Skip to content
Snippets Groups Projects
Select Git revision
  • tedomum default
  • deploy-exploding-state-groups
  • fix-exploding-state-groups
  • v1.125.0+tedomum.1
  • v1.123.0+tedomum.1
  • v1.122.0+tedomum.1
  • v1.121.1+tedomum.1
  • v1.119.0+tedomum.1
  • v1.118.0+tedomum.1
  • v1.114.0+tedomum.1
  • v1.109.0+tedomum.1
  • v1.105.1+tedomum.1
  • v1.98.0+tedomum.1
  • v1.97.0+tedomum.1
  • v1.96.1+tedomum.1
  • v1.95.1+tedomum.1
  • v1.88.0+tedomum.1
  • v1.73.0
  • v1.73.0rc2
  • v1.73.0rc1
  • v1.72.0
  • v1.72.0rc1
  • v1.71.0
23 results
Blame Permalink
To find the state of this project's repository at the time of any of these versions, check out the tags.
CHANGES.md 471.25 KiB

Synapse 1.25.0rc1 (2021-01-06)

Removal warning

The old Purge Room API and Shutdown Room API are deprecated and will be removed in a future release. They will be replaced by the Delete Room API.

POST /_synapse/admin/v1/rooms/<room_id>/delete replaces POST /_synapse/admin/v1/purge_room and POST /_synapse/admin/v1/shutdown_room/<room_id>.

Features

  • Add an admin API that lets server admins get power in rooms in which local users have power. (#8756)
  • Add optional HTTP authentication to replication endpoints. (#8853)
  • Improve the error messages printed as a result of configuration problems for extension modules. (#8874)
  • Add the number of local devices to Room Details Admin API. Contributed by @dklimpel. (#8886)
  • Add X-Robots-Tag header to stop web crawlers from indexing media. Contributed by Aaron Raimist. (#8887)
  • Spam-checkers may now define their methods as async. (#8890)
  • Add support for allowing users to pick their own user ID during a single-sign-on login. (#8897, #8900, #8911, #8938, #8941, #8942, #8951)
  • Add an email.invite_client_location configuration option to send a web client location to the invite endpoint on the identity server which allows customisation of the email template. (#8930)
  • The search term in the list room and list user Admin APIs is now treated as case-insensitive. (#8931)
  • Apply an IP range blacklist to push and key revocation requests. (#8821, #8870, #8954)
  • Add an option to allow re-use of user-interactive authentication sessions for a period of time. (#8970)
  • Allow running the redact endpoint on workers. (#8994)

Bugfixes

  • Fix bug where we might not correctly calculate the current state for rooms with multiple extremities. (#8827)
  • Fix a long-standing bug in the register admin endpoint (/_synapse/admin/v1/register) when the mac field was not provided. The endpoint now properly returns a 400 error. Contributed by @edwargix. (#8837)
  • Fix a long-standing bug on Synapse instances supporting Single-Sign-On, where users would be prompted to enter their password to confirm certain actions, even though they have not set a password. (#8858)
  • Fix a longstanding bug where a 500 error would be returned if the Content-Length header was not provided to the upload media resource. (#8862)
  • Add additional validation to pusher URLs to be compliant with the specification. (#8865)
  • Fix the error code that is returned when a user tries to register on a homeserver on which new-user registration has been disabled. (#8867)
  • Fix a bug where PUT /_synapse/admin/v2/users/<user_id> failed to create a new user when avatar_url is specified. Bug introduced in Synapse v1.9.0. (#8872)
  • Fix a 500 error when attempting to preview an empty HTML file. (#8883)
  • Fix occasional deadlock when handling SIGHUP. (#8918)
  • Fix login API to not ratelimit application services that have ratelimiting disabled. (#8920)
  • Fix bug where we ratelimited auto joining of rooms on registration (using auto_join_rooms config). (#8921)
  • Fix a bug where deactivated users appeared in the user directory when their profile information was updated. (#8933, #8964)
  • Fix bug introduced in Synapse v1.24.0 which would cause an exception on startup if both enabled and localdb_enabled were set to False in the password_config setting of the configuration file. (#8937)
  • Fix a bug where 500 errors would be returned if the m.room_history_visibility event had invalid content. (#8945)
  • Fix a bug causing common English words to not be considered for a user directory search. (#8959)
  • Fix bug where application services couldn't register new ghost users if the server had reached its MAU limit. (#8962)
  • Fix a long-standing bug where a m.image event without a url would cause errors on push. (#8965)
  • Fix a small bug in v2 state resolution algorithm, which could also cause performance issues for rooms with large numbers of power levels. (#8971)
  • Add validation to the sendToDevice API to raise a missing parameters error instead of a 500 error. (#8975)
  • Add validation of group IDs to raise a 400 error instead of a 500 eror. (#8977)

Improved Documentation

  • Fix the "Event persist rate" section of the included grafana dashboard by adding missing prometheus rules. (#8802)
  • Combine related media admin API docs. (#8839)
  • Fix an error in the documentation for the SAML username mapping provider. (#8873)
  • Clarify comments around template directories in sample_config.yaml. (#8891)
  • Moved instructions for database setup, adjusted heading levels and improved syntax highlighting in INSTALL.md. Contributed by fossterer. (#8987)
  • Update the example value of group_creation_prefix in the sample configuration. (#8992)
  • Link the Synapse developer room to the development section in the docs. (#9002)

Deprecations and Removals

  • Deprecate Shutdown Room and Purge Room Admin APIs. (#8829)

Internal Changes

  • Properly store the mapping of external ID to Matrix ID for CAS users. (#8856, #8958)
  • Remove some unnecessary stubbing from unit tests. (#8861)
  • Remove unused FakeResponse class from unit tests. (#8864)
  • Pass room_id to get_auth_chain_difference. (#8879)
  • Add type hints to push module. (#8880, #8882, #8901, #8940, #8943, #9020)
  • Simplify logic for handling user-interactive-auth via single-sign-on servers. (#8881)
  • Skip the SAML tests if the requirements (pysaml2 and xmlsec1) aren't available. (#8905)
  • Fix multiarch docker image builds. (#8906)
  • Don't publish latest docker image until all archs are built. (#8909)
  • Various clean-ups to the structured logging and logging context code. (#8916, #8935)
  • Automatically drop stale forward-extremities under some specific conditions. (#8929)
  • Refactor test utilities for injecting HTTP requests. (#8946)
  • Add a maximum size of 50 kilobytes to .well-known lookups. (#8950)
  • Fix bug in generate_log_config script which made it write empty files. (#8952)
  • Clean up tox.ini file; disable coverage checking for non-test runs. (#8963)
  • Add type hints to the admin and room list handlers. (#8973)
  • Add type hints to the receipts and user directory handlers. (#8976)
  • Drop the unused local_invites table. (#8979)
  • Add type hints to the base storage code. (#8980)
  • Support using PyJWT v2.0.0 in the test suite. (#8986)
  • Fix tests.federation.transport.RoomDirectoryFederationTests and ensure it runs in CI. (#8998)
  • Add type hints to the crypto module. (#8999)

Synapse 1.24.0 (2020-12-09)

Due to the two security issues highlighted below, server administrators are encouraged to update Synapse. We are not aware of these vulnerabilities being exploited in the wild.

Security advisory

The following issues are fixed in v1.23.1 and v1.24.0.

  • There is a denial of service attack (CVE-2020-26257) against the federation APIs in which future events will not be correctly sent to other servers over federation. This affects all servers that participate in open federation. (Fixed in #8776).

  • Synapse may be affected by OpenSSL CVE-2020-1971. Synapse administrators should ensure that they have the latest versions of the cryptography Python package installed.

To upgrade Synapse along with the cryptography package:

  • Administrators using the matrix.org Docker image or the Debian/Ubuntu packages from matrix.org should ensure that they have version 1.24.0 or 1.23.1 installed: these images include the updated packages.
  • Administrators who have installed Synapse from source should upgrade the cryptography package within their virtualenv by running: 
    <path_to_virtualenv>/bin/pip install 'cryptography>=3.3'
  • Administrators who have installed Synapse from distribution packages should consult the information from their distributions.

Internal Changes

  • Add a maximum version for pysaml2 on Python 3.5. (#8898)

Synapse 1.23.1 (2020-12-09)

Due to the two security issues highlighted below, server administrators are encouraged to update Synapse. We are not aware of these vulnerabilities being exploited in the wild.

Security advisory

The following issues are fixed in v1.23.1 and v1.24.0.

  • There is a denial of service attack (CVE-2020-26257) against the federation APIs in which future events will not be correctly sent to other servers over federation. This affects all servers that participate in open federation. (Fixed in #8776).

  • Synapse may be affected by OpenSSL CVE-2020-1971. Synapse administrators should ensure that they have the latest versions of the cryptography Python package installed.

To upgrade Synapse along with the cryptography package:

  • Administrators using the matrix.org Docker image or the Debian/Ubuntu packages from matrix.org should ensure that they have version 1.24.0 or 1.23.1 installed: these images include the updated packages.
  • Administrators who have installed Synapse from source should upgrade the cryptography package within their virtualenv by running: 
    <path_to_virtualenv>/bin/pip install 'cryptography>=3.3'
  • Administrators who have installed Synapse from distribution packages should consult the information from their distributions.

Bugfixes

  • Fix a bug in some federation APIs which could lead to unexpected behaviour if different parameters were set in the URI and the request body. (#8776)

Internal Changes

  • Add a maximum version for pysaml2 on Python 3.5. (#8898)

Synapse 1.24.0rc2 (2020-12-04)

Bugfixes

  • Fix a regression in v1.24.0rc1 which failed to allow SAML mapping providers which were unable to redirect users to an additional page. (#8878)

Internal Changes

  • Add support for the prometheus_client newer than 0.9.0. Contributed by Jordan Bancino. (#8875)

Synapse 1.24.0rc1 (2020-12-02)

Features

  • Add admin API for logging in as a user. (#8617)
  • Allow specification of the SAML IdP if the metadata returns multiple IdPs. (#8630)
  • Add support for re-trying generation of a localpart for OpenID Connect mapping providers. (#8801, #8855)
  • Allow the Date header through CORS. Contributed by Nicolas Chamo. (#8804)
  • Add a config option, push.group_by_unread_count, which controls whether unread message counts in push notifications are defined as "the number of rooms with unread messages" or "total unread messages". (#8820)
  • Add force_purge option to delete-room admin api. (#8843)

Bugfixes

  • Fix a bug where appservices may be sent an excessive amount of read receipts and presence. Broke in v1.22.0. (#8744)
  • Fix a bug in some federation APIs which could lead to unexpected behaviour if different parameters were set in the URI and the request body. (#8776)
  • Fix a bug where synctl could spawn duplicate copies of a worker. Contributed by Waylon Cude. (#8798)
  • Allow per-room profiles to be used for the server notice user. (#8799)
  • Fix a bug where logging could break after a call to SIGHUP. (#8817)
  • Fix register_new_matrix_user failing with "Bad Request" when trailing slash is included in server URL. Contributed by @angdraug. (#8823)
  • Fix a minor long-standing bug in login, where we would offer the password login type if a custom auth provider supported it, even if password login was disabled. (#8835)
  • Fix a long-standing bug which caused Synapse to require unspecified parameters during user-interactive authentication. (#8848)
  • Fix a bug introduced in v1.20.0 where the user-agent and IP address reported during user registration for CAS, OpenID Connect, and SAML were of the wrong form. (#8784)

Improved Documentation

  • Clarify the usecase for a msisdn delegate. Contributed by Adrian Wannenmacher. (#8734)
  • Remove extraneous comma from JSON example in User Admin API docs. (#8771)
  • Update turn-howto.md with troubleshooting notes. (#8779)
  • Fix the example on how to set the Content-Type header in nginx for the Client Well-Known URI. (#8793)
  • Improve the documentation for the admin API to list all media in a room with respect to encrypted events. (#8795)
  • Update the formatting of the push section of the homeserver config file to better align with the code style guidelines. (#8818)
  • Improve documentation how to configure prometheus for workers. (#8822)
  • Update example prometheus console. (#8824)

Deprecations and Removals

  • Remove old /_matrix/client/*/admin endpoints which were deprecated since Synapse 1.20.0. (#8785)
  • Disable pretty printing JSON responses for curl. Users who want pretty-printed output should use jq in combination with curl. Contributed by @tulir. (#8833)

Internal Changes

  • Simplify the way the HomeServer object caches its internal attributes. (#8565, #8851)
  • Add an example and documentation for clock skew to the SAML2 sample configuration to allow for clock/time difference between the homserver and IdP. Contributed by @localguru. (#8731)
  • Generalise RoomMemberHandler._locally_reject_invite to apply to more flows than just invite. (#8751)
  • Generalise RoomStore.maybe_store_room_on_invite to handle other, non-invite membership events. (#8754)
  • Refactor test utilities for injecting HTTP requests. (#8757, #8758, #8759, #8760, #8761, #8777)
  • Consolidate logic between the OpenID Connect and SAML code. (#8765)
  • Use TYPE_CHECKING instead of magic MYPY variable. (#8770)
  • Add a commandline script to sign arbitrary json objects. (#8772)
  • Minor log line improvements for the SSO mapping code used to generate Matrix IDs from SSO IDs. (#8773)
  • Add additional error checking for OpenID Connect and SAML mapping providers. (#8774, #8800)
  • Add type hints to HTTP abstractions. (#8806, #8812)
  • Remove unnecessary function arguments and add typing to several membership replication classes. (#8809)
  • Optimise the lookup for an invite from another homeserver when trying to reject it. (#8815)
  • Add tests for password_auth_providers. (#8819)
  • Drop redundant database index on event_json. (#8845)
  • Simplify uk.half-shot.msc2778.login.application_service login handler. (#8847)
  • Refactor password_auth_provider support code. (#8849)
  • Add missing ordering to background database updates. (#8850)
  • Allow for specifying a room version when creating a room in unit tests via RestHelper.create_room_as. (#8854)

Synapse 1.23.0 (2020-11-18)

This release changes the way structured logging is configured. See the upgrade notes for details.

Note: We are aware of a trivially exploitable denial of service vulnerability in versions of Synapse prior to 1.20.0. Complete details will be disclosed on Monday, November 23rd. If you have not upgraded recently, please do so.

Bugfixes

  • Fix a dependency versioning bug in the Dockerfile that prevented Synapse from starting. (#8767)

Synapse 1.23.0rc1 (2020-11-13)

Features

  • Add a push rule that highlights when a jitsi conference is created in a room. (#8286)
  • Add an admin api to delete a single file or files that were not used for a defined time from server. Contributed by @dklimpel. (#8519)
  • Split admin API for reported events (GET /_synapse/admin/v1/event_reports) into detail and list endpoints. This is a breaking change to #8217 which was introduced in Synapse v1.21.0. Those who already use this API should check their scripts. Contributed by @dklimpel. (#8539)
  • Support generating structured logs via the standard logging configuration. (#8607, #8685)
  • Add an admin API to allow server admins to list users' pushers. Contributed by @dklimpel. (#8610, #8689)
  • Add an admin API GET /_synapse/admin/v1/users/<user_id>/media to get information about uploaded media. Contributed by @dklimpel. (#8647)
  • Add an admin API for local user media statistics. Contributed by @dklimpel. (#8700)
  • Add displayname to Shared-Secret Registration for admins. (#8722)

Bugfixes

  • Fix fetching of E2E cross signing keys over federation when only one of the master key and device signing key is cached already. (#8455)
  • Fix a bug where Synapse would blindly forward bad responses from federation to clients when retrieving profile information. (#8580)
  • Fix a bug where the account validity endpoint would silently fail if the user ID did not have an expiration time. It now returns a 400 error. (#8620)
  • Fix email notifications for invites without local state. (#8627)
  • Fix handling of invalid group IDs to return a 400 rather than log an exception and return a 500. (#8628)
  • Fix handling of User-Agent headers that are invalid UTF-8, which caused user agents of users to not get correctly recorded. (#8632)
  • Fix a bug in the joined_rooms admin API if the user has never joined any rooms. The bug was introduced, along with the API, in v1.21.0. (#8643)
  • Fix exception during handling multiple concurrent requests for remote media when using multiple media repositories. (#8682)
  • Fix bug that prevented Synapse from recovering after losing connection to the database. (#8726)
  • Fix bug where the /_synapse/admin/v1/send_server_notice API could send notices to non-notice rooms. (#8728)
  • Fix PostgreSQL port script fails when DB has no backfilled events. Broke in v1.21.0. (#8729)
  • Fix PostgreSQL port script to correctly handle foreign key constraints. Broke in v1.21.0. (#8730)
  • Fix PostgreSQL port script so that it can be run again after a failure. Broke in v1.21.0. (#8755)

Improved Documentation

  • Instructions for Azure AD in the OpenID Connect documentation. Contributed by peterk. (#8582)
  • Improve the sample configuration for single sign-on providers. (#8635)
  • Fix the filepath of Dex's example config and the link to Dex's Getting Started guide in the OpenID Connect docs. (#8657)
  • Note support for Python 3.9. (#8665)
  • Minor updates to docs on running tests. (#8666)
  • Interlink prometheus/grafana documentation. (#8667)
  • Notes on SSO logins and media_repository worker. (#8701)
  • Document experimental support for running multiple event persisters. (#8706)
  • Add information regarding the various sources of, and expected contributions to, Synapse's documentation to CONTRIBUTING.md. (#8714)
  • Migrate documentation docs/admin_api/event_reports to markdown. (#8742)
  • Add some helpful hints to the README for new Synapse developers. Contributed by @chagai95. (#8746)

Internal Changes

  • Optimise /createRoom with multiple invited users. (#8559)
  • Implement and use an @lru_cache decorator. (#8595)
  • Don't instansiate Requester directly. (#8614)
  • Type hints for RegistrationStore. (#8615)
  • Change schema to support access tokens belonging to one user but granting access to another. (#8616)
  • Remove unused OPTIONS handlers. (#8621)
  • Run mypy as part of the lint.sh script. (#8633)
  • Correct Synapse's PyPI package name in the OpenID Connect installation instructions. (#8634)
  • Catch exceptions during initialization of password_providers. Contributed by Nicolai Søborg. (#8636)
  • Fix typos and spelling errors in the code. (#8639)
  • Reduce number of OpenTracing spans started. (#8640, #8668, #8670)
  • Add field total to device list in admin API. (#8644)
  • Add more type hints to the application services code. (#8655, #8693)
  • Tell Black to format code for Python 3.5. (#8664)
  • Don't pull event from DB when handling replication traffic. (#8669)
  • Abstract some invite-related code in preparation for landing knocking. (#8671, #8688)
  • Clarify representation of events in logfiles. (#8679)
  • Don't require hiredis package to be installed to run unit tests. (#8680)
  • Fix typing info on cache call signature to accept on_invalidate. (#8684)
  • Fail tests if they do not await coroutines. (#8690)
  • Improve start time by adding an index to e2e_cross_signing_keys.stream_id. (#8694)
  • Re-organize the structured logging code to separate the TCP transport handling from the JSON formatting. (#8697)
  • Use Python 3.8 in Docker images by default. (#8698)
  • Remove the "draft" status of the Room Details Admin API. (#8702)
  • Improve the error returned when a non-string displayname or avatar_url is used when updating a user's profile. (#8705)
  • Block attempts by clients to send server ACLs, or redactions of server ACLs, that would result in the local server being blocked from the room. (#8708)
  • Add metrics the allow the local sysadmin to track 3PID /requestToken requests. (#8712)
  • Consolidate duplicated lists of purged tables that are checked in tests. (#8713)
  • Add some mdui:UIInfo element examples for saml2_config in the homeserver config. (#8718)
  • Improve the error message returned when a remote server incorrectly sets the Content-Type header in response to a JSON request. (#8719)
  • Speed up repeated state resolutions on the same room by caching event ID to auth event ID lookups. (#8752)

Synapse 1.22.1 (2020-10-30)

Bugfixes

  • Fix a bug where an appservice may not be forwarded events for a room it was recently invited to. Broke in v1.22.0. (#8676)
  • Fix Object of type frozendict is not JSON serializable exceptions when using third-party event rules. Broke in v1.22.0. (#8678)

Synapse 1.22.0 (2020-10-27)

No significant changes.

Synapse 1.22.0rc2 (2020-10-26)

Bugfixes

  • Fix bugs where ephemeral events were not sent to appservices. Broke in v1.22.0rc1. (#8648, #8656)
  • Fix user_daily_visits table to not have duplicate rows per user/device due to multiple user agents. Broke in v1.22.0rc1. (#8654)

Synapse 1.22.0rc1 (2020-10-22)

Features

  • Add a configuration option for always using the "userinfo endpoint" for OpenID Connect. This fixes support for some identity providers, e.g. GitLab. Contributed by Benjamin Koch. (#7658)
  • Add ability for ThirdPartyEventRules modules to query and manipulate whether a room is in the public rooms directory. (#8292, #8467)
  • Add support for olm fallback keys (MSC2732). (#8312, #8501)
  • Add support for running background tasks in a separate worker process. (#8369, #8458, #8489, #8513, #8544, #8599)
  • Add support for device dehydration (MSC2697). (#8380)
  • Add support for MSC2409, which allows sending typing, read receipts, and presence events to appservices. (#8437, #8590)
  • Change default room version to "6", per MSC2788. (#8461)
  • Add the ability to send non-membership events into a room via the ModuleApi. (#8479)
  • Increase default upload size limit from 10M to 50M. Contributed by @Akkowicz. (#8502)
  • Add support for modifying event content in ThirdPartyRules modules. (#8535, #8564)

Bugfixes

  • Fix a longstanding bug where invalid ignored users in account data could break clients. (#8454)
  • Fix a bug where backfilling a room with an event that was missing the redacts field would break. (#8457)
  • Don't attempt to respond to some requests if the client has already disconnected. (#8465)
  • Fix message duplication if something goes wrong after persisting the event. (#8476)
  • Fix incremental sync returning an incorrect prev_batch token in timeline section, which when used to paginate returned events that were included in the incremental sync. Broken since v0.16.0. (#8486)
  • Expose the uk.half-shot.msc2778.login.application_service to clients from the login API. This feature was added in v1.21.0, but was not exposed as a potential login flow. (#8504)
  • Fix error code for /profile/{userId}/displayname to be M_BAD_JSON. (#8517)
  • Fix a bug introduced in v1.7.0 that could cause Synapse to insert values from non-state m.room.retention events into the room_retention database table. (#8527)
  • Fix not sending events over federation when using sharded event writers. (#8536)
  • Fix a long standing bug where email notifications for encrypted messages were blank. (#8545)
  • Fix increase in the number of There was no active span... errors logged when using OpenTracing. (#8567)
  • Fix a bug that prevented errors encountered during execution of the synapse_port_db from being correctly printed. (#8585)
  • Fix appservice transactions to only include a maximum of 100 persistent and 100 ephemeral events. (#8606)

Updates to the Docker image

  • Added multi-arch support (arm64,arm/v7) for the docker images. Contributed by @maquis196. (#7921)
  • Add support for passing commandline args to the synapse process. Contributed by @samuel-p. (#8390)

Improved Documentation

  • Update the directions for using the manhole with coroutines. (#8462)
  • Improve readme by adding new shield.io badges. (#8493)
  • Added note about docker in manhole.md regarding which ip address to bind to. Contributed by @Maquis196. (#8526)
  • Document the new behaviour of the allowed_lifetime_min and allowed_lifetime_max settings in the room retention configuration. (#8529)

Deprecations and Removals

  • Drop unused device_max_stream_id table. (#8589)

Internal Changes

  • Check for unreachable code with mypy. (#8432)
  • Add unit test for event persister sharding. (#8433)
  • Allow events to be sent to clients sooner when using sharded event persisters. (#8439, #8488, #8496, #8499)
  • Configure public_baseurl when using demo scripts. (#8443)
  • Add SQL logging on queries that happen during startup. (#8448)
  • Speed up unit tests when using PostgreSQL. (#8450)
  • Remove redundant database loads of stream_ordering for events we already have. (#8452)
  • Reduce inconsistencies between codepaths for membership and non-membership events. (#8463)
  • Combine SpamCheckerApi with the more generic ModuleApi. (#8464)
  • Additional testing for ThirdPartyEventRules. (#8468)
  • Add -d option to ./scripts-dev/lint.sh to lint files that have changed since the last git commit. (#8472)
  • Unblacklist some sytests. (#8474)
  • Include the log level in the phone home stats. (#8477)
  • Remove outdated sphinx documentation, scripts and configuration. (#8480)
  • Clarify error message when plugin config parsers raise an error. (#8492)
  • Remove the deprecated Handlers object. (#8494)
  • Fix a threadsafety bug in unit tests. (#8497)
  • Add user agent to user_daily_visits table. (#8503)
  • Add type hints to various parts of the code base. (#8407, #8505, #8507, #8547, #8562, #8609)
  • Remove unused code from the test framework. (#8514)
  • Apply some internal fixes to the HomeServer class to make its code more idiomatic and statically-verifiable. (#8515)
  • Factor out common code between RoomMemberHandler._locally_reject_invite and EventCreationHandler.create_event. (#8537)
  • Improve database performance by executing more queries without starting transactions. (#8542)
  • Rename Cache to DeferredCache, to better reflect its purpose. (#8548)
  • Move metric registration code down into LruCache. (#8561, #8591)
  • Replace DeferredCache with the lighter-weight LruCache where possible. (#8563)
  • Add virtualenv-generated folders to .gitignore. (#8566)
  • Add get_immediate method to DeferredCache. (#8568)
  • Fix mypy not properly checking across the codebase, additionally, fix a typing assertion error in handlers/auth.py. (#8569)
  • Fix synmark benchmark runner. (#8571)
  • Modify DeferredCache.get() to return Deferreds instead of ObservableDeferreds. (#8572)
  • Adjust a protocol-type definition to fit sqlite3 assertions. (#8577)
  • Support macOS on the synmark benchmark runner. (#8578)
  • Update mypy static type checker to 0.790. (#8583, #8600)
  • Re-organize the structured logging code to separate the TCP transport handling from the JSON formatting. (#8587)
  • Remove extraneous unittest logging decorators from unit tests. (#8592)
  • Minor optimisations in caching code. (#8593, #8594)

Synapse 1.21.2 (2020-10-15)

Debian packages and Docker images have been rebuilt using the latest versions of dependency libraries, including authlib 0.15.1. Please see bugfixes below.

Security advisory

  • HTML pages served via Synapse were vulnerable to cross-site scripting (XSS) attacks. All server administrators are encouraged to upgrade. (#8444) (CVE-2020-26891)

    This fix was originally included in v1.21.0 but was missing a security advisory.

    This was reported by Denis Kasak.

Bugfixes

  • Fix rare bug where sending an event would fail due to a racey assertion. (#8530)
  • An updated version of the authlib dependency is included in the Docker and Debian images to fix an issue using OpenID Connect. See #8534 for details.

Synapse 1.21.1 (2020-10-13)

This release fixes a regression in v1.21.0 that prevented debian packages from being built. It is otherwise identical to v1.21.0.

Synapse 1.21.0 (2020-10-12)

No significant changes since v1.21.0rc3.

As noted in v1.20.0, a future release will drop support for accessing Synapse's Admin API under the /_matrix/client/* endpoint prefixes. At that point, the Admin API will only be accessible under /_synapse/admin.

Synapse 1.21.0rc3 (2020-10-08)

Bugfixes

  • Fix duplication of events on high traffic servers, caused by PostgreSQL could not serialize access due to concurrent update errors. (#8456)

Internal Changes

  • Add Groovy Gorilla to the list of distributions we build .debs for. (#8475)

Synapse 1.21.0rc2 (2020-10-02)

Features

  • Convert additional templates from inline HTML to Jinja2 templates. (#8444)

Bugfixes

  • Fix a regression in v1.21.0rc1 which broke thumbnails of remote media. (#8438)
  • Do not expose the experimental uk.half-shot.msc2778.login.application_service flow in the login API, which caused a compatibility problem with Element iOS. (#8440)
  • Fix malformed log line in new federation "catch up" logic. (#8442)
  • Fix DB query on startup for negative streams which caused long start up times. Introduced in #8374. (#8447)

Synapse 1.21.0rc1 (2020-10-01)

Features

  • Require the user to confirm that their password should be reset after clicking the email confirmation link. (#8004)
  • Add an admin API GET /_synapse/admin/v1/event_reports to read entries of table event_reports. Contributed by @dklimpel. (#8217)
  • Consolidate the SSO error template across all configuration. (#8248, #8405)
  • Add a configuration option to specify a whitelist of domains that a user can be redirected to after validating their email or phone number. (#8275, #8417)
  • Add experimental support for sharding event persister. (#8294, #8387, #8396, #8419)
  • Add the room topic and avatar to the room details admin API. (#8305)
  • Add an admin API for querying rooms where a user is a member. Contributed by @dklimpel. (#8306)
  • Add uk.half-shot.msc2778.login.application_service login type to allow appservices to login. (#8320)
  • Add a configuration option that allows existing users to log in with OpenID Connect. Contributed by @BBBSnowball and @OmmyZhang. (#8345)
  • Add prometheus metrics for replication requests. (#8406)
  • Support passing additional single sign-on parameters to the client. (#8413)
  • Add experimental reporting of metrics on expensive rooms for state-resolution. (#8420)
  • Add experimental prometheus metric to track numbers of "large" rooms for state resolutiom. (#8425)
  • Add prometheus metrics to track federation delays. (#8430)

Bugfixes

  • Fix a bug in the media repository where remote thumbnails with the same size but different crop methods would overwrite each other. Contributed by @deepbluev7. (#7124)
  • Fix inconsistent handling of non-existent push rules, and stop tracking the enabled state of removed push rules. (#7796)
  • Fix a longstanding bug when storing a media file with an empty upload_name. (#7905)
  • Fix messages not being sent over federation until an event is sent into the same room. (#8230, #8247, #8258, #8272, #8322)
  • Fix a longstanding bug where files that could not be thumbnailed would result in an Internal Server Error. (#8236, #8435)
  • Upgrade minimum version of canonicaljson to version 1.4.0, to fix an unicode encoding issue. (#8262)
  • Fix longstanding bug which could lead to incomplete database upgrades on SQLite. (#8265)
  • Fix stack overflow when stderr is redirected to the logging system, and the logging system encounters an error. (#8268)
  • Fix a bug which cause the logging system to report errors, if DEBUG was enabled and no context filter was applied. (#8278)
  • Fix edge case where push could get delayed for a user until a later event was pushed. (#8287)
  • Fix fetching malformed events from remote servers. (#8324)
  • Fix UnboundLocalError from occuring when appservices send a malformed register request. (#8329)
  • Don't send push notifications to expired user accounts. (#8353)
  • Fix a regression in v1.19.0 with reactivating users through the admin API. (#8362)
  • Fix a bug where during device registration the length of the device name wasn't limited. (#8364)
  • Include guest_access in the fields that are checked for null bytes when updating room_stats_state. Broke in v1.7.2. (#8373)
  • Fix theoretical race condition where events are not sent down /sync if the synchrotron worker is restarted without restarting other workers. (#8374)
  • Fix a bug which could cause errors in rooms with malformed membership events, on servers using sqlite. (#8385)
  • Fix "Re-starting finished log context" warning when receiving an event we already had over federation. (#8398)
  • Fix incorrect handling of timeouts on outgoing HTTP requests. (#8400)
  • Fix a regression in v1.20.0 in the synapse_port_db script regarding the ui_auth_sessions_ips table. (#8410)
  • Remove unnecessary 3PID registration check when resetting password via an email address. Bug introduced in v0.34.0rc2. (#8414)

Improved Documentation

  • Add /_synapse/client to the reverse proxy documentation. (#8227)
  • Add note to the reverse proxy settings documentation about disabling Apache's mod_security2. Contributed by Julian Fietkau (@jfietkau). (#8375)
  • Improve description of server_name config option in homserver.yaml. (#8415)

Deprecations and Removals

  • Drop support for prometheus_client older than 0.4.0. (#8426)

Internal Changes

  • Fix tests on distros which disable TLSv1.0. Contributed by @danc86. (#8208)
  • Simplify the distributor code to avoid unnecessary work. (#8216)
  • Remove the populate_stats_process_rooms_2 background job and restore functionality to populate_stats_process_rooms. (#8243)
  • Clean up type hints for PaginationConfig. (#8250, #8282)
  • Track the latest event for every destination and room for catch-up after federation outage. (#8256)
  • Fix non-user visible bug in implementation of MultiWriterIdGenerator.get_current_token_for_writer. (#8257)
  • Switch to the JSON implementation from the standard library. (#8259)
  • Add type hints to synapse.util.async_helpers. (#8260)
  • Simplify tests that mock asynchronous functions. (#8261)
  • Add type hints to StreamToken and RoomStreamToken classes. (#8279)
  • Change StreamToken.room_key to be a RoomStreamToken instance. (#8281)
  • Refactor notifier code to correctly use the max event stream position. (#8288)
  • Use slotted classes where possible. (#8296)
  • Support testing the local Synapse checkout against the Complement homeserver test suite. (#8317)
  • Update outdated usages of metaclass to python 3 syntax. (#8326)
  • Move lint-related dependencies to package-extra field, update CONTRIBUTING.md to utilise this. (#8330, #8377)
  • Use the admin_patterns helper in additional locations. (#8331)
  • Fix test logging to allow braces in log output. (#8335)
  • Remove __future__ imports related to Python 2 compatibility. (#8337)
  • Simplify super() calls to Python 3 syntax. (#8344)
  • Fix bad merge from release-v1.20.0 branch to develop. (#8354)
  • Factor out a _send_dummy_event_for_room method. (#8370)
  • Improve logging of state resolution. (#8371)
  • Add type annotations to SimpleHttpClient. (#8372)
  • Refactor ID generators to use async with syntax. (#8383)
  • Add EventStreamPosition type. (#8388)
  • Create a mechanism for marking tests "logcontext clean". (#8399)
  • A pair of tiny cleanups in the federation request code. (#8401)
  • Add checks on startup that PostgreSQL sequences are consistent with their associated tables. (#8402)
  • Do not include appservice users when calculating the total MAU for a server. (#8404)
  • Typing fixes for synapse.handlers.federation. (#8422)
  • Various refactors to simplify stream token handling. (#8423)
  • Make stream token serializing/deserializing async. (#8427)

Synapse 1.20.1 (2020-09-24)

Bugfixes

  • Fix a bug introduced in v1.20.0 which caused the synapse_port_db script to fail. (#8386)
  • Fix a bug introduced in v1.20.0 which caused variables to be incorrectly escaped in Jinja2 templates. (#8394)

Synapse 1.20.0 (2020-09-22)

No significant changes since v1.20.0rc5.

Removal warning

Historically, the Synapse Admin API has been accessible under the /_matrix/client/api/v1/admin, /_matrix/client/unstable/admin, /_matrix/client/r0/admin and /_synapse/admin prefixes. In a future release, we will be dropping support for accessing Synapse's Admin API using the /_matrix/client/* prefixes.

From that point, the Admin API will only be accessible under /_synapse/admin. This makes it easier for homeserver admins to lock down external access to the Admin API endpoints.

Synapse 1.20.0rc5 (2020-09-18)

In addition to the below, Synapse 1.20.0rc5 also includes the bug fix that was included in 1.19.3.

Features

  • Add flags to the /versions endpoint for whether new rooms default to using E2EE. (#8343)

Bugfixes

  • Fix rate limiting of federation /send requests. (#8342)
  • Fix a longstanding bug where back pagination over federation could get stuck if it failed to handle a received event. (#8349)

Internal Changes

  • Blacklist MSC2753 SyTests until it is implemented. (#8285)

Synapse 1.19.3 (2020-09-18)

Bugfixes

  • Partially mitigate bug where newly joined servers couldn't get past events in a room when there is a malformed event. (#8350)

Synapse 1.20.0rc4 (2020-09-16)

Synapse 1.20.0rc4 is identical to 1.20.0rc3, with the addition of the security fix that was included in 1.19.2.

Synapse 1.19.2 (2020-09-16)

Due to the issue below server admins are encouraged to upgrade as soon as possible.

Bugfixes

  • Fix joining rooms over federation that include malformed events. (#8324)

Synapse 1.20.0rc3 (2020-09-11)

Bugfixes

  • Fix a bug introduced in v1.20.0rc1 where the wrong exception was raised when invalid JSON data is encountered. (#8291)

Synapse 1.20.0rc2 (2020-09-09)

Bugfixes

  • Fix a bug introduced in v1.20.0rc1 causing some features related to notifications to misbehave following the implementation of unread counts. (#8280)

Synapse 1.20.0rc1 (2020-09-08)

Removal warning