./chat/matrix-synapse, Reference homeserver for the Matrix decentralised comms protocol

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 1.66.0, Package name: matrix-synapse-1.66.0, Maintainer: gdt

Synapse is a reference "homeserver" implementation of Matrix from the core
development team at matrix.org, written in Python/Twisted. It is intended to
showcase the concept of Matrix and let folks see the spec in the context of a
codebase and let you run your own homeserver and generally help bootstrap the
ecosystem.


Master sites:

Filesize: 7731.428 KB

Version history: (Expand)


CVS history: (Expand)


   2022-09-04 16:16:29 by Greg Troxel | Files touched by this commit (3) | Package updated
Log message:
chat/matrix-synapse: Update to 1.66.0

packaging changes:
  - Depend on pydantic

summary of upstream changes:

Synapse 1.66.0 (2022-08-31)
===========================

This release removes the ability for homeservers to delegate email
ownership verification and password reset confirmation to identity
servers. This removal was originally planned for Synapse 1.64, but was
later deferred until now. See the [upgrade
notes](https://matrix-org.github.io/synapse/v1.66/upgrade.html#upgrading-to-v1660)
for more details.

Deployments with multiple workers should note that the direct TCP
replication configuration was deprecated in Synapse v1.18.0 and will
be removed in Synapse v1.67.0. In particular, the TCP `replication`
[listener](https://matrix-org.github.io/synapse/v1.66/usage/configuration/config_documentation.html#listeners)
type (not to be confused with the `replication` resource on the `http`
listener type) and the `worker_replication_port` config option will be
removed .

To migrate to Redis, add the [`redis`
config](https://matrix-org.github.io/synapse/v1.66/workers.html#shared-configuration),
then remove the TCP `replication` listener from config of the master
and `worker_replication_port` from worker config. Note that a HTTP
listener with a `replication` resource is still required. See the
[worker
documentation](https://matrix-org.github.io/synapse/v1.66/workers.html)
for more details.
Features
--------

- Improve validation of request bodies for the following client-server
  -API endpoints:
  \ 
-[`/account/password`](https://spec.matrix.org/v1.3/client-server-api/#post_matrixclientv3accountpassword),
  \ 
-[`/account/password/email/requestToken`](https://spec.matrix.org/v1.3/client-server
  -api/#post_matrixclientv3accountpasswordemailrequesttoken),
  \ 
-[`/account/deactivate`](https://spec.matrix.org/v1.3/client-server-api/#post_matrixclientv3accountdeactivate)
  -and
  \ 
-[`/account/3pid/email/requestToken`](https://spec.matrix.org/v1.3/client-server-api/#post_matrixclientv3account3pidemailrequesttoken). \ 
([\#13188](https://github.com/matrix-org/synapse/issues/13188),
  -[\#13563](https://github.com/matrix-org/synapse/issues/13563))

- Add forgotten status to [Room Details Admin
  \ 
API](https://matrix-org.github.io/synapse/latest/admin_api/rooms.html#room-details-api).
  ([\#13503](https://github.com/matrix-org/synapse/issues/13503))

- Add an experimental implementation for [MSC3852 (Expose user agents
  on `Device`)](https://github.com/matrix-org/matrix-spec-proposals/pu
  ll/3852). ([\#13549](https://github.com/matrix-org/synapse/issues/13549))

- Add `org.matrix.msc2716v4` experimental room version with updated
  content fields. Part of [MSC2716 (Importing
  history)](https://github.com/matrix-org/matrix-spec-proposals/pull/2716).
  ([\#13551](https://github.com/matrix-org/synapse/issues/13551))

- Add support for compression to federation
  responses. ([\#13537](https://github.com/matrix-org/synapse/issues/13537))

- Improve performance of sending messages in rooms with thousands of
  local
  users. ([\#13522](https://github.com/matrix-org/synapse/issues/13522),
  [\#13547](https://github.com/matrix-org/synapse/issues/13547))
Deprecations and Removals
-------------------------

- Remove the ability for homeservers to delegate email ownership
  verification and password reset confirmation to identity
  servers. See [upgrade
  notes](https://matrix-org.github.io/synapse/v1.66/upgrade.html#upgrading-to-v1660)
  for more details.
   2022-09-04 14:24:21 by Greg Troxel | Files touched by this commit (2) | Package updated
Log message:
chat/matrix-synapse: Update to 1.65.0

packaging changes:

summary of upstream changes:

Synapse 1.65.0 (2022-08-16)
===========================

Features
--------

- Add support for stable prefixes for [MSC2285 (private read \ 
receipts)](https://github.com/matrix-org/matrix-spec-proposals/pull/2285). \ 
([\#13273](https://github.com/matrix-org/synapse/issues/13273))

- Add new unstable error codes `ORG.MATRIX.MSC3848.ALREADY_JOINED`,
  `ORG.MATRIX.MSC3848.NOT_JOINED`, and
  `ORG.MATRIX.MSC3848.INSUFFICIENT_POWER` described in
  [MSC3848](https://github.com/matrix-org/matrix-spec-proposals/pull/3848).
  ([\#13343](https://github.com/matrix-org/synapse/issues/13343))

- Use stable prefixes for
  [MSC3827](https://github.com/matrix-org/matrix-spec-proposals/pull/3827).
  ([\#13370](https://github.com/matrix-org/synapse/issues/13370))

- Add a new module API method to translate a room alias into a room
  ID. ([\#13428](https://github.com/matrix-org/synapse/issues/13428))

- Add a new module API method to create a
  room. ([\#13429](https://github.com/matrix-org/synapse/issues/13429))

- Add remote join capability to the module API's
  `update_room_membership` method (in a backwards compatible
  manner). ([\#13441](https://github.com/matrix-org/synapse/issues/13441))
   2022-09-04 12:57:20 by Greg Troxel | Files touched by this commit (3)
Log message:
chat/matrix-synapse: Update to 1.64.0

packaging changes: Accept MAINTAINER handoff.

upstream changes:

Synapse 1.64.0 (2022-08-02)
===========================

Deprecation Warning
-------------------

Synapse v1.66.0 will remove the ability to delegate the tasks of
verifying email address ownership, and password reset confirmation, to
an identity server.

If you require your homeserver to verify e-mail addresses or to
support password resets via e-mail, please configure your homeserver
with SMTP access so that it can send e-mails on its own behalf.
[Consult the configuration documentation for more
information.](https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#email)

Features
--------

- Improve error messages when media thumbnails cannot be
  served. ([\#13038](https://github.com/matrix-org/synapse/issues/13038))

- Allow pagination from remote event after discovering it from
  [MSC3030](https://github.com/matrix-org/matrix-spec-proposals/pull/3030)
  `/timestamp_to_event`. \ 
([\#13205](https://github.com/matrix-org/synapse/issues/13205))

- Add a `room_type` field in the responses for the list room and room
  details admin APIs. Contributed by
  @andrewdoh. ([\#13208](https://github.com/matrix-org/synapse/issues/13208))

- Add support for room version 10. \ 
([\#13220](https://github.com/matrix-org/synapse/issues/13220))

- Add per-room rate limiting for room joins. For each room, Synapse
  now monitors the rate of join events in that room, and throttles
  additional joins if that rate grows too
  large. ([\#13253](https://github.com/matrix-org/synapse/issues/13253),
  [\#13254](https://github.com/matrix-org/synapse/issues/13254),
  [\#13255](https://github.com/matrix-org/synapse/issues/13255),
  [\#13276](https://github.com/matrix-org/synapse/issues/13276))

- Support Implicit TLS (TLS without using a STARTTLS upgrade,
  typically on port 465) for sending emails, enabled by the new option
  `force_tls`. Contributed by Jan
  Schär. ([\#13317](https://github.com/matrix-org/synapse/issues/13317))

Bugfixes
--------

[pruned]

Improved Documentation
----------------------

[pruned]

Deprecations and Removals
-------------------------

- Drop tables that were formerly used for
  groups/communities. ([\#12967](https://github.com/matrix-org/synapse/issues/12967))

- Drop support for calling `/_matrix/client/v3/account/3pid/bind`
  without an `id_access_token`, which was not permitted by the
  spec. Contributed by
  @Vetchu. ([\#13239](https://github.com/matrix-org/synapse/issues/13239))
   2022-07-21 20:57:02 by Greg Troxel | Files touched by this commit (3)
Log message:
chat/matrix-synapse: Update to 1.63.1

Upstream relevant changes:

  Add a rate limit for local users sending invites. (#13125)

  Implement MSC3827: Filtering of /publicRooms by room type. (#13031)

  Improve validation logic in the account data REST
  endpoints. (#13148)

  Remove obsolete and for 8 years unused
  RoomEventsStoreTestCase. Contributed by @arkamar. (#13200)
   2022-07-21 18:44:06 by Greg Troxel | Files touched by this commit (4)
Log message:
chat/matrix-synapse: Update to 1.62.0

Upstream relevant changes:

  Port the spam-checker API callbacks to a new, richer API. This is
  part of an ongoing change to let spam-checker modules inform users
  of the reason their event or operation is rejected. (#12857, #13047)

  Allow server admins to customise the response of the
  /.well-known/matrix/client endpoint. (#13035)

  Add metrics measuring the CPU and DB time spent in state
  resolution. (#13036)

  Speed up fetching of device list changes in /sync and
  /keys/changes. (#13045, #13098)

  Improve URL previews for sites which only provide Twitter Card
  metadata, e.g. LWN.net. (#13056)

  Remove the unspecced DELETE /directory/list/room/{roomId} endpoint,
  which hid rooms from the public room directory. Instead, PUT to the
  same URL with a visibility of "private". (#13123)
   2022-07-01 16:22:34 by Greg Troxel | Files touched by this commit (2) | Package updated
Log message:
chat/matrix-synapse: Update to 1.60.1

Synapse 1.61.1 (2022-06-28)
===========================

This patch release fixes a security issue regarding URL previews,
affecting all prior versions of Synapse. Server administrators are
encouraged to update Synapse as soon as possible. We are not aware of
these vulnerabilities being exploited in the wild.

Server administrators who are unable to update Synapse may use the
workarounds described in the linked GitHub Security Advisory below.

## Security advisory

The following issue is fixed in 1.61.1.

* \ 
[GHSA-22p3-qrh9-cx32](https://github.com/matrix-org/synapse/security/advisories/GHSA-22p3-qrh9-cx32)
  / [CVE-2022-31052](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31052)

  Synapse instances with the
  \ 
[`url_preview_enabled`](https://matrix-org.github.io/synapse/v1.61/usage/configuration/config_documentation.html#media-store)
  homeserver config option set to `true` are affected. URL previews of
  some web pages can lead to unbounded recursion, causing the request
  to either fail, or in some cases crash the running Synapse process.

  Requesting URL previews requires authentication. Nevertheless, it is
  possible to exploit this maliciously, either by malicious users on
  the homeserver, or by remote users sending URLs that a local user's
  client may automatically request a URL preview for.

  Homeservers with the `url_preview_enabled` configuration option set
  to `false` (the default) are unaffected. Instances with the
  `enable_media_repo` configuration option set to `false` are also
  unaffected, as this also disables URL preview functionality.

  Fixed by \ 
[fa1308061802ac7b7d20e954ba7372c5ac292333](https://github.com/matrix-org/synapse/commit/fa1308061802ac7b7d20e954ba7372c5ac292333).
   2022-06-30 13:19:02 by Nia Alarie | Files touched by this commit (524)
Log message:
*: Revbump packages that use Python at runtime without a PKGNAME prefix
   2022-06-28 13:38:00 by Thomas Klausner | Files touched by this commit (3952)
Log message:
*: recursive bump for perl 5.36