- Update to 1.37.1
This release resolves issues (such as #9490) where one busy room
could cause head-of-line blocking, starving Synapse from
processing events in other rooms, and causing all federated
traffic to fall behind. Synapse 1.37.1 processes inbound
federation traffic asynchronously, ensuring that one busy room
won't impact others. Please upgrade to Synapse 1.37.1 as soon as
possible, in order to increase resilience to other traffic
spikes.
- Features
- Handle inbound events from federation asynchronously.
(#10269, #10272)
OBS-URL: https://build.opensuse.org/request/show/903369
OBS-URL: https://build.opensuse.org/package/show/network:messaging:matrix/matrix-synapse?expand=0&rev=185
- Update to v1.32.1
This release fixes a regression in Synapse 1.32.0 that caused
connected Prometheus instances to become unstable. If you ran
Synapse 1.32.0 with Prometheus metrics, first upgrade to Synapse
1.32.1 and follow these instructions to clean up any excess
writeahead logs.
- Bugfixes
- Fix a regression in Synapse 1.32.0 which caused Synapse to
report large numbers of Prometheus time series, potentially
overwhelming Prometheus instances. (#9854)
OBS-URL: https://build.opensuse.org/request/show/887327
OBS-URL: https://build.opensuse.org/package/show/network:messaging:matrix/matrix-synapse?expand=0&rev=171
- Update to 1.30.1
This release is identical to Synapse 1.30.0, with the exception
of explicitly setting a minimum version of Python's Cryptography
library to ensure that users of Synapse are protected from the
recent OpenSSL security advisories, especially CVE-2021-3449.
- Internal Changes
- Enforce that `cryptography` dependency is up to date to
ensure it has the most recent openssl patches. (#9697)
- Note: we do not bump the cryptography dependency in our package
as we use the system OpenSSL which gets the fix.
Add dont-bump-cryptography-with-system-openssl.patch to comment
out the dependency because otherwise the newer version
requirement is enforced on startup
OBS-URL: https://build.opensuse.org/request/show/881504
OBS-URL: https://build.opensuse.org/package/show/network:messaging:matrix/matrix-synapse?expand=0&rev=165
- prepare to support more optional features in the buildrequires
(oidc/redis). failing atm due to missing libraries
- Update to 1.21.2
- Security advisory
- HTML pages served via Synapse were vulnerable to cross-site
scripting (XSS) attacks. All server administrators are
encouraged to upgrade. (#8444) (CVE-2020-26891)
- This fix was originally included in v1.21.0 but was missing a
security advisory. This was reported by Denis Kasak.
- Bugfixes
- Fix rare bug where sending an event would fail due to a racey
assertion. (#8530)
- An updated version of the authlib dependency is included in
the Docker and Debian images to fix an issue using OpenID
Connect. See #8534 for details.
OBS-URL: https://build.opensuse.org/request/show/841978
OBS-URL: https://build.opensuse.org/package/show/network:messaging:matrix/matrix-synapse?expand=0&rev=147
- Update to 1.15.2
- Security
- A malicious homeserver could force Synapse to reset the state
in a room to a small subset of the correct state. This
affects all Synapse deployments which federate with untrusted
servers. (96e9afe6)
- HTML pages served via Synapse were vulnerable to clickjacking
attacks. This predominantly affects homeservers with
single-sign-on enabled, but all server administrators are
encouraged to upgrade. (ea26e9a9)
OBS-URL: https://build.opensuse.org/request/show/818369
OBS-URL: https://build.opensuse.org/package/show/network:messaging:matrix/matrix-synapse?expand=0&rev=130
- Update to 1.13.0
This release brings some potential changes necessary for certain
configurations of Synapse:
- If your Synapse is configured to use SSO and have a custom
sso_redirect_confirm_template_dir configuration option set, you
will need to duplicate the new sso_auth_confirm.html,
sso_auth_success.html and sso_account_deactivated.html
templates into that directory.
- Synapse plugins using the complete_sso_login method of
synapse.module_api.ModuleApi should instead switch to the
async/await version, complete_sso_login_async, which includes
additional checks. The former version is now deprecated.
- A bug was introduced in Synapse 1.4.0 which could cause the
room directory to be incomplete or empty if Synapse was
upgraded directly from v1.2.1 or earlier, to versions between
v1.4.0 and v1.12.x.
Please review UPGRADE.rst for more details on these changes and
for general upgrade guidance.
For the complete list of changes please refer to
https://github.com/matrix-org/synapse/releases/tag/v1.13.0
OBS-URL: https://build.opensuse.org/request/show/807359
OBS-URL: https://build.opensuse.org/package/show/network:messaging:matrix/matrix-synapse?expand=0&rev=124
- Update to 1.11.0.
* Limit the number of events that can be requested by the backfill federation
API to 100.
* Reject device display names over 100 characters in length to prevent abuse.
* Implement new aliases endpoint as per MSC2432.
* Stop sending m.room.alias events wheng adding / removing aliases. Check
alt_aliases in the latest m.room.canonical_alias event when deleting an
alias.
* Change the default power levels of invites, tombstones and server ACLs for
new rooms.
The full changelog is included in
/usr/share/doc/packages/matrix-synapse/CHANGES.md.
OBS-URL: https://build.opensuse.org/request/show/777958
OBS-URL: https://build.opensuse.org/package/show/network:messaging:matrix/matrix-synapse?expand=0&rev=117
- Update to 1.10.0.
WARNING to client developers: As of this release Synapse validates
client_secret parameters in the Client-Server API as per the spec. See #6766
for details.
+ Add experimental support for updated authorization rules for aliases
events, from MSC2260.
+ Variety of E2EE improvements, most notably:
* Fix bug where querying a remote user's device keys that weren't cached
resulted in only returning a single device.
* Fix bug where Synapse didn't invalidate cache of remote users' devices
when Synapse left a room.
* Detect unknown remote devices and mark cache as stale.
* Attempt to resync remote users' devices when detected as stale.
* When a client asks for a remote user's device keys check if the local
cache for that user has been marked as potentially stale.
* Detect unexpected sender keys on remote encrypted events and resync
device lists.
* Fix an issue with cross-signing where device signatures were not sent to
remote servers.
The full changelog is included in
/usr/share/doc/packages/matrix-synapse/CHANGES.md.
OBS-URL: https://build.opensuse.org/request/show/773720
OBS-URL: https://build.opensuse.org/package/show/network:messaging:matrix/matrix-synapse?expand=0&rev=114
- update to 1.9.1
Fix bug where setting mau_limit_reserved_threepids config would
cause Synapse to refuse to start. (#6793)
- package cleanup
- make sure we have all libraries to actually install the package:
- buildrequires all runtime requirements
- (build)require python3-typing_extensions
- having it use the python package name is not really useful here.
- refreshed and renamed better-paths.patch to
matrix-synapse-1.4.1-paths.patch
- also fix existing synapse user
- group to synapse instead of nogroup
- home directory to /var/lib/matrix-synapse
- shell to /bin/false (which actually exists)
- improvements to the logging configuration:
- install copy of the current /etc/matrix-synapse/log.yaml as
/etc/matrix-synapse/log.systemd.yaml
- install /etc/matrix-synapse/log.file.yaml which logs to
/var/log/matrix-synapse/homeserver.log
- add the log directory /var/log/matrix-synapse/
- added README.SUSE
- better way to bootstrap a new config:
1. ExecStartPre would have never worked anyway
2. added %{_sbindir}/matrix-synapse-generate-config
Usage:
%{_sbindir}/matrix-synapse-generate-config servername
- fix group and shell for the synapse user
- added better-paths.patch
- put the pid file into /run/matrix-synapse/
- use a default logging config in /etc/matrix-synapse/log.yaml
to have systemd logging by default
- use full path in the service file
- actually use source 50 instead of the service file in the tarball
- make permissions tighter on the config files as it contains
passwords and other secrets:
root:synapse u=rwX,g=rX,o=
OBS-URL: https://build.opensuse.org/request/show/768057
OBS-URL: https://build.opensuse.org/package/show/network:messaging:matrix/matrix-synapse?expand=0&rev=111
- Update to 1.9.0.
WARNING: As of this release, Synapse no longer supports versions of SQLite
before 3.11, and will refuse to start when configured to use an older
version. Administrators are recommended to migrate their database to Postgres
(see instructions here).
WARNING: If your Synapse deployment uses workers, note that the reverse-proxy
configurations for the synapse.app.media_repository,
synapse.app.federation_reader and synapse.app.event_creator workers have
changed, with the addition of a few paths (see the updated configurations
here). Existing configurations will continue to work.
+ Allow admin to create or modify a user.
+ Add new quarantine media admin APIs to quarantine by media ID or by user
who uploaded the media.
+ Add a new admin API to list and filter rooms on the server.
+ Add org.matrix.e2e_cross_signing to unstable_features in /versions.
The full changelog is included in
/usr/share/doc/packages/matrix-synapse/CHANGES.md.
OBS-URL: https://build.opensuse.org/request/show/766606
OBS-URL: https://build.opensuse.org/package/show/network:messaging:matrix/matrix-synapse?expand=0&rev=109
- Update to 1.8.0.
WARNING: As of this release Synapse will refuse to start if the log_file
config option is specified. Support for the option was removed in v1.3.0.
* Add v2 APIs for the send_join and send_leave federation endpoints (as
described in MSC1802).
* Add a develop script to generate full SQL schemas.
* Add custom SAML username mapping functinality through an external provider
plugin.
* Automatically delete empty groups/communities.
* Add option limit_profile_requests_to_users_who_share_rooms to prevent
requirement of a local user sharing a room with another user to query their
profile information.
* Add an export_signing_key script to extract the public part of signing keys
when rotating them.
* Add experimental config option to specify multiple databases.
* Raise an error if someone tries to use the log_file config option.
The full changelog is included in
/usr/share/doc/packages/matrix-synapse/CHANGES.md.
OBS-URL: https://build.opensuse.org/request/show/762836
OBS-URL: https://build.opensuse.org/package/show/network:messaging:matrix/matrix-synapse?expand=0&rev=107
- Update to 1.7.1.
This update fixes several majar security issues. Users are very strongly
recommended to update as soon as possible.
* Fix a bug which could cause room events to be incorrectly authorized using
events from a different room.
* Fix a bug causing responses to the /context client endpoint to not use the
pruned version of the event.
* Fix a cause of state resets in room versions 2 onwards.
* Fix a bug which could cause the federation server to incorrectly return
errors when handling certain obscure event graphs.
The full changelog is included in
/usr/share/doc/packages/matrix-synapse/CHANGES.md.
OBS-URL: https://build.opensuse.org/request/show/757734
OBS-URL: https://build.opensuse.org/package/show/network:messaging:matrix/matrix-synapse?expand=0&rev=99
- Update to 1.7.0.
* Implement per-room message retention policies.
* Add etag and count fields to key backup endpoints to help clients guess if
there are new keys.
* Configure privacy-preserving settings by default for the room directory.
* Add ephemeral messages support by partially implementing MSC2228.
* Add support for MSC 2367, which allows specifying a reason on all
membership events.
The full changelog is included in
/usr/share/doc/packages/matrix-synapse/CHANGES.md.
OBS-URL: https://build.opensuse.org/request/show/756814
OBS-URL: https://build.opensuse.org/package/show/network:messaging:matrix/matrix-synapse?expand=0&rev=97