v1.108.0rc1

Synapse 1.108.0rc1 (2024-05-21)

Features

• Add a feature that allows clients to query the configured federation whitelist. Disabled by default. (#16848, #17199)
• Add the ability to allow numeric user IDs with a specific prefix when in the CAS flow. Contributed by Aurélien Grimpard. (#17098)

Bugfixes

• Fix bug where push rules would be empty in /sync for some accounts. Introduced in v1.93.0. (#17142)
• Add support for optional whitespace around the Federation API's Authorization header's parameter commas. (#17145)
• Fix bug where disabling room publication prevented public rooms being created on workers. (#17177, #17184)

Improved Documentation

• Document /v1/make_knock and /v1/send_knock/ federation endpoints as worker-compatible. (#17058)
• Update User Admin API with note about prefixing OIDC external_id providers. (#17139)
• Clarify the state of the created room when using the autocreate_auto_join_room_preset config option. (#17150)
• Update the Admin FAQ with the current libjemalloc version for latest Debian stable. Additionally update the name of the "push_rules" stream in the Workers documentation. (#17171)

Internal Changes

• Add note to reflect that MSC3886 is closed but will remain supported for some time. (#17151)
• Update dependency PyO3 to 0.21. (#17162)
• Fixes linter errors found in PR #17147. (#17166)
• Bump black from 24.2.0 to 24.4.2. (#17170)
• Cache literal sync filter validation for performance. (#17186)
• Improve performance by fixing a reactor pause. (#17192)
• Route /make_knock and /send_knock federation APIs to the federation reader worker in Complement test runs. (#17195)
• Prepare sync handler to be able to return different sync responses (SyncVersion). (#17200)
• Organize the sync cache key parameter outside of the sync config (separate concerns). (#17201)
• Refactor SyncResultBuilder assembly to its own function. (#17202)
• Rename to be obvious: joined_rooms -> joined_room_ids. (#17203, #17208)
• Add a short pause when rate-limiting a request. (#17210)

Updates to locked dependencies

• Bump cryptography from 42.0.5 to 42.0.7. (#17180)
• Bump gitpython from 3.1.41 to 3.1.43. (#17181)
• Bump immutabledict from 4.1.0 to 4.2.0. (#17179)
• Bump sentry-sdk from 1.40.3 to 2.1.1. (#17178)
• Bump serde from 1.0.200 to 1.0.201. (#17183)
• Bump serde_json from 1.0.116 to 1.0.117. (#17182)

v1.107.0

Synapse 1.107.0 (2024-05-14)

No significant changes since 1.107.0rc1.

Synapse 1.107.0rc1 (2024-05-07)

Features

• Add preliminary support for MSC3823: Account Suspension. (#17051)
• Declare support for Matrix v1.10. Contributed by @clokep. (#17082)
• Add support for MSC4115: membership metadata on events. (#17104, #17137)

Bugfixes

• Fixed search feature of Element Android on homesevers using SQLite by returning search terms as search highlights. (#17000)
• Fixes a bug introduced in v1.52.0 where the destination query parameter for the Destination Rooms Admin API failed to actually filter returned rooms. (#17077)
• For MSC3266 room summaries, support queries at the recommended endpoint of /_matrix/client/unstable/im.nheko.summary/summary/{roomIdOrAlias}. The existing endpoint of /_matrix/client/unstable/im.nheko.summary/rooms/{roomIdOrAlias}/summary is deprecated. (#17078)
• Apply user email & picture during OIDC registration if present & selected. (#17120)
• Improve error message for cross signing reset with MSC3861 enabled. (#17121)
• Fix a bug which meant that to-device messages received over federation could be dropped when the server was under load or networking problems caused problems between Synapse processes or the database. (#17127)
• Fix bug where StreamChangeCache would not respect configured cache factors. (#17152)

Updates to the Docker image

• Correct licensing metadata on Docker image. (#17141)

Improved Documentation

• Update the event_cache_size and global_factor configuration options' documentation. (#17071)
• Remove broken sphinx docs. (#17073, #17148)
• Add RuntimeDirectory to example matrix-synapse.service systemd unit. (#17084)
• Fix various small typos throughout the docs. (#17114)
• Update enable_notifs configuration documentation. (#17116)
• Update the Upgrade Notes with the latest minimum supported Rust version of 1.66.0. Contributed by @jahway603. (#17140)

Internal Changes

• Enable MSC3266 by default in the Synapse Complement image. (#17105)
• Add optimisation to StreamChangeCache.get_entities_changed(..). (#17130)

Updates to locked dependencies

• Bump furo from 2024.1.29 to 2024.4.27. (#17133)
• Bump idna from 3.6 to 3.7. (#17136)
• Bump jsonschema from 4.21.1 to 4.22.0. (#17157)
• Bump lxml from 5.1.0 to 5.2.1. (#17158)
• Bump phonenumbers from 8.13.29 to 8.13.35. (#17106)

• Bump pillow from 10.2.0 to 10.3.0. (#17146)

• Bump pydantic from 2.6.4 to 2.7.0. (#17107)
• Bump pydantic from 2.7.0 to 2.7.1. (#17160)
• Bump pyicu from 2.12 to 2.13. (#17109)
• Bump serde from 1.0.197 to 1.0.198. (#17111)
• Bump serde from 1.0.198 to 1.0.199. (#17132)
• Bump serde from 1.0.199 to 1.0.200. (#17161)
• Bump serde_json from 1.0.115 to 1.0.116. (#17112)

• Update tornado Python dependency from 6.2 to 6.4. (#17131)

• Bump twisted from 23.10.0 to 24.3.0. (#17135)
• Bump types-bleach from 6.1.0.1 to 6.1.0.20240331. (#17110)
• Bump types-pillow from 10.2.0.20240415 to 10.2.0.20240423. (#17159)
• Bump types-setuptools from 69.0.0.20240125 to 69.5.0.20240423. (#17134)

v1.107.0rc1

Synapse 1.107.0rc1 (2024-05-07)

Features

• Add preliminary support for MSC3823: Account Suspension. (#17051)
• Declare support for Matrix v1.10. Contributed by @clokep. (#17082)
• Add support for MSC4115: membership metadata on events. (#17104, #17137)

Bugfixes

• Fixed search feature of Element Android on homesevers using SQLite by returning search terms as search highlights. (#17000)
• Fixes a bug introduced in v1.52.0 where the destination query parameter for the Destination Rooms Admin API failed to actually filter returned rooms. (#17077)
• For MSC3266 room summaries, support queries at the recommended endpoint of /_matrix/client/unstable/im.nheko.summary/summary/{roomIdOrAlias}. The existing endpoint of /_matrix/client/unstable/im.nheko.summary/rooms/{roomIdOrAlias}/summary is deprecated. (#17078)
• Apply user email & picture during OIDC registration if present & selected. (#17120)
• Improve error message for cross signing reset with MSC3861 enabled. (#17121)
• Fix a bug which meant that to-device messages received over federation could be dropped when the server was under load or networking problems caused problems between Synapse processes or the database. (#17127)
• Fix bug where StreamChangeCache would not respect configured cache factors. (#17152)

Updates to the Docker image

• Correct licensing metadata on Docker image. (#17141)

Improved Documentation

• Update the event_cache_size and global_factor configuration options' documentation. (#17071)
• Remove broken sphinx docs. (#17073, #17148)
• Add RuntimeDirectory to example matrix-synapse.service systemd unit. (#17084)
• Fix various small typos throughout the docs. (#17114)
• Update enable_notifs configuration documentation. (#17116)
• Update the Upgrade Notes with the latest minimum supported Rust version of 1.66.0. Contributed by @jahway603. (#17140)

Internal Changes

• Enable MSC3266 by default in the Synapse Complement image. (#17105)
• Add optimisation to StreamChangeCache.get_entities_changed(..). (#17130)

Updates to locked dependencies

• Bump furo from 2024.1.29 to 2024.4.27. (#17133)
• Bump idna from 3.6 to 3.7. (#17136)
• Bump jsonschema from 4.21.1 to 4.22.0. (#17157)
• Bump lxml from 5.1.0 to 5.2.1. (#17158)
• Bump phonenumbers from 8.13.29 to 8.13.35. (#17106)

• Bump pillow from 10.2.0 to 10.3.0. (#17146)

• Bump pydantic from 2.6.4 to 2.7.0. (#17107)
• Bump pydantic from 2.7.0 to 2.7.1. (#17160)
• Bump pyicu from 2.12 to 2.13. (#17109)
• Bump serde from 1.0.197 to 1.0.198. (#17111)
• Bump serde from 1.0.198 to 1.0.199. (#17132)
• Bump serde from 1.0.199 to 1.0.200. (#17161)
• Bump serde_json from 1.0.115 to 1.0.116. (#17112)

• Update tornado Python dependency from 6.2 to 6.4. (#17131)

• Bump twisted from 23.10.0 to 24.3.0. (#17135)
• Bump types-bleach from 6.1.0.1 to 6.1.0.20240331. (#17110)
• Bump types-pillow from 10.2.0.20240415 to 10.2.0.20240423. (#17159)
• Bump types-setuptools from 69.0.0.20240125 to 69.5.0.20240423. (#17134)

v1.106.0

Synapse 1.106.0 (2024-04-30)

No significant changes since 1.106.0rc1.

Synapse 1.106.0rc1 (2024-04-25)

Features

• Send an email if the address is already bound to an user account. (#16819)
• Implement the rendezvous mechanism described by MSC4108. (#17056)
• Support delegating the rendezvous mechanism described MSC4108 to an external implementation. (#17086)

Bugfixes

• Add validation to ensure that the limit parameter on /publicRooms is non-negative. (#16920)
• Return 400 M_NOT_JSON upon receiving invalid JSON in query parameters across various client and admin endpoints, rather than an internal server error. (#16923)
• Make the CSAPI endpoint /keys/device_signing/upload idempotent. (#16943)
• Redact membership events if the user requested erasure upon deactivating. (#17076)

Improved Documentation

• Add a prompt in the contributing guide to manually configure icu4c. (#17069)
• Clarify what part of message retention is still experimental. (#17099)

Internal Changes

• Use new receipts column to optimise receipt and push action SQL queries. Contributed by Nick @ Beeper (@Fizzadar). (#17032, #17096)
• Fix mypy with latest Twisted release. (#17036)
• Bump minimum supported Rust version to 1.66.0. (#17079)
• Add helpers to transform Twisted requests to Rust http Requests/Responses. (#17081)
• Fix type annotation for visited_chains after mypy upgrade. (#17125)

Updates to locked dependencies

• Bump anyhow from 1.0.81 to 1.0.82. (#17095)
• Bump peaceiris/actions-gh-pages from 3.9.3 to 4.0.0. (#17087)
• Bump peaceiris/actions-mdbook from 1.2.0 to 2.0.0. (#17089)
• Bump pyasn1-modules from 0.3.0 to 0.4.0. (#17093)
• Bump pygithub from 2.2.0 to 2.3.0. (#17092)
• Bump ruff from 0.3.5 to 0.3.7. (#17094)
• Bump sigstore/cosign-installer from 3.4.0 to 3.5.0. (#17088)
• Bump twine from 4.0.2 to 5.0.0. (#17091)
• Bump types-pillow from 10.2.0.20240406 to 10.2.0.20240415. (#17090)

v1.106.0rc1

Synapse 1.106.0rc1 (2024-04-25)

Features

• Send an email if the address is already bound to an user account. (#16819)
• Implement the rendezvous mechanism described by MSC4108. (#17056)
• Support delegating the rendezvous mechanism described MSC4108 to an external implementation. (#17086)

Bugfixes

• Add validation to ensure that the limit parameter on /publicRooms is non-negative. (#16920)
• Return 400 M_NOT_JSON upon receiving invalid JSON in query parameters across various client and admin endpoints, rather than an internal server error. (#16923)
• Make the CSAPI endpoint /keys/device_signing/upload idempotent. (#16943)
• Redact membership events if the user requested erasure upon deactivating. (#17076)

Improved Documentation

• Add a prompt in the contributing guide to manually configure icu4c. (#17069)
• Clarify what part of message retention is still experimental. (#17099)

Internal Changes

• Use new receipts column to optimise receipt and push action SQL queries. Contributed by Nick @ Beeper (@Fizzadar). (#17032, #17096)
• Fix mypy with latest Twisted release. (#17036)
• Bump minimum supported Rust version to 1.66.0. (#17079)
• Add helpers to transform Twisted requests to Rust http Requests/Responses. (#17081)
• Fix type annotation for visited_chains after mypy upgrade. (#17125)

Updates to locked dependencies

• Bump anyhow from 1.0.81 to 1.0.82. (#17095)
• Bump peaceiris/actions-gh-pages from 3.9.3 to 4.0.0. (#17087)
• Bump peaceiris/actions-mdbook from 1.2.0 to 2.0.0. (#17089)
• Bump pyasn1-modules from 0.3.0 to 0.4.0. (#17093)
• Bump pygithub from 2.2.0 to 2.3.0. (#17092)
• Bump ruff from 0.3.5 to 0.3.7. (#17094)
• Bump sigstore/cosign-installer from 3.4.0 to 3.5.0. (#17088)
• Bump twine from 4.0.2 to 5.0.0. (#17091)
• Bump types-pillow from 10.2.0.20240406 to 10.2.0.20240415. (#17090)

v1.105.1

Synapse 1.105.1 (2024-04-23)

Security advisory

The following issues are fixed in 1.105.1.

• GHSA-3h7q-rfh9-xm4v / CVE-2024-31208 — High Severity

  Weakness in auth chain indexing allows DoS from remote room members through disk fill and high CPU usage.

See the advisories for more details. If you have any questions, email [email protected].

v1.105.0

Synapse 1.105.0 (2024-04-16)

No significant changes since 1.105.0rc1.

Synapse 1.105.0rc1 (2024-04-11)

Features

• Stabilize support for MSC4010 which clarifies the interaction of push rules and account data. Contributed by @clokep. (#17022)
• Stabilize support for MSC3981: /relations recursion. Contributed by @clokep. (#17023)
• Add support for moving /pushrules off of main process. (#17037, #17038)

Bugfixes

• Fix various long-standing bugs which could cause incorrect state to be returned from /sync in certain situations. (#16930, #16932, #16942, #17064, #17065, #17066)
• Fix server notice rooms not always being created as unencrypted rooms, even when encryption_enabled_by_default_for_room_type is in use (server notices are always unencrypted). (#17033)
• Fix the .m.rule.encrypted_room_one_to_one and .m.rule.room_one_to_one default underride push rules being in the wrong order. Contributed by @Sumpy1. (#17043)

Internal Changes

• Refactor auth chain fetching to reduce duplication. (#17044)
• Improve database performance by adding a missing index to access_tokens.refresh_token_id. (#17045, #17054)
• Improve database performance by reducing number of receipts fetched when sending push notifications. (#17049)

Updates to locked dependencies

• Bump packaging from 23.2 to 24.0. (#17027)
• Bump regex from 1.10.3 to 1.10.4. (#17028)
• Bump ruff from 0.3.2 to 0.3.5. (#17060)
• Bump serde_json from 1.0.114 to 1.0.115. (#17041)
• Bump types-pillow from 10.2.0.20240125 to 10.2.0.20240406. (#17061)
• Bump types-requests from 2.31.0.20240125 to 2.31.0.20240406. (#17063)
• Bump typing-extensions from 4.9.0 to 4.11.0. (#17062)

v1.105.0rc1

Synapse 1.105.0rc1 (2024-04-11)

Features

• Stabilize support for MSC4010 which clarifies the interaction of push rules and account data. Contributed by @clokep. (#17022)
• Stabilize support for MSC3981: /relations recursion. Contributed by @clokep. (#17023)
• Add support for moving /pushrules off of main process. (#17037, #17038)

Bugfixes

• Fix various long-standing bugs which could cause incorrect state to be returned from /sync in certain situations. (#16930, #16932, #16942, #17064, #17065, #17066)
• Fix server notice rooms not always being created as unencrypted rooms, even when encryption_enabled_by_default_for_room_type is in use (server notices are always unencrypted). (#17033)
• Fix the .m.rule.encrypted_room_one_to_one and .m.rule.room_one_to_one default underride push rules being in the wrong order. Contributed by @Sumpy1. (#17043)

Internal Changes

• Refactor auth chain fetching to reduce duplication. (#17044)
• Improve database performance by adding a missing index to access_tokens.refresh_token_id. (#17045, #17054)
• Improve database performance by reducing number of receipts fetched when sending push notifications. (#17049)

Updates to locked dependencies

• Bump packaging from 23.2 to 24.0. (#17027)
• Bump regex from 1.10.3 to 1.10.4. (#17028)
• Bump ruff from 0.3.2 to 0.3.5. (#17060)
• Bump serde_json from 1.0.114 to 1.0.115. (#17041)
• Bump types-pillow from 10.2.0.20240125 to 10.2.0.20240406. (#17061)
• Bump types-requests from 2.31.0.20240125 to 2.31.0.20240406. (#17063)
• Bump typing-extensions from 4.9.0 to 4.11.0. (#17062)

v1.104.0

Synapse 1.104.0 (2024-04-02)

Bugfixes

• Fix regression when using OIDC provider. Introduced in v1.104.0rc1. (#17031)

Synapse 1.104.0rc1 (2024-03-26)

Features

• Add an OIDC config to specify extra parameters for the authorization grant URL. IT can be useful to pass an ACR value for example. (#16971)
• Add support for OIDC provider returning JWT. (#16972, #17031)

Bugfixes

• Fix a bug which meant that, under certain circumstances, we might never retry sending events or to-device messages over federation after a failure. (#16925)
• Fix various long-standing bugs which could cause incorrect state to be returned from /sync in certain situations. (#16949)
• Fix case in which m.fully_read marker would not get updated. Contributed by @SpiritCroc. (#16990)
• Fix bug which did not retract a user's pending knocks at rooms when their account was deactivated. Contributed by @hanadi92. (#17010)

Updates to the Docker image

• Updated start.py to generate config using the correct user ID when running as root (fixes #16824, #15202). (#16978)

Improved Documentation

• Add a query to force a refresh of a remote user's device list to the "Useful SQL for Admins" documentation page. (#16892)
• Minor grammatical corrections to the upgrade documentation. (#16965)
• Fix the sort order for the documentation version picker, so that newer releases appear above older ones. (#16966)
• Remove recommendation for a specific poetry version from contributing guide. (#17002)

Internal Changes

• Improve lock performance when a lot of locks are all waiting for a single lock to be released. (#16840)
• Update power level default for public rooms. (#16907)
• Improve event validation. (#16908)
• Multi-worker-docker-container: disable log buffering. (#16919)
• Refactor state delta calculation in /sync handler. (#16929)
• Clarify docs for some room state functions. (#16950)
• Specify IP subnets in canonical form. (#16953)
• As done for SAML mapping provider, let's pass the module API to the OIDC one so the mapper can do more logic in its code. (#16974)
• Allow containers building on top of Synapse's Complement container is use the included PostgreSQL cluster. (#16985)
• Raise poetry-core version cap to 1.9.0. (#16986)
• Patch the db conn pool sooner in tests. (#17017)

Updates to locked dependencies

• Bump anyhow from 1.0.80 to 1.0.81. (#17009)
• Bump black from 23.10.1 to 24.2.0. (#16936)
• Bump cryptography from 41.0.7 to 42.0.5. (#16958)
• Bump dawidd6/action-download-artifact from 3.1.1 to 3.1.2. (#16960)
• Bump dawidd6/action-download-artifact from 3.1.2 to 3.1.4. (#17008)
• Bump jinja2 from 3.1.2 to 3.1.3. (#17005)
• Bump log from 0.4.20 to 0.4.21. (#16977)
• Bump mypy from 1.5.1 to 1.8.0. (#16901)
• Bump netaddr from 0.9.0 to 1.2.1. (#17006)
• Bump pydantic from 2.6.0 to 2.6.4. (#17004)
• Bump pyo3 from 0.20.2 to 0.20.3. (#16962)
• Bump ruff from 0.1.14 to 0.3.2. (#16994)
• Bump serde from 1.0.196 to 1.0.197. (#16963)
• Bump serde_json from 1.0.113 to 1.0.114. (#16961)
• Bump types-jsonschema from 4.21.0.20240118 to 4.21.0.20240311. (#17007)
• Bump types-psycopg2 from 2.9.21.16 to 2.9.21.20240311. (#16995)
• Bump types-pyopenssl from 23.3.0.0 to 24.0.0.20240311. (#17003)

v1.104.0rc1

Synapse 1.104.0rc1 (2024-03-26)

Features

• Add an OIDC config to specify extra parameters for the authorization grant URL. It can be useful to pass an ACR value for example. (#16971)
• Add support for OIDC provider returning JWT. (#16972, #17031)

Bugfixes

• Fix a bug which meant that, under certain circumstances, we might never retry sending events or to-device messages over federation after a failure. (#16925)
• Fix various long-standing bugs which could cause incorrect state to be returned from /sync in certain situations. (#16949)
• Fix case in which m.fully_read marker would not get updated. Contributed by @SpiritCroc. (#16990)
• Fix bug which did not retract a user's pending knocks at rooms when their account was deactivated. Contributed by @hanadi92. (#17010)

Updates to the Docker image

• Updated start.py to generate config using the correct user ID when running as root (fixes #16824, #15202). (#16978)

Improved Documentation

• Add a query to force a refresh of a remote user's device list to the "Useful SQL for Admins" documentation page. (#16892)
• Minor grammatical corrections to the upgrade documentation. (#16965)
• Fix the sort order for the documentation version picker, so that newer releases appear above older ones. (#16966)
• Remove recommendation for a specific poetry version from contributing guide. (#17002)

Internal Changes

• Improve lock performance when a lot of locks are all waiting for a single lock to be released. (#16840)
• Update power level default for public rooms. (#16907)
• Improve event validation. (#16908)
• Multi-worker-docker-container: disable log buffering. (#16919)
• Refactor state delta calculation in /sync handler. (#16929)
• Clarify docs for some room state functions. (#16950)
• Specify IP subnets in canonical form. (#16953)
• As done for SAML mapping provider, let's pass the module API to the OIDC one so the mapper can do more logic in its code. (#16974)
• Allow containers building on top of Synapse's Complement container is use the included PostgreSQL cluster. (#16985)
• Raise poetry-core version cap to 1.9.0. (#16986)
• Patch the db conn pool sooner in tests. (#17017)

Updates to locked dependencies

• Bump anyhow from 1.0.80 to 1.0.81. (#17009)
• Bump black from 23.10.1 to 24.2.0. (#16936)
• Bump cryptography from 41.0.7 to 42.0.5. (#16958)
• Bump dawidd6/action-download-artifact from 3.1.1 to 3.1.2. (#16960)
• Bump dawidd6/action-download-artifact from 3.1.2 to 3.1.4. (#17008)
• Bump jinja2 from 3.1.2 to 3.1.3. (#17005)
• Bump log from 0.4.20 to 0.4.21. (#16977)
• Bump mypy from 1.5.1 to 1.8.0. (#16901)
• Bump netaddr from 0.9.0 to 1.2.1. (#17006)
• Bump pydantic from 2.6.0 to 2.6.4. (#17004)
• Bump pyo3 from 0.20.2 to 0.20.3. (#16962)
• Bump ruff from 0.1.14 to 0.3.2. (#16994)
• Bump serde from 1.0.196 to 1.0.197. (#16963)
• Bump serde_json from 1.0.113 to 1.0.114. (#16961)
• Bump types-jsonschema from 4.21.0.20240118 to 4.21.0.20240311. (#17007)
• Bump types-psycopg2 from 2.9.21.16 to 2.9.21.20240311. (#16995)
• Bump types-pyopenssl from 23.3.0.0 to 24.0.0.20240311. (#17003)