- Update to 1.37.1
This release resolves issues (such as #9490) where one busy room
could cause head-of-line blocking, starving Synapse from
processing events in other rooms, and causing all federated
traffic to fall behind. Synapse 1.37.1 processes inbound
federation traffic asynchronously, ensuring that one busy room
won't impact others. Please upgrade to Synapse 1.37.1 as soon as
possible, in order to increase resilience to other traffic
spikes.
- Features
- Handle inbound events from federation asynchronously.
(#10269, #10272)
OBS-URL: https://build.opensuse.org/request/show/903369
OBS-URL: https://build.opensuse.org/package/show/network:messaging:matrix/matrix-synapse?expand=0&rev=185
- Update to v1.32.1
This release fixes a regression in Synapse 1.32.0 that caused
connected Prometheus instances to become unstable. If you ran
Synapse 1.32.0 with Prometheus metrics, first upgrade to Synapse
1.32.1 and follow these instructions to clean up any excess
writeahead logs.
- Bugfixes
- Fix a regression in Synapse 1.32.0 which caused Synapse to
report large numbers of Prometheus time series, potentially
overwhelming Prometheus instances. (#9854)
OBS-URL: https://build.opensuse.org/request/show/887327
OBS-URL: https://build.opensuse.org/package/show/network:messaging:matrix/matrix-synapse?expand=0&rev=171
- Update to 1.30.1
This release is identical to Synapse 1.30.0, with the exception
of explicitly setting a minimum version of Python's Cryptography
library to ensure that users of Synapse are protected from the
recent OpenSSL security advisories, especially CVE-2021-3449.
- Internal Changes
- Enforce that `cryptography` dependency is up to date to
ensure it has the most recent openssl patches. (#9697)
- Note: we do not bump the cryptography dependency in our package
as we use the system OpenSSL which gets the fix.
Add dont-bump-cryptography-with-system-openssl.patch to comment
out the dependency because otherwise the newer version
requirement is enforced on startup
OBS-URL: https://build.opensuse.org/request/show/881504
OBS-URL: https://build.opensuse.org/package/show/network:messaging:matrix/matrix-synapse?expand=0&rev=165
- prepare to support more optional features in the buildrequires
(oidc/redis). failing atm due to missing libraries
- Update to 1.21.2
- Security advisory
- HTML pages served via Synapse were vulnerable to cross-site
scripting (XSS) attacks. All server administrators are
encouraged to upgrade. (#8444) (CVE-2020-26891)
- This fix was originally included in v1.21.0 but was missing a
security advisory. This was reported by Denis Kasak.
- Bugfixes
- Fix rare bug where sending an event would fail due to a racey
assertion. (#8530)
- An updated version of the authlib dependency is included in
the Docker and Debian images to fix an issue using OpenID
Connect. See #8534 for details.
OBS-URL: https://build.opensuse.org/request/show/841978
OBS-URL: https://build.opensuse.org/package/show/network:messaging:matrix/matrix-synapse?expand=0&rev=147
- Update to 1.15.2
- Security
- A malicious homeserver could force Synapse to reset the state
in a room to a small subset of the correct state. This
affects all Synapse deployments which federate with untrusted
servers. (96e9afe6)
- HTML pages served via Synapse were vulnerable to clickjacking
attacks. This predominantly affects homeservers with
single-sign-on enabled, but all server administrators are
encouraged to upgrade. (ea26e9a9)
OBS-URL: https://build.opensuse.org/request/show/818369
OBS-URL: https://build.opensuse.org/package/show/network:messaging:matrix/matrix-synapse?expand=0&rev=130
- Update to 1.13.0
This release brings some potential changes necessary for certain
configurations of Synapse:
- If your Synapse is configured to use SSO and have a custom
sso_redirect_confirm_template_dir configuration option set, you
will need to duplicate the new sso_auth_confirm.html,
sso_auth_success.html and sso_account_deactivated.html
templates into that directory.
- Synapse plugins using the complete_sso_login method of
synapse.module_api.ModuleApi should instead switch to the
async/await version, complete_sso_login_async, which includes
additional checks. The former version is now deprecated.
- A bug was introduced in Synapse 1.4.0 which could cause the
room directory to be incomplete or empty if Synapse was
upgraded directly from v1.2.1 or earlier, to versions between
v1.4.0 and v1.12.x.
Please review UPGRADE.rst for more details on these changes and
for general upgrade guidance.
For the complete list of changes please refer to
https://github.com/matrix-org/synapse/releases/tag/v1.13.0
OBS-URL: https://build.opensuse.org/request/show/807359
OBS-URL: https://build.opensuse.org/package/show/network:messaging:matrix/matrix-synapse?expand=0&rev=124
- Update to 1.11.0.
* Limit the number of events that can be requested by the backfill federation
API to 100.
* Reject device display names over 100 characters in length to prevent abuse.
* Implement new aliases endpoint as per MSC2432.
* Stop sending m.room.alias events wheng adding / removing aliases. Check
alt_aliases in the latest m.room.canonical_alias event when deleting an
alias.
* Change the default power levels of invites, tombstones and server ACLs for
new rooms.
The full changelog is included in
/usr/share/doc/packages/matrix-synapse/CHANGES.md.
OBS-URL: https://build.opensuse.org/request/show/777958
OBS-URL: https://build.opensuse.org/package/show/network:messaging:matrix/matrix-synapse?expand=0&rev=117
- Update to 1.10.0.
WARNING to client developers: As of this release Synapse validates
client_secret parameters in the Client-Server API as per the spec. See #6766
for details.
+ Add experimental support for updated authorization rules for aliases
events, from MSC2260.
+ Variety of E2EE improvements, most notably:
* Fix bug where querying a remote user's device keys that weren't cached
resulted in only returning a single device.
* Fix bug where Synapse didn't invalidate cache of remote users' devices
when Synapse left a room.
* Detect unknown remote devices and mark cache as stale.
* Attempt to resync remote users' devices when detected as stale.
* When a client asks for a remote user's device keys check if the local
cache for that user has been marked as potentially stale.
* Detect unexpected sender keys on remote encrypted events and resync
device lists.
* Fix an issue with cross-signing where device signatures were not sent to
remote servers.
The full changelog is included in
/usr/share/doc/packages/matrix-synapse/CHANGES.md.
OBS-URL: https://build.opensuse.org/request/show/773720
OBS-URL: https://build.opensuse.org/package/show/network:messaging:matrix/matrix-synapse?expand=0&rev=114
