Forwarded request #1332290 from darix
- Update to 1.147.0
- Bugfixes
- Fix memory leak caused by not cleaning up stopped looping
calls. Introduced in v1.140.0. (#19416)
- Fix a typo that incorrectly made setuptools_rust a runtime
dependency. (#19417)
- Internal Changes
- Prune stale entries from
sliding_sync_connection_required_state table. (#19306)
- Update "Event Send Time Quantiles" graph to only use dots for
the event persistence rate (Grafana dashboard). (#19399)
- Update and align Grafana dashboard to use regex matching for
job selectors (job=~"$job") so the "all" value works
correctly across all panels. (#19400)
- Don't retry joining partial state rooms all at once on
startup. (#19402)
- Disallow requests to the health endpoint from containing
trailing path characters. (#19405)
- Add notes that new experimental features should have
associated tracking issues. (#19410)
- Bump pyo3 from 0.26.0 to 0.27.2 and pythonize from 0.26.0 to
0.27.0. Contributed by @razvp @ ERCOM. (#19412)
- refresh 0001-pyo3-Disable-abi3-feature.patch
OBS-URL: https://build.opensuse.org/request/show/1332291
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/matrix-synapse?expand=0&rev=150
- Bugfixes
- Fix memory leak caused by not cleaning up stopped looping
calls. Introduced in v1.140.0. (#19416)
- Fix a typo that incorrectly made setuptools_rust a runtime
dependency. (#19417)
- Internal Changes
- Prune stale entries from
sliding_sync_connection_required_state table. (#19306)
- Update "Event Send Time Quantiles" graph to only use dots for
the event persistence rate (Grafana dashboard). (#19399)
- Update and align Grafana dashboard to use regex matching for
job selectors (job=~"$job") so the "all" value works
correctly across all panels. (#19400)
- Don't retry joining partial state rooms all at once on
startup. (#19402)
- Disallow requests to the health endpoint from containing
trailing path characters. (#19405)
- Add notes that new experimental features should have
associated tracking issues. (#19410)
- Bump pyo3 from 0.26.0 to 0.27.2 and pythonize from 0.26.0 to
0.27.0. Contributed by @razvp @ ERCOM. (#19412)
- refresh 0001-pyo3-Disable-abi3-feature.patch
OBS-URL: https://build.opensuse.org/package/show/network:messaging:matrix/matrix-synapse?expand=0&rev=425
Forwarded request #1314343 from darix
- Update to 1.141.0
- Features
- Allow using MSC4190 behavior without the opt-in registration
flag. Contributed by @tulir @ Beeper. (#19031)
- Stabilize support for MSC4326: Device masquerading for
appservices. Contributed by @tulir @ Beeper. (#19033)
- Bugfixes
- Fix users being unable to log in if their password, or the
server's configured pepper, was too long. (#19101)
- Fix a bug introduced in 1.136.0 that would prevent Synapse
from being able to be reload-ed more than once when running
under systemd. (#19060)
- Fix a bug introduced in 1.140.0 where an internal server
error could be raised when hashing user passwords that are
too long. (#19078)
- Updates to the Docker image
- Update docker image to use Debian trixie as the base and thus
Python 3.13. (#19064)
- Internal Changes
- Move unique snowflake homeserver background tasks to
start_background_tasks (the standard pattern for this kind of
thing). (#19037)
- Drop a deprecated field of the PyGitHub dependency in the
release script and raise the dependency's minimum version to
1.59.0. (#19039)
- Update TODO list of conflicting areas where we encounter
metrics being clobbered (ApplicationService). (#19040)
OBS-URL: https://build.opensuse.org/request/show/1314344
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/matrix-synapse?expand=0&rev=145
- Features
- Allow using MSC4190 behavior without the opt-in registration
flag. Contributed by @tulir @ Beeper. (#19031)
- Stabilize support for MSC4326: Device masquerading for
appservices. Contributed by @tulir @ Beeper. (#19033)
- Bugfixes
- Fix users being unable to log in if their password, or the
server's configured pepper, was too long. (#19101)
- Fix a bug introduced in 1.136.0 that would prevent Synapse
from being able to be reload-ed more than once when running
under systemd. (#19060)
- Fix a bug introduced in 1.140.0 where an internal server
error could be raised when hashing user passwords that are
too long. (#19078)
- Updates to the Docker image
- Update docker image to use Debian trixie as the base and thus
Python 3.13. (#19064)
- Internal Changes
- Move unique snowflake homeserver background tasks to
start_background_tasks (the standard pattern for this kind of
thing). (#19037)
- Drop a deprecated field of the PyGitHub dependency in the
release script and raise the dependency's minimum version to
1.59.0. (#19039)
- Update TODO list of conflicting areas where we encounter
metrics being clobbered (ApplicationService). (#19040)
OBS-URL: https://build.opensuse.org/package/show/network:messaging:matrix/matrix-synapse?expand=0&rev=415
Forwarded request #1309634 from darix
- Update to 1.139.1 (boo#1251231)
- Security Fixes
- Fix CVE-2025-61672 / GHSA-fh66-fcv5-jjfr. Lack of validation
for device keys in Synapse before 1.139.1 allows an attacker
registered on the victim homeserver to degrade federation
functionality, unpredictably breaking outbound federation to
other homeservers. (#17097)
- Deprecations and Removals
- Drop support for unstable field names from the long-accepted
MSC2732 (Olm fallback keys) proposal. This change allows unit
tests to pass following the security patch above. (#18996)
OBS-URL: https://build.opensuse.org/request/show/1309635
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/matrix-synapse?expand=0&rev=142
- Security Fixes
- Fix CVE-2025-61672 / GHSA-fh66-fcv5-jjfr. Lack of validation
for device keys in Synapse before 1.139.1 allows an attacker
registered on the victim homeserver to degrade federation
functionality, unpredictably breaking outbound federation to
other homeservers. (#17097)
- Deprecations and Removals
- Drop support for unstable field names from the long-accepted
MSC2732 (Olm fallback keys) proposal. This change allows unit
tests to pass following the security patch above. (#18996)
OBS-URL: https://build.opensuse.org/package/show/network:messaging:matrix/matrix-synapse?expand=0&rev=408
This is the Synapse portion of the Matrix coordinated security
release. This release includes support for room version 12 which
fixes a number of security vulnerabilities, including
CVE-2025-49090.
The default room version is not changed. Not all clients will
support room version 12 immediately, and not all users will be
using the latest version of their clients. Large, public rooms
are advised to wait a few weeks before upgrading to room version
12 to allow users throughout the Matrix ecosystem to update their
clients.
- Bugfixes
- Fix invalidation of storage cache that was broken in 1.135.0.
(#18786)
- Internal Changes
- Add a parameter to upgrade_rooms(..) to allow auto join local
users. (#82)
- Speed up upgrading a room with large numbers of banned users.
(#18574)
OBS-URL: https://build.opensuse.org/package/show/network:messaging:matrix/matrix-synapse?expand=0&rev=397
Forwarded request #1289571 from darix
- Update to 1.133.0
- Features
- Add support for the MSC4260 user report API. (#18120)
- Bugfixes
- Fix an issue where, during state resolution for v11 rooms,
Synapse would incorrectly calculate the power level of the
creator when there was no power levels event in the room.
(#18534, #18547)
- Fix long-standing bug where sliding sync did not honour the
room_id_to_include config option. (#18535)
- Fix an issue where "Lock timeout is getting excessive"
warnings would be logged even when the lock timeout was <10
minutes. (#18543)
- Fix an issue where Synapse could calculate the wrong power
level for the creator of the room if there was no power
levels event. (#18545)
- Improved Documentation
- Generate config documentation from JSON Schema file. (#18528)
- Fix typo in user type documentation. (#18568)
- Internal Changes
- Increase performance of introspecting access tokens when
using delegated auth. (#18357, #18561)
- Log user deactivations. (#18541)
- Enable flake8-logging and flake8-logging-format rules in Ruff
and fix related issues throughout the codebase. (#18542)
- Clean up old, unused rows from the device_federation_inbox
table. (#18546)
- Run config schema CI on develop and release branches.
(#18551)
- Add support for Twisted 25.5.0+ releases. (#18577)
OBS-URL: https://build.opensuse.org/request/show/1289572
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/matrix-synapse?expand=0&rev=134
- Features
- Add support for the MSC4260 user report API. (#18120)
- Bugfixes
- Fix an issue where, during state resolution for v11 rooms,
Synapse would incorrectly calculate the power level of the
creator when there was no power levels event in the room.
(#18534, #18547)
- Fix long-standing bug where sliding sync did not honour the
room_id_to_include config option. (#18535)
- Fix an issue where "Lock timeout is getting excessive"
warnings would be logged even when the lock timeout was <10
minutes. (#18543)
- Fix an issue where Synapse could calculate the wrong power
level for the creator of the room if there was no power
levels event. (#18545)
- Improved Documentation
- Generate config documentation from JSON Schema file. (#18528)
- Fix typo in user type documentation. (#18568)
- Internal Changes
- Increase performance of introspecting access tokens when
using delegated auth. (#18357, #18561)
- Log user deactivations. (#18541)
- Enable flake8-logging and flake8-logging-format rules in Ruff
and fix related issues throughout the codebase. (#18542)
- Clean up old, unused rows from the device_federation_inbox
table. (#18546)
- Run config schema CI on develop and release branches.
(#18551)
- Add support for Twisted 25.5.0+ releases. (#18577)
OBS-URL: https://build.opensuse.org/package/show/network:messaging:matrix/matrix-synapse?expand=0&rev=391
Forwarded request #1274931 from darix
- Update to 1.129.0
- Features
- Add passthrough_authorization_parameters in OIDC
configuration to allow passing parameters to the
authorization grant URL. (#18232)
- Add total_event_count, total_message_count, and
total_e2ee_event_count fields to the homeserver usage
statistics. (#18260)
- Bugfixes
- Fix force_tracing_for_users config when using delegated auth.
(#18334)
- Fix the token introspection cache logging access tokens when
MAS integration is in use. (#18335)
- Stop caching introspection failures when delegating auth to
MAS. (#18339)
- Fix ExternalIDReuse exception after migrating to MAS on
workers with a high traffic. (#18342)
- Fix minor performance regression caused by tracking of room
participation. Regressed in v1.128.0. (#18345)
- Updates to the Docker image
- Optimize the build of the complement-synapse image. (#18294)
- Internal Changes
- Revert the slow background update introduced by #18068 in
v1.128.0. (#18372)
- Revert "Add total event, unencrypted message, and e2ee event
counts to stats reporting", added in v1.129.0rc1. (#18373)
- Disable statement timeout during room purge. (#18133)
- Add cache to storage functions used to auth requests when
using delegated auth. (#18337)
OBS-URL: https://build.opensuse.org/request/show/1274932
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/matrix-synapse?expand=0&rev=130
- Features
- Add passthrough_authorization_parameters in OIDC
configuration to allow passing parameters to the
authorization grant URL. (#18232)
- Add total_event_count, total_message_count, and
total_e2ee_event_count fields to the homeserver usage
statistics. (#18260)
- Bugfixes
- Fix force_tracing_for_users config when using delegated auth.
(#18334)
- Fix the token introspection cache logging access tokens when
MAS integration is in use. (#18335)
- Stop caching introspection failures when delegating auth to
MAS. (#18339)
- Fix ExternalIDReuse exception after migrating to MAS on
workers with a high traffic. (#18342)
- Fix minor performance regression caused by tracking of room
participation. Regressed in v1.128.0. (#18345)
- Updates to the Docker image
- Optimize the build of the complement-synapse image. (#18294)
- Internal Changes
- Revert the slow background update introduced by #18068 in
v1.128.0. (#18372)
- Revert "Add total event, unencrypted message, and e2ee event
counts to stats reporting", added in v1.129.0rc1. (#18373)
- Disable statement timeout during room purge. (#18133)
- Add cache to storage functions used to auth requests when
using delegated auth. (#18337)
OBS-URL: https://build.opensuse.org/package/show/network:messaging:matrix/matrix-synapse?expand=0&rev=383
