 20:53:00 UTC 2017 - okurz@suse.com + +- Prevent conflicts between python2/3 version of packages + +------------------------------------------------------------------- +Sun Jun 18 12:05:47 UTC 2017 - okurz@suse.com + +- Initial version of matrix-synapse version 0.19.2 diff --git a/matrix-synapse.obsinfo b/matrix-synapse.obsinfo new file mode 100644 index 0000000..6b57bef --- /dev/null +++ b/matrix-synapse.obsinfo @@ -0,0 +1,4 @@ +name: matrix-synapse +version: 1.113.0 +mtime: 1723556221 +commit: bab37dfc6fe81ebb4995859ebe2c09d68a12a0c9 diff --git a/matrix-synapse.service b/matrix-synapse.service new file mode 100644 index 0000000..476c610 --- /dev/null +++ b/matrix-synapse.service @@ -0,0 +1,21 @@ +[Unit] +Description=Synapse Matrix homeserver + +[Service] +Type=simple +SyslogIdentifier=matrix-synapse +Restart=on-failure +RestartSec=3 + +User=synapse +Group=synapse +WorkingDirectory=/var/lib/matrix-synapse + +ExecStart=@PYTHON_FLAVOR@ -m synapse.app.homeserver --config-path=/etc/matrix-synapse/homeserver.yaml --config-path=/etc/matrix-synapse/conf.d/ + +# Adjust the cache factor if necessary. +#Environment=SYNAPSE_CACHE_FACTOR=2.0 + +[Install] +WantedBy=multi-user.target + diff --git a/matrix-synapse.spec b/matrix-synapse.spec new file mode 100644 index 0000000..876cb82 --- /dev/null +++ b/matrix-synapse.spec @@ -0,0 +1,403 @@ +# +# spec file for package matrix-synapse +# +# Copyright (c) 2024 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%bcond_without use_poetry_for_dependencies + +# NOTE: Keep this is in the same order as pyproject.toml. +%if %{with use_poetry_for_dependencies} +%global Jinja2_version 3.1.4 +%global Pillow_version 10.4.0 +%global PyYAML_version 6.0.1 +%global attrs_version 23.2.0 +%global bcrypt_version 4.2.0 +%global bleach_version 6.1.0 +%global canonicaljson_version 2.0.0 +%global cryptography_version 42.0.8 +%global immutabledict_version 4.2.0 +%global idna_version 3.7 +%global ijson_version 3.3.0 +%global jsonschema_version 4.20.0 +%global matrix_common_version 1.3.0 +%global matrix_common_max_version 2 +# TODO 1.0.8 +%global msgpack_version 1.0.7 +# TODO 1.3.0 +%global netaddr_version 1.2.1 +%global phonenumbers_version 8.13.39 +%global prometheus_client_version 0.20.0 +%global psutil_version 2.0.0 +# todo: 24.2.1 +%global pyOpenSSL_version 24.1.0 +%global pyasn1_version 0.6.0 +%global pyasn1_modules_version 0.3.0 +%global pymacaroons_version 0.13.0 +%global service_identity_version 24.1.0 +%global signedjson_version 1.1.4 +%global signedjson_max_version 2 +%global sortedcontainers_version 2.4.0 +%global systemd_version 235 +%global typing_extensions_version 4.1.1 +%global treq_version 23.11.0 +%global unpaddedbase64_version 2.1.0 +%global matrix_synapse_ldap3_version 0.3.0 +%global packaging_version 24.0 +%global psycopg2_version 2.9.9 +%global pysaml2_version 7.3.1 +%global Authlib_version 1.3.1 +%global lxml_version 5.2.2 +%global sentry_sdk_version 2.10.0 +%global PyJWT_version 2.6.0 +%global jaeger_client_version 4.8.0 +%global opentracing_version 2.4.0 +# todo: 3.0.0 +%global hiredis_version 2.3.2 +%global txredisapi_version 1.4.10 +%global Pympler_version 1.0.1 +%global pydantic_version 2.7.1 +%global pyicu_version 2.13.1 +%global python_multipart_version 0.0.9 +%else +# some version locks based on poetry.lock +%global Jinja2_version 3.0 +%global Pillow_version 10.0.1 +%global PyYAML_version 3.13 +%global Twisted_version 18.9.0 +%global attrs_version 21.1.1 +%global bcrypt_version 3.1.7 +%global bleach_version 1.4.3 +%global canonicaljson_version 2.0.0 +%global cryptography_version 3.4.7 +%global immutabledict_version 2.0 +%global idna_version 2.5 +%global ijson_version 3.2.0 +%global jsonschema_version 3.0.0 +%global matrix_common_version 1.3.0 +%global matrix_common_max_version 2 +%global msgpack_version 0.5.2 +%global netaddr_version 0.7.18 +%global phonenumbers_version 8.13.37 +%global prometheus_client_version 0.4.0 +%global psutil_version 2.0.0 +%global pyOpenSSL_version 16.0.0 +%global pyasn1_version 0.1.9 +%global pyasn1_modules_version 0.0.7 +%global pymacaroons_version 0.13.0 +%global service_identity_version 18.1.0 +%global signedjson_version 1.1.0 +%global signedjson_max_version 2 +%global sortedcontainers_version 1.5.2 +%global systemd_version 231 +%global typing_extensions_version 3.10.0 +%global treq_version 15.1 +%global unpaddedbase64_version 2.1.0 +%global matrix_synapse_ldap3_version 0.2.1 +%global packaging_version 20.0 +%global psycopg2_version 2.8 +%global pysaml2_version 4.5.0 +%global Authlib_version 0.15.1 +%global lxml_version 4.8.0 +%global sentry_sdk_version 1.5.11 +%global PyJWT_version 1.6.4 +%global jaeger_client_version 4.0.0 +%global opentracing_version 2.2.0 +%global hiredis_version 2.0.0 +%global txredisapi_version 1.4.7 +%global Pympler_version 1.0.1 +%global pydantic_version 1.7.4 +%global pyicu_version 2.10.2 +%global python_multipart_version 0.0.9 +%endif + +%define requires_peq() %(echo '%*' | LC_ALL=C xargs -r rpm -q --whatprovides --qf 'Requires: %%{name} = %%{epoch}:%%{version}\\n' | sed -e 's/ (none):/ /' -e 's/ 0:/ /' | grep -v "is not") + +%define use_python python3 + +%define pythons %{use_python} + +# These come from matrix-synapse's CONDITIONAL_REQUIREMENTS. +# missing deps +%if 0%{?suse_version} >= 1550 +%bcond_without synapse_oidc +%else +%bcond_with synapse_oidc +%endif +%bcond_with synapse_redis +%bcond_with synapse_opentracing +%bcond_with synapse_sentry +# matrix-synapse-ldap isn't packaged on openSUSE. +%bcond_with synapse_ldap + +## Package updates +# +# * Update version in _service to the most recent released one +# * Call `osc service dr` +# * Update changelog manually from +# https://github.com/matrix-org/synapse/releases or synapse/CHANGES.md +# * Commit+submit + +%define modname synapse +%define pkgname matrix-synapse +%define eggname matrix_synapse +Name: %{pkgname} +Version: 1.113.0 +Release: 0 +Summary: Matrix protocol reference homeserver +License: AGPL-3.0-or-later +Group: Productivity/Networking/Instant Messenger +URL: https://github.com/element-hq/synapse +Source0: %{pkgname}-%{version}.tar.xz +Source1: vendor.tar.zst +Source47: matrix-synapse-user.conf +Source48: README.SUSE +Source49: matrix-synapse.tmpfiles.d +Source50: %{pkgname}.service +Source51: matrix-synapse-generate-config.sh +# track series file so we can easily use quilt +# cd synapse ; ln -s .. patches ; quilt push -a +# to clean up your working copy afterwards: git reset --hard ; rm -rv .pc patches +Source99: series +Patch0: matrix-synapse-1.4.1-paths.patch +Patch1: bump-dependencies.patch +# https://github.com/matrix-org/synapse/pull/10719 +# disable by marking as source until we get a decision upstream +Source100: 10719-Fix-instert-of-duplicate-key-into-event_json.patch +BuildRequires: %{use_python}-base >= 3.8 +BuildRequires: %{use_python}-pip +BuildRequires: %{use_python}-poetry-core >= 1.1.0 +BuildRequires: %{use_python}-setuptools +BuildRequires: %{use_python}-wheel +BuildRequires: cargo +BuildRequires: fdupes +BuildRequires: python-rpm-macros +BuildRequires: systemd-rpm-macros +BuildRequires: sysuser-shadow +BuildRequires: sysuser-tools +BuildRequires: unzip +%{?systemd_ordering} +%{sysusers_requires} +%requires_peq %{use_python}-base +BuildRequires: (%{use_python}-setuptools-rust >= 1.3 with %{use_python}-setuptools-rust =< 1.9.0) +# NOTE: Keep this is in the same order as pyproject.toml. +# some version locks based on poetry.lock +BuildRequires: %{use_python}-Jinja2 >= %{Jinja2_version} +%requires_peq %{use_python}-Jinja2 +BuildRequires: %{use_python}-Pillow >= %{Pillow_version} +%requires_peq %{use_python}-Pillow +BuildRequires: %{use_python}-PyYAML >= %{PyYAML_version} +%requires_peq %{use_python}-PyYAML +BuildRequires: %{use_python}-Twisted >= %{Twisted_version} +%requires_peq %{use_python}-Twisted +BuildRequires: %{use_python}-attrs >= %{attrs_version} +%requires_peq %{use_python}-attrs +BuildRequires: %{use_python}-bcrypt >= %{bcrypt_version} +%requires_peq %{use_python}-bcrypt +BuildRequires: %{use_python}-bleach >= %{bleach_version} +%requires_peq %{use_python}-bleach +BuildRequires: (%{use_python}-canonicaljson >= %{canonicaljson_version}) +%requires_peq %{use_python}-canonicaljson +BuildRequires: %{use_python}-cryptography >= %{cryptography_version} +%requires_peq %{use_python}-cryptography +BuildRequires: (%{use_python}-immutabledict >= %{immutabledict_version}) +%requires_peq %{use_python}-immutabledict +BuildRequires: %{use_python}-idna >= %{idna_version} +%requires_peq %{use_python}-idna +BuildRequires: %{use_python}-ijson >= %{ijson_version} +%requires_peq %{use_python}-ijson +BuildRequires: %{use_python}-jsonschema >= %{jsonschema_version} +%requires_peq %{use_python}-jsonschema +BuildRequires: (%{use_python}-matrix_common >= %{matrix_common_version} with %{use_python}-matrix_common < %{matrix_common_max_version}) +%requires_peq %{use_python}-matrix_common +BuildRequires: (%{use_python}-python-multipart >= %{python_multipart_version}) +%requires_peq %{use_python}-python-multipart +BuildRequires: %{use_python}-msgpack >= %{msgpack_version} +%requires_peq %{use_python}-msgpack +BuildRequires: %{use_python}-netaddr >= %{netaddr_version} +%requires_peq %{use_python}-netaddr +BuildRequires: %{use_python}-phonenumbers >= %{phonenumbers_version} +%requires_peq %{use_python}-phonenumbers +BuildRequires: %{use_python}-prometheus_client >= %{prometheus_client_version} +%requires_peq %{use_python}-prometheus_client +BuildRequires: %{use_python}-psutil >= %{psutil_version} +%requires_peq %{use_python}-psutil +BuildRequires: %{use_python}-pyOpenSSL >= %{pyOpenSSL_version} +%requires_peq %{use_python}-pyOpenSSL +BuildRequires: %{use_python}-pyasn1 >= %{pyasn1_version} +%requires_peq %{use_python}-pyasn1 +BuildRequires: %{use_python}-pyasn1-modules >= %{pyasn1_modules_version} +%requires_peq %{use_python}-pyasn1-modules +BuildRequires: %{use_python}-pymacaroons >= %{pymacaroons_version} +%requires_peq %{use_python}-pymacaroons +BuildRequires: %{use_python}-service_identity >= %{service_identity_version} +%requires_peq %{use_python}-service_identity +BuildRequires: (%{use_python}-signedjson >= %{signedjson_version} with %{use_python}-signedjson < %{signedjson_max_version}) +%requires_peq %{use_python}-signedjson +BuildRequires: %{use_python}-sortedcontainers >= %{sortedcontainers_version} +%requires_peq %{use_python}-sortedcontainers +BuildRequires: %{use_python}-systemd >= %{systemd_version} +%requires_peq %{use_python}-systemd +BuildRequires: %{use_python}-typing_extensions >= %{typing_extensions_version} +%requires_peq %{use_python}-typing_extensions +BuildRequires: %{use_python}-treq >= %{treq_version} +%requires_peq %{use_python}-treq +BuildRequires: %{use_python}-unpaddedbase64 >= %{unpaddedbase64_version} +%requires_peq %{use_python}-unpaddedbase64 +# Specify all CONDITIONAL_REQUIREMENTS (we Require them to avoid no-recommends +# breaking very commonly-used bits of matrix-synapse such as postgresql). +%if %{with synapse_ldap} +BuildRequires: %{use_python}-matrix-synapse-ldap3 >= %{matrix_synapse_ldap3_version} +%requires_peq %{use_python}-matrix-synapse-ldap3 +%endif +BuildRequires: %{use_python}-packaging >= %{packaging_version} +%requires_peq %{use_python}-packaging +BuildRequires: %{use_python}-pydantic >= %{pydantic_version} +%requires_peq %{use_python}-pydantic +BuildRequires: %{use_python}-psycopg2 >= %{psycopg2_version} +%requires_peq %{use_python}-psycopg2 +BuildRequires: %{use_python}-pysaml2 >= %{pysaml2_version} +%requires_peq %{use_python}-pysaml2 +%if %{with synapse_oidc} +BuildRequires: %{use_python}-Authlib >= %{Authlib_version} +%requires_peq %{use_python}-Authlib +%endif +BuildRequires: %{use_python}-lxml >= %{lxml_version} +%requires_peq %{use_python}-lxml +%if %{with synapse_sentry} +BuildRequires: %{use_python}-sentry-sdk >= %{sentry_sdk_version} +%requires_peq %{use_python}-sentry-sdk +%endif +%if %{with synapse_opentracing} +BuildRequires: %{use_python}-jaeger-client >= %{jaeger_client_version} +%requires_peq %{use_python}-jaeger-client +BuildRequires: %{use_python}-opentracing >= %{opentracing_version} +%requires_peq %{use_python}-opentracing +%endif +%if %{with synapse_redis} +BuildRequires: %{use_python}-hiredis >= %{hiredis_version} +%requires_peq %{use_python}-hiredis +BuildRequires: %{use_python}-txredisapi >= %{txredisapi_version} +%requires_peq %{use_python}-txredisapi +%endif +BuildRequires: %{use_python}-Pympler >= %{Pympler_version} +%requires_peq %{use_python}-Pympler +BuildRequires: %{use_python}-PyICU >= %{pyicu_version} +%requires_peq %{use_python}-PyICU +# We only provide/obsolete python2 to ensure that users upgrade. +Obsoletes: python2-matrix-synapse < %{version}-%{release} +Provides: python2-matrix-synapse = %{version}-%{release} +Obsoletes: %{use_python}-matrix-synapse < %{version}-%{release} +Provides: %{use_python}-matrix-synapse = %{version}-%{release} + +%description +Synapse is a Python-based reference "homeserver" implementation of +Matrix. Matrix is a system for federated Instant Messaging and VoIP. + +%prep +%autosetup -p1 -a1 + +# Remove all un-needed #!-lines. +find synapse/ -type f -not -path './vendor/**' -exec sed -i '1{/^#!/d}' {} \; +# Replace all #!/usr/bin/env lines to use #!/usr/bin/$1 directly. +find ./ -type f -not -path './vendor/**' -exec \ + sed -i '1s|^#!/usr/bin/env |#!/usr/bin/|' {} \; +# Force the usage of the default python3 sys executable +find ./ -type f -not -path './vendor/**' \ + -exec sed -i '1s|^#!/usr/bin/python.*$|#!%{__python3}|' {} \; + +# Update the python flavour in the service file. +sed -i 's|@PYTHON_FLAVOR@|%{__python3}|g' %{S:50} + +%build +%pyproject_wheel +%sysusers_generate_pre %{SOURCE47} %{name} + +%install +cp %{S:48} README.SUSE +# We install scripts into /usr/lib to avoid silly conflicts with other pkgs. +install -d -m 0755 %{buildroot}%{_libexecdir}/%{pkgname} +%pyproject_install + +install -d -m 0755 %{buildroot}%{_bindir} %{buildroot}%{_libexecdir}/%{pkgname}/ +# move scripts to the old place. +mv %{buildroot}%{_bindir}/* %{buildroot}%{_libexecdir}/%{pkgname}/ +# While we provide a systemd service, link synctl so it's simpler to use. +ln -s %{_libexecdir}/%{pkgname}/synctl %{buildroot}%{_bindir}/synctl + +# Install default matrix-synapse configuration. +# TODO: Switch to the debian default config. +install -d -m 0750 \ + %{buildroot}%{_sysconfdir}/%{pkgname}/ \ + %{buildroot}%{_sysconfdir}/%{pkgname}/{conf,keys}.d/ +install -D -m 0640 contrib/systemd/log_config.yaml %{buildroot}%{_sysconfdir}/%{pkgname}/log.yaml +install -D -m 0640 contrib/systemd/log_config.yaml %{buildroot}%{_sysconfdir}/%{pkgname}/log.systemd.yaml +install -D -m 0640 contrib/example_log_config.yaml %{buildroot}%{_sysconfdir}/%{pkgname}/log.file.yaml + +# Man pages. +install -D -m 0644 -t %{buildroot}%{_mandir}/man1 debian/*.1 + +# system configuration. +mkdir -p %{buildroot}%{_sbindir} +ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{pkgname} +# +install -D -m 0644 %{S:50} %{buildroot}%{_unitdir}/%{pkgname}.service +install -D -m 0644 %{S:49} %{buildroot}%{_tmpfilesdir}/%{pkgname}.conf +install -D -m 0644 %{SOURCE47} %{buildroot}%{_sysusersdir}/%{name}.conf +# +install -D -m 0755 %{S:51} %{buildroot}%{_sbindir}/matrix-synapse-generate-config + +# User directory. +install -d -m 0750 %{buildroot}%{_rundir}/%{pkgname} +install -d -m 0750 %{buildroot}%{_localstatedir}/lib/%{pkgname} +install -d -m 0750 %{buildroot}%{_localstatedir}/log/%{pkgname} + +%fdupes %{buildroot}%{python3_sitearch} + +%pre -f %{name}.pre +%service_add_pre %{pkgname}.service + +%post +%tmpfiles_create %{_tmpfilesdir}/%{pkgname}.conf +%service_add_post %{pkgname}.service + +%preun +%service_del_preun %{pkgname}.service + +%postun +%service_del_postun %{pkgname}.service + +%files -n %{pkgname} +%doc *.rst CHANGES.md README.SUSE +%license LICENSE +%config(noreplace) %attr(-,root,synapse) %{_sysconfdir}/%{pkgname}/ +%dir %attr(0750,%{modname},%{modname}) %{_localstatedir}/lib/%{pkgname} +%dir %attr(0750,%{modname},%{modname}) %{_localstatedir}/log/%{pkgname} +%{python3_sitearch}/%{modname} +%{python3_sitearch}/%{eggname}-*-info +# Python helper scripts. +%{_bindir}/synctl +%{_libexecdir}/%{pkgname} +# systemd service. +%{_sbindir}/rc%{pkgname} +%{_sbindir}/matrix-synapse-generate-config +%{_unitdir}/%{pkgname}.service +%{_sysusersdir}/%{name}.conf +%{_tmpfilesdir}/%{pkgname}.conf +# Man pages. +%{_mandir}/man*/* +%ghost %dir %attr(750,%{modname},%{modname}) /run/matrix-synapse + +%changelog diff --git a/matrix-synapse.tmpfiles.d b/matrix-synapse.tmpfiles.d new file mode 100644 index 0000000..16659ca --- /dev/null +++ b/matrix-synapse.tmpfiles.d @@ -0,0 +1,2 @@ +# Type Path Mode UID GID Age Argument +d /run/matrix-synapse 0750 synapse synapse - - diff --git a/series b/series new file mode 100644 index 0000000..ea78dfb --- /dev/null +++ b/series @@ -0,0 +1,2 @@ +matrix-synapse-1.4.1-paths.patch +bump-dependencies.patch diff --git a/vendor.tar.zst b/vendor.tar.zst new file mode 100644 index 0000000..eff38bd --- /dev/null +++ b/vendor.tar.zst @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:4734a5edcfe9ca159ce4ee521477708d83e00220765203c5bf4c2b88a82c7a64 +size 7122862