ยซ Changelog History


Synapse v1.42.0.rc1 Release Notes

Release Date: 2021-09-01 // over 2 years ago

  • ๐Ÿ”‹ Features

    • โž• Add support for MSC3231: Token authenticated registration. Users can be required to submit a token during registration to authenticate themselves. Contributed by Callum Brown. (#10142)
    • Add support for MSC3283: Expose enable_set_displayname in capabilities. (#10452)
    • Port the PresenceRouter module interface to the new generic interface. (#10524)
    • โž• Add pagination to the spaces summary based on updates to MSC2946. (#10613, #10725)

    ๐Ÿ›  Bugfixes

    • Validate new m.room.power_levels events. Contributed by @aaronraimist. (#10232)
    • Display an error on User-Interactive Authentication fallback pages when authentication fails. Contributed by Callum Brown. (#10561)
    • โœ‚ Remove pushers when deleting an e-mail address from an account. Pushers for old unlinked emails will also be deleted. (#10581, #10734)
    • Reject Client-Server /keys/query requests which provide device_ids incorrectly. (#10593)
    • ๐Ÿ”€ Rooms with unsupported room versions are no longer returned via /sync. (#10644)
    • Enforce the maximum length for per-room display names and avatar URLs. (#10654)
    • ๐Ÿ‘‰ Fix a bug which caused the synapse_user_logins_total Prometheus metric not to be correctly initialised on restart. (#10677)
    • ๐Ÿ‘Œ Improve ServerNoticeServlet to avoid duplicate requests and add unit tests. (#10679)
    • ๐Ÿ›  Fix long-standing issue which caused an error when a thumbnail is requested and there are multiple thumbnails with the same quality rating. (#10684)
    • ๐Ÿ›  Fix a regression introduced in v1.41.0 which affected the performance of concurrent fetches of large sets of events, in extreme cases causing the process to hang. (#10703)
    • ๐Ÿ›  Fix a regression introduced in Synapse 1.41 which broke email transmission on Systems using older versions of the Twisted library. (#10713)

    ๐Ÿ‘Œ Improved Documentation

    • โž• Add documentation on how to connect Django with Synapse using OpenID Connect and django-oauth-toolkit. Contributed by @HugoDelval. (#10192)
    • ๐Ÿ“š Advertise https://matrix-org.github.io/synapse documentation in the README and CONTRIBUTING files. (#10595)
    • ๐Ÿ›  Fix some of the titles not rendering in the OpenID Connect documentation. (#10639)
    • ๐Ÿ“š Minor clarifications to the documentation for reverse proxies. (#10708)
    • โœ‚ Remove table of contents from the top of installation and contributing documentation pages. (#10711)

    ๐Ÿ—„ Deprecations and Removals

    • โœ‚ Remove deprecated Shutdown Room and Purge Room Admin API. (#8830)

    Internal Changes

    • ๐Ÿ‘Œ Improve type hints for the proxy agent and SRV resolver modules. Contributed by @dklimpel. (#10608)
    • Clean up some of the federation event authentication code for clarity. (#10614, #10615, #10624, #10640)
    • โž• Add a comment asking developers to leave a reason when bumping the database schema version. (#10621)
    • โœ‚ Remove not needed database updates in modify user admin API. (#10627)
    • Convert room member storage tuples to attrs classes. (#10629, #10642)
    • ๐Ÿ”€ Use auto-attribs for the attrs classes used in sync. (#10630)
    • Make backfill and get_missing_events use the same codepath. (#10645)
    • ๐Ÿ‘Œ Improve the performance of the /hierarchy API (from MSC2946) by caching responses received over federation. (#10647)
    • ๐Ÿ— Run a nightly CI build against Twisted trunk. (#10651, #10672)
    • ๐Ÿ–จ Do not print out stack traces for network errors when fetching data over federation. (#10662)
    • โœ… Simplify tests for device admin rest API. (#10664)
    • โž• Add missing type hints to REST servlets. (#10665, #10666, #10674)
    • ๐Ÿ“ฆ Flatten the tests.synapse.rests package by moving the contents of v1 and v2_alpha into the parent. (#10667)
    • โšก๏ธ Update complement.sh to rebuild the base Docker image when run with workers. (#10686)
    • Split the event-processing methods in FederationHandler into a separate FederationEventHandler. (#10692)
    • โœ‚ Remove unused compare_digest function. (#10706)

    Synapse 1.41.1 (2021-08-31)

    โšก๏ธ Due to the two security issues highlighted below, server administrators are encouraged to update Synapse. We are not aware of these vulnerabilities being exploited in the wild.

    ๐Ÿ”’ Security advisory

    ๐Ÿ›  The following issues are fixed in v1.41.1.

    If an unauthorized user both knows the Room ID of a private room and that room's history visibility is set to shared, then they may be able to enumerate the room's members, including their display names.

    The unauthorized user must be on the same homeserver as a user who is a member of the target room.

    Fixed by 52c7a51cf.

    If an unauthorized user knows the Room ID of a private room, then its name, avatar, topic, and number of members may be disclosed through Group / Community features.

    The unauthorized user must be on the same homeserver as a user who is a member of the target room, and their homeserver must allow non-administrators to create groups (enable_group_creation in the Synapse configuration; off by default).

    Fixed by cb35df940a, #10723.

    ๐Ÿ›  Bugfixes

    • ๐Ÿ›  Fix a regression introduced in Synapse 1.41 which broke email transmission on systems using older versions of the Twisted library. (#10713)

    Synapse 1.41.0 (2021-08-24)

    โœ‚ This release adds support for Debian 12 (Bookworm), but removes support for Ubuntu 20.10 (Groovy Gorilla), which reached End of Life last month.

    โฌ†๏ธ Note that when using workers the /_synapse/admin/v1/users/{userId}/media must now be handled by media workers. See the upgrade notes for more information.

    ๐Ÿ”‹ Features

    • 0๏ธโƒฃ Enable room capabilities (MSC3244) by default and set room version 8 as the preferred room version when creating restricted rooms. (#10571)