This is the Synapse portion of the Matrix coordinated security
release. This release includes support for room version 12 which
fixes a number of security vulnerabilities, including
CVE-2025-49090.
The default room version is not changed. Not all clients will
support room version 12 immediately, and not all users will be
using the latest version of their clients. Large, public rooms
are advised to wait a few weeks before upgrading to room version
12 to allow users throughout the Matrix ecosystem to update their
clients.
- Bugfixes
- Fix invalidation of storage cache that was broken in 1.135.0.
(#18786)
- Internal Changes
- Add a parameter to upgrade_rooms(..) to allow auto join local
users. (#82)
- Speed up upgrading a room with large numbers of banned users.
(#18574)
OBS-URL: https://build.opensuse.org/package/show/network:messaging:matrix/matrix-synapse?expand=0&rev=397
Forwarded request #1289571 from darix
- Update to 1.133.0
- Features
- Add support for the MSC4260 user report API. (#18120)
- Bugfixes
- Fix an issue where, during state resolution for v11 rooms,
Synapse would incorrectly calculate the power level of the
creator when there was no power levels event in the room.
(#18534, #18547)
- Fix long-standing bug where sliding sync did not honour the
room_id_to_include config option. (#18535)
- Fix an issue where "Lock timeout is getting excessive"
warnings would be logged even when the lock timeout was <10
minutes. (#18543)
- Fix an issue where Synapse could calculate the wrong power
level for the creator of the room if there was no power
levels event. (#18545)
- Improved Documentation
- Generate config documentation from JSON Schema file. (#18528)
- Fix typo in user type documentation. (#18568)
- Internal Changes
- Increase performance of introspecting access tokens when
using delegated auth. (#18357, #18561)
- Log user deactivations. (#18541)
- Enable flake8-logging and flake8-logging-format rules in Ruff
and fix related issues throughout the codebase. (#18542)
- Clean up old, unused rows from the device_federation_inbox
table. (#18546)
- Run config schema CI on develop and release branches.
(#18551)
- Add support for Twisted 25.5.0+ releases. (#18577)
OBS-URL: https://build.opensuse.org/request/show/1289572
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/matrix-synapse?expand=0&rev=134
- Features
- Add support for the MSC4260 user report API. (#18120)
- Bugfixes
- Fix an issue where, during state resolution for v11 rooms,
Synapse would incorrectly calculate the power level of the
creator when there was no power levels event in the room.
(#18534, #18547)
- Fix long-standing bug where sliding sync did not honour the
room_id_to_include config option. (#18535)
- Fix an issue where "Lock timeout is getting excessive"
warnings would be logged even when the lock timeout was <10
minutes. (#18543)
- Fix an issue where Synapse could calculate the wrong power
level for the creator of the room if there was no power
levels event. (#18545)
- Improved Documentation
- Generate config documentation from JSON Schema file. (#18528)
- Fix typo in user type documentation. (#18568)
- Internal Changes
- Increase performance of introspecting access tokens when
using delegated auth. (#18357, #18561)
- Log user deactivations. (#18541)
- Enable flake8-logging and flake8-logging-format rules in Ruff
and fix related issues throughout the codebase. (#18542)
- Clean up old, unused rows from the device_federation_inbox
table. (#18546)
- Run config schema CI on develop and release branches.
(#18551)
- Add support for Twisted 25.5.0+ releases. (#18577)
OBS-URL: https://build.opensuse.org/package/show/network:messaging:matrix/matrix-synapse?expand=0&rev=391
Forwarded request #1274931 from darix
- Update to 1.129.0
- Features
- Add passthrough_authorization_parameters in OIDC
configuration to allow passing parameters to the
authorization grant URL. (#18232)
- Add total_event_count, total_message_count, and
total_e2ee_event_count fields to the homeserver usage
statistics. (#18260)
- Bugfixes
- Fix force_tracing_for_users config when using delegated auth.
(#18334)
- Fix the token introspection cache logging access tokens when
MAS integration is in use. (#18335)
- Stop caching introspection failures when delegating auth to
MAS. (#18339)
- Fix ExternalIDReuse exception after migrating to MAS on
workers with a high traffic. (#18342)
- Fix minor performance regression caused by tracking of room
participation. Regressed in v1.128.0. (#18345)
- Updates to the Docker image
- Optimize the build of the complement-synapse image. (#18294)
- Internal Changes
- Revert the slow background update introduced by #18068 in
v1.128.0. (#18372)
- Revert "Add total event, unencrypted message, and e2ee event
counts to stats reporting", added in v1.129.0rc1. (#18373)
- Disable statement timeout during room purge. (#18133)
- Add cache to storage functions used to auth requests when
using delegated auth. (#18337)
OBS-URL: https://build.opensuse.org/request/show/1274932
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/matrix-synapse?expand=0&rev=130
- Features
- Add passthrough_authorization_parameters in OIDC
configuration to allow passing parameters to the
authorization grant URL. (#18232)
- Add total_event_count, total_message_count, and
total_e2ee_event_count fields to the homeserver usage
statistics. (#18260)
- Bugfixes
- Fix force_tracing_for_users config when using delegated auth.
(#18334)
- Fix the token introspection cache logging access tokens when
MAS integration is in use. (#18335)
- Stop caching introspection failures when delegating auth to
MAS. (#18339)
- Fix ExternalIDReuse exception after migrating to MAS on
workers with a high traffic. (#18342)
- Fix minor performance regression caused by tracking of room
participation. Regressed in v1.128.0. (#18345)
- Updates to the Docker image
- Optimize the build of the complement-synapse image. (#18294)
- Internal Changes
- Revert the slow background update introduced by #18068 in
v1.128.0. (#18372)
- Revert "Add total event, unencrypted message, and e2ee event
counts to stats reporting", added in v1.129.0rc1. (#18373)
- Disable statement timeout during room purge. (#18133)
- Add cache to storage functions used to auth requests when
using delegated auth. (#18337)
OBS-URL: https://build.opensuse.org/package/show/network:messaging:matrix/matrix-synapse?expand=0&rev=383
Forwarded request #1255974 from darix
- Update to 1.127.0
- Features
- Update MSC4140 implementation to no longer cancel a user's
own delayed state events with an event type & state key that
match a more recent state event sent by that user. (#17810)
- Improved Documentation
- Fixed a minor typo in the Synapse documentation. Contributed
by @karuto12. (#18224)
- Internal Changes
- Remove undocumented SYNAPSE_USE_FROZEN_DICTS environment
variable. (#18123)
- Fix detection of workflow failures in the release script.
(#18211)
- Add caching support to media endpoints. (#18235)
- Updates to locked dependencies
- Bump anyhow from 1.0.96 to 1.0.97. (#18201)
- Bump bcrypt from 4.2.1 to 4.3.0. (#18207)
- Bump bytes from 1.10.0 to 1.10.1. (#18227)
- Bump http from 1.2.0 to 1.3.1. (#18245)
- Bump sentry-sdk from 2.19.2 to 2.22.0. (#18205)
- Bump serde from 1.0.218 to 1.0.219. (#18228)
- Bump serde_json from 1.0.139 to 1.0.140. (#18202)
- Bump ulid from 1.2.0 to 1.2.1. (#18246)
OBS-URL: https://build.opensuse.org/request/show/1255975
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/matrix-synapse?expand=0&rev=125
- Features
- Update MSC4140 implementation to no longer cancel a user's
own delayed state events with an event type & state key that
match a more recent state event sent by that user. (#17810)
- Improved Documentation
- Fixed a minor typo in the Synapse documentation. Contributed
by @karuto12. (#18224)
- Internal Changes
- Remove undocumented SYNAPSE_USE_FROZEN_DICTS environment
variable. (#18123)
- Fix detection of workflow failures in the release script.
(#18211)
- Add caching support to media endpoints. (#18235)
- Updates to locked dependencies
- Bump anyhow from 1.0.96 to 1.0.97. (#18201)
- Bump bcrypt from 4.2.1 to 4.3.0. (#18207)
- Bump bytes from 1.10.0 to 1.10.1. (#18227)
- Bump http from 1.2.0 to 1.3.1. (#18245)
- Bump sentry-sdk from 2.19.2 to 2.22.0. (#18205)
- Bump serde from 1.0.218 to 1.0.219. (#18228)
- Bump serde_json from 1.0.139 to 1.0.140. (#18202)
- Bump ulid from 1.2.0 to 1.2.1. (#18246)
OBS-URL: https://build.opensuse.org/package/show/network:messaging:matrix/matrix-synapse?expand=0&rev=373
Forwarded request #1237891 from darix
- Update to 1.122.0
Please note that this version of Synapse drops support for
PostgreSQL 11 and 12. The minimum version of PostgreSQL supported
is now version 13.
- Deprecations and Removals
- Remove support for PostgreSQL 11 and 12. Contributed by @clokep. (#18034)
- Features
- Added the email.tlsname config option. This allows specifying
the domain name used to validate the SMTP server's TLS
certificate separately from the email.smtp_host to connect
to. (#17849)
- Module developers will have access to the user ID of the
requester when adding check_username_for_spam callbacks to
spam_checker_module_callbacks. Contributed by
Wilson@Pangea.chat. (#17916)
- Add endpoints to the Admin API to fetch the number of invites
the provided user has sent after a given timestamp, fetch the
number of rooms the provided user has joined after a given
timestamp, and get report IDs of event reports against a
provided user (i.e. where the user was the sender of the
reported event). (#17948)
- Support stable account suspension from MSC3823. (#17964)
- Add macaroon_secret_key_path config option. (#17983)
- Bugfixes
- Fix bug when rejecting withdrew invite with a
third_party_rules module, where the invite would be stuck for
the client. (#17930)
- Properly purge state groups tables when purging a room with
the Admin API. (#18024)
- Fix a bug preventing the admin redaction endpoint from
OBS-URL: https://build.opensuse.org/request/show/1237892
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/matrix-synapse?expand=0&rev=119
Please note that this version of Synapse drops support for
PostgreSQL 11 and 12. The minimum version of PostgreSQL supported
is now version 13.
- Deprecations and Removals
- Remove support for PostgreSQL 11 and 12. Contributed by @clokep. (#18034)
- Features
- Added the email.tlsname config option. This allows specifying
the domain name used to validate the SMTP server's TLS
certificate separately from the email.smtp_host to connect
to. (#17849)
- Module developers will have access to the user ID of the
requester when adding check_username_for_spam callbacks to
spam_checker_module_callbacks. Contributed by
Wilson@Pangea.chat. (#17916)
- Add endpoints to the Admin API to fetch the number of invites
the provided user has sent after a given timestamp, fetch the
number of rooms the provided user has joined after a given
timestamp, and get report IDs of event reports against a
provided user (i.e. where the user was the sender of the
reported event). (#17948)
- Support stable account suspension from MSC3823. (#17964)
- Add macaroon_secret_key_path config option. (#17983)
- Bugfixes
- Fix bug when rejecting withdrew invite with a
third_party_rules module, where the invite would be stuck for
the client. (#17930)
- Properly purge state groups tables when purging a room with
the Admin API. (#18024)
- Fix a bug preventing the admin redaction endpoint from
OBS-URL: https://build.opensuse.org/package/show/network:messaging:matrix/matrix-synapse?expand=0&rev=360
- Moved to Element maintained fork as matrix has archived their version
- Update to 1.103.0
- Features
- Add a new List Accounts v3 Admin API with improved deactivated
user filtering capabilities. (#16874)
- Include Retry-After header by default per MSC4041. Contributed
by @clokep. (#16947)
- Bugfixes
- Fix joining remote rooms when a module uses the on_new_event
callback. This callback may now pass partial state events
instead of the full state for remote rooms. Introduced in
v1.76.0. (#16973)
- Fix performance issue when joining very large rooms that can
cause the server to lock up. Introduced in v1.100.0.
Contributed by @ggogel. (#16968)
- Improved Documentation
- Add HAProxy example for single port operation to reverse proxy
documentation. Contributed by Georg Pfuetzenreuter (@tacerus).
(#16768)
- Improve the documentation around running Complement tests with
new configuration parameters. (#16946)
- Add docs on upgrading from a very old version. (#16951)
For changes in older version since 1.98.0, see
https://github.com/element-hq/synapse/releases
OBS-URL: https://build.opensuse.org/request/show/1162886
OBS-URL: https://build.opensuse.org/package/show/network:messaging:matrix/matrix-synapse?expand=0&rev=310
- Update to 1.92.3
This release does not affect openSUSE as we do not use the intree
libwebp
Upstream changes:
This is again a security update targeted at mitigating
CVE-2023-4863. It turns out that libwebp is bundled statically in
Pillow wheels so we need to update this dependency instead of
libwebp package at the OS level.
Unlike what was advertised in 1.92.2 changelog this release also
impacts PyPI wheels and Debian packages from matrix.org.
We encourage admins to upgrade as soon as possible.
Internal Changes
- Pillow 10.0.1 is now mandatory because of libwebp
CVE-2023-4863, since Pillow provides libwebp in the wheels.
(#16347)
- bump all the dependencies which are not available in tumbleweed.
- Update to 1.92.2
Only fix in this is actually changing the upstream docker
configuration to mitigate the webp security bug. Does not affect
our package.
- Update to 1.92.1
- Bugfixes
- Revert MSC3861 introspection cache, admin impersonation and
account lock. (#16258)
- Internal Changes
- Fix incorrect docstring for Ratelimiter. (#16255)
- Update the release script to work on macOS. (#16266)
- Stop building Ubuntu Kinetic since it is EOL and repos seem
OBS-URL: https://build.opensuse.org/request/show/1113560
OBS-URL: https://build.opensuse.org/package/show/network:messaging:matrix/matrix-synapse?expand=0&rev=287
- switch to _multibuild
- Update to 1.88.0
This release
- raises the minimum supported version of Python to 3.8, as
Python 3.7 is now end-of-life, and
- removes deprecated config options related to worker deployment.
See the upgrade notes for more information.
https://github.com/matrix-org/synapse/blob/release-v1.88/docs/upgrade.md#upgrading-to-v1880
- Features
- Add not_user_type param to the list accounts admin API.
(#15844)
- Bugfixes
- Revert "Stop writing to column user_id of tables profiles and
user_filters", which was introduced in Synapse 1.88.0rc1.
(#15953)
- Pin pydantic to ^=1.7.4 to avoid backwards-incompatible API
changes from the 2.0.0 release. Contributed by @PaarthShah.
(#15862)
- Correctly resize thumbnails with pillow version >=10.
(#15876)
- Improved Documentation
- Fixed header levels on the Admin API "Users" documentation
page. Contributed by @sumnerevans at @beeper. (#15852)
- Remove deprecated worker_replication_host,
worker_replication_http_port and worker_replication_http_tls
configuration options. (#15872)
- Deprecations and Removals
- Remove deprecated worker_replication_host,
worker_replication_http_port and worker_replication_http_tls
OBS-URL: https://build.opensuse.org/request/show/1101105
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/matrix-synapse?expand=0&rev=82
- Update to 1.85.2
- Bugfixes
- Fix regression where using TLS for HTTP replication between
workers did not work. Introduced in v1.85.0. (#15746)
- Update to 1.85.1
Note: this release only fixes a bug that stopped some deployments
from upgrading to v1.85.0. There is no need to upgrade to v1.85.1
if successfully running v1.85.0.
- Bugfixes
- Fix bug in schema delta that broke upgrades for some
deployments. Introduced in v1.85.0. (#15738, #15739)
- make use that the pythons define and use_python do not diverge by
moving them closer to each other.
- Update to 1.85.0
- Security
- GHSA-26c5-ppr8-f33p / CVE-2023-32682 — Low Severity It may be
possible for a deactivated user to login when using uncommon
configurations. (boo#1212055)
- GHSA-98px-6486-j7qc / CVE-2023-32683 — Low Severity A
discovered oEmbed or image URL can bypass the
url_preview_url_blacklist setting potentially allowing server
side request forgery or bypassing network policies. Impact is
limited to IP addresses allowed by the
url_preview_ip_range_blacklist setting (by default this only
allows public IPs). (boo#1212054)
- Features
- Improve performance of backfill requests by performing
OBS-URL: https://build.opensuse.org/request/show/1097110
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/matrix-synapse?expand=0&rev=81
- Update to 1.85.0
- Security
- GHSA-26c5-ppr8-f33p / CVE-2023-32682 — Low Severity It may be
possible for a deactivated user to login when using uncommon
configurations. (boo#1212055)
- GHSA-98px-6486-j7qc / CVE-2023-32683 — Low Severity A
discovered oEmbed or image URL can bypass the
url_preview_url_blacklist setting potentially allowing server
side request forgery or bypassing network policies. Impact is
limited to IP addresses allowed by the
url_preview_ip_range_blacklist setting (by default this only
allows public IPs). (boo#1212054)
OBS-URL: https://build.opensuse.org/request/show/1091083
OBS-URL: https://build.opensuse.org/package/show/network:messaging:matrix/matrix-synapse?expand=0&rev=273
- As 14221.patch is modified to skip the parts we dont need
(changelog snippets) remove the url from the spec file.
- All the shebang line fixing should skip the vendor directory so
that we do not break the checksum checks in cargo.
- Added https://patch-diff.githubusercontent.com/raw/matrix-org/synapse/pull/14221.patch
Same fix for the cache_memory as for url_preview
- python-six is not required
https://trello.com/c/MO53MocR/143-remove-python3-six
- Update to 1.69.0
Please note that legacy Prometheus metric names are now
deprecated and will be removed in Synapse 1.73.0. Server
administrators should update their dashboards and alerting rules
to avoid using the deprecated metric names. See the upgrade notes
for more details.
- Features
- Allow application services to set the origin_server_ts of a
state event by providing the query parameter ts in PUT
/_matrix/client/r0/rooms/{roomId}/state/{eventType}/{stateKey},
per MSC3316. Contributed by @lukasdenk. (#11866)
- Allow server admins to require a manual approval process
before new accounts can be used (using MSC3866). (#13556)
- Exponentially backoff from backfilling the same event over
and over. (#13635, #13936)
- Add cache invalidation across workers to module API. (#13667,
#13947)
- Experimental implementation of MSC3882 to allow an existing
OBS-URL: https://build.opensuse.org/request/show/1030137
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/matrix-synapse?expand=0&rev=72
- Update to 1.61.1
This patch release fixes a security issue regarding URL previews,
affecting all prior versions of Synapse. Server administrators
are encouraged to update Synapse as soon as possible. We are not
aware of these vulnerabilities being exploited in the wild.
Server administrators who are unable to update Synapse may use
the workarounds described in the linked GitHub Security Advisory
below.
The following issue is fixed in 1.61.1.
GHSA-22p3-qrh9-cx32 / CVE-2022-31052
Synapse instances with the url_preview_enabled homeserver config
option set to true are affected. URL previews of some web pages
can lead to unbounded recursion, causing the request to either
fail, or in some cases crash the running Synapse process.
Requesting URL previews requires authentication. Nevertheless, it
is possible to exploit this maliciously, either by malicious
users on the homeserver, or by remote users sending URLs that a
local user's client may automatically request a URL preview for.
Homeservers with the url_preview_enabled configuration option set
to false (the default) are unaffected. Instances with the
enable_media_repo configuration option set to false are also
unaffected, as this also disables URL preview functionality.
Fixed by fa1308061802ac7b7d20e954ba7372c5ac292333.
- force python 3.10 on TW
OBS-URL: https://build.opensuse.org/request/show/985625
OBS-URL: https://build.opensuse.org/package/show/network:messaging:matrix/matrix-synapse?expand=0&rev=228
- With the previous change we would not need use_python anymore
because we also can find now the packages that provide python3-X
But i keep the conditional around for e.g. testing with python
3.10.
- Replace requires_eq with requires_peq: (boo#1195316)
The only difference between the 2 macros is that the new macro
also considers provides so we can track package names over
renames.
- Update to 1.51.0
Synapse 1.51.0 deprecates webclient listeners and non-HTTP(S)
web_client_locations. Support for these will be removed in
Synapse 1.53.0, at which point Synapse will not be capable of
directly serving a web client for Matrix. See the upgrade notes.
- Features
- Add track_puppeted_user_ips config flag to record client IP
addresses against puppeted users, and include the puppeted
users in monthly active user counts. (#11561, #11749, #11757)
- Include whether the requesting user has participated in a
thread when generating a summary for MSC3440. (#11577)
- Return an M_FORBIDDEN error code instead of M_UNKNOWN when a
spam checker module prevents a user from creating a room.
(#11672)
- Add a flag to the synapse_review_recent_signups script to
ignore and filter appservice users. (#11675, #11770)
- Bugfixes
- Fix a bug introduced in Synapse 1.40.0 that caused Synapse to
fail to process incoming federation traffic after handling a
large amount of events in a v1 room. (#11806)
OBS-URL: https://build.opensuse.org/request/show/950937
OBS-URL: https://build.opensuse.org/package/show/network:messaging:matrix/matrix-synapse?expand=0&rev=206
- Update to 1.47.1
This release fixes a security issue in the media store, affecting
all prior releases of Synapse. Server administrators are
encouraged to update Synapse as soon as possible. We are not
aware of these vulnerabilities being exploited in the wild.
Server administrators who are unable to update Synapse may use
the workarounds described in the linked GitHub Security Advisory
below.
- Security Advisory:
GHSA-3hfw-x7gx-437c / CVE-2021-41281: Path traversal when
downloading remote media.
Synapse instances with the media repository enabled can be
tricked into downloading a file from a remote server into an
arbitrary directory, potentially outside the media store
directory. The last two directories and file name of the path
are chosen randomly by Synapse and cannot be controlled by an
attacker, which limits the impact. Homeservers with the media
repository disabled are unaffected. Homeservers configured with
a federation whitelist are also unaffected. Fixed by
91f2bd090.
OBS-URL: https://build.opensuse.org/request/show/933284
OBS-URL: https://build.opensuse.org/package/show/network:messaging:matrix/matrix-synapse?expand=0&rev=198
- Update to 1.37.1
This release resolves issues (such as #9490) where one busy room
could cause head-of-line blocking, starving Synapse from
processing events in other rooms, and causing all federated
traffic to fall behind. Synapse 1.37.1 processes inbound
federation traffic asynchronously, ensuring that one busy room
won't impact others. Please upgrade to Synapse 1.37.1 as soon as
possible, in order to increase resilience to other traffic
spikes.
- Features
- Handle inbound events from federation asynchronously.
(#10269, #10272)
OBS-URL: https://build.opensuse.org/request/show/903369
OBS-URL: https://build.opensuse.org/package/show/network:messaging:matrix/matrix-synapse?expand=0&rev=185
- Update to v1.32.1
This release fixes a regression in Synapse 1.32.0 that caused
connected Prometheus instances to become unstable. If you ran
Synapse 1.32.0 with Prometheus metrics, first upgrade to Synapse
1.32.1 and follow these instructions to clean up any excess
writeahead logs.
- Bugfixes
- Fix a regression in Synapse 1.32.0 which caused Synapse to
report large numbers of Prometheus time series, potentially
overwhelming Prometheus instances. (#9854)
OBS-URL: https://build.opensuse.org/request/show/887327
OBS-URL: https://build.opensuse.org/package/show/network:messaging:matrix/matrix-synapse?expand=0&rev=171
- Update to 1.30.1
This release is identical to Synapse 1.30.0, with the exception
of explicitly setting a minimum version of Python's Cryptography
library to ensure that users of Synapse are protected from the
recent OpenSSL security advisories, especially CVE-2021-3449.
- Internal Changes
- Enforce that `cryptography` dependency is up to date to
ensure it has the most recent openssl patches. (#9697)
- Note: we do not bump the cryptography dependency in our package
as we use the system OpenSSL which gets the fix.
Add dont-bump-cryptography-with-system-openssl.patch to comment
out the dependency because otherwise the newer version
requirement is enforced on startup
OBS-URL: https://build.opensuse.org/request/show/881504
OBS-URL: https://build.opensuse.org/package/show/network:messaging:matrix/matrix-synapse?expand=0&rev=165
- prepare to support more optional features in the buildrequires
(oidc/redis). failing atm due to missing libraries
- Update to 1.21.2
- Security advisory
- HTML pages served via Synapse were vulnerable to cross-site
scripting (XSS) attacks. All server administrators are
encouraged to upgrade. (#8444) (CVE-2020-26891)
- This fix was originally included in v1.21.0 but was missing a
security advisory. This was reported by Denis Kasak.
- Bugfixes
- Fix rare bug where sending an event would fail due to a racey
assertion. (#8530)
- An updated version of the authlib dependency is included in
the Docker and Debian images to fix an issue using OpenID
Connect. See #8534 for details.
OBS-URL: https://build.opensuse.org/request/show/841978
OBS-URL: https://build.opensuse.org/package/show/network:messaging:matrix/matrix-synapse?expand=0&rev=147
- Update to 1.15.2
- Security
- A malicious homeserver could force Synapse to reset the state
in a room to a small subset of the correct state. This
affects all Synapse deployments which federate with untrusted
servers. (96e9afe6)
- HTML pages served via Synapse were vulnerable to clickjacking
attacks. This predominantly affects homeservers with
single-sign-on enabled, but all server administrators are
encouraged to upgrade. (ea26e9a9)
OBS-URL: https://build.opensuse.org/request/show/818369
OBS-URL: https://build.opensuse.org/package/show/network:messaging:matrix/matrix-synapse?expand=0&rev=130
- Update to 1.13.0
This release brings some potential changes necessary for certain
configurations of Synapse:
- If your Synapse is configured to use SSO and have a custom
sso_redirect_confirm_template_dir configuration option set, you
will need to duplicate the new sso_auth_confirm.html,
sso_auth_success.html and sso_account_deactivated.html
templates into that directory.
- Synapse plugins using the complete_sso_login method of
synapse.module_api.ModuleApi should instead switch to the
async/await version, complete_sso_login_async, which includes
additional checks. The former version is now deprecated.
- A bug was introduced in Synapse 1.4.0 which could cause the
room directory to be incomplete or empty if Synapse was
upgraded directly from v1.2.1 or earlier, to versions between
v1.4.0 and v1.12.x.
Please review UPGRADE.rst for more details on these changes and
for general upgrade guidance.
For the complete list of changes please refer to
https://github.com/matrix-org/synapse/releases/tag/v1.13.0
OBS-URL: https://build.opensuse.org/request/show/807359
OBS-URL: https://build.opensuse.org/package/show/network:messaging:matrix/matrix-synapse?expand=0&rev=124
- Update to 1.11.0.
* Limit the number of events that can be requested by the backfill federation
API to 100.
* Reject device display names over 100 characters in length to prevent abuse.
* Implement new aliases endpoint as per MSC2432.
* Stop sending m.room.alias events wheng adding / removing aliases. Check
alt_aliases in the latest m.room.canonical_alias event when deleting an
alias.
* Change the default power levels of invites, tombstones and server ACLs for
new rooms.
The full changelog is included in
/usr/share/doc/packages/matrix-synapse/CHANGES.md.
OBS-URL: https://build.opensuse.org/request/show/777958
OBS-URL: https://build.opensuse.org/package/show/network:messaging:matrix/matrix-synapse?expand=0&rev=117
- Update to 1.10.0.
WARNING to client developers: As of this release Synapse validates
client_secret parameters in the Client-Server API as per the spec. See #6766
for details.
+ Add experimental support for updated authorization rules for aliases
events, from MSC2260.
+ Variety of E2EE improvements, most notably:
* Fix bug where querying a remote user's device keys that weren't cached
resulted in only returning a single device.
* Fix bug where Synapse didn't invalidate cache of remote users' devices
when Synapse left a room.
* Detect unknown remote devices and mark cache as stale.
* Attempt to resync remote users' devices when detected as stale.
* When a client asks for a remote user's device keys check if the local
cache for that user has been marked as potentially stale.
* Detect unexpected sender keys on remote encrypted events and resync
device lists.
* Fix an issue with cross-signing where device signatures were not sent to
remote servers.
The full changelog is included in
/usr/share/doc/packages/matrix-synapse/CHANGES.md.
OBS-URL: https://build.opensuse.org/request/show/773720
OBS-URL: https://build.opensuse.org/package/show/network:messaging:matrix/matrix-synapse?expand=0&rev=114
- update to 1.9.1
Fix bug where setting mau_limit_reserved_threepids config would
cause Synapse to refuse to start. (#6793)
- package cleanup
- make sure we have all libraries to actually install the package:
- buildrequires all runtime requirements
- (build)require python3-typing_extensions
- having it use the python package name is not really useful here.
- refreshed and renamed better-paths.patch to
matrix-synapse-1.4.1-paths.patch
- also fix existing synapse user
- group to synapse instead of nogroup
- home directory to /var/lib/matrix-synapse
- shell to /bin/false (which actually exists)
- improvements to the logging configuration:
- install copy of the current /etc/matrix-synapse/log.yaml as
/etc/matrix-synapse/log.systemd.yaml
- install /etc/matrix-synapse/log.file.yaml which logs to
/var/log/matrix-synapse/homeserver.log
- add the log directory /var/log/matrix-synapse/
- added README.SUSE
- better way to bootstrap a new config:
1. ExecStartPre would have never worked anyway
2. added %{_sbindir}/matrix-synapse-generate-config
Usage:
%{_sbindir}/matrix-synapse-generate-config servername
- fix group and shell for the synapse user
- added better-paths.patch
- put the pid file into /run/matrix-synapse/
- use a default logging config in /etc/matrix-synapse/log.yaml
to have systemd logging by default
- use full path in the service file
- actually use source 50 instead of the service file in the tarball
- make permissions tighter on the config files as it contains
passwords and other secrets:
root:synapse u=rwX,g=rX,o=
OBS-URL: https://build.opensuse.org/request/show/768057
OBS-URL: https://build.opensuse.org/package/show/network:messaging:matrix/matrix-synapse?expand=0&rev=111
- Update to 1.9.0.
WARNING: As of this release, Synapse no longer supports versions of SQLite
before 3.11, and will refuse to start when configured to use an older
version. Administrators are recommended to migrate their database to Postgres
(see instructions here).
WARNING: If your Synapse deployment uses workers, note that the reverse-proxy
configurations for the synapse.app.media_repository,
synapse.app.federation_reader and synapse.app.event_creator workers have
changed, with the addition of a few paths (see the updated configurations
here). Existing configurations will continue to work.
+ Allow admin to create or modify a user.
+ Add new quarantine media admin APIs to quarantine by media ID or by user
who uploaded the media.
+ Add a new admin API to list and filter rooms on the server.
+ Add org.matrix.e2e_cross_signing to unstable_features in /versions.
The full changelog is included in
/usr/share/doc/packages/matrix-synapse/CHANGES.md.
OBS-URL: https://build.opensuse.org/request/show/766606
OBS-URL: https://build.opensuse.org/package/show/network:messaging:matrix/matrix-synapse?expand=0&rev=109
- Update to 1.8.0.
WARNING: As of this release Synapse will refuse to start if the log_file
config option is specified. Support for the option was removed in v1.3.0.
* Add v2 APIs for the send_join and send_leave federation endpoints (as
described in MSC1802).
* Add a develop script to generate full SQL schemas.
* Add custom SAML username mapping functinality through an external provider
plugin.
* Automatically delete empty groups/communities.
* Add option limit_profile_requests_to_users_who_share_rooms to prevent
requirement of a local user sharing a room with another user to query their
profile information.
* Add an export_signing_key script to extract the public part of signing keys
when rotating them.
* Add experimental config option to specify multiple databases.
* Raise an error if someone tries to use the log_file config option.
The full changelog is included in
/usr/share/doc/packages/matrix-synapse/CHANGES.md.
OBS-URL: https://build.opensuse.org/request/show/762836
OBS-URL: https://build.opensuse.org/package/show/network:messaging:matrix/matrix-synapse?expand=0&rev=107
- Update to 1.7.1.
This update fixes several majar security issues. Users are very strongly
recommended to update as soon as possible.
* Fix a bug which could cause room events to be incorrectly authorized using
events from a different room.
* Fix a bug causing responses to the /context client endpoint to not use the
pruned version of the event.
* Fix a cause of state resets in room versions 2 onwards.
* Fix a bug which could cause the federation server to incorrectly return
errors when handling certain obscure event graphs.
The full changelog is included in
/usr/share/doc/packages/matrix-synapse/CHANGES.md.
OBS-URL: https://build.opensuse.org/request/show/757734
OBS-URL: https://build.opensuse.org/package/show/network:messaging:matrix/matrix-synapse?expand=0&rev=99
- Update to 1.7.0.
* Implement per-room message retention policies.
* Add etag and count fields to key backup endpoints to help clients guess if
there are new keys.
* Configure privacy-preserving settings by default for the room directory.
* Add ephemeral messages support by partially implementing MSC2228.
* Add support for MSC 2367, which allows specifying a reason on all
membership events.
The full changelog is included in
/usr/share/doc/packages/matrix-synapse/CHANGES.md.
OBS-URL: https://build.opensuse.org/request/show/756814
OBS-URL: https://build.opensuse.org/package/show/network:messaging:matrix/matrix-synapse?expand=0&rev=97
- Update to 1.5.0.
+ Improve quality of thumbnails for 1-bit/8-bit color palette images.
+ Add ability to upload cross-signing signatures.
+ Allow uploading of cross-signing keys.
+ CAS login now provides a default display name for users if a
displayname_attribute is set in the configuration file.
+ Reject all pending invites for a user during deactivation.
+ Add config option to suppress client side resource limit alerting.
* Improve signature checking on some federation APIs.
The full changelog is included in
/usr/share/doc/packages/matrix-synapse/CHANGES.md.
OBS-URL: https://build.opensuse.org/request/show/743952
OBS-URL: https://build.opensuse.org/package/show/network:messaging:matrix/matrix-synapse?expand=0&rev=89
# Problem: 1: the to be installed cargo-1.81.0-150500.27.21.1.x86_64 obsoletes 'cargo1.79' provided by the to be installed cargo1.79-1.79.0-150500.11.3.1.x86_64
# Solution 1: do not install cargo1.79-1.79.0-150500.11.3.1.x86_64
# Solution 2: do not install cargo-1.81.0-150500.27.21.1.x86_64
oid sha256:87d43a1ae29ef0be416730d4765189d904505ee047e99780202657f6d8284389
oid sha256:e97424f9e8056d8576af60075a32e5c049a85d4ca5a4bc56e5969540b0e4cb7a
size 7122019
size 22421551
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
