This release fixes a regression introduced in Synapse 1.49.0 which could cause /sync
requests to take significantly longer. This would particularly affect "initial" syncs for users participating in a large number of rooms, and in extreme cases, could make it impossible for such users to log in on a new client.
Note: in line with our deprecation policy for platform dependencies, this will be the last release to support Python 3.6 and PostgreSQL 9.6, both of which have now reached upstream end-of-life. Synapse will require Python 3.7+ and PostgreSQL 10+.
Note: We will also stop producing packages for Ubuntu 18.04 (Bionic Beaver) after this release, as it uses Python 3.6.
- Fix a performance regression in
/sync
handling, introduced in 1.49.0. (#11583)
- Work around a build problem on Debian Buster. (#11625)
Not released due to problems building the debian packages.
No significant changes since version 1.49.0rc1.
For users of Ubuntu 21.04 (Hirsute Hippo), please be aware that upstream support for this version of Ubuntu will end next month. We will stop producing packages for Ubuntu 21.04 after upstream support ends.
We've decided to move the existing, somewhat stagnant pages from the GitHub wiki to the documentation website.
This was done for two reasons. The first was to ensure that changes are checked by multiple authors before being committed (everyone makes mistakes!) and the second was visibility of the documentation. Not everyone knows that Synapse has some very useful information hidden away in its GitHub wiki pages. Bringing them to the documentation website should help with visibility, as well as keep all Synapse documentation in one, easily-searchable location.
Note that contributions to the documentation website happen through GitHub pull requests. Please visit #synapse-dev:matrix.org if you need help with the process!
- Add MSC3030 experimental client and federation API endpoints to get the closest event to a given timestamp. (#9445)
- Include bundled relation aggregations during a limited
/sync
request and/relations
request, per MSC2675. (#11284, #11478) - Add plugin support for controlling database background updates. (#11306, #11475, #11479)
- Support the stable API endpoints for MSC2946: the room
/hierarchy
endpoint. (#11329) - Add admin API to get some information about federation status with remote servers. (#11407)
- Support expiry of refresh tokens and expiry of the overall session when refresh tokens are in use. (#11425)
- Stabilise support for MSC2918 refresh tokens as they have now been merged into the Matrix specification. (#11435, #11522)
- Update MSC2918 refresh token support to confirm with the latest revision: accept the
refresh_tokens
parameter in the request body rather than in the URL parameters. (#11430) - Support configuring the lifetime of non-refreshable access tokens separately to refreshable access tokens. (#11445)
- Expose
synapse_homeserver
andsynapse_worker
commands as entry points to run Synapse's main process and worker processes, respectively. Contributed by @Ma27. (#11449) synctl stop
will now wait for Synapse to exit before returning. (#11459, #11490)- Extend the "delete room" admin api to work correctly on rooms which have previously been partially deleted. (#11523)
- Add support for the
/_matrix/client/v3/login/sso/redirect/{idpId}
API from Matrix v1.1. This endpoint was overlooked when support for v3 endpoints was added in Synapse 1.48.0rc1. (#11451)
- Fix using MSC2716 batch sending in combination with event persistence workers. Contributed by @tulir at Beeper. (#11220)
- Fix a long-standing bug where all requests that read events from the database could get stuck as a result of losing the database connection, properly this time. Also fix a race condition introduced in the previous insufficient fix in Synapse 1.47.0. (#11376)
- The
/send_join
response now includes the stableevent
field instead of the unstable field from MSC3083. (#11413) - Fix a bug introduced in Synapse 1.47.0 where
send_join
could fail due to an outdatedijson
version. (#11439, #11441, #11460) - Fix a bug introduced in Synapse 1.36.0 which could cause problems fetching event-signing keys from trusted key servers. (#11440)
- Fix a bug introduced in Synapse 1.47.1 where the media repository would fail to work if the media store path contained any symbolic links. (#11446)
- Fix an
LruCache
corruption bug, introduced in Synapse 1.38.0, that would cause certain requests to fail until the next Synapse restart. (#11454) - Fix a long-standing bug where invites from ignored users were included in incremental syncs. (#11511)
- Fix a regression in Synapse 1.48.0 where presence workers would not clear their presence updates over replication on shutdown. (#11518)
- Fix a regression in Synapse 1.48.0 where the module API's
looping_background_call
method would spam errors to the logs when given a non-async function. (#11524)
- Update
Dockerfile-workers
to healthcheck all workers in the container. (#11429)
- Update the media repository documentation. (#11415)
- Update section about backward extremities in the room DAG concepts doc to correct the misconception about backward extremities indicating whether we have fetched an events'
prev_events
. (#11469)
- Add
Final
annotation to string constants insynapse.api.constants
so that they get typed asLiteral
s. (#11356) - Add a check to ensure that users cannot start the Synapse master process when
worker_app
is set. (#11416) - Add a note about postgres memory management and hugepages to postgres doc. (#11467)
- Add missing type hints to
synapse.config
module. (#11465) - Add missing type hints to
synapse.federation
. (#11483) - Add type annotations to
tests.storage.test_appservice
. (#11488, #11492) - Add type annotations to some of the configuration surrounding refresh tokens. (#11428)
- Add type hints to
synapse/tests/rest/admin
. (#11501) - Add type hints to storage classes. (#11411)
- Add wiki pages to documentation website. (#11402)
- Clean up
tests.storage.test_main
to remove use of legacy code. (#11493) - Clean up
tests.test_visibility
to remove legacy code. (#11495) - Convert status codes to
HTTPStatus
insynapse.rest.admin
. (#11452, #11455) - Extend the
scripts-dev/sign_json
script to support signing events. (#11486) - Improve internal types in push code. (#11409)
- Improve type annotations in
synapse.module_api
. (#11029) - Improve type hints for
LruCache
. (#11453) - Preparation for database schema simplifications: disambiguate queries on
state_key
. (#11497) - Refactor
backfilled
into specific behavior function arguments (_persist_events_and_state_updates
and downstream calls). (#11417) - Refactor
get_version_string
to fix-up types and duplicated code. (#11468) - Refactor various parts of the
/sync
handler. (#11494, #11515) - Remove unnecessary
json.dumps
fromtests.rest.admin
. (#11461) - Save the OpenID Connect session ID on login. (#11482)
- Update and clean up recently ported documentation pages. (#11466)
This release removes support for the long-deprecated trust_identity_server_for_password_resets
configuration flag.
This release also fixes some performance issues with some background database updates introduced in Synapse 1.47.0.
No significant changes since 1.48.0rc1.
- Experimental support for the thread relation defined in MSC3440. (#11161)
- Support filtering by relation senders & types per MSC3440. (#11236)
- Add support for the
/_matrix/client/v3
and/_matrix/media/v3
APIs from Matrix v1.1. (#11318, #11371) - Support the stable version of MSC2778: the
m.login.application_service
login type. Contributed by @tulir. (#11335) - Add a new version of delete room admin API
DELETE /_synapse/admin/v2/rooms/<room_id>
to run it in the background. Contributed by @dklimpel. (#11223) - Allow the admin Delete Room API to block a room without the need to join it. (#11228)
- Add an admin API to un-shadow-ban a user. (#11347)
- Add an admin API to run background database schema updates. (#11352)
- Add an admin API for blocking a room. (#11324)
- Update the JWT login type to support custom a
sub
claim. (#11361) - Store and allow querying of arbitrary event relations. (#11391)
- Fix a long-standing bug wherein display names or avatar URLs containing null bytes cause an internal server error when stored in the DB. (#11230)
- Prevent MSC2716 historical state events from being pushed to an application service via
/transactions
. (#11265) - Fix a long-standing bug where uploading extremely thin images (e.g. 1000x1) would fail. Contributed by @Neeeflix. (#11288)
- Fix a bug, introduced in Synapse 1.46.0, which caused the
check_3pid_auth
andon_logged_out
callbacks in legacy password authentication provider modules to not be registered. Modules using the generic module interface were not affected. (#11340) - Fix a bug introduced in 1.41.0 where space hierarchy responses would be incorrectly reused if multiple users were to make the same request at the same time. (#11355)
- Fix a bug introduced in 1.45.0 where the
read_templates
method of the module API would error. (#11377) - Fix an issue introduced in 1.47.0 which prevented servers re-joining rooms they had previously left, if their signing keys were replaced. (#11379)
- Fix a bug introduced in 1.13.0 where creating and publishing a room could cause errors if
room_list_publication_rules
is configured. (#11392) - Improve performance of various background database updates. (#11421, #11422)
- Suggest users of the Debian packages add configuration to
/etc/matrix-synapse/conf.d/
to prevent, upon upgrade, being asked to choose between their configuration and the maintainer's. (#11281) - Fix typos in the documentation for the
username_available
admin API. Contributed by Stanislav Motylkov. (#11286) - Add Single Sign-On, SAML and CAS pages to the documentation. (#11298)
- Change the word 'Home server' as one word 'homeserver' in documentation. (#11320)
- Fix missing quotes for wildcard domains in
federation_certificate_verification_whitelist
. (#11381)
- Add type annotations to
synapse.metrics
. (#10847) - Split out federated PDU retrieval function into a non-cached version. (#11242)
- Clean up code relating to to-device messages and sending ephemeral events to application services. (#11247)
- Fix a small typo in the error response when a relation type other than 'm.annotation' is passed to
GET /rooms/{room_id}/aggregations/{event_id}
. (#11278) - Drop unused database tables
room_stats_historical
anduser_stats_historical
. (#11280) - Require all files in synapse/ and tests/ to pass mypy unless specifically excluded. (#11282, #11285, #11359)
- Add missing type hints to
synapse.app
. (#11287) - Remove unused parameters on
FederationEventHandler._check_event_auth
. (#11292) - Add type hints to
synapse._scripts
. (#11297) - Fix an issue which prevented the
remove_deleted_devices_from_device_inbox
background database schema update from running when updating from a recent Synapse version. (#11303) - Add type hints to storage classes. (#11307, #11310, #11311, #11312, #11313, #11314, #11316, #11322, #11332, #11339, #11342)
- Add type hints to
synapse.util
. (#11321, #11328) - Improve type annotations in Synapse's test suite. (#11323, #11330)
- Test that room alias deletion works as intended. (#11327)
- Add type annotations for some methods and properties in the module API. (#11341)
- Fix running
scripts-dev/complement.sh
, which was broken in v1.47.0rc1. (#11368) - Rename internal functions for token generation to better reflect what they do. (#11369, #11370)
- Add type hints to configuration classes. (#11377)
- Publish a
develop
image to Docker Hub. (#11380) - Keep fallback key marked as used if it's re-uploaded. (#11382)
- Use
auto_attribs
on theattrs
classRefreshTokenLookupResult
. (#11386) - Rename unstable
access_token_lifetime
configuration option torefreshable_access_token_lifetime
to make it clear it only concerns refreshable access tokens. (#11388) - Do not run the broken MSC2716 tests when running
scripts-dev/complement.sh
. (#11389) - Remove dead code from supporting ACME. (#11393)
- Refactor including the bundled relations when serializing an event. (#11408)
This release fixes a security issue in the media store, affecting all prior releases of Synapse. Server administrators are encouraged to update Synapse as soon as possible. We are not aware of these vulnerabilities being exploited in the wild.
Server administrators who are unable to update Synapse may use the workarounds described in the linked GitHub Security Advisory below.
The following issue is fixed in 1.47.1.
-
GHSA-3hfw-x7gx-437c / CVE-2021-41281: Path traversal when downloading remote media.
Synapse instances with the media repository enabled can be tricked into downloading a file from a remote server into an arbitrary directory, potentially outside the media store directory.
The last two directories and file name of the path are chosen randomly by Synapse and cannot be controlled by an attacker, which limits the impact.
Homeservers with the media repository disabled are unaffected. Homeservers configured with a federation whitelist are also unaffected.
Fixed by 91f2bd090.
No significant changes since 1.47.0rc3.
- Fix a bug introduced in 1.47.0rc1 which caused worker processes to not halt startup in the presence of outstanding database migrations. (#11346)
- Fix a bug introduced in 1.47.0rc1 which prevented the 'remove deleted devices from
device_inbox
column' background process from running when updating from a recent Synapse version. (#11303, #11353)
This fixes an issue with publishing the Debian packages for 1.47.0rc1. It is otherwise identical to 1.47.0rc1.
- The
user_may_create_room_with_invites
module callback is now deprecated. Please refer to the upgrade notes for more information. (#11206) - Remove deprecated admin API to delete rooms (
POST /_synapse/admin/v1/rooms/<room_id>/delete
). (#11213)
- Advertise support for Client-Server API r0.6.1. (#11097)
- Add search by room ID and room alias to the List Room admin API. (#11099)
- Add an
on_new_event
third-party rules callback to allow Synapse modules to act after an event has been sent into a room. (#11126) - Add a module API method to update a user's membership in a room. (#11147)
- Add metrics for thread pool usage. (#11178)
- Support the stable room type field for MSC3288. (#11187)
- Add a module API method to retrieve the current state of a room. (#11204)
- Calculate a default value for
public_baseurl
based onserver_name
. (#11210) - Add support for serving
/.well-known/matrix/server
files, to redirect federation traffic to port 443. (#11211) - Add admin APIs to pause, start and check the status of background updates. (#11263)
- Fix a long-standing bug which allowed hidden devices to receive to-device messages, resulting in unnecessary database bloat. (#10097)
- Fix a long-standing bug where messages in the
device_inbox
table for deleted devices would persist indefinitely. Contributed by @dklimpel and @JohannesKleine. (#10969, #11212) - Do not accept events if a third-party rule
check_event_allowed
callback raises an exception. (#11033) - Fix long-standing bug where verification requests could fail in certain cases if a federation whitelist was in place but did not include your own homeserver. (#11129)
- Allow an empty list of
state_events_at_start
to be sent when using the MSC2716/batch_send
endpoint and the author of the historical messages is already part of the current room state at the given?prev_event_id
. (#11188) - Fix a bug introduced in Synapse 1.45.0 which prevented the
synapse_review_recent_signups
script from running. Contributed by @samuel-p. (#11191) - Delete
to_device
messages for hidden devices that will never be read, reducing database size. (#11199) - Fix a long-standing bug wherein a missing
Content-Type
header when downloading remote media would cause Synapse to throw an error. (#11200) - Fix a long-standing bug which could result in serialization errors and potentially duplicate transaction data when sending ephemeral events to application services. Contributed by @Fizzadar at Beeper. (#11207)
- Fix a bug introduced in Synapse 1.35.0 which made it impossible to join rooms that return a
send_join
response containing floats. (#11217) - Fix long-standing bug where cross signing keys were not included in the response to
/r0/keys/query
the first time a remote user was queried. (#11234) - Fix a long-standing bug where all requests that read events from the database could get stuck as a result of losing the database connection. (#11240)
- Fix a bug preventing Synapse from being rolled back to an earlier version when using workers. (#11255, #11276)
- Fix a bug introduced in Synapse 1.37.1 which caused a remote event being processed by a worker to not get processed on restart if the worker was killed. (#11262)
- Only allow old Element/Riot Android clients to send read receipts without a request body. All other clients must include a request body as required by the specification. Contributed by @rogersheu. (#11157)
- Avoid changing user ID when started as a non-root user, and no explicit
UID
is set. (#11209)
- Improve example HAProxy config in the docs to properly handle HTTP
Host
headers with port information. This is required for federation over port 443 to work correctly. (#11128) - Add documentation for using Authentik as an OpenID Connect Identity Provider. Contributed by @samip5. (#11151)
- Clarify lack of support for Windows. (#11198)
- Improve code formatting and fix a few typos in docs. Contributed by @sumnerevans at Beeper. (#11221)
- Add documentation for using LemonLDAP as an OpenID Connect Identity Provider. Contributed by @l00ptr. (#11257)
- Add type annotations for the
log_function
decorator. (#10943) - Add type hints to
synapse.events
. (#11098) - Remove and document unnecessary
RoomStreamToken
checks in application service ephemeral event code. (#11137) - Add type hints so that
synapse.http
passesmypy
checks. (#11164) - Update scripts to pass Shellcheck lints. (#11166)
- Add knock information in admin export. Contributed by Rafael Gonçalves. (#11171)
- Add tests to check that
ClientIpStore.get_last_client_ip_by_device
andget_user_ip_and_agents
combine database and in-memory data correctly. (#11179) - Refactor
Filter
to check different fields depending on the data type. (#11194) - Improve type hints for the relations datastore. (#11205)
- Replace outdated links in the pull request checklist with links to the rendered documentation. (#11225)
- Fix a bug in unit test
test_block_room_and_not_purge
. (#11226) - In
ObservableDeferred
, run observers in the order they were registered. (#11229) - Minor speed up to start up times and getting updates for groups by adding missing index to
local_group_updates.stream_id
. (#11231) - Add
twine
andtowncrier
as dev dependencies, as they're used by the release script. (#11233) - Allow
stream_writers.typing
config to be a list of one worker. (#11237) - Remove debugging statement in tests. (#11239)
- Fix MSC2716 historical messages backfilling in random order on remote homeservers. (#11244)
- Add an additional test for the
cachedList
method decorator. (#11246) - Make minor correction to the type of
auth_checkers
callbacks. (#11253) - Clean up trivial aspects of the Debian package build tooling. (#11269, #11273)
- Blacklist new SyTest that checks that key uploads are valid pending the validation being implemented in Synapse. (#11270)
The cause of the performance regression affecting Synapse 1.44 has been identified and fixed. (#11177)
- Fix a bug introduced in v1.46.0rc1 where URL previews of some XML documents would fail. (#11196)
- Add support for Ubuntu 21.10 "Impish Indri". (#11024)
- Port the Password Auth Providers module interface to the new generic interface. (#10548, #11180)
- Experimental support for the thread relation defined in MSC3440. (#11088, #11181, #11192)
- Users admin API can now also modify user type in addition to allowing it to be set on user creation. (#11174)
- Newly-created public rooms are now only assigned an alias if the room's creation has not been blocked by permission settings. Contributed by @AndrewFerr. (#10930)
- Fix a long-standing bug which meant that events received over federation were sometimes incorrectly accepted into the room state. (#11001, #11009, #11012)
- Fix 500 error on
/messages
when the server accumulates more than 5 backwards extremities at a given depth for a room. (#11027) - Fix a bug where setting a user's
external_id
via the admin API returns 500 and deletes user's existing external mappings if that external ID is already mapped. (#11051) - Fix a long-standing bug where users excluded from the user directory were added into the directory if they belonged to a room which became public or private. (#11075)
- Fix a long-standing bug when attempting to preview URLs which are in the
windows-1252
character encoding. (#11077, #11089) - Fix broken export-data admin command and add test script checking the command to CI. (#11078)
- Show an error when timestamp in seconds is provided to the
/purge_media_cache
Admin API. (#11101) - Fix local users who left all their rooms being removed from the user directory, even if the
search_all_users
config option was enabled. (#11103) - Fix a bug which caused the module API's
get_user_ip_and_agents
function to always fail on workers.get_user_ip_and_agents
was introduced in 1.44.0 and did not function correctly on worker processes at the time. (#11112) - Identity server connection is no longer ignoring
ip_range_whitelist
. (#11120) - Fix a bug introduced in Synapse 1.45.0 breaking the configuration file parsing script. (#11145)
- Fix a performance regression introduced in 1.44.0 which could cause client requests to time out when making large numbers of outbound requests. (#11177, #11190)
- Resolve and share
state_groups
for all MSC2716 historical events in batch. (#10975)
- Fix broken links relating to module API deprecation in the upgrade notes. (#11069)
- Add more information about what happens when a user is deactivated. (#11083)
- Clarify the the sample log config can be copied from the documentation without issue. (#11092)
- Update the admin API documentation with an updated list of the characters allowed in registration tokens. (#11093)
- Document Synapse's behaviour when dealing with multiple modules registering the same callbacks and/or handlers for the same HTTP endpoints. (#11096)
- Fix instances of
[example]{.title-ref}
in the upgrade documentation as a result of prior RST to Markdown conversion. (#11118) - Document the version of Synapse each module callback was introduced in. (#11132)
- Document the version of Synapse that introduced each module API method. (#11183)
- Fix spurious warnings about losing the logging context on the
ReplicationCommandHandler
when losing the replication connection. (#10984) - Include rejected status when we log events. (#11008)
- Add some extra logging to the event persistence code. (#11014)
- Rearrange the internal workings of the incremental user directory updates. (#11035)
- Fix a long-standing bug where users excluded from the directory could still be added to the
users_who_share_private_rooms
table after a regular user joins a private room. (#11143) - Add and improve type hints. (#10972, #11055, #11066, #11076, #11095, #11109, #11121, #11146)
- Mark the Synapse package as containing type annotations and fix export declarations so that Synapse pluggable modules may be type checked against Synapse. (#11054)
- Remove dead code from
MediaFilePaths
. (#11056) - Be more lenient when parsing oEmbed response versions. (#11065)
- Create a separate module for the retention configuration. (#11070)
- Clean up some of the federation event authentication code for clarity. (#11115, #11116, #11122)
- Add docstrings and comments to the application service ephemeral event sending code. (#11138)
- Update the
sign_json
script to support inline configuration of the signing key. (#11139) - Fix broken link in the docker image README. (#11144)
- Always dump logs from unit tests during CI runs. (#11068)
- Add tests for
MediaFilePaths
class. (#11057) - Simplify the user admin API tests. (#11048)
- Add a test for the workaround introduced in #11042 concerning the behaviour of third-party rule modules and
SynapseError
s. (#11071)
- Revert change to counting of deactivated users towards the monthly active users limit, introduced in 1.45.0rc1. (#11127)
No functional changes since Synapse 1.45.0rc2.
-
A suspected performance regression which was first reported after the release of 1.44.0 remains unresolved.
We have not been able to identify a probable cause. Affected users report that setting up a federation sender worker appears to alleviate symptoms of the regression.
- Reword changelog to clarify concerns about a suspected performance regression in 1.44.0. (#11117)
This release candidate fixes a user directory bug present in 1.45.0rc1.
-
A suspected performance regression which was first reported after the release of 1.44.0 remains unresolved.
We have not been able to identify a probable cause. Affected users report that setting up a federation sender worker appears to alleviate symptoms of the regression.
- Fix a long-standing bug when using multiple event persister workers where events were not correctly sent down
/sync
due to a race. (#11045) - Fix a bug introduced in Synapse 1.45.0rc1 where the user directory would stop updating if it processed an event from a
user not in the
users
table. (#11053) - Fix a bug introduced in Synapse 1.44.0 when logging errors during oEmbed processing. (#11061)
- Add an 'approximate difference' method to
StateFilter
. (#10825) - Fix inconsistent behavior of
get_last_client_by_ip
when reporting data that has not been stored in the database yet. (#10970) - Fix a bug introduced in Synapse 1.21.0 that causes opentracing and Prometheus metrics for replication requests to be measured incorrectly. (#10996)
- Ensure that cache config tests do not share state. (#11036)
Note: Media storage providers module that read from Synapse's configuration need changes as of this version, see the upgrade notes for more information.
- We are investigating a performance issue which was reported after the release of 1.44.0.
- We are aware of a bug with the user directory when using application services. A second release candidate is expected which will resolve this.
- Add MSC3069 support to
/account/whoami
. (#9655) - Support autodiscovery of oEmbed previews. (#10822)
- Add a
user_may_send_3pid_invite
spam checker callback for modules to allow or deny 3PID invites. (#10894) - Add a spam checker callback to allow or deny room joins. (#10910)
- Include an
update_synapse_database
script in the distribution. Contributed by @Fizzadar at Beeper. (#10954) - Include exception information in JSON logging output. Contributed by @Fizzadar at Beeper. (#11028)
- Fix a minor bug in the response to
/_matrix/client/r0/voip/turnServer
. Contributed by @lukaslihotzki. (#10922) - Fix a bug where empty
yyyy-mm-dd/
directories would be left behind in the media store'surl_cache_thumbnails/
directory. (#10924) - Fix a bug introduced in Synapse v1.40.0 where the signature checks for room version 8 and 9 could be applied to earlier room versions in some situations. (#10927)
- Fix a long-standing bug wherein deactivated users still count towards the monthly active users limit. (#10947)
- Fix a long-standing bug which meant that events received over federation were sometimes incorrectly accepted into the room state. (#10956)
- Fix a long-standing bug where rebuilding the user directory wouldn't exclude support and deactivated users. (#10960)
- Fix MSC2716
/batch_send
endpoint rejecting subsequent batches with unknown batch ID error in existing room versions from the room creator. (#10962) - Fix a bug that could leak local users' per-room nicknames and avatars when the user directory is rebuilt. (#10981)
- Fix a long-standing bug where the remainder of a batch of user directory changes would be silently dropped if the server left a room early in the batch. (#10982)
- Correct a bugfix introduced in Synapse v1.44.0 that would catch the wrong error if a connection is lost before a response could be written to it. (#10995)
- Fix a long-standing bug where local users' per-room nicknames/avatars were visible to anyone who could see you in the user directory. (#11002)
- Fix a long-standing bug where a user's per-room nickname/avatar would overwrite their profile in the user directory when a room was made public. (#11003)
- Work around a regression, introduced in Synapse v1.39.0, that caused
SynapseError
s raised by the experimental third-party rules module callbackcheck_event_allowed
to be ignored. (#11042) - Fix a bug in MSC2716 insertion events in rooms that could cause cross-talk/conflicts between batches. (#10877)
- Change wording ("reference homeserver") in Synapse repository documentation. Contributed by @maxkratz. (#10971)
- Fix a dead URL in development documentation (SAML) and change wording from "Riot" to "Element". Contributed by @maxkratz. (#10973)
- Add additional content to the Welcome and Overview page of the documentation. (#10990)
- Update links to MSCs in documentation. Contributed by @dklimpel. (#10991)
- Improve type hinting in
synapse.util
. (#10888) - Add further type hints to
synapse.storage.util
. (#10892) - Fix type hints to be compatible with an upcoming change to Twisted. (#10895)
- Update utility code to handle C implementations of frozendict. (#10902)
- Drop old functionality which maintained database compatibility with Synapse versions before v1.31. (#10903)
- Clean-up configuration helper classes for the
ServerConfig
class. (#10915) - Use direct references to config flags. (#10916, #10959, #10985)
- Clean up some of the federation event authentication code for clarity. (#10926, #10940, #10986, #10987, #10988, #11010, #11011)
- Refactor various parts of the codebase to use
RoomVersion
objects instead of room version identifier strings. (#10934) - Refactor user directory tests in preparation for upcoming changes. (#10935)
- Include the event id in the logcontext when handling PDUs received over federation. (#10936)
- Fix logged errors in unit tests. (#10939)
- Fix a broken test to ensure that consent configuration works during registration. (#10945)
- Add type hints to filtering classes. (#10958)
- Add type-hint to
HomeserverTestcase.setup_test_homeserver
. (#10961) - Fix the test utility function
create_room_as
so thatis_public=True
will explicitly set thevisibility
parameter of room creation requests topublic
. Contributed by @AndrewFerr. (#10963) - Make the release script more robust and transparent. (#10966)
- Refactor MSC2716
/batch_send
mega function into smaller handler functions. (#10974) - Log stack traces when a missing opentracing span is detected. (#10983)
- Update GHA config to run tests against Python 3.10 and PostgreSQL 14. (#10992)
- Fix a long-standing bug where
ReadWriteLock
s could drop logging contexts on exit. (#10993) - Add a
CODEOWNERS
file to automatically request reviews from the@matrix-org/synapse-core
team on new pull requests. (#10994) - Add further type hints to
synapse.state
. (#11004) - Remove the deprecated
BaseHandler
object. (#11005) - Bump mypy version for CI to 0.910, and pull in new type stubs for dependencies. (#11006)
- Fix CI to run the unit tests without optional deps. (#11017)
- Ensure that cache config tests do not share state. (#11019)
- Add additional type hints to
synapse.server_notices
. (#11021) - Add additional type hints for
synapse.push
. (#11023) - When installing the optional developer dependencies, also include the dependencies needed for type-checking and unit testing. (#11034)
- Remove unnecessary list comprehension from
synapse_port_db
to satisfy code style requirements. (#11043)
No significant changes since 1.44.0rc3.
- Fix a bug introduced in Synapse v1.40.0 where changing a user's display name or avatar in a restricted room would cause an authentication error. (#10933)
- Fix
/admin/whois/{user_id}
endpoint, which was broken in v1.44.0rc1. (#10968)
- Fix a bug introduced in v1.44.0rc1 which caused the experimental MSC2716
/batch_send
endpoint to return a 500 error. (#10938) - Fix a bug introduced in v1.44.0rc1 which prevented sending presence events to application services. (#10944)
- Minor updates to the installation instructions. (#10919)
- Only allow the MSC2716
/batch_send?chunk_id=xxx
endpoint to connect to an already existing insertion event. (#10776) - Improve oEmbed URL previews by processing the author name, photo, and video information. (#10814, #10819)
- Speed up responding with large JSON objects to requests. (#10868, #10905)
- Add a
user_may_create_room_with_invites
spam checker callback to allow modules to allow or deny a room creation request based on the invites and/or 3PID invites it includes. (#10898)
- Fix a long-standing bug that caused an
AssertionError
when purging history in certain rooms. Contributed by @Kokokokoka. (#10690) - Fix a long-standing bug which caused deactivated users that were later reactivated to be missing from the user directory. (#10782)
- Fix a long-standing bug that caused unbanning a user by sending a membership event to fail. Contributed by @aaronraimist. (#10807)
- Fix a long-standing bug where logging contexts would go missing when federation requests time out. (#10810)
- Fix a long-standing bug causing an error in the deprecated
/initialSync
endpoint when using the undocumentedfrom
andto
parameters. (#10827) - Fix a bug causing the
remove_stale_pushers
background job to repeatedly fail and log errors. This bug affected Synapse servers that had been upgraded from version 1.28 or older and are using SQLite. (#10843) - Fix a long-standing bug in Unicode support of the room search admin API breaking search for rooms with non-ASCII characters. (#10859)
- Fix a bug introduced in Synapse 1.37.0 which caused
knock
membership events which we sent to remote servers to be incorrectly stored in the local database. (#10873) - Fix invalidating one-time key count cache after claiming keys. The bug was introduced in Synapse v1.41.0. Contributed by Tulir at Beeper. (#10875)
- Fix a long-standing bug causing application service users to be subject to MAU blocking if the MAU limit had been reached, even if configured not to be blocked. (#10881)
- Fix a long-standing bug which could cause events pulled over federation to be incorrectly rejected. (#10907)
- Fix a long-standing bug causing URL cache files to be stored in storage providers. Server admins may safely delete the
url_cache/
andurl_cache_thumbnails/
directories from any configured storage providers to reclaim space. (#10911) - Fix a long-standing bug leading to race conditions when creating media store and config directories. (#10913)
- Fix some crashes in the Module API example code, by adding JSON encoding/decoding. (#10845)
- Add developer documentation about experimental configuration flags. (#10865)
- Properly remove deleted files from GitHub pages when generating the documentation. (#10869)
- Fix GitHub Actions config so we can run sytest on synapse from parallel branches. (#10659)
- Split out MSC2716 meta events to their own fields in the
/batch_send
response. (#10777) - Add missing type hints to REST servlets. (#10785, #10817)
- Simplify the internal logic which maintains the user directory database tables. (#10796)
- Use direct references to config flags. (#10812, #10885, #10893, #10897)
- Specify the type of token in generic "Invalid token" error messages. (#10815)
- Make
StateFilter
frozen so it is hashable. (#10816) - Fix a long-standing bug where an
m.room.message
event containing a null byte would cause an internal server error. (#10820) - Add type hints to the state database. (#10823)
- Opt out of cache expiry for
get_users_who_share_room_with_user
, to hopefully improve/sync
performance when you haven't synced recently. (#10826) - Track cache eviction rates more finely in Prometheus's monitoring. (#10829)
- Add missing type hints to
synapse.handlers
. (#10831, #10856) - Extend the Module API to let plug-ins check whether an ID is local and to access IP + User Agent data. (#10833)
- Factor out PNG image data to a constant to be used in several tests. (#10834)
- Add a test to ensure state events sent by modules get persisted correctly. (#10835)
- Rename MSC2716 fields and event types from
chunk
tobatch
to match the/batch_send
endpoint. (#10838) - Rename MSC2716
/batch_send
query parameter from?prev_event
to more obvious usage with?prev_event_id
. (#10839) - Add type hints to
synapse.http.site
. (#10867) - Include outlier status when we log V2 or V3 events. (#10879)
- Break down Grafana's cache expiry time series based on reason for eviction, c.f. #10829. (#10880)
- Clean up some of the federation event authentication code for clarity. (#10883, #10884, #10896, #10901)
- Allow the
.
and~
characters when creating registration tokens as per the change to MSC3231. (#10887) - Clean up some unnecessary parentheses in places around the codebase. (#10889)
- Improve type hinting in the user directory code. (#10891)
- Update development testing script
test_postgresql.sh
to use a supported Python version and make re-runs quicker. (#10906) - Document and summarize changes in schema version
61
–64
. (#10917) - Update release script to sign the newly created git tags. (#10925)
- Fix Debian builds due to
dh-virtualenv
no longer being able to build their docs. (#10931)
This release drops support for the deprecated, unstable API for MSC2858 (Multiple SSO Identity Providers), as well as the undocumented experimental.msc2858_enabled
config option. Client authors should update their clients to use the stable API, available since Synapse 1.30.
The documentation has been updated with configuration for routing /spaces
, /hierarchy
and /summary
to workers. See the upgrade notes for more details.
No significant changes since 1.43.0rc2.
- Allow room creators to send historical events specified by MSC2716 in existing room versions. (#10566)
- Add config option to use non-default manhole password and keys. (#10643)
- Skip final GC at shutdown to improve restart performance. (#10712)
- Allow configuration of the oEmbed URLs used for URL previews. (#10714, #10759)
- Prefer room version 9 for restricted rooms per the room version capabilities API. (#10772)
- Fix a long-standing bug where room avatars were not included in email notifications. (#10658)
- Fix a bug where the ordering algorithm was skipping the
origin_server_ts
step in the spaces summary resulting in unstable room orderings. (#10730) - Fix edge case when persisting events into a room where there are multiple events we previously hadn't calculated auth chains for (and hadn't marked as needing to be calculated). (#10743)
- Fix a bug which prevented calls to
/createRoom
that included theroom_alias_name
parameter from being handled by worker processes. (#10757) - Fix a bug which prevented user registration via SSO to require consent tracking for SSO mapping providers that don't prompt for Matrix ID selection. Contributed by @AndrewFerr. (#10733)
- Only return the stripped state events for the
m.space.child
events in a room for the spaces summary from MSC2946. (#10760) - Properly handle room upgrades of spaces. (#10774)
- Fix a bug which generated invalid homeserver config when the
frontend_proxy
worker type was passed to the Synapse Worker-based Complement image. (#10783)
- Minor fix to the
media_repository
developer documentation. Contributed by @cuttingedge1109. (#10556) - Update the documentation to note that the
/spaces
and/hierarchy
endpoints can be routed to workers. (#10648) - Clarify admin API documentation on undoing room deletions. (#10735)
- Split up the modules documentation and add examples for module developers. (#10758)
- Correct 2 typographical errors in the Log Contexts documentation. (#10795)
- Fix a wording mistake in the sample configuration. Contributed by @bramvdnheuvel:nltrix.net. (#10804)
- Remove the unstable MSC2858 API, including the undocumented
experimental.msc2858_enabled
config option. The unstable API has been deprecated since Synapse 1.35. Client authors should update their clients to use the stable API introduced in Synapse 1.30 if they have not already done so. (#10693)
- Add OpenTracing logging to help debug stuck messages (as described by issue #9424). (#10704)
- Add type annotations to the
synapse.util
package. (#10601) - Ensure
rooms.creator
field is always populated for easy lookup in MSC2716 usage later. (#10697) - Add missing type hints to REST servlets. (#10707, #10728, #10736)
- Do not include rooms with unknown room versions in the spaces summary results. (#10727)
- Additional error checking for the
preset
field when creating a room. (#10738) - Clean up some of the federation event authentication code for clarity. (#10744, #10745, #10746, #10771, #10773, #10781)
- Add an index to
presence_stream
to hopefully speed up startups a little. (#10748) - Refactor event size checking code to simplify searching the codebase for the origins of certain error strings that are occasionally emitted. (#10750)
- Move tests relating to rooms having encryption out of the user directory tests. (#10752)
- Use
attrs
internally for the URL preview code & update documentation. (#10753) - Minor speed ups when joining large rooms over federation. (#10754, #10755, #10756, #10780, #10784)
- Add a constant for
m.federate
. (#10775) - Add a script to update the Debian changelog in a Docker container for systems that are not Debian-based. (#10778)
- Change the format of authenticated users in logs when a user is being puppeted by and admin user. (#10779)
- Remove fixed and flakey tests from the Sytest blacklist. (#10788)
- Improve internal details of the user directory code. (#10789)
- Use direct references to config flags. (#10798)
- Ensure the Rust reporter passes type checking with jaeger-client 4.7's type annotations. (#10799)
This version of Synapse removes deprecated room-management admin APIs, removes out-of-date email pushers, and improves error handling for fallback templates for user-interactive authentication. For more information on these points, server administrators are encouraged to read the upgrade notes.
No significant changes since 1.42.0rc2.
- Print a warning when using one of the deprecated
template_dir
settings. (#10768)
- Add support for MSC3231: Token authenticated registration. Users can be required to submit a token during registration to authenticate themselves. Contributed by Callum Brown. (#10142)
- Add support for MSC3283: Expose
enable_set_displayname
in capabilities. (#10452) - Port the
PresenceRouter
module interface to the new generic interface. (#10524) - Add pagination to the spaces summary based on updates to MSC2946. (#10613, #10725)
- Validate new
m.room.power_levels
events. Contributed by @aaronraimist. (#10232) - Display an error on User-Interactive Authentication fallback pages when authentication fails. Contributed by Callum Brown. (#10561)
- Remove pushers when deleting an e-mail address from an account. Pushers for old unlinked emails will also be deleted. (#10581, #10734)
- Reject Client-Server
/keys/query
requests which providedevice_ids
incorrectly. (#10593) - Rooms with unsupported room versions are no longer returned via
/sync
. (#10644) - Enforce the maximum length for per-room display names and avatar URLs. (#10654)
- Fix a bug which caused the
synapse_user_logins_total
Prometheus metric not to be correctly initialised on restart. (#10677) - Improve
ServerNoticeServlet
to avoid duplicate requests and add unit tests. (#10679) - Fix long-standing issue which caused an error when a thumbnail is requested and there are multiple thumbnails with the same quality rating. (#10684)
- Fix a regression introduced in v1.41.0 which affected the performance of concurrent fetches of large sets of events, in extreme cases causing the process to hang. (#10703)
- Fix a regression introduced in Synapse 1.41 which broke email transmission on Systems using older versions of the Twisted library. (#10713)
- Add documentation on how to connect Django with Synapse using OpenID Connect and django-oauth-toolkit. Contributed by @HugoDelval. (#10192)
- Advertise https://matrix-org.github.io/synapse documentation in the
README
andCONTRIBUTING
files. (#10595) - Fix some of the titles not rendering in the OpenID Connect documentation. (#10639)
- Minor clarifications to the documentation for reverse proxies. (#10708)
- Remove table of contents from the top of installation and contributing documentation pages. (#10711)
- Remove deprecated Shutdown Room and Purge Room Admin API. (#8830)
- Improve type hints for the proxy agent and SRV resolver modules. Contributed by @dklimpel. (#10608)
- Clean up some of the federation event authentication code for clarity. (#10614, #10615, #10624, #10640)
- Add a comment asking developers to leave a reason when bumping the database schema version. (#10621)
- Remove not needed database updates in modify user admin API. (#10627)
- Convert room member storage tuples to
attrs
classes. (#10629, #10642) - Use auto-attribs for the attrs classes used in sync. (#10630)
- Make
backfill
andget_missing_events
use the same codepath. (#10645) - Improve the performance of the
/hierarchy
API (from MSC2946) by caching responses received over federation. (#10647) - Run a nightly CI build against Twisted trunk. (#10651, #10672)
- Do not print out stack traces for network errors when fetching data over federation. (#10662)
- Simplify tests for device admin rest API. (#10664)
- Add missing type hints to REST servlets. (#10665, #10666, #10674)
- Flatten the
tests.synapse.rests
package by moving the contents ofv1
andv2_alpha
into the parent. (#10667) - Update
complement.sh
to rebuild the base Docker image when run with workers. (#10686) - Split the event-processing methods in
FederationHandler
into a separateFederationEventHandler
. (#10692) - Remove unused
compare_digest
function. (#10706)
Due to the two security issues highlighted below, server administrators are encouraged to update Synapse. We are not aware of these vulnerabilities being exploited in the wild.
The following issues are fixed in v1.41.1.
-
GHSA-3x4c-pq33-4w3q / CVE-2021-39164: Enumerating a private room's list of members and their display names.
If an unauthorized user both knows the Room ID of a private room and that room's history visibility is set to
shared
, then they may be able to enumerate the room's members, including their display names.The unauthorized user must be on the same homeserver as a user who is a member of the target room.
Fixed by 52c7a51cf.
-
GHSA-jj53-8fmw-f2w2 / CVE-2021-39163: Disclosing a private room's name, avatar, topic, and number of members.
If an unauthorized user knows the Room ID of a private room, then its name, avatar, topic, and number of members may be disclosed through Group / Community features.
The unauthorized user must be on the same homeserver as a user who is a member of the target room, and their homeserver must allow non-administrators to create groups (
enable_group_creation
in the Synapse configuration; off by default).Fixed by cb35df940a, #10723.
- Fix a regression introduced in Synapse 1.41 which broke email transmission on systems using older versions of the Twisted library. (#10713)
This release adds support for Debian 12 (Bookworm), but removes support for Ubuntu 20.10 (Groovy Gorilla), which reached End of Life last month.
Note that when using workers the /_synapse/admin/v1/users/{userId}/media
must now be handled by media workers. See the upgrade notes for more information.
- Enable room capabilities (MSC3244) by default and set room version 8 as the preferred room version when creating restricted rooms. (#10571)
- Add
get_userinfo_by_id
method to ModuleApi. (#9581) - Initial local support for MSC3266, Room Summary over the unstable
/rooms/{roomIdOrAlias}/summary
API. (#10394) - Experimental support for MSC3288, sending
room_type
to the identity server for 3pid invites over the/store-invite
API. (#10435) - Add support for sending federation requests through a proxy. Contributed by @Bubu and @dklimpel. See the upgrade notes for more information. (#10596). (#10475)
- Add support for "marker" events which makes historical events discoverable for servers that already have all of the scrollback history (part of MSC2716). (#10498)
- Add a configuration setting for the time a
/sync
response is cached for. (#10513) - The default logging handler for new installations is now
PeriodicallyFlushingMemoryHandler
, a buffered logging handler which periodically flushes itself. (#10518) - Add support for new redaction rules for historical events specified in MSC2716. (#10538)
- Add a setting to disable TLS when sending email. (#10546)
- Add pagination to the spaces summary based on updates to MSC2946. (#10549, #10560, #10569, #10574, #10575, #10579, #10583)
- Admin API to delete several media for a specific user. Contributed by @dklimpel. (#10558, #10628)
- Add support for routing
/createRoom
to workers. (#10564) - Update the Synapse Grafana dashboard. (#10570)
- Add an admin API (
GET /_synapse/admin/username_available
) to check if a username is available (regardless of registration settings). (#10578) - Allow editing a user's
external_ids
via the "Edit User" admin API. Contributed by @dklimpel. (#10598) - The Synapse manhole no longer needs coroutines to be wrapped in
defer.ensureDeferred
. (#10602) - Add option to allow modules to run periodic tasks on all instances, rather than just the one configured to run background tasks. (#10638)
- Add some clarification to the sample config file. Contributed by @Kentokamoto. (#10129)
- Fix a long-standing bug where protocols which are not implemented by any appservices were incorrectly returned via
GET /_matrix/client/r0/thirdparty/protocols
. (#10532) - Fix exceptions in logs when failing to get remote room list. (#10541)
- Fix longstanding bug which caused the user's presence "status message" to be reset when the user went offline. Contributed by @dklimpel. (#10550)
- Allow public rooms to be previewed in the spaces summary APIs from MSC2946. (#10580)
- Fix a bug introduced in v1.37.1 where an error could occur in the asynchronous processing of PDUs when the queue was empty. (#10592)
- Fix errors on /sync when read receipt data is a string. Only affects homeservers with the experimental flag for MSC2285 enabled. Contributed by @SimonBrandner. (#10606)
- Additional validation for the spaces summary API to avoid errors like
ValueError: Stop argument for islice() must be None or an integer
. The missing validation has existed since v1.31.0. (#10611) - Revert behaviour introduced in v1.38.0 that strips
org.matrix.msc2732.device_unused_fallback_key_types
from/sync
when its value is empty. This field should instead always be present according to MSC2732. (#10623)
- Add documentation for configuring a forward proxy. (#10443)
- Updated the reverse proxy documentation to highlight the homserver configuration that is needed to make Synapse aware that is is intentionally reverse proxied. (#10551)
- Update CONTRIBUTING.md to fix index links and the instructions for SyTest in docker. (#10599)
- No longer build
.deb
packages for Ubuntu 20.10 Groovy Gorilla, which has now EOLed. (#10588) - The
template_dir
configuration settings in thesso
,account_validity
andemail
sections of the configuration file are now deprecated in favour of the globaltemplates.custom_template_directory
setting. See the upgrade notes for more information. (#10596)
- Improve event caching mechanism to avoid having multiple copies of an event in memory at a time. (#10119)
- Reduce errors in PostgreSQL logs due to concurrent serialization errors. (#10504)
- Include room ID in ignored EDU log messages. Contributed by @ilmari. (#10507)
- Add pagination to the spaces summary based on updates to MSC2946. (#10527, #10530)
- Fix CI to not break when run against branches rather than pull requests. (#10529)
- Mark all events stemming from the MSC2716
/batch_send
endpoint as historical. (#10537) - Clean up some of the federation event authentication code for clarity. (#10539, #10591)
- Convert
Transaction
andEdu
objects to attrs. (#10542) - Update
/batch_send
endpoint to only returnstate_events
created by thestate_events_from_before
passed in. (#10552) - Update contributing.md to warn against rebasing an open PR. (#10563)
- Remove the unused public rooms replication stream. (#10565)
- Clarify error message when failing to join a restricted room. (#10572)
- Remove references to BuildKite in favour of GitHub Actions. (#10573)
- Move
/batch_send
endpoint defined by MSC2716 to the/v2_alpha
directory. (#10576) - Allow multiple custom directories in
read_templates
. (#10587) - Re-organize the
synapse.federation.transport.server
module to create smaller files. (#10590) - Flatten the
synapse.rest.client
package by moving the contents ofv1
andv2_alpha
into the parent. (#10600) - Build Debian packages for Debian 12 (Bookworm). (#10612)
- Fix up a couple of links to the database schema documentation. (#10620)
- Fix a broken link to the upgrade notes. (#10631)
No significant changes.
- Support MSC3289: room version 8. (#10449)
- Fix broken links in
upgrade.md
. Contributed by @dklimpel. (#10543)
- Fix the
PeriodicallyFlushingMemoryHandler
inhibiting application shutdown because of its background thread. (#10517) - Fix a bug introduced in Synapse v1.40.0rc1 that could cause Synapse to respond with an error when clients would update read receipts. (#10531)
- Fix release script to open the correct URL for the release. (#10516)
- Add support for MSC2033:
device_id
on/account/whoami
. (#9918) - Update support for MSC2716 - Incrementally importing history into existing rooms. (#10245, #10432, #10463)
- Update support for MSC3083 to consider changes in the MSC around which servers can issue join events. (#10254, #10447, #10489)
- Initial support for MSC3244, Room version capabilities over the /capabilities API. (#10283)
- Add a buffered logging handler which periodically flushes itself. (#10407, #10515)
- Add support for https connections to a proxy server. Contributed by @Bubu and @dklimpel. (#10411)
- Support for MSC2285 (hidden read receipts). Contributed by @SimonBrandner. (#10413)
- Email notifications now state whether an invitation is to a room or a space. (#10426)
- Allow setting transaction limit for database connections. (#10440, #10511)
- Add
creation_ts
to "list users" admin API. (#10448)
- Improve character set detection in URL previews by supporting underscores (in addition to hyphens). Contributed by @srividyut. (#10410)
- Fix events being incorrectly rejected over federation if they reference auth events that the server needed to fetch. (#10439)
- Fix
synapse_federation_server_oldest_inbound_pdu_in_staging
Prometheus metric to not report a max age of 51 years when the queue is empty. (#10455) - Fix a bug which caused an explicit assignment of power-level 0 to a user to be misinterpreted in rare circumstances. (#10499)
- Fix hierarchy of providers on the OpenID page. (#10445)
- Consolidate development documentation to
docs/development/
. (#10453) - Add some developer docs to explain room DAG concepts like
outliers
,state_groups
,depth
, etc. (#10464) - Document how to use Complement while developing a new Synapse feature. (#10483)
- Prune inbound federation queues for a room if they get too large. (#10390)
- Add type hints to
synapse.federation.transport.client
module. (#10408) - Remove shebang line from module files. (#10415)
- Drop backwards-compatibility code that was required to support Ubuntu Xenial. (#10429)
- Use a docker image cache for the prerequisites for the debian package build. (#10431)
- Improve servlet type hints. (#10437, #10438)
- Replace usage of
or_ignore
insimple_insert
withsimple_upsert
usage, to stop spamming postgres logs with spurious ERROR messages. (#10442) - Update the
tests-done
Github Actions status. (#10444, #10512) - Update type annotations to work with forthcoming Twisted 21.7.0 release. (#10446, #10450)
- Cancel redundant GHA workflows when a new commit is pushed. (#10451)
- Mitigate media repo XSS attacks on IE11 via the non-standard X-Content-Security-Policy header. (#10468)
- Additional type hints in the state handler. (#10482)
- Update syntax used to run complement tests. (#10488)
- Fix up type annotations to work with Twisted 21.7. (#10490)
- Improve type annotations for
ObservableDeferred
. (#10491) - Extend release script to also tag and create GitHub releases. (#10496)
- Fix a bug which caused production debian packages to be incorrectly marked as 'prerelease'. (#10500)
No significant changes.
- Fix a bug introduced in Synapse 1.38 which caused an exception at startup when SAML authentication was enabled. (#10477)
- Fix a long-standing bug where Synapse would not inform clients that a device had exhausted its one-time-key pool, potentially causing problems decrypting events. (#10485)
- Fix reporting old R30 stats as R30v2 stats. Introduced in v1.39.0rc1. (#10486)
- Fix an error which prevented the Github Actions workflow to build the docker images from running. (#10461)
- Fix release script to correctly version debian changelog when doing RCs. (#10465)
This release also includes the changes in v1.38.1.
- Move docker image build to Github Actions. (#10416)
- Always include
device_one_time_keys_count
key in/sync
response to work around a bug in Element Android that broke encryption for new devices. (#10457)
The Third-Party Event Rules module interface has been deprecated in favour of the generic module interface introduced in Synapse v1.37.0. Support for the old interface is planned to be removed in September 2021. See the upgrade notes for more information.
- Add the ability to override the account validity feature with a module. (#9884)
- The spaces summary API now returns any joinable rooms, not only rooms which are world-readable. (#10298, #10305)
- Add a new version of the R30 phone-home metric, which removes a false impression of retention given by the old R30 metric. (#10332, #10427)
- Allow providing credentials to
http_proxy
. (#10360)
- Fix error while dropping locks on shutdown. Introduced in v1.38.0. (#10433)
- Add base starting insertion event when no chunk ID is specified in the historical batch send API. (#10250)
- Fix historical batch send endpoint (MSC2716) rejecting batches with messages from multiple senders. (#10276)
- Fix purging rooms that other homeservers are still sending events for. Contributed by @ilmari. (#10317)
- Fix errors during backfill caused by previously purged redaction events. Contributed by Andreas Rammhold (@andir). (#10343)
- Fix the user directory becoming broken (and noisy errors being logged) when knocking and room statistics are in use. (#10344)
- Fix newly added
synapse_federation_server_oldest_inbound_pdu_in_staging
prometheus metric to measure age rather than timestamp. (#10355) - Fix PostgreSQL sometimes using table scans for queries against
state_groups_state
table, taking a long time and a large amount of IO. (#10359) - Fix
make_room_admin
failing for users that have left a private room. (#10367) - Fix a number of logged errors caused by remote servers being down. (#10400, #10414)
- Responses from
/make_{join,leave,knock}
no longer include signatures, which will turn out to be invalid after events are returned to/send_{join,leave,knock}
. (#10404)
- Updated installation dependencies for newer macOS versions and ARM Macs. Contributed by Luke Walsh. (#9971)
- Simplify structure of room admin API. (#10313)
- Refresh the logcontext dev documentation. (#10353), (#10337)
- Add delegation example for caddy in the reverse proxy documentation. Contributed by @moritzdietz. (#10368)
- Fix and clarify some links in
docs
andcontrib
. (#10370), (#10322), (#10399) - Make deprecation notice of the spam checker doc more obvious. (#10395)
- Add instructions on installing Debian packages for release candidates. (#10396)
- Remove functionality associated with the unused
room_stats_historical
anduser_stats_historical
tables. Contributed by @xmunoz. (#9721) - The third-party event rules module interface is deprecated in favour of the generic module interface introduced in Synapse v1.37.0. See the upgrade notes for more information. (#10386)
- Convert
room_depth.min_depth
column to aBIGINT
. (#10289) - Add tests to characterise the current behaviour of R30 phone-home metrics. (#10315)
- Rebuild event context and auth when processing specific results from
ThirdPartyEventRules
modules. (#10316) - Minor change to the code that populates
user_daily_visits
. (#10324) - Re-enable Sytests that were disabled for the 1.37.1 release. (#10345, #10357)
- Run
pyupgrade
on the codebase. (#10347, #10348) - Switch
application_services_txns.txn_id
database column toBIGINT
. (#10349) - Convert internal type variable syntax to reflect wider ecosystem use. (#10350, #10380, #10381, #10382, #10418)
- Make the Github Actions workflow configuration more efficient. (#10383)
- Add type hints to
get_{domain,localpart}_from_id
. (#10385) - When building Debian packages for prerelease versions, set the Section accordingly. (#10391)
- Add type hints and comments to event auth code. (#10393)
- Stagger sending of presence update to remote servers, reducing CPU spikes caused by starting many connections to remote servers at once. (#10398)
- Remove unused
events_by_room
code (tech debt). (#10421) - Add a github actions job which records success of other jobs. (#10430)
This release includes a database schema update which could result in elevated disk usage. See the upgrade notes for more information.
No significant changes since 1.38.0rc3.
- Fix bug where inbound federation in a room could be delayed due to not correctly dropping a lock. Introduced in v1.37.1. (#10336)
- Update links to documentation in the sample config. Contributed by @dklimpel. (#10287)
- Fix broken links in INSTALL.md. Contributed by @dklimpel. (#10331)
- Implement refresh tokens as specified by MSC2918. (#9450)
- Add support for evicting cache entries based on last access time. (#10205)
- Omit empty fields from the
/sync
response. Contributed by @deepbluev7. (#10214) - Improve validation on federation
send_{join,leave,knock}
endpoints. (#10225, #10243) - Add SSO
external_ids
to the Query User Account admin API. (#10261) - Mark events received over federation which fail a spam check as "soft-failed". (#10263)
- Add metrics for new inbound federation staging area. (#10284)
- Add script to print information about recently registered users. (#10290)
- Fix a long-standing bug which meant that invite rejections and knocks were not sent out over federation in a timely manner. (#10223)
- Fix a bug introduced in v1.26.0 where only users who have set profile information could be deactivated with erasure enabled. (#10252)
- Fix a long-standing bug where Synapse would return errors after 231 events were handled by the server. (#10264, #10267, #10282, #10286, #10291, #10314, #10326)
- Fix the prometheus
synapse_federation_server_pdu_process_time
metric. Broke in v1.37.1. (#10279) - Ensure that inbound events from federation that were being processed when Synapse was restarted get promptly processed on start up. (#10303)
- Move the upgrade notes to docs/upgrade.md and convert them to markdown. (#10166)
- Choose Welcome & Overview as the default page for synapse documentation website. (#10242)
- Adjust the URL in the README.rst file to point to irc.libera.chat. (#10258)
- Fix homeserver config option name in presence router documentation. (#10288)
- Fix link pointing at the wrong section in the modules documentation page. (#10302)
- Drop
Origin
andAccept
from the value of theAccess-Control-Allow-Headers
response header. (#10114) - Add type hints to the federation servlets. (#10213)
- Improve the reliability of auto-joining remote rooms. (#10237)
- Update the release script to use the semver terminology and determine the release branch based on the next version. (#10239)
- Fix type hints for computing auth events. (#10253)
- Improve the performance of the spaces summary endpoint by only recursing into spaces (and not rooms in general). (#10256)
- Move event authentication methods from
Auth
toEventAuthHandler
. (#10268) - Re-enable a SyTest after it has been fixed. (#10292)
This release resolves issues (such as #9490) where one busy room could cause head-of-line blocking, starving Synapse from processing events in other rooms, and causing all federated traffic to fall behind. Synapse 1.37.1 processes inbound federation traffic asynchronously, ensuring that one busy room won't impact others. Please upgrade to Synapse 1.37.1 as soon as possible, in order to increase resilience to other traffic spikes.
No significant changes since v1.37.1rc1.
This release deprecates the current spam checker interface. See the upgrade notes for more information on how to update to the new generic module interface.
This release also removes support for fetching and renewing TLS certificates using the ACME v1 protocol, which has been fully decommissioned by Let's Encrypt on June 1st 2021. Admins previously using this feature should use a reverse proxy to handle TLS termination, or use an external ACME client (such as certbot) to retrieve a certificate and key and provide them to Synapse using the tls_certificate_path
and tls_private_key_path
configuration settings.
- Implement "room knocking" as per MSC2403. Contributed by @Sorunome and anoa. (#6739, #9359, #10167, #10212, #10227)
- Add experimental support for backfilling history into rooms (MSC2716). (#9247)
- Implement a generic interface for third-party plugin modules. (#10062, #10206)
- Implement config option
sso.update_profile_information
to sync SSO users' profile information with the identity provider each time they login. Currently only displayname is supported. (#10108) - Ensure that errors during startup are written to the logs and the console. (#10191)
- Fix a bug introduced in Synapse v1.25.0 that prevented the
ip_range_whitelist
configuration option from working for federation and identity servers. Contributed by @mikure. (#10115) - Remove a broken import line in Synapse's
admin_cmd
worker. Broke in Synapse v1.33.0. (#10154) - Fix a bug introduced in Synapse v1.21.0 which could cause
/sync
to return immediately with an empty response. (#10157, #10158) - Fix a minor bug in the response to
/_matrix/client/r0/user/{user}/openid/request_token
causingexpires_in
to be a float instead of an integer. Contributed by @lukaslihotzki. (#10175) - Always require users to re-authenticate for dangerous operations: deactivating an account, modifying an account password, and adding 3PIDs. (#10184)
- Fix a bug introduced in Synpase v1.7.2 where remote server count metrics collection would be incorrectly delayed on startup. Found by @heftig. (#10195)
- Fix a bug introduced in Synapse v1.35.1 where an
allow
key of am.room.join_rules
event could be applied for incorrect room versions and configurations. (#10208) - Fix performance regression in responding to user key requests over federation. Introduced in Synapse v1.34.0rc1. (#10221)
- Add a new guide to decoding request logs. (#8436)
- Mention in the sample homeserver config that you may need to configure max upload size in your reverse proxy. Contributed by @aaronraimist. (#10122)
- Fix broken links in documentation. (#10180)
- Deploy a snapshot of the documentation website upon each new Synapse release. (#10198)
- The current spam checker interface is deprecated in favour of a new generic modules system. See the upgrade notes for more information on how to update to the new system. (#10062, #10210, #10238)
- Stop supporting the unstable spaces prefixes from MSC1772. (#10161)
- Remove Synapse's support for automatically fetching and renewing certificates using the ACME v1 protocol. This protocol has been fully turned off by Let's Encrypt for existing installations on June 1st 2021. Admins previously using this feature should use a reverse proxy to handle TLS termination, or use an external ACME client (such as certbot) to retrieve a certificate and key and provide them to Synapse using the
tls_certificate_path
andtls_private_key_path
configuration settings. (#10194)
- Update the database schema versioning to support gradual migration away from legacy tables. (#9933)
- Add type hints to the federation servlets. (#10080)
- Improve OpenTracing for event persistence. (#10134, #10193)
- Clean up the interface for injecting OpenTracing over HTTP. (#10143)
- Limit the number of in-flight
/keys/query
requests from a single device. (#10144) - Refactor EventPersistenceQueue. (#10145)
- Document
SYNAPSE_TEST_LOG_LEVEL
to see the logger output when running tests. (#10148) - Update the Complement build tags in GitHub Actions to test currently experimental features. (#10155)
- Add a
synapse_federation_soft_failed_events_total
metric to track how often events are soft failed. (#10156) - Fetch the corresponding complement branch when performing CI. (#10160)
- Add some developer documentation about boolean columns in database schemas. (#10164)
- Add extra logging fields to better debug where events are being soft failed. (#10168)
- Add debug logging for when we enter and exit
Measure
blocks. (#10183) - Improve comments in structured logging code. (#10188)
- Update MSC3083 support with modifications from the MSC. (#10189)
- Remove redundant DNS lookup limiter. (#10190)
- Upgrade
black
linting tool to 21.6b0. (#10197) - Expose OpenTracing trace id in response headers. (#10199)
No significant changes.
- Fix a bug which caused presence updates to stop working some time after a restart, when using a presence writer worker. Broke in v1.33.0. (#10149)
- Fix a bug when using federation sender worker where it would send out more presence updates than necessary, leading to high resource usage. Broke in v1.33.0. (#10163)
- Fix a bug where Synapse could send the same presence update to a remote twice. (#10165)
- Add new endpoint
/_matrix/client/r0/rooms/{roomId}/aliases
from Client-Server API r0.6.1 (previously MSC2432). (#9224) - Improve performance of incoming federation transactions in large rooms. (#9953, #9973)
- Rewrite logic around verifying JSON object and fetching server keys to be more performant and use less memory. (#10035)
- Add new admin APIs for unprotecting local media from quarantine. Contributed by @dklimpel. (#10040)
- Add new admin APIs to remove media by media ID from quarantine. Contributed by @dklimpel. (#10044)
- Make reason and score parameters optional for reporting content. Implements MSC2414. Contributed by Callum Brown. (#10077)
- Add support for routing more requests to workers. (#10084)
- Report OpenTracing spans for database activity. (#10113, #10136, #10141)
- Significantly reduce memory usage of joining large remote rooms. (#10117)
- Fixed a bug causing replication requests to fail when receiving a lot of events via federation. (#10082)
- Fix a bug in the
force_tracing_for_users
option introduced in Synapse v1.35 which meant that the OpenTracing spans produced were missing most tags. (#10092) - Fixed a bug that could cause Synapse to stop notifying application services. Contributed by Willem Mulder. (#10107)
- Fix bug where the server would attempt to fetch the same history in the room from a remote server multiple times in parallel. (#10116)
- Fix a bug introduced in Synapse 1.33.0 which caused replication requests to fail when receiving a lot of very large events via federation. (#10118)
- Fix bug when using workers where pagination requests failed if a remote server returned zero events from
/backfill
. Introduced in 1.35.0. (#10133)
- Clarify security note regarding hosting Synapse on the same domain as other web applications. (#9221)
- Update CAPTCHA documentation to mention turning off the verify origin feature. Contributed by @aaronraimist. (#10046)
- Tweak wording of database recommendation in
INSTALL.md
. Contributed by @aaronraimist. (#10057) - Add initial infrastructure for rendering Synapse documentation with mdbook. (#10086)
- Convert the remaining Admin API documentation files to markdown. (#10089)
- Make a link in docs use HTTPS. Contributed by @RhnSharma. (#10130)
- Fix broken link in Docker docs. (#10132)
- Remove the experimental
spaces_enabled
flag. The spaces features are always available now. (#10063)
- Tell CircleCI to build Docker images from
main
branch. (#9906) - Simplify naming convention for release branches to only include the major and minor version numbers. (#10013)
- Add
parse_strings_from_args
for parsing an array from query parameters. (#10048, #10137) - Remove some dead code regarding TLS certificate handling. (#10054)
- Remove redundant, unmaintained
convert_server_keys
script. (#10055) - Improve the error message printed by synctl when synapse fails to start. (#10059)
- Fix GitHub Actions lint for newsfragments. (#10069)
- Update opentracing to inject the right context into the carrier. (#10074)
- Fix up
BatchingQueue
implementation. (#10078) - Log method and path when dropping request due to size limit. (#10091)
- In Github Actions workflows, summarize the Sytest results in an easy-to-read format. (#10094)
- Make
/sync
do fewer state resolutions. (#10102) - Add missing type hints to the admin API servlets. (#10105)
- Improve opentracing annotations for
Notifier
. (#10111) - Enable Prometheus metrics for the jaeger client library. (#10112)
- Work to improve the responsiveness of
/sync
requests. (#10124) - OpenTracing: use a consistent name for background processes. (#10135)
- Fix a bug introduced in v1.35.0 where invite-only rooms would be shown to all users in a space, regardless of if the user had access to it. (#10109)
Note that the tag and docker images for v1.35.0rc3
were incorrectly built. If you are experiencing issues with either, it is recommended to upgrade to the equivalent tag or docker image for the v1.35.0
release.
- The core Synapse development team plan to drop support for the unstable API of MSC2858, including the undocumented
experimental.msc2858_enabled
config option, in August 2021. Client authors should ensure that their clients are updated to use the stable API (which has been supported since Synapse 1.30) well before that time, to give their users time to upgrade. (#10101)
- Fixed a bug causing replication requests to fail when receiving a lot of events via federation. Introduced in v1.33.0. (#10082)
- Fix HTTP response size limit to allow joining very large rooms over federation. Introduced in v1.33.0. (#10093)
- Log method and path when dropping request due to size limit. (#10091)
- Fix a bug introduced in v1.35.0rc1 when calling the spaces summary API via a GET request. (#10079)
- Add experimental support to allow a user who could join a restricted room to view it in the spaces summary. (#9922, #10007, #10038)
- Reduce memory usage when joining very large rooms over federation. (#9958)
- Add a configuration option which allows enabling opentracing by user id. (#9978)
- Enable experimental support for MSC2946 (spaces summary API) and MSC3083 (restricted join rules) by default. (#10011)
- Fix a bug introduced in v1.26.0 which meant that
synapse_port_db
would not correctly initialise some postgres sequences, requiring manual updates afterwards. (#9991) - Fix
synctl
's--no-daemonize
parameter to work correctly with worker processes. (#9995) - Fix a validation bug introduced in v1.34.0 in the ordering of spaces in the space summary API. (#10002)
- Fixed deletion of new presence stream states from database. (#10014, #10033)
- Fixed a bug with very high resolution image uploads throwing internal server errors. (#10029)
- Fix bug introduced in Synapse 1.33.0 which caused a
Permission denied: '/homeserver.log'
error when starting Synapse with the generated log configuration. Contributed by Sergio Miguéns Iglesias. (#10045)
- Add hardened systemd files as proposed in #9760 and added them to
contrib/
. Change the docs to reflect the presence of these files. (#9803) - Clarify documentation around SSO mapping providers generating unique IDs and localparts. (#9980)
- Updates to the PostgreSQL documentation (
postgres.md
). (#9988, #9989) - Fix broken link in user directory documentation. Contributed by @junquera. (#10016)
- Add missing room state entry to the table of contents of room admin API. (#10043)
- Removed support for the deprecated
tls_fingerprints
configuration setting. Contributed by Jerin J Titus. (#9280)
- Allow sending full presence to users via workers other than the one that called
ModuleApi.send_local_online_presence_to
. (#9823) - Update comments in the space summary handler. (#9974)
- Minor enhancements to the
@cachedList
descriptor. (#9975) - Split multipart email sending into a dedicated handler. (#9977)
- Run
black
on files in thescripts
directory. (#9981) - Add missing type hints to
synapse.util
module. (#9982) - Simplify a few helper functions. (#9984, #9985, #9986)
- Remove unnecessary property from SQLBaseStore. (#9987)
- Remove
keylen
param onLruCache
. (#9993) - Update the Grafana dashboard in
contrib/
. (#10001) - Add a batching queue implementation. (#10017)
- Reduce memory usage when verifying signatures on large numbers of events at once. (#10018)
- Properly invalidate caches for destination retry timings every (instead of expiring entries every 5 minutes). (#10036)
- Fix running complement tests with Synapse workers. (#10039)
- Fix typo in
get_state_ids_for_event
docstring where the return type was incorrect. (#10050)
This release deprecates the room_invite_state_types
configuration setting. See the upgrade notes for instructions on updating your configuration file to use the new room_prejoin_state
setting.
This release also deprecates the POST /_synapse/admin/v1/rooms/<room_id>/delete
admin API route. Server administrators are encouraged to update their scripts to use the new DELETE /_synapse/admin/v1/rooms/<room_id>
route instead.
No significant changes since v1.34.0rc1.
- Add experimental option to track memory usage of the caches. (#9881)
- Add support for
DELETE /_synapse/admin/v1/rooms/<room_id>
. (#9889) - Add limits to how often Synapse will GC, ensuring that large servers do not end up GC thrashing if
gc_thresholds
has not been correctly set. (#9902) - Improve performance of sending events for worker-based deployments using Redis. (#9905, #9950, #9951)
- Improve performance after joining a large room when presence is enabled. (#9910, #9916)
- Support stable identifiers for MSC1772 Spaces.
m.space.child
events will now be taken into account when populating the experimental spaces summary response. Please see the upgrade notes if you have customisedroom_invite_state_types
in your configuration. (#9915, #9966) - Improve performance of backfilling in large rooms. (#9935)
- Add a config option to allow you to prevent device display names from being shared over federation. Contributed by @aaronraimist. (#9945)
- Update support for MSC2946: Spaces Summary. (#9947, #9954)
- Fix a bug introduced in v1.32.0 where the associated connection was improperly logged for SQL logging statements. (#9895)
- Correct the type hint for the
user_may_create_room_alias
method of spam checkers. It is provided aRoomAlias
, not astr
. (#9896) - Fix bug where user directory could get out of sync if room visibility and membership changed in quick succession. (#9910)
- Include the
origin_server_ts
property in the experimental MSC2946 support to allow clients to properly sort rooms. (#9928) - Fix bugs introduced in v1.23.0 which made the PostgreSQL port script fail when run with a newly-created SQLite database. (#9930)
- Fix a bug introduced in Synapse 1.29.0 which caused
m.room_key_request
to-device messages sent from one user to another to be dropped. (#9961, #9965) - Fix a bug introduced in v1.27.0 preventing users and appservices exempt from ratelimiting from creating rooms with many invitees. (#9968)
- Add
startup_delay
to docker healthcheck to reduce waiting time for coming online and update the documentation with extra options. Contributed by @Maquis196. (#9913)
- Add
port
argument to the Postgres database sample config section. (#9911)
- Mark as deprecated
POST /_synapse/admin/v1/rooms/<room_id>/delete
. (#9889)
- Reduce the length of Synapse's access tokens. (#5588)
- Export jemalloc stats to Prometheus if it is being used. (#9882)
- Add type hints to presence handler. (#9885)
- Reduce memory usage of the LRU caches. (#9886)
- Add type hints to the
synapse.handlers
module. (#9896) - Time response time for external cache requests. (#9904)
- Minor fixes to the
make_full_schema.sh
script. (#9931) - Move database schema files into a common directory. (#9932)
- Add debug logging for lost/delayed to-device messages. (#9959)
Due to the security issue highlighted below, server administrators are encouraged to update Synapse. We are not aware of these vulnerabilities being exploited in the wild.
This release fixes a denial of service attack (CVE-2021-29471) against Synapse's push rules implementation. Server admins are encouraged to upgrade.
- Unpin attrs dependency. (#9946)
- Fix bug where
/sync
would break if using the latest version ofattrs
dependency, by pinning to a previous version. (#9937)
- Build Debian packages for Ubuntu 21.04 (Hirsute Hippo). (#9909)
- Fix tight loop when handling presence replication when using workers. Introduced in v1.33.0rc1. (#9900)
- Update experimental support for MSC3083: restricting room access via group membership. (#9800, #9814)
- Add experimental support for handling presence on a worker. (#9819, #9820, #9828, #9850)
- Return a new template when an user attempts to renew their account multiple times with the same token, stating that their account is set to expire. This replaces the invalid token template that would previously be shown in this case. This change concerns the optional account validity feature. (#9832)
- Fixes the OIDC SSO flow when using a
public_baseurl
value including a non-root URL path. (#9726) - Fix thumbnail generation for some sites with non-standard content types. Contributed by @rkfg. (#9788)
- Add some sanity checks to identity server passed to 3PID bind/unbind endpoints. (#9802)
- Limit the size of HTTP responses read over federation. (#9833)
- Fix a bug which could cause Synapse to get stuck in a loop of resyncing device lists. (#9867)
- Fix a long-standing bug where errors from federation did not propagate to the client. (#9868)
- Add a note to the docker docs mentioning that we mirror upstream's supported Docker platforms. (#9801)
- Add a dockerfile for running Synapse in worker-mode under Complement. (#9162)
- Apply
pyupgrade
across the codebase. (#9786) - Move some replication processing out of
generic_worker
. (#9796) - Replace
HomeServer.get_config()
with inline references. (#9815) - Rename some handlers and config modules to not duplicate the top-level module. (#9816)
- Fix a long-standing bug which caused
max_upload_size
to not be correctly enforced. (#9817) - Reduce CPU usage of the user directory by reusing existing calculated room membership. (#9821)
- Small speed up for joining large remote rooms. (#9825)
- Introduce flake8-bugbear to the test suite and fix some of its lint violations. (#9838)
- Only store the raw data in the in-memory caches, rather than objects that include references to e.g. the data stores. (#9845)
- Limit length of accepted email addresses. (#9855)
- Remove redundant
synapse.types.Collection
type definition. (#9856) - Handle recently added rate limits correctly when using
--no-rate-limit
with the demo scripts. (#9858) - Disable invite rate-limiting by default when running the unit tests. (#9871)
- Pass a reactor into
SynapseSite
to make testing easier. (#9874) - Make
DomainSpecificString
anattrs
class. (#9875) - Add type hints to
synapse.api.auth
andsynapse.api.auth_blocking
modules. (#9876) - Remove redundant
_PushHTTPChannel
test class. (#9878) - Remove backwards-compatibility code for Python versions < 3.6. (#9879)
- Small performance improvement around handling new local presence updates. (#9887)
This release includes a fix for a regression introduced in 1.32.0.
- Fix a regression in Synapse 1.32.0 and 1.32.1 which caused
LoggingContext
errors in plugins. (#9857)
This release fixes a regression in Synapse 1.32.0 that caused connected Prometheus instances to become unstable.
However, as this release is still subject to the LoggingContext
change in 1.32.0,
it is recommended to remain on or downgrade to 1.31.0.
- Fix a regression in Synapse 1.32.0 which caused Synapse to report large numbers of Prometheus time series, potentially overwhelming Prometheus instances. (#9854)
Note: This release introduces a regression that can overwhelm connected Prometheus instances. This issue was not present in 1.32.0rc1. If affected, it is recommended to downgrade to 1.31.0 in the meantime, and follow these instructions to clean up any excess writeahead logs.
Note: This release also mistakenly included a change that may affected Synapse
modules that import synapse.logging.context.LoggingContext
, such as
synapse-s3-storage-provider.
This will be fixed in a later Synapse version.
Note: This release requires Python 3.6+ and Postgres 9.6+ or SQLite 3.22+.
This release removes the deprecated GET /_synapse/admin/v1/users/<user_id>
admin API. Please use the v2 API instead, which has improved capabilities.
This release requires Application Services to use type m.login.application_service
when registering users via the /_matrix/client/r0/register
endpoint to comply with the spec. Please ensure your Application Services are up to date.
If you are using the packages.matrix.org
Debian repository for Synapse packages,
note that we have recently updated the expiry date on the gpg signing key. If you see an
error similar to The following signatures were invalid: EXPKEYSIG F473DD4473365DE1
, you
will need to get a fresh copy of the keys. You can do so with:
sudo wget -O /usr/share/keyrings/matrix-org-archive-keyring.gpg https://packages.matrix.org/debian/matrix-org-archive-keyring.gpg
- Fix the log lines of nested logging contexts. Broke in 1.32.0rc1. (#9829)
- Add a Synapse module for routing presence updates between users. (#9491)
- Add an admin API to manage ratelimit for a specific user. (#9648)
- Include request information in structured logging output. (#9654)
- Add
order_by
to the admin APIGET /_synapse/admin/v2/users
. Contributed by @dklimpel. (#9691) - Replace the
room_invite_state_types
configuration setting withroom_prejoin_state
. (#9700) - Add experimental support for MSC3083: restricting room access via group membership. (#9717, #9735)
- Update experimental support for Spaces: include
m.room.create
in the room state sent with room-invites. (#9710) - Synapse now requires Python 3.6 or later. It also requires Postgres 9.6 or later or SQLite 3.22 or later. (#9766)
- Prevent
synapse_forward_extremities
andsynapse_excess_extremity_events
Prometheus metrics from initially reporting zero-values after startup. (#8926) - Fix recently added ratelimits to correctly honour the application service
rate_limited
flag. (#9711) - Fix longstanding bug which caused
duplicate key value violates unique constraint "remote_media_cache_thumbnails_media_origin_media_id_thumbna_key"
errors. (#9725) - Fix bug where sharded federation senders could get stuck repeatedly querying the DB in a loop, using lots of CPU. (#9770)
- Fix duplicate logging of exceptions thrown during federation transaction processing. (#9780)
- Move opencontainers labels to the final Docker image such that users can inspect them. (#9765)
- Make the
allowed_local_3pids
regex example in the sample config stricter. (#9719)
- Remove old admin API
GET /_synapse/admin/v1/users/<user_id>
. (#9401) - Make
/_matrix/client/r0/register
expect a type ofm.login.application_service
when an Application Service registers a user, to align with the relevant spec. (#9548)
- Replace deprecated
imp
module with successorimportlib
. Contributed by Cristina Muñoz. (#9718) - Experiment with GitHub Actions for CI. (#9661)
- Introduce flake8-bugbear to the test suite and fix some of its lint violations. (#9682)
- Update
scripts-dev/complement.sh
to use a local checkout of Complement, allow running a subset of tests and have it use Synapse's Complement test blacklist. (#9685) - Improve Jaeger tracing for
to_device
messages. (#9686) - Add release helper script for automating part of the Synapse release process. (#9713)
- Add type hints to expiring cache. (#9730)
- Convert various testcases to
HomeserverTestCase
. (#9736) - Start linting mypy with
no_implicit_optional
. (#9742) - Add missing type hints to federation handler and server. (#9743)
- Check that a
ConfigError
is raised, rather than simplyException
, when appropriate in homeserver config file generation tests. (#9753) - Fix incompatibility with
tox
2.5. (#9769) - Enable Complement tests for MSC2946: Spaces Summary API. (#9771)
- Use mock from the standard library instead of a separate package. (#9772)
- Update Black configuration to target Python 3.6. (#9781)
- Add option to skip unit tests when building Debian packages. (#9793)
Note: As announced in v1.25.0, and in line with the deprecation policy for platform dependencies, this is the last release to support Python 3.5 and PostgreSQL 9.5. Future versions of Synapse will require Python 3.6+ and PostgreSQL 9.6+, as per our deprecation policy.
This is also the last release that the Synapse team will be publishing packages for Debian Stretch and Ubuntu Xenial.
- Add a document describing the deprecation policy for platform dependencies. (#9723)
- Add support to OpenID Connect login for requiring attributes on the
userinfo
response. Contributed by Hubbe King. (#9609) - Add initial experimental support for a "space summary" API. (#9643, #9652, #9653)
- Add support for the busy presence state as described in MSC3026. (#9644)
- Add support for credentials for proxy authentication in the
HTTPS_PROXY
environment variable. (#9657)
- Fix a longstanding bug that could cause issues when editing a reply to a message. (#9585)
- Fix the
/capabilities
endpoint to returnm.change_password
as disabled if the local password database is not used for authentication. Contributed by @dklimpel. (#9588) - Check if local passwords are enabled before setting them for the user. (#9636)
- Fix a bug where federation sending can stall due to
concurrent access
database exceptions when it falls behind. (#9639) - Fix a bug introduced in Synapse 1.30.1 which meant the suggested
pip
incantation to install an updatedcryptography
was incorrect. (#9699)
- Speed up Docker builds and make it nicer to test against Complement while developing (install all dependencies before copying the project). (#9610)
- Include opencontainers labels in the Docker image. (#9612)
- Clarify that
register_new_matrix_user
is present also when installed via non-pip package. (#9074) - Update source install documentation to mention platform prerequisites before the source install steps. (#9667)
- Improve worker documentation for fallback/web auth endpoints. (#9679)
- Update the sample configuration for OIDC authentication. (#9695)
- Preparatory steps for removing redundant
outlier
data fromevent_json.internal_metadata
column. (#9411) - Add type hints to the caching module. (#9442)
- Introduce flake8-bugbear to the test suite and fix some of its lint violations. (#9499, #9659)
- Add additional type hints to the Homeserver object. (#9631, #9638, #9675, #9681)
- Only save remote cross-signing and device keys if they're different from the current ones. (#9634)
- Rename storage function to fix spelling and not conflict with another function's name. (#9637)
- Improve performance of federation catch up by sending the latest events in the room to the remote, rather than just the last event sent by the local server. (#9640, #9664)
- In the
federation_client
commandline client, stop automatically adding the URL prefix, so that servlets on other prefixes can be tested. (#9645) - In the
federation_client
commandline client, handle inlinesigning_key
s inhomeserver.yaml
. (#9647) - Fixed some antipattern issues to improve code quality. (#9649)
- Add a storage method for pulling all current user presence state from the database. (#9650)
- Import
HomeServer
from the proper module. (#9665) - Increase default join ratelimiting burst rate. (#9674)
- Add type hints to third party event rules and visibility modules. (#9676)
- Bump mypy-zope to 0.2.13 to fix "Cannot determine consistent method resolution order (MRO)" errors when running mypy a second time. (#9678)
- Use interpreter from
$PATH
via/usr/bin/env
instead of absolute paths in various scripts. (#9689) - Make it possible to use
dmypy
. (#9692) - Suppress "CryptographyDeprecationWarning: int_from_bytes is deprecated". (#9698)
- Use
dmypy run
in lint script for improved performance in type-checking while developing. (#9701) - Fix undetected mypy error when using Python 3.6. (#9703)
- Fix type-checking CI on develop. (#9709)
This release is identical to Synapse 1.30.0, with the exception of explicitly setting a minimum version of Python's Cryptography library to ensure that users of Synapse are protected from the recent OpenSSL security advisories, especially CVE-2021-3449.
Note that Cryptography defaults to bundling its own statically linked copy of OpenSSL, which means that you may not be protected by your operating system's security updates.
It's also worth noting that Cryptography no longer supports Python 3.5, so admins deploying to older environments may not be protected against this or future vulnerabilities. Synapse will be dropping support for Python 3.5 at the end of March.
- Ensure that the docker container has up to date versions of openssl. (#9697)
- Enforce that
cryptography
dependency is up to date to ensure it has the most recent openssl patches. (#9697)
Note that this release deprecates the ability for appservices to
call POST /_matrix/client/r0/register
without the body parameter type
. Appservice
developers should use a type
value of m.login.application_service
as
per the spec.
In future releases, calling this endpoint with an access token - but without a m.login.application_service
type - will fail.
No significant changes.
- Add prometheus metrics for number of users successfully registering and logging in. (#9510, #9511, #9573)
- Add
synapse_federation_last_sent_pdu_time
andsynapse_federation_last_received_pdu_time
prometheus metrics, which monitor federation delays by reporting the timestamps of messages sent and received to a set of remote servers. (#9540) - Add support for generating JSON Web Tokens dynamically for use as OIDC client secrets. (#9549)
- Optimise handling of incomplete room history for incoming federation. (#9601)
- Finalise support for allowing clients to pick an SSO Identity Provider (MSC2858). (#9617)
- Tell spam checker modules about the SSO IdP a user registered through if one was used. (#9626)
- Fix long-standing bug when generating thumbnails for some images with transparency:
TypeError: cannot unpack non-iterable int object
. (#9473) - Purge chain cover indexes for events that were purged prior to Synapse v1.29.0. (#9542, #9583)
- Fix bug where federation requests were not correctly retried on 5xx responses. (#9567)
- Fix re-activating an account via the admin API when local passwords are disabled. (#9587)
- Fix a bug introduced in Synapse 1.20 which caused incoming federation transactions to stack up, causing slow recovery from outages. (#9597)
- Fix a bug introduced in v1.28.0 where the OpenID Connect callback endpoint could error with a
MacaroonInitException
. (#9620) - Fix Internal Server Error on
GET /_synapse/client/saml2/authn_response
request. (#9623)
- Make use of an improved malloc implementation (
jemalloc
) in the docker image. (#8553)
- Add relayd entry to reverse proxy example configurations. (#9508)
- Improve the SAML2 upgrade notes for 1.27.0. (#9550)
- Link to the "List user's media" admin API from the media admin API docs. (#9571)
- Clarify the spam checker modules documentation example to mention that
parse_config
is a required method. (#9580) - Clarify the sample configuration for
stats
settings. (#9604)
- The
synapse_federation_last_sent_pdu_age
andsynapse_federation_last_received_pdu_age
prometheus metrics have been removed. They are replaced bysynapse_federation_last_sent_pdu_time
andsynapse_federation_last_received_pdu_time
. (#9540) - Registering an Application Service user without using the
m.login.application_service
login type will be unsupported in an upcoming Synapse release. (#9559)
- Add tests to ResponseCache. (#9458)
- Add type hints to purge room and server notice admin API. (#9520)
- Add extra logging to ObservableDeferred when callbacks throw exceptions. (#9523)
- Fix incorrect type hints. (#9528, #9543, #9591, #9608, #9618)
- Add an additional test for purging a room. (#9541)
- Add a
.git-blame-ignore-revs
file with the hashes of auto-formatting. (#9560) - Increase the threshold before which outbound federation to a server goes into "catch up" mode, which is expensive for the remote server to handle. (#9561)
- Fix spurious errors reported by the
config-lint.sh
script. (#9562) - Fix type hints and tests for BlacklistingAgentWrapper and BlacklistingReactorWrapper. (#9563)
- Do not have mypy ignore type hints from unpaddedbase64. (#9568)
- Improve efficiency of calculating the auth chain in large rooms. (#9576)
- Convert
synapse.types.Requester
to anattrs
class. (#9586) - Add logging for redis connection setup. (#9590)
- Improve logging when processing incoming transactions. (#9596)
- Remove unused
stats.retention
setting, and emit a warning if stats are disabled. (#9604) - Prevent attempting to bundle aggregations for state events in /context APIs. (#9619)
Note that synapse now expects an X-Forwarded-Proto
header when used with a reverse proxy. Please see the upgrade notes for more details on this change.
No significant changes.
- Add rate limiters to cross-user key sharing requests. (#8957)
- Add
order_by
to the admin APIGET /_synapse/admin/v1/users/<user_id>/media
. Contributed by @dklimpel. (#8978) - Add some configuration settings to make users' profile data more private. (#9203)
- The
no_proxy
andNO_PROXY
environment variables are now respected in proxied HTTP clients with the lowercase form taking precedence if both are present. Additionally, the lowercasehttps_proxy
environment variable is now respected in proxied HTTP clients on top of existing support for the uppercaseHTTPS_PROXY
form and takes precedence if both are present. Contributed by Timothy Leung. (#9372) - Add a configuration option,
user_directory.prefer_local_users
, which when enabled will make it more likely for users on the same server as you to appear above other users. (#9383, #9385) - Add support for regenerating thumbnails if they have been deleted but the original image is still stored. (#9438)
- Add support for
X-Forwarded-Proto
header when using a reverse proxy. (#9472, #9501, #9512, #9539)
- Fix a bug where users' pushers were not all deleted when they deactivated their account. (#9285, #9516)
- Fix a bug where a lot of unnecessary presence updates were sent when joining a room. (#9402)
- Fix a bug that caused multiple calls to the experimental
shared_rooms
endpoint to return stale results. (#9416) - Fix a bug in single sign-on which could cause a "No session cookie found" error. (#9436)
- Fix bug introduced in v1.27.0 where allowing a user to choose their own username when logging in via single sign-on did not work unless an
idp_icon
was defined. (#9440) - Fix a bug introduced in v1.26.0 where some sequences were not properly configured when running
synapse_port_db
. (#9449) - Fix deleting pushers when using sharded pushers. (#9465, #9466, #9479, #9536)
- Fix missing startup checks for the consistency of certain PostgreSQL sequences. (#9470)
- Fix a long-standing bug where the media repository could leak file descriptors while previewing media. (#9497)
- Properly purge the event chain cover index when purging history. (#9498)
- Fix missing chain cover index due to a schema delta not being applied correctly. Only affected servers that ran development versions. (#9503)
- Fix a bug introduced in v1.25.0 where
/_synapse/admin/join/
would fail when given a room alias. (#9506) - Prevent presence background jobs from running when presence is disabled. (#9530)
- Fix rare edge case that caused a background update to fail if the server had rejected an event that had duplicate auth events. (#9537)
- Update the example systemd config to propagate reloads to individual units. (#9463)
- Add documentation and type hints to
parse_duration
. (#9432) - Remove vestiges of
uploads_path
configuration setting. (#9462) - Add a comment about systemd-python. (#9464)
- Test that we require validated email for email pushers. (#9496)
- Allow python to generate bytecode for synapse. (#9502)
- Fix incorrect type hints. (#9515, #9518)
- Add type hints to device and event report admin API. (#9519)
- Add type hints to user admin API. (#9521)
- Bump the versions of mypy and mypy-zope used for static type checking. (#9529)
Note that this release drops support for ARMv7 in the official Docker images, due to repeated problems building for ARMv7 (and the associated maintenance burden this entails).
This release also fixes the documentation included in v1.27.0 around the callback URI for SAML2 identity providers. If your server is configured to use single sign-on via a SAML2 IdP, you may need to make configuration changes. Please review the upgrade notes for more details on these changes.
- Revert change in v1.28.0rc1 to remove the deprecated SAML endpoint. (#9474)
The v1 list accounts API is deprecated and will be removed in a future release. This API was undocumented and misleading. It can be replaced by the v2 list accounts API, which has been available since Synapse 1.7.0 (2019-12-13).
Please check if you're using any scripts which use the admin API and replace
GET /_synapse/admin/v1/users/<user_id>
with GET /_synapse/admin/v2/users
.
- New admin API to get the context of an event:
/_synapse/admin/rooms/{roomId}/context/{eventId}
. (#9150) - Further improvements to the user experience of registration via single sign-on. (#9300, #9301)
- Add hook to spam checker modules that allow checking file uploads and remote downloads. (#9311)
- Add support for receiving OpenID Connect authentication responses via form
POST
s rather thanGET
s. (#9376) - Add the shadow-banning status to the admin API for user info. (#9400)
- Fix long-standing bug where sending email notifications would fail for rooms that the server had since left. (#9257)
- Fix bug introduced in Synapse 1.27.0rc1 which meant the "session expired" error page during SSO registration was badly formatted. (#9296)
- Assert a maximum length for some parameters for spec compliance. (#9321, #9393)
- Fix additional errors when previewing URLs: "AttributeError 'NoneType' object has no attribute 'xpath'" and "ValueError: Unicode strings with encoding declaration are not supported. Please use bytes input or XML fragments without declaration.". (#9333)
- Fix a bug causing Synapse to impose the wrong type constraints on fields when processing responses from appservices to
/_matrix/app/v1/thirdparty/user/{protocol}
. (#9361) - Fix bug where Synapse would occasionally stop reconnecting to Redis after the connection was lost. (#9391)
- Fix a long-standing bug when upgrading a room: "TypeError: '>' not supported between instances of 'NoneType' and 'int'". (#9395)
- Reduce the amount of memory used when generating the URL preview of a file that is larger than the
max_spider_size
. (#9421) - Fix a long-standing bug in the deduplication of old presence, resulting in no deduplication. (#9425)
- The
ui_auth.session_timeout
config option can now be specified in terms of number of seconds/minutes/etc/. Contributed by Rishabh Arya. (#9426) - Fix a bug introduced in v1.27.0: "TypeError: int() argument must be a string, a bytes-like object or a number, not 'NoneType." related to the user directory. (#9428)
- Drop support for ARMv7 in Docker images. (#9433)
- Reorganize CHANGELOG.md. (#9281)
- Add note to
auto_join_rooms
config option explaining existing rooms must be publicly joinable. (#9291) - Correct name of Synapse's service file in TURN howto. (#9308)
- Fix the braces in the
oidc_providers
section of the sample config. (#9317) - Update installation instructions on Fedora. (#9322)
- Add HTTP/2 support to the nginx example configuration. Contributed by David Vo. (#9390)
- Update docs for using Gitea as OpenID provider. (#9404)
- Document that pusher instances are shardable. (#9407)
- Fix erroneous documentation from v1.27.0 about updating the SAML2 callback URL. (#9434)
- Deprecate old admin API
GET /_synapse/admin/v1/users/<user_id>
. (#9429)
- Fix 'object name reserved for internal use' errors with recent versions of SQLite. (#9003)
- Add experimental support for running Synapse with PyPy. (#9123)
- Deny access to additional IP addresses by default. (#9240)
- Update the
Cursor
type hints to better match PEP 249. (#9299) - Add debug logging for SRV lookups. Contributed by @Bubu. (#9305)
- Improve logging for OIDC login flow. (#9307)
- Share the code for handling required attributes between the CAS and SAML handlers. (#9326)
- Clean up the code to load the metadata for OpenID Connect identity providers. (#9362)
- Convert tests to use
HomeserverTestCase
. (#9377, #9396) - Update the version of black used to 20.8b1. (#9381)
- Allow OIDC config to override discovered values. (#9384)
- Remove some dead code from the acceptance of room invites path. (#9394)
- Clean up an unused method in the presence handler code. (#9408)
Note that this release includes a change in Synapse to use Redis as a cache ─ as well as a pub/sub mechanism ─ if Redis support is enabled for workers. No action is needed by server administrators, and we do not expect resource usage of the Redis instance to change dramatically.
This release also changes the callback URI for OpenID Connect (OIDC) and SAML2 identity providers. If your server is configured to use single sign-on via an OIDC/OAuth2 or SAML2 IdP, you may need to make configuration changes. Please review the upgrade notes for more details on these changes.
This release also changes escaping of variables in the HTML templates for SSO or email notifications. If you have customised these templates, please review the upgrade notes for more details on these changes.
- Fix building Docker images for armv7. (#9405)
- Further improvements to the user experience of registration via single sign-on. (#9297)
- Fix ratelimiting introduced in v1.27.0rc1 for invites to respect the
ratelimit
flag on application services. (#9302) - Do not automatically calculate
public_baseurl
since it can be wrong in some situations. Reverts behaviour introduced in v1.26.0. (#9313)
- Clarify the sample configuration for changes made to the template loading code. (#9310)
- Add an admin API for getting and deleting forward extremities for a room. (#9062)
- Add an admin API for retrieving the current room state of a room. (#9168)
- Add experimental support for allowing clients to pick an SSO Identity Provider (MSC2858). (#9183, #9242)
- Add an admin API endpoint for shadow-banning users. (#9209)
- Add ratelimits to the 3PID
/requestToken
APIs. (#9238) - Add support to the OpenID Connect integration for adding the user's email address. (#9245)
- Add ratelimits to invites in rooms and to specific users. (#9258)
- Improve the user experience of setting up an account via single-sign on. (#9262, #9272, #9275, #9276, #9277, #9286, #9287)
- Add phone home stats for encrypted messages. (#9283)
- Update the redirect URI for OIDC authentication. (#9288)
- Fix spurious errors in logs when deleting a non-existent pusher. (#9121)
- Fix a long-standing bug where Synapse would return a 500 error when a thumbnail did not exist (and auto-generation of thumbnails was not enabled). (#9163)
- Fix a long-standing bug where an internal server error was raised when attempting to preview an HTML document in an unknown character encoding. (#9164)
- Fix a long-standing bug where invalid data could cause errors when calculating the presentable room name for push. (#9165)
- Fix bug where we sometimes didn't detect that Redis connections had died, causing workers to not see new data. (#9218)
- Fix a bug where
None
was passed to Synapse modules instead of an empty dictionary if an empty moduleconfig
block was provided in the homeserver config. (#9229) - Fix a bug in the
make_room_admin
admin API where it failed if the admin with the greatest power level was not in the room. Contributed by Pankaj Yadav. (#9235) - Prevent password hashes from getting dropped if a client failed threepid validation during a User Interactive Auth stage. Removes a workaround for an ancient bug in Riot Web <v0.7.4. (#9265)
- Fix single-sign-on when the endpoints are routed to synapse workers. (#9271)
- Add docs for using Gitea as OpenID provider. (#9134)
- Add link to Matrix VoIP tester for turn-howto. (#9135)
- Add notes on integrating with Facebook for SSO login. (#9244)
- The
service_url
parameter incas_config
is deprecated in favor ofpublic_baseurl
. (#9199) - Add new endpoint
/_synapse/client/saml2
for SAML2 authentication callbacks, and deprecate the old endpoint/_matrix/saml2
. (#9289)
- Add tests to
test_user.UsersListTestCase
for List Users Admin API. (#9045) - Various improvements to the federation client. (#9129)
- Speed up chain cover calculation when persisting a batch of state events at once. (#9176)
- Add a
long_description_type
to the package metadata. (#9180) - Speed up batch insertion when using PostgreSQL. (#9181, #9188)
- Emit an error at startup if different Identity Providers are configured with the same
idp_id
. (#9184) - Improve performance of concurrent use of
StreamIDGenerators
. (#9190) - Add some missing source directories to the automatic linting script. (#9191)
- Precompute joined hosts and store in Redis. (#9198, #9227)
- Clean-up template loading code. (#9200)
- Fix the Python 3.5 old dependencies build. (#9217)
- Update
isort
to v5.7.0 to bypass a bug where it would disagree withblack
about formatting. (#9222) - Add type hints to handlers code. (#9223, #9232)
- Fix Debian package building on Ubuntu 16.04 LTS (Xenial). (#9254)
- Minor performance improvement during TLS handshake. (#9255)
- Refactor the generation of summary text for email notifications. (#9260)
- Restore PyPy compatibility by not calling CPython-specific GC methods when under PyPy. (#9270)
This release brings a new schema version for Synapse and rolling back to a previous version is not trivial. Please review the upgrade notes for more details on these changes and for general upgrade guidance.
No significant changes since 1.26.0rc2.
- Fix receipts and account data not being sent down sync. Introduced in v1.26.0rc1. (#9193, #9195)
- Fix chain cover update to handle events with duplicate auth events. Introduced in v1.26.0rc1. (#9210)
- Add an
oidc-
prefix to anyidp_id
s which are given in theoidc_providers
configuration. (#9189) - Bump minimum
psycopg2
version to v2.8. (#9204)
This release brings a new schema version for Synapse and rolling back to a previous version is not trivial. Please review the upgrade notes for more details on these changes and for general upgrade guidance.
- Add support for multiple SSO Identity Providers. (#9015, #9017, #9036, #9067, #9081, #9082, #9105, #9107, #9109, #9110, #9127, #9153, #9154, #9177)
- During user-interactive authentication via single-sign-on, give a better error if the user uses the wrong account on the SSO IdP. (#9091)
- Give the
public_baseurl
a default value, if it is not explicitly set in the configuration file. (#9159) - Improve performance when calculating ignored users in large rooms. (#9024)
- Implement MSC2176 in an experimental room version. (#8984)
- Add an admin API for protecting local media from quarantine. (#9086)
- Remove a user's avatar URL and display name when deactivated with the Admin API. (#8932)
- Update
/_synapse/admin/v1/users/<user_id>/joined_rooms
to work for both local and remote users. (#8948) - Add experimental support for handling to-device messages on worker processes. (#9042, #9043, #9044, #9130)
- Add experimental support for handling
/keys/claim
and/room_keys
APIs on worker processes. (#9068) - Add experimental support for handling
/devices
API on worker processes. (#9092) - Add experimental support for moving off receipts and account data persistence off master. (#9104, #9166)
- Fix a long-standing issue where an internal server error would occur when requesting a profile over federation that did not include a display name / avatar URL. (#9023)
- Fix a long-standing bug where some caches could grow larger than configured. (#9028)
- Fix error handling during insertion of client IPs into the database. (#9051)
- Fix bug where we didn't correctly record CPU time spent in
on_new_event
block. (#9053) - Fix a minor bug which could cause confusing error messages from invalid configurations. (#9054)
- Fix incorrect exit code when there is an error at startup. (#9059)
- Fix
JSONDecodeError
spamming the logs when sending transactions to remote servers. (#9070) - Fix "Failed to send request" errors when a client provides an invalid room alias. (#9071)
- Fix bugs in federation catchup logic that caused outbound federation to be delayed for large servers after start up. Introduced in v1.8.0 and v1.21.0. (#9114, #9116)
- Fix corruption of
pushers
data when a postgres bouncer is used. (#9117) - Fix minor bugs in handling the
clientRedirectUrl
parameter for SSO login. (#9128) - Fix "Unhandled error in Deferred: BodyExceededMaxSize" errors when .well-known files that are too large. (#9108)
- Fix "UnboundLocalError: local variable 'length' referenced before assignment" errors when the response body exceeds the expected size. This bug was introduced in v1.25.0. (#9145)
- Fix a long-standing bug "ValueError: invalid literal for int() with base 10" when
/publicRooms
is requested with an invalidserver
parameter. (#9161)
- Add some extra docs for getting Synapse running on macOS. (#8997)
- Correct a typo in the
systemd-with-workers
documentation. (#9035) - Correct a typo in
INSTALL.md
. (#9040) - Add missing
user_mapping_provider
configuration to the Keycloak OIDC example. Contributed by @chris-ruecker. (#9057) - Quote
pip install
packages when extras are used to avoid shells interpreting bracket characters. (#9151)
- Remove broken and unmaintained
demo/webserver.py
script. (#9039)
- Improve efficiency of large state resolutions. (#8868, #9029, #9115, #9118, #9124)
- Various clean-ups to the structured logging and logging context code. (#8939)
- Ensure rejected events get added to some metadata tables. (#9016)
- Ignore date-rotated homeserver logs saved to disk. (#9018)
- Remove an unused column from
access_tokens
table. (#9025) - Add a
-noextras
factor totox.ini
, to support running the tests with no optional dependencies. (#9030) - Fix running unit tests when optional dependencies are not installed. (#9031)
- Allow bumping schema version when using split out state database. (#9033)
- Configure the linters to run on a consistent set of files. (#9038)
- Various cleanups to device inbox store. (#9041)
- Drop unused database tables. (#9055)
- Remove unused
SynapseService
class. (#9058) - Remove unnecessary declarations in the tests for the admin API. (#9063)
- Remove
SynapseRequest.get_user_agent
. (#9069) - Remove redundant
Homeserver.get_ip_from_request
method. (#9080) - Add type hints to media repository. (#9093)
- Fix the wrong arguments being passed to
BlacklistingAgentWrapper
fromMatrixFederationAgent
. Contributed by Timothy Leung. (#9098) - Reduce the scope of caught exceptions in
BlacklistingAgentWrapper
. (#9106) - Improve
UsernamePickerTestCase
. (#9112) - Remove dependency on
distutils
. (#9125) - Enforce that replication HTTP clients are called with keyword arguments only. (#9144)
- Fix the Python 3.5 / old dependencies build in CI. (#9146)
- Replace the old
perspectives
option in the Synapse docker config file template withtrusted_key_servers
. (#9157)
With this release, the Synapse team is announcing a formal deprecation policy for our platform dependencies, like Python and PostgreSQL:
All future releases of Synapse will follow the upstream end-of-life schedules.
Which means:
- This is the last release which guarantees support for Python 3.5.
- We will end support for PostgreSQL 9.5 early next month.
- We will end support for Python 3.6 and PostgreSQL 9.6 near the end of the year.
Crucially, this means we will not produce .deb packages for Debian 9 (Stretch) or Ubuntu 16.04 (Xenial) beyond the transition period described below.
The website https://endoflife.date/ has convenient summaries of the support schedules for projects like Python and PostgreSQL.
If you are unable to upgrade your environment to a supported version of Python or Postgres, we encourage you to consider using the Synapse Docker images instead.
We will make a good faith attempt to avoid breaking compatibility in all releases through the end of March 2021. However, critical security vulnerabilities in dependencies or other unanticipated circumstances may arise which necessitate breaking compatibility earlier.
We intend to continue producing .deb packages for Debian 9 (Stretch) and Ubuntu 16.04 (Xenial) through the transition period.
The old Purge Room API and Shutdown Room API are deprecated and will be removed in a future release. They will be replaced by the Delete Room API.
POST /_synapse/admin/v1/rooms/<room_id>/delete
replaces POST /_synapse/admin/v1/purge_room
and
POST /_synapse/admin/v1/shutdown_room/<room_id>
.
- Fix HTTP proxy support when using a proxy that is on a blacklisted IP. Introduced in v1.25.0rc1. Contributed by @Bubu. (#9084)
- Add an admin API that lets server admins get power in rooms in which local users have power. (#8756)
- Add optional HTTP authentication to replication endpoints. (#8853)
- Improve the error messages printed as a result of configuration problems for extension modules. (#8874)
- Add the number of local devices to Room Details Admin API. Contributed by @dklimpel. (#8886)
- Add
X-Robots-Tag
header to stop web crawlers from indexing media. Contributed by Aaron Raimist. (#8887) - Spam-checkers may now define their methods as
async
. (#8890) - Add support for allowing users to pick their own user ID during a single-sign-on login. (#8897, #8900, #8911, #8938, #8941, #8942, #8951)
- Add an
email.invite_client_location
configuration option to send a web client location to the invite endpoint on the identity server which allows customisation of the email template. (#8930) - The search term in the list room and list user Admin APIs is now treated as case-insensitive. (#8931)
- Apply an IP range blacklist to push and key revocation requests. (#8821, #8870, #8954)
- Add an option to allow re-use of user-interactive authentication sessions for a period of time. (#8970)
- Allow running the redact endpoint on workers. (#8994)
- Fix bug where we might not correctly calculate the current state for rooms with multiple extremities. (#8827)
- Fix a long-standing bug in the register admin endpoint (
/_synapse/admin/v1/register
) when themac
field was not provided. The endpoint now properly returns a 400 error. Contributed by @edwargix. (#8837) - Fix a long-standing bug on Synapse instances supporting Single-Sign-On, where users would be prompted to enter their password to confirm certain actions, even though they have not set a password. (#8858)
- Fix a longstanding bug where a 500 error would be returned if the
Content-Length
header was not provided to the upload media resource. (#8862) - Add additional validation to pusher URLs to be compliant with the specification. (#8865)
- Fix the error code that is returned when a user tries to register on a homeserver on which new-user registration has been disabled. (#8867)
- Fix a bug where
PUT /_synapse/admin/v2/users/<user_id>
failed to create a new user whenavatar_url
is specified. Bug introduced in Synapse v1.9.0. (#8872) - Fix a 500 error when attempting to preview an empty HTML file. (#8883)
- Fix occasional deadlock when handling SIGHUP. (#8918)
- Fix login API to not ratelimit application services that have ratelimiting disabled. (#8920)
- Fix bug where we ratelimited auto joining of rooms on registration (using
auto_join_rooms
config). (#8921) - Fix a bug where deactivated users appeared in the user directory when their profile information was updated. (#8933, #8964)
- Fix bug introduced in Synapse v1.24.0 which would cause an exception on startup if both
enabled
andlocaldb_enabled
were set toFalse
in thepassword_config
setting of the configuration file. (#8937) - Fix a bug where 500 errors would be returned if the
m.room_history_visibility
event had invalid content. (#8945) - Fix a bug causing common English words to not be considered for a user directory search. (#8959)
- Fix bug where application services couldn't register new ghost users if the server had reached its MAU limit. (#8962)
- Fix a long-standing bug where a
m.image
event without aurl
would cause errors on push. (#8965) - Fix a small bug in v2 state resolution algorithm, which could also cause performance issues for rooms with large numbers of power levels. (#8971)
- Add validation to the
sendToDevice
API to raise a missing parameters error instead of a 500 error. (#8975) - Add validation of group IDs to raise a 400 error instead of a 500 error. (#8977)
- Fix the "Event persist rate" section of the included grafana dashboard by adding missing prometheus rules. (#8802)
- Combine related media admin API docs. (#8839)
- Fix an error in the documentation for the SAML username mapping provider. (#8873)
- Clarify comments around template directories in
sample_config.yaml
. (#8891) - Move instructions for database setup, adjusted heading levels and improved syntax highlighting in INSTALL.md. Contributed by @fossterer. (#8987)
- Update the example value of
group_creation_prefix
in the sample configuration. (#8992) - Link the Synapse developer room to the development section in the docs. (#9002)
- Deprecate Shutdown Room and Purge Room Admin APIs. (#8829)
- Properly store the mapping of external ID to Matrix ID for CAS users. (#8856, #8958)
- Remove some unnecessary stubbing from unit tests. (#8861)
- Remove unused
FakeResponse
class from unit tests. (#8864) - Pass
room_id
toget_auth_chain_difference
. (#8879) - Add type hints to push module. (#8880, #8882, #8901, #8940, #8943, #9020)
- Simplify logic for handling user-interactive-auth via single-sign-on servers. (#8881)
- Skip the SAML tests if the requirements (
pysaml2
andxmlsec1
) aren't available. (#8905) - Fix multiarch docker image builds. (#8906)
- Don't publish
latest
docker image until all archs are built. (#8909) - Various clean-ups to the structured logging and logging context code. (#8916, #8935)
- Automatically drop stale forward-extremities under some specific conditions. (#8929)
- Refactor test utilities for injecting HTTP requests. (#8946)
- Add a maximum size of 50 kilobytes to .well-known lookups. (#8950)
- Fix bug in
generate_log_config
script which made it write empty files. (#8952) - Clean up tox.ini file; disable coverage checking for non-test runs. (#8963)
- Add type hints to the admin and room list handlers. (#8973)
- Add type hints to the receipts and user directory handlers. (#8976)
- Drop the unused
local_invites
table. (#8979) - Add type hints to the base storage code. (#8980)
- Support using PyJWT v2.0.0 in the test suite. (#8986)
- Fix
tests.federation.transport.RoomDirectoryFederationTests
and ensure it runs in CI. (#8998) - Add type hints to the crypto module. (#8999)
Changelogs for older versions can be found here.