| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* commit 'cc40a59b4':
1.21.0
Add prometheus metrics to track federation delays (#8430)
Make token serializing/deserializing async (#8427)
Allow additional SSO properties to be passed to the client (#8413)
changelog
Add an improved "forward extremities" metric
Rewrite BucketCollector
Fix _exposition.py to stop stripping samples
Drop support for ancient prometheus_client (#8426)
Various clean ups to room stream tokens. (#8423)
changelog
Report state res metrics to Prometheus and log
Move Measure calls into `resolve_events_with_store`
Expose a `get_resource_usage` method in `Measure`
Move `resolve_events_with_store` into StateResolutionHandler
|
| | |
| |
| |
| |
| | |
Add a pair of federation metrics to track the delays in sending PDUs to/from
particular servers.
|
| | | |
|
| |\|
| |
| |
| |
| |
| |
| |
| | |
* commit '8238b55e0':
Update description of server_name config option (#8415)
Discard an empty upload_name before persisting an uploaded file (#7905)
Don't table scan events on worker startup (#8419)
Mypy fixes for `synapse.handlers.federation` (#8422)
|
| | | |
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* commit 'f43c66d23':
Add support for running Complement against the local checkout (#8317)
Filter out appservices from mau count (#8404)
Only assert valid next_link params when provided (#8417)
Add metrics to track success/otherwise of replication requests (#8406)
Fix handling of connection timeouts in outgoing http requests (#8400)
Changelog
Don't check whether a 3pid is allowed to register during password reset
Add checks for postgres sequence consistency (#8402)
Create a mechanism for marking tests "logcontext clean" (#8399)
Add `ui_auth_sessions_ips` table to `synapse_port_db` ignore list (#8410)
A pair of tiny cleanups in the federation request code. (#8401)
typo
|
| | | |
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* commit '31acc5c30':
Escape the error description on the sso_error template. (#8405)
Fix occasional "Re-starting finished log context" from keyring (#8398)
Allow existing users to login via OpenID Connect. (#8345)
Fix schema delta for servers that have not backfilled (#8396)
Fix MultiWriteIdGenerator's handling of restarts. (#8374)
s/URLs/variables in changelog
s/accidentally/incorrectly in changelog
Update changelog wording
Add type annotations to SimpleHttpClient (#8372)
Add new sequences to port DB script (#8387)
Add EventStreamPosition type (#8388)
Mark the shadow_banned column as boolean in synapse_port_db. (#8386)
|
| | |
| |
| |
| |
| |
| |
| | |
Co-authored-by: Benjamin Koch <bbbsnowball@gmail.com>
This adds configuration flags that will match a user to pre-existing users
when logging in via OpenID Connect. This is useful when switching to
an existing SSO system.
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* commit '2983049a7':
Factor out `_send_dummy_event_for_room` (#8370)
Improve logging of state resolution (#8371)
Fix bug which caused failure on join with malformed membership events (#8385)
Use `async with` for ID gens (#8383)
Don't push if an user account has expired (#8353)
Do not check lint/test dependencies at runtime. (#8377)
Add note to reverse_proxy.md about disabling Apache's mod_security2 (#8375)
Changelog
|
| | |
| |
| | |
This change adds a note and a few lines of configuration settings for Apache users to disable ModSecurity for Synapse's virtual hosts. With ModSecurity enabled and running with its default settings, Matrix clients are unable to send chat messages through the Synapse installation. With this change, ModSecurity can be disabled only for the Synapse virtual hosts.
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* commit '4325be1a5':
Fix missing null character check on guest_access room state
Fixed a bug with reactivating users with the admin API (#8362)
Admin API for reported events (#8217)
Fix wording of deprecation notice in changelog
Deprecation warning for synapse admin api being accessible under /_matrix
Create function to check for long names in devices (#8364)
Add a comment re #1691
Fix a bad merge from release-v1.20.0. (#8354)
Admin API for querying rooms where a user is a member (#8306)
Catch-up after Federation Outage (bonus): Catch-up on Synapse Startup (#8322)
Simplify super() calls to Python 3 syntax. (#8344)
Allow appservice users to /login (#8320)
Update test logging to be able to accept braces (#8335)
Move lint dependencies to extras_require (#8330)
|
| | |
| |
| | |
Add an admin API to read entries of table `event_reports`. API: `GET /_synapse/admin/v1/event_reports`
|
| | |
| |
| |
| | |
Add a new admin API `GET /_synapse/admin/v1/users/<user_id>/joined_rooms` to
list all rooms where a user is a member.
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* commit '837293c31':
Remove obsolete __future__ imports (#8337)
Use admin_patterns for all admin APIs. (#8331)
Fix a potential bug of UnboundLocalError (#8329)
Switch metaclass initialization to python 3-compatible syntax (#8326)
Catch-up after Federation Outage (split, 4): catch-up loop (#8272)
Use slots in attrs classes where possible (#8296)
Fix typos in comments.
Add the topic and avatar to the room details admin API (#8305)
Improve SAML error messages (#8248)
Add experimental support for sharding event persister. Again. (#8294)
Make `StreamToken.room_key` be a `RoomStreamToken` instance. (#8281)
Use TLSv1.2 for fake servers in tests (#8208)
Add /_synapse/client to the reverse proxy docs (#8227)
Clean up `Notifier.on_new_room_event` code path (#8288)
|
| | | |
|
| | | |
|
| | |\
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Synapse 1.20.0rc3 (2020-09-11)
==============================
Bugfixes
--------
- Fix a bug introduced in v1.20.0rc1 where the wrong exception was raised when invalid JSON data is encountered. ([\#8291](https://github.com/matrix-org/synapse/issues/8291))
|
| | | |
| | |
| | | |
This PR adds a information about forwarding `/_synapse/client` endpoints through your reverse proxy. The first of these endpoints are introduced in https://github.com/matrix-org/synapse/pull/8004.
|
| |\ \ \
| | |/
| |/|
| | |
| | |
| | |
| | | |
* commit '2832ef5bb':
1.20.0rc3
Fix the exception that is raised when invalid JSON is encountered. (#8291)
Remove shared rooms info from upgrade/workers doc as it's still experimental (#8290)
|
| | | |
| | |
| | |
| | | |
(#8290)
|
| |\ \ \
| | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* commit 'a3a90ee03':
Show a confirmation page during user password reset (#8004)
Do not error when thumbnailing invalid files (#8236)
Remove some unused distributor signals (#8216)
Fixup pusher pool notifications (#8287)
Revert "Fixup pusher pool notifications"
Fixup pusher pool notifications
|
| | | |
| | |
| | |
| | |
| | | |
This PR adds a confirmation step to resetting your user password between clicking the link in your email and your password actually being reset.
This is to better align our password reset flow with the industry standard of requiring a confirmation from the user after email validation.
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
whitelist (#8275)
This is a config option ported over from DINUM's Sydent: https://github.com/matrix-org/sydent/pull/285
They've switched to validating 3PIDs via Synapse rather than Sydent, and would like to retain this functionality.
This original purpose for this change is phishing prevention. This solution could also potentially be replaced by a similar one to https://github.com/matrix-org/synapse/pull/8004, but across all `*/submit_token` endpoint.
This option may still be useful to enterprise even with that safeguard in place though, if they want to be absolutely sure that their employees don't follow links to other domains.
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* commit '525efab61':
1.20.0rc1
Systemd docs: configure workers to start after main process. (#8276)
Only add rows to the push actions table if the event notifies or should be marked unread (#8274)
Avoid table-scanning users at startup (#8271)
Fix unread count failing on NULL values (#8270)
Add more logging to debug slow startup (#8264)
Refuse to upgrade database on worker processes (#8266)
|
| | | |
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| | |
* commit '0d4f614fd':
Refactor `_get_e2e_device_keys_for_federation_query_txn` (#8225)
Add experimental support for sharding event persister. (#8170)
Add /user/{user_id}/shared_rooms/ api (#7785)
Do not try to store invalid data in the stats table (#8226)
Convert the main methods run by the reactor to async. (#8213)
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Add shared_rooms api
* Add changelog
* Add .
* Wrap response in {"rooms": }
* linting
* Add unstable_features key
* Remove options from isort that aren't part of 5.x
`-y` and `-rc` are now default behaviour and no longer exist.
`dont-skip` is no longer required
https://timothycrosley.github.io/isort/CHANGELOG/#500-penny-july-4-2020
* Update imports to make isort happy
* Add changelog
* Update tox.ini file with correct invocation
* fix linting again for isort
* Vendor prefix unstable API
* Fix to match spec
* import Codes
* import Codes
* Use FORBIDDEN
* Update changelog.d/7785.feature
Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
* Implement get_shared_rooms_for_users
* a comma
* trailing whitespace
* Handle the easy feedback
* Switch to using runInteraction
* Add tests
* Feedback
* Seperate unstable endpoint from v2
* Add upgrade node
* a line
* Fix style by adding a blank line at EOF.
* Update synapse/storage/databases/main/user_directory.py
Co-authored-by: Tulir Asokan <tulir@maunium.net>
* Update synapse/storage/databases/main/user_directory.py
Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
* Update UPGRADE.rst
Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
* Fix UPGRADE/CHANGELOG unstable paths
unstable unstable unstable
Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
Co-authored-by: Tulir Asokan <tulir@maunium.net>
Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>
Co-authored-by: Tulir Asokan <tulir@maunium.net>
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* commit 'abeab964d':
Make _get_e2e_device_keys_and_signatures_txn return an attrs (#8224)
Fix errors when updating the user directory with invalid data (#8223)
Explain better what GDPR-erased means (#8189)
Convert additional databases to async/await part 3 (#8201)
Convert appservice code to async/await. (#8207)
Rename `_get_e2e_device_keys_txn` (#8222)
|
| | |
| |
| | |
Fixes https://github.com/matrix-org/synapse/issues/8185
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* commit '56efa9ec7': (22 commits)
Fix rate limiting unit tests. (#8167)
Add functions to `MultiWriterIdGen` used by events stream (#8164)
Do not allow send_nonmember_event to be called with shadow-banned users. (#8158)
Changelog fixes
Make StreamIdGen `get_next` and `get_next_mult` async (#8161)
Wording fixes to 'name' user admin api filter (#8163)
Fix missing double-backtick in RST document
Search in columns 'name' and 'displayname' in the admin users endpoint (#7377)
Add type hints for state. (#8140)
Stop shadow-banned users from sending non-member events. (#8142)
Allow capping a room's retention policy (#8104)
Add healthcheck for default localhost 8008 port on /health endpoint. (#8147)
Fix flaky shadow-ban tests. (#8152)
Don't fail /submit_token requests on incorrect session ID if request_token_inhibit_3pid_errors is turned on (#7991)
Do not apply ratelimiting on joins to appservices (#8139)
Micro-optimisations to get_auth_chain_ids (#8132)
Allow denying or shadow banning registrations via the spam checker (#8034)
Stop shadow-banned users from sending invites. (#8095)
Be more tolerant of membership events in unknown rooms (#8110)
Improve the error code when trying to register using a name reserved for guests. (#8135)
...
|
| | |
| |
| | |
Some fixes to wording I noticed after merging #7377.
|
| | | |
|
| | |
| |
| |
| |
| | |
* Search in columns 'name' and 'displayname' in the admin users endpoint
Signed-off-by: Manuel Stahl <manuel.stahl@awesome-technologies.de>
|
| | | |
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* commit 'c9c544cda':
Remove `ChainedIdGenerator`. (#8123)
Switch the JSON byte producer from a pull to a push producer. (#8116)
Updated docs: Added note about missing 308 redirect support. (#8120)
Be stricter about JSON that is accepted by Synapse (#8106)
Convert runWithConnection to async. (#8121)
Remove the unused inlineCallbacks code-paths in the caching code (#8119)
Separate `get_current_token` into two. (#8113)
Convert events worker database to async/await. (#8071)
Add a link to the matrix-synapse-rest-password-provider. (#8111)
|
| | |
| |
| |
| |
| | |
* Updated docs: Added note about missing 308 redirect support.
* Added changelog
|
| | | |
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* commit 'e04e465b4':
Use the default templates when a custom template file cannot be found (#8037)
Changelog changes
Convert stream database to async/await. (#8074)
Add a shadow-banned flag to users. (#8092)
Convert pusher databases to async/await. (#8075)
Convert receipts and events databases to async/await. (#8076)
|
| | |
| |
| | |
Fixes https://github.com/matrix-org/synapse/issues/6583
|
| |\|
| |
| |
| |
| |
| |
| | |
* commit '61d8ff0d4':
Update changelog.d/8051.misc
Newsfile
Move setting of Filter into code.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We do this to prevent foot guns. The default config uses a MemoryFilter,
but users are free to change to logging to files directly. If they do
then they have to ensure to set the `filters: [context]` on the right
handler, otherwise records get written with the wrong context.
Instead we move the logic to happen when we generate a record, which is
when we *log* rather than *handle*.
(It's possible to add filters to loggers in the config, however they
don't apply to descendant loggers and so they have to be manually set on
*every* logger used in the code base)
|
| | | |
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* commit 'db131b6b2':
Change the default log config to reduce disk I/O and storage (#8040)
Implement login blocking based on SAML attributes (#8052)
Add an assertion on prev_events in create_new_client_event (#8041)
Typo
Lint
why mypy why
Lint
Incorporate review
Incorporate review
Fix PUT /pushrules to use the right rule IDs
Back out the database hack and replace it with a temporary config setting
Fix cache name
Fix cache invalidation calls
Lint
Changelog
Implement new experimental push rules with a database hack to enable them
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Change default log config to buffer by default.
This batches up writes to the filesystem, which is more efficient for
disk I/O. This means that it can take some time for logs to get written
to disk. Note that ERROR logs (and above) immediately flush the buffer.
This only effects new installs, as we only write the log config if
started with `--generate-config` (in the same way we do for generating
signing keys).
* Default to keeping last 4 days of logs.
This hopefully reduces the amount of logs kept for new servers. Keeping
the last 1GB of logs is likely overkill for new servers, but equally may
not be enough for busy ones.
Instead, we keep the last four days worth of logs, enough so that admins
can investigate any problems that happened over e.g. a long weekend.
|
| | |
| |
| |
| |
| |
| |
| | |
Hopefully this mostly speaks for itself. I also did a bit of cleaning up of the
error handling.
Fixes #8047
|
| |\|
| |
| |
| |
| | |
* commit '1048ed2af':
Clarify that undoing a shutdown might not be possible (#8010)
|
| | | |
|
| |\|
| |
| |
| |
| | |
* commit '7620912d8':
Add health check endpoint (#8048)
|
| | | |
|
| |\|
| |
| |
| |
| | |
* commit '079bc3c8e':
Fixup worker doc (again) (#8000)
|
| | | |
|
| |\|
| |
| |
| |
| | |
* commit 'a7bdf98d0':
Rename database classes to make some sense (#8033)
|
| | | |
|
| |\|
| |
| |
| |
| |
| |
| | |
* commit '394be6a0e':
Newsfile
Add ratelimiting on joins
Add docs for undoing room shutdowns (#7998)
|
| | |\
| | |
| | |
| | | |
erikj/add_rate_limiting_to_joins
|
| | | |
| | |
| | | |
These docs were tested successfully in production by a customer, so it's probably fine.
|
| | | | |
|
| |\ \ \
| | |/
| |/|
| | |
| | | |
* commit '6d4b79002':
Update workers docs (#7990)
|
| | | | |
|
| |\| |
| | |
| | |
| | |
| | | |
* commit '606805bf0':
Fix typo in docs/workers.md (#7992)
|
| | | | |
|
| | |\| |
|
| |\| |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* commit '3950ae51e':
Ensure that remove_pusher is always async (#7981)
Ensure the msg property of HttpResponseException is a string. (#7979)
Remove from the event_relations table when purging historical events. (#7978)
Add additional logging for SAML sessions. (#7971)
Add MSC reference to changelog for #7736
Re-implement unread counts (#7736)
Various improvements to the docs (#7899)
Convert storage layer to async/await. (#7963)
Add an option to disable purge in delete room admin API (#7964)
Move some log lines from default logger to sql/transaction loggers (#7952)
Use the JSON module from the std library instead of simplejson. (#7936)
Fix exit code for `check_line_terminators.sh` (#7970)
Option to allow server admins to join complex rooms (#7902)
Fix typo in metrics docs (#7966)
Add script for finding files with unix line terminators (#7965)
Convert the remaining media repo code to async / await. (#7947)
Convert a synapse.events to async/await. (#7949)
Convert groups and visibility code to async / await. (#7951)
Convert push to async/await. (#7948)
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Add option ```purge``` to ```POST /_synapse/admin/v1/rooms/<room_id>/delete```
Fixes: #3761
Signed-off-by: Dirk Klimpel dirk@klimpel.org
|
| | | |
| | |
| | |
| | |
| | | |
Fixes #7901.
Signed-off-by: Niklas Tittjung <nik_t.01@web.de>
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
whitelist (#8275)
This is a config option ported over from DINUM's Sydent: https://github.com/matrix-org/sydent/pull/285
They've switched to validating 3PIDs via Synapse rather than Sydent, and would like to retain this functionality.
This original purpose for this change is phishing prevention. This solution could also potentially be replaced by a similar one to https://github.com/matrix-org/synapse/pull/8004, but across all `*/submit_token` endpoint.
This option may still be useful to enterprise even with that safeguard in place though, if they want to be absolutely sure that their employees don't follow links to other domains.
|
| |\ \ \
| | |/
| |/|
| | |
| | |
| | | |
* commit 'a9631b7b4':
1.18.0
Update worker docs with recent enhancements (#7969)
|
| | |/ |
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* commit 'f88c48f3b':
1.18.0rc1
Fix error reporting when using `opentracing.trace` (#7961)
Fix typing replication not being handled on master (#7959)
Remove hacky error handling for inlineDeferreds. (#7950)
Convert tests/rest/admin/test_room.py to unix file endings (#7953)
Support oEmbed for media previews. (#7920)
Convert state resolution to async/await (#7942)
Fix up types and comments that refer to Deferreds. (#7945)
Do not convert async functions to Deferreds in the interactive_auth_handler (#7944)
Convert more of the media code to async/await (#7873)
Return an empty body for OPTIONS requests. (#7886)
Downgrade warning on client disconnect to INFO (#7928)
Convert presence handler helpers to async/await. (#7939)
Update the auth providers to be async. (#7935)
Put a cache on `/state_ids` (#7931)
|
| | | |
|
| |\|
| |
| |
| |
| | |
* commit 'a4cf94a3c':
Update the dates for ACME v1 EOL
|
| | |
| |
| |
| | |
As per https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* commit 'de119063f': (31 commits)
Convert room list handler to async/await. (#7912)
Element CSS and logo in email templates (#7919)
Lint the contrib/ directory in CI and linting scripts, add synctl to linting script (#7914)
Remove unused code from synapse.logging.utils. (#7897)
Fix a typo in the sample config. (#7890)
Fix deprecation warning: import ABC from collections.abc (#7892)
Change sample config's postgres user to synapse_user (#7889)
Fix deprecation warning due to invalid escape sequences (#7895)
Remove Ubuntu Eoan that is now EOL (#7888)
Fix the trace function for async functions. (#7872)
Add help for creating a user via docker (#7885)
Switch to Debian:Slim from Alpine for the docker image (#7839)
Stop using 'device_max_stream_id' (#7882)
Fix TypeError in synapse.notifier (#7880)
Add a default limit (of 100) to get/sync operations. (#7858)
Change "unknown room ver" logging to warning. (#7881)
Convert device handler to async/await (#7871)
Convert synapse.app to async/await. (#7868)
Convert _base, profile, and _receipts handlers to async/await (#7860)
Add admin endpoint to get members in a room. (#7842)
...
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| | |
The [postgres setup docs](https://github.com/matrix-org/synapse/blob/develop/docs/postgres.md#set-up-database) recommend setting up your database with user `synapse_user`.
However, uncommenting the postgres defaults in the sample config leave you with user `synapse`.
This PR switches the sample config to recommend `synapse_user`. Took a me a second to figure this out, so assume this will beneficial to others.
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
I'm pretty sure there's no technical reason these have to be distinct server blocks, so collapse into one and go with the more terse location block.
Signed-off-by: Luke W Faraone <luke@faraone.cc>
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* commit 'a973bcb8a':
Add some tiny type annotations (#7870)
Remove obsolete comment.
Ensure that calls to `json.dumps` are compatible with the standard library json. (#7836)
Avoid brand new rooms in `delete_old_current_state_events` (#7854)
Allow accounts to be re-activated from the admin APIs. (#7847)
Fix tests
Fix typo
Newsfile
Use get_users_in_room rather than state handler in typing for speed
Fix client reader sharding tests (#7853)
Convert E2E key and room key handlers to async/await. (#7851)
Return the proper 403 Forbidden error during errors with JWT logins. (#7844)
remove `retry_on_integrity_error` wrapper for persist_events (#7848)
|
| | | |
|
| | | |
|
| |\|
| |
| |
| |
| | |
* commit '85223106f':
Allow email subjects to be customised through Synapse's configuration (#7846)
|
| | | |
|
| |\|
| |
| |
| |
| | |
* commit '491f0dab1':
Add delete room admin endpoint (#7613)
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The Delete Room admin API allows server admins to remove rooms from server
and block these rooms.
`DELETE /_synapse/admin/v1/rooms/<room_id>`
It is a combination and improvement of "[Shutdown room](https://github.com/matrix-org/synapse/blob/develop/docs/admin_api/shutdown_room.md)" and "[Purge room](https://github.com/matrix-org/synapse/blob/develop/docs/admin_api/purge_room.md)" API.
Fixes: #6425
It also fixes a bug in [synapse/storage/data_stores/main/room.py](synapse/storage/data_stores/main/room.py) in ` get_room_with_stats`.
It should return `None` if the room is unknown. But it returns an `IndexError`.
https://github.com/matrix-org/synapse/blob/901b1fa561e3cc661d78aa96d59802cf2078cb0d/synapse/storage/data_stores/main/room.py#L99-L105
Related to:
- #5575
- https://github.com/Awesome-Technologies/synapse-admin/issues/17
Signed-off-by: Dirk Klimpel dirk@klimpel.org
|
| |\|
| |
| |
| |
| | |
* commit '77d2c0541':
Add the option to validate the `iss` and `aud` claims for JWT logins. (#7827)
|
| | | |
|
| |\|
| |
| |
| |
| | |
* commit 'f299441cc':
Add ability to shard the federation sender (#7798)
|
| | | |
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* commit '43726783e': (22 commits)
1.17.0rc1
Fix some spelling mistakes / typos. (#7811)
`update_membership` declaration: now always returns an event id. (#7809)
Improve stacktraces from exceptions in background processes (#7808)
Fix `can only concatenate list (not "tuple") to list` exception (#7810)
Pass original request headers from workers to the main process. (#7797)
Generate real events when we reject invites (#7804)
Add `HomeServer.signing_key` property (#7805)
Revert "Update the installation docs on apt-transport-https (#7801)"
Do not use simplejson in Synapse. (#7800)
Stop passing bytes when dumping JSON (#7799)
Update the installation docs on apt-transport-https (#7801)
shuffle changelog slightly
Change Caddy links (old is deprecated) (#7789)
Stop populating unused table `local_invites`. (#7793)
Refactor getting replication updates from database v2. (#7740)
Add libwebp dependency to Dockerfile (#7791)
Add documentation for JWT login type and improve sample config. (#7776)
Convert the appservice handler to async/await. (#7775)
Don't ignore `set_tweak` actions with no explicit `value`. (#7766)
...
|
| | |
| |
| |
| |
| |
| |
| | |
* Change Caddy links
Current links points to Caddy v1 which is deprecated.
Signed-off-by: Nicolai Søborg <git@xn--sb-lka.org>
|
| | | |
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* commit 'dc80a0762':
1.16.0rc1
Back out MSC2625 implementation (#7761)
Additional configuration options for auto-join rooms (#7763)
Add some metrics for inbound and outbound federation processing times (#7755)
Explain the purpose of the "tests" conditional dependency requirement (#7751)
Add another yield point to state res v2 (#7746)
Move flake8 to end. Don't exit script on failure (#7738)
Make tox actions work on Debian 10 (#7703)
Yield during large v2 state res. (#7735)
add org.matrix.login.jwt so that m.login.jwt can be deprecated (#7675)
Set Content-Length for Metrics requests (#7730)
Sync ignored table names in synapse_port_db to current database schema (#7717)
Allow local media to be marked as safe from being quarantined. (#7718)
Convert directory handler to async/await (#7727)
Speed up state res v2 across large state differences. (#7725)
|
| | | |
|
| |\|
| |
| |
| |
| | |
* commit 'b44bdd7f7':
Support running multiple media repos. (#7706)
|
| | |
| |
| |
| |
| | |
This requires a new config option to specify which media repo should be
responsible for running background jobs to e.g. clear out expired URL
preview caches.
|
| |\|
| |
| |
| |
| | |
* commit 'e452973fd':
fix broken link in sample config (#7712)
|
| | | |
|
| |\|
| |
| |
| |
| | |
* commit '5c5516f80':
Add instructions for authing with Keycloak via OpenID (#7659)
|
| | | |
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* commit '03619324f':
Create a ListenerConfig object (#7681)
Fix changelog wording
1.15.1
Wrap register_device coroutine in an ensureDeferred (#7684)
Ensure the body is a string before comparing push rules. (#7701)
Ensure etag is a string for GET room_keys/version response (#7691)
Update m.id.phone to use 'phone' instead of 'number' (#7687)
Fix "There was no active span when trying to log." error (#7698)
Enable 3PID add/bind/unbind endpoints on r0 routes
Discard RDATA from already seen positions. (#7648)
Replace iteritems/itervalues/iterkeys with native versions. (#7692)
Fix warnings about losing log context during UI auth. (#7688)
Fix a typo when comparing the URI & method during UI Auth. (#7689)
Remove "user_id" from GET /presence. (#7606)
Increase the default SAML session expirary time to 15 minutes. (#7664)
fix typo in sample_config.yaml (#7652)
Take out a lock before modifying _CACHES (#7663)
Add option to enable encryption by default for new rooms (#7639)
Clean-up the fallback login code. (#7657)
|
| | | |
|
| | |
| |
| |
| |
| | |
Just a simple typo fix.
Signed-off-by: wondratsch 28294257+wondratsch@users.noreply.github.com
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Fixes https://github.com/matrix-org/synapse/issues/2431
Adds config option `encryption_enabled_by_default_for_room_type`, which determines whether encryption should be enabled with the default encryption algorithm in private or public rooms upon creation. Whether the room is private or public is decided based upon the room creation preset that is used.
Part of this PR is also pulling out all of the individual instances of `m.megolm.v1.aes-sha2` into a constant variable to eliminate typos ala https://github.com/matrix-org/synapse/pull/7637
Based on #7637
|
| | |
| |
| |
| |
| | |
Adds an option, `bind_new_user_emails_to_sydent`, which uses Sydent's [internal bind api](https://github.com/matrix-org/sydent#internal-bind-and-unbind-api) to automatically bind email addresses of users immediately after they register.
This is quite enterprise-specific, but could be generally useful to multiple organizations. This aims to solve the problem of requiring users to verify their email twice when using the functionality of an identity server in a corporate deployment - where both the homeserver and identity server are controlled. It does with while eliminating the need for the `account_threepid_delegates.email` option, which historically has been a very complicated option to reason about.
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
dinsic-release-v1.15.x
* 'release-v1.15.0' of github.com:matrix-org/synapse: (55 commits)
1.15.0
Fix some attributions
Update CHANGES.md
1.15.0rc1
Revert "1.15.0rc1"
1.15.0rc1
Fix bug in account data replication stream. (#7656)
Convert the registration handler to async/await. (#7649)
Accept device information at the login fallback endpoint. (#7629)
Convert user directory handler and related classes to async/await. (#7640)
Add an option to disable autojoin for guest accounts (#6637)
Clarifications to the admin api documentation (#7647)
Update to the stable SSO prefix for UI Auth. (#7630)
Fix type information on `assert_*_is_admin` methods (#7645)
Remove some unused constants. (#7644)
Typo fixes.
Allow new users to be registered via the admin API even if the monthly active user limit has been reached (#7263)
Add device management to admin API (#7481)
Attempt to fix PhoneHomeStatsTestCase.test_performance_100 being flaky. (#7634)
Support CS API v0.6.0 (#6585)
...
|
| | |
| |
| |
| | |
Fixes https://github.com/matrix-org/synapse/issues/3177
|
| | |
| |
| |
| |
| |
| | |
* Clarify how to authenticate
* path params are not the same thing as query params
* Fix documentation for `/_synapse/admin/v2/users/<user_id>`
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- Admin is able to
- change displaynames
- delete devices
- list devices
- get device informations
Fixes #7330
|
| | |
| |
| |
| | |
docs, default configs, comments. Nothing very significant.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Expose `return_html_error`, and allow it to take a Jinja2 template instead of a raw string
* Clean up exception handling in SAML2ResponseResource
* use the existing code in `return_html_error` instead of re-implementing it
(giving it a jinja2 template rather than inventing a new form of template)
* do the exception-catching in the REST layer rather than in the handler
layer, to make sure we catch all exceptions.
|
| | |
| |
| | |
Signed-off-by: Christopher Cooper <cooperc@ocf.berkeley.edu>
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
dinsic-release-v1.14.x
* 'release-v1.14.0' of github.com:matrix-org/synapse: (108 commits)
Fix typo in PR link
Update debian changelog
1.14.0
Improve changelog wording
1.14.0rc2
Fix sample config docs error (#7581)
Fix up comments
Fix specifying cache factors via env vars with * in name. (#7580)
Don't apply cache factor to event cache. (#7578)
Ensure ReplicationStreamer is always started when replication enabled. (#7579)
Remove the changes to the debian changelog
Not full release yet, this is rc1
Merge event persistence move changelog entries
More changelog fix
Changelog fixes
1.14.0
Replace device_27_unique_idx bg update with a fg one (#7562)
Fix incorrect exception handling in KeyUploadServlet.on_POST (#7563)
Fix recording of federation stream token (#7564)
Simplify reap_monthly_active_users (#7558)
...
|
| | |
| |
| |
| |
| |
| | |
'client_auth_method' commented out value was erronously 'client_auth_basic',
when code and docstring says it should be 'client_secret_basic'.
Signed-off-by: Jason Robinson <jasonr@matrix.org>
|
| | | |
|
| | |
| |
| |
| |
| | |
This mostly applise to `*stateGroupCache*` and co.
Broke in #6391.
|
| | |
| |
| | |
consistency ftw
|
| | | |
|
| | | |
|
| | | |
|
| | |
| |
| | |
also a small clarification to nginx
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The specific headers that are passed using this new configuration format
are Host and X-Forwarded-For, which should be all that's required.
Note that for production another matcher should be added in the first
section to properly handle the base_url lookup:
reverse_proxy /.well-known/matrix/* http://localhost:8008
Signed-off-by: Jeff Peeler <jpeeler@gmail.com>
|
| | |\ |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
* general updates to CONTRIBUTING.md
* notes on updating your PR
* Notes on squash-merging or otherwise
* document git branching model
|
| | | |
| | |
| | | |
a couple of cleanups
|
| | | |\
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Synapse v1.12.4
Features:
* Always send users their own device updates. (#7160)
* Add support for handling GET requests for account_data on a worker. (#7311)
Bugfixes:
* Fix a bug that prevented cross-signing with users on worker-mode synapses. (#7255)
* Do not treat display names as globs in push rules. (#7271)
* Fix a bug with cross-signing devices belonging to remote users who did not share a
room with any user on the local homeserver. (#7289)
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | | |
variables (#6391)
|
| | |\ \ \
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
* release-v1.13.0:
Don't UPGRADE database rows
RST indenting
Put rollback instructions in upgrade notes
Fix changelog typo
Oh yeah, RST
Absolute URL it is then
Fix upgrade notes link
Provide summary of upgrade issues in changelog. Fix )
Move next version notes from changelog to upgrade notes
Changelog fixes
1.13.0rc1
Documentation on setting up redis (#7446)
Rework UI Auth session validation for registration (#7455)
Fix errors from malformed log line (#7454)
Drop support for redis.dbid (#7450)
|
| | | | | | |
|
| | | | | | |
|
| | | | | | |
|
| | |\ \ \ \ |
|
| | | | | | | |
|
| |\ \ \ \ \ \
| | |_|/ / /
| |/| | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
dinsic-release-v1.14.x
* 'release-v1.13.0' of github.com:matrix-org/synapse: (257 commits)
Update changelog based on feedback.
Move warnings in the changelog and re-iterate changes to branches.
1.13.0
update dh-virtualenv (#7526)
1.13.0rc3
Hash passwords earlier in the registration process (#7523)
1.13.0rc2
1.13.0rc2
Stop `get_joined_users` corruption from custom statuses (#7376)
Do not validate that the client dict is stable during UI Auth. (#7483)
Fix new flake8 errors (#7489)
Don't UPGRADE database rows
RST indenting
Put rollback instructions in upgrade notes
Fix changelog typo
Oh yeah, RST
Absolute URL it is then
Fix upgrade notes link
Provide summary of upgrade issues in changelog. Fix )
Move next version notes from changelog to upgrade notes
...
|
| | | |/ / /
| |/| | | |
|
| | |/ / /
| | | |
| | | | |
Add dummy_events_threshold which allows configuring the number of forward extremities a room needs for Synapse to send forward extremities in it.
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
This is primarily for allowing us to send those commands from workers, but for now simply allows us to ignore echoed RDATA/POSITION commands that we sent (we get echoes of sent commands when using redis). Currently we log a WARNING on the master process every time we receive an echoed RDATA.
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
(#6881)
Signed-off-by: Manuel Stahl <manuel.stahl@awesome-technologies.de>
|
| | | | |
| | | |
| | | | |
It doesn't seem to be documented anywhere and means that you suddenly start losing metrics without any obvious reason when you go from monolith to workers (e.g. #7312).
|
| | | | |
| | | |
| | | | |
Signed-off-by: Simon Körner <git@lubiland.de>
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
matrix-org/babolivier/request_token""
This reverts commit 1adf6a55870aa08de272591ff49db9dc49738076.
|
| | |\| | |
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
This reverts commit 6f4319368b3afab661c55367b9348f9b77bc04a5, reversing
changes made to 0d775fcc2d0c7b6a07dad5430256d4d6c75a9f0d.
|
| | | |\ \
| | | | |
| | | | | |
Config option to inhibit 3PID errors on /requestToken
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Adds a request_token_inhibit_errors configuration flag (disabled by
default) which, if enabled, change the behaviour of all /requestToken
endpoints so that they return a 200 and a fake sid if the 3PID was/was
not found associated with an account (depending on the endpoint),
instead of an error.
Co-Authored-By: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
|
| | | | | | |
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
matrix-org/babolivier/sso_whitelist_login_fallback"
This was incorrectly merged to master.
This reverts commit 319c41f573eb14a966367b60b2e6e93bf6b028d9, reversing
changes made to 229eb81498b0fe1da81e9b5b333a0285acde9446.
|
| | | |\ \ \
| | | | | |
| | | | | | |
Always whitelist the login fallback for SSO
|
| | | | | | | |
|
| | | | |/ / |
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Long story short: if we're handling presence on the current worker, we shouldn't be sending USER_SYNC commands over replication.
In an attempt to figure out what is going on here, I ended up refactoring some bits of the presencehandler code, so the first 4 commits here are non-functional refactors to move this code slightly closer to sanity. (There's still plenty to do here :/). Suggest reviewing individual commits.
Fixes (I hope) #7257.
|
| | | | | | |
|
| | |\ \ \ \
| | | |_|/
| | |/| | |
|
| | | | |/
| | |/| |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Also adjust sample_config.yaml
Signed-off-by: Lars Franke <frcl@mailbox.org>
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | | |
Simplify and update this documentation, and make it part of the core dist.
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
Log warning when filesystem path is used.
Signed-off-by: Martin Milata <martin@martinmilata.cz>
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* Remove `conn_id` usage for UserSyncCommand.
Each tcp replication connection is assigned a "conn_id", which is used
to give an ID to a remotely connected worker. In a redis world, there
will no longer be a one to one mapping between connection and instance,
so instead we need to replace such usages with an ID generated by the
remote instances and included in the replicaiton commands.
This really only effects UserSyncCommand.
* Add CLEAR_USER_SYNCS command that is sent on shutdown.
This should help with the case where a synchrotron gets restarted
gracefully, rather than rely on 5 minute timeout.
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
That fallback sets the redirect URL to itself (so it can process the login
token then return gracefully to the client). This would make it pointless to
ask the user for confirmation, since the URL the confirmation page would be
showing wouldn't be the client's.
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | |
| | | |
| | | | |
Signed-off-by: Aaron Raimist <aaron@raim.ist>
|
| | | | |
| | | |
| | | | |
This changes the replication protocol so that the server does not send down `RDATA` for rows that happened before the client connected. Instead, the server will send a `POSITION` and clients then query the database (or master out of band) to get up to date.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* Pull Sentinel out of LoggingContext
... and drop a few unnecessary references to it
* Factor out LoggingContext.current_context
move `current_context` and `set_context` out to top-level functions.
Mostly this means that I can more easily trace what's actually referring to
LoggingContext, but I think it's generally neater.
* move copy-to-parent into `stop`
this really just makes `start` and `stop` more symetric. It also means that it
behaves correctly if you manually `set_log_context` rather than using the
context manager.
* Replace `LoggingContext.alive` with `finished`
Turn `alive` into `finished` and make it a bit better defined.
|
| | |\ \ \
| | | |/
| | |/| |
|
| | | |\|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Synapse 1.12.0 (2020-03-23)
===========================
No significant changes since 1.12.0rc1.
Debian packages and Docker images are rebuilt using the latest versions of
dependency libraries, including Twisted 20.3.0. **Please see security advisory
below**.
Security advisory
-----------------
Synapse may be vulnerable to request-smuggling attacks when it is used with a
reverse-proxy. The vulnerabilties are fixed in Twisted 20.3.0, and are
described in
[CVE-2020-10108](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10108)
and
[CVE-2020-10109](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10109).
For a good introduction to this class of request-smuggling attacks, see
https://portswigger.net/research/http-desync-attacks-request-smuggling-reborn.
We are not aware of these vulnerabilities being exploited in the wild, and
do not believe that they are exploitable with current versions of any reverse
proxies. Nevertheless, we recommend that all Synapse administrators ensure that
they have the latest versions of the Twisted library to ensure that their
installation remains secure.
* Administrators using the [`matrix.org` Docker
image](https://hub.docker.com/r/matrixdotorg/synapse/) or the [Debian/Ubuntu
packages from
`matrix.org`](https://github.com/matrix-org/synapse/blob/master/INSTALL.md#matrixorg-packages)
should ensure that they have version 1.12.0 installed: these images include
Twisted 20.3.0.
* Administrators who have [installed Synapse from
source](https://github.com/matrix-org/synapse/blob/master/INSTALL.md#installing-from-source)
should upgrade Twisted within their virtualenv by running:
```sh
<path_to_virtualenv>/bin/pip install 'Twisted>=20.3.0'
```
* Administrators who have installed Synapse from distribution packages should
consult the information from their distributions.
The `matrix.org` Synapse instance was not vulnerable to these vulnerabilities.
Advance notice of change to the default `git` branch for Synapse
----------------------------------------------------------------
Currently, the default `git` branch for Synapse is `master`, which tracks the
latest release.
After the release of Synapse 1.13.0, we intend to change this default to
`develop`, which is the development tip. This is more consistent with common
practice and modern `git` usage.
Although we try to keep `develop` in a stable state, there may be occasions
where regressions creep in. Developers and distributors who have scripts which
run builds using the default branch of `Synapse` should therefore consider
pinning their scripts to `master`.
Synapse 1.12.0rc1 (2020-03-19)
==============================
Features
--------
- Changes related to room alias management ([MSC2432](https://github.com/matrix-org/matrix-doc/pull/2432)):
- Publishing/removing a room from the room directory now requires the user to have a power level capable of modifying the canonical alias, instead of the room aliases. ([\#6965](https://github.com/matrix-org/synapse/issues/6965))
- Validate the `alt_aliases` property of canonical alias events. ([\#6971](https://github.com/matrix-org/synapse/issues/6971))
- Users with a power level sufficient to modify the canonical alias of a room can now delete room aliases. ([\#6986](https://github.com/matrix-org/synapse/issues/6986))
- Implement updated authorization rules and redaction rules for aliases events, from [MSC2261](https://github.com/matrix-org/matrix-doc/pull/2261) and [MSC2432](https://github.com/matrix-org/matrix-doc/pull/2432). ([\#7037](https://github.com/matrix-org/synapse/issues/7037))
- Stop sending m.room.aliases events during room creation and upgrade. ([\#6941](https://github.com/matrix-org/synapse/issues/6941))
- Synapse no longer uses room alias events to calculate room names for push notifications. ([\#6966](https://github.com/matrix-org/synapse/issues/6966))
- The room list endpoint no longer returns a list of aliases. ([\#6970](https://github.com/matrix-org/synapse/issues/6970))
- Remove special handling of aliases events from [MSC2260](https://github.com/matrix-org/matrix-doc/pull/2260) added in v1.10.0rc1. ([\#7034](https://github.com/matrix-org/synapse/issues/7034))
- Expose the `synctl`, `hash_password` and `generate_config` commands in the snapcraft package. Contributed by @devec0. ([\#6315](https://github.com/matrix-org/synapse/issues/6315))
- Check that server_name is correctly set before running database updates. ([\#6982](https://github.com/matrix-org/synapse/issues/6982))
- Break down monthly active users by `appservice_id` and emit via Prometheus. ([\#7030](https://github.com/matrix-org/synapse/issues/7030))
- Render a configurable and comprehensible error page if something goes wrong during the SAML2 authentication process. ([\#7058](https://github.com/matrix-org/synapse/issues/7058), [\#7067](https://github.com/matrix-org/synapse/issues/7067))
- Add an optional parameter to control whether other sessions are logged out when a user's password is modified. ([\#7085](https://github.com/matrix-org/synapse/issues/7085))
- Add prometheus metrics for the number of active pushers. ([\#7103](https://github.com/matrix-org/synapse/issues/7103), [\#7106](https://github.com/matrix-org/synapse/issues/7106))
- Improve performance when making HTTPS requests to sygnal, sydent, etc, by sharing the SSL context object between connections. ([\#7094](https://github.com/matrix-org/synapse/issues/7094))
Bugfixes
--------
- When a user's profile is updated via the admin API, also generate a displayname/avatar update for that user in each room. ([\#6572](https://github.com/matrix-org/synapse/issues/6572))
- Fix a couple of bugs in email configuration handling. ([\#6962](https://github.com/matrix-org/synapse/issues/6962))
- Fix an issue affecting worker-based deployments where replication would stop working, necessitating a full restart, after joining a large room. ([\#6967](https://github.com/matrix-org/synapse/issues/6967))
- Fix `duplicate key` error which was logged when rejoining a room over federation. ([\#6968](https://github.com/matrix-org/synapse/issues/6968))
- Prevent user from setting 'deactivated' to anything other than a bool on the v2 PUT /users Admin API. ([\#6990](https://github.com/matrix-org/synapse/issues/6990))
- Fix py35-old CI by using native tox package. ([\#7018](https://github.com/matrix-org/synapse/issues/7018))
- Fix a bug causing `org.matrix.dummy_event` to be included in responses from `/sync`. ([\#7035](https://github.com/matrix-org/synapse/issues/7035))
- Fix a bug that renders UTF-8 text files incorrectly when loaded from media. Contributed by @TheStranjer. ([\#7044](https://github.com/matrix-org/synapse/issues/7044))
- Fix a bug that would cause Synapse to respond with an error about event visibility if a client tried to request the state of a room at a given token. ([\#7066](https://github.com/matrix-org/synapse/issues/7066))
- Repair a data-corruption issue which was introduced in Synapse 1.10, and fixed in Synapse 1.11, and which could cause `/sync` to return with 404 errors about missing events and unknown rooms. ([\#7070](https://github.com/matrix-org/synapse/issues/7070))
- Fix a bug causing account validity renewal emails to be sent even if the feature is turned off in some cases. ([\#7074](https://github.com/matrix-org/synapse/issues/7074))
Improved Documentation
----------------------
- Updated CentOS8 install instructions. Contributed by Richard Kellner. ([\#6925](https://github.com/matrix-org/synapse/issues/6925))
- Fix `POSTGRES_INITDB_ARGS` in the `contrib/docker/docker-compose.yml` example docker-compose configuration. ([\#6984](https://github.com/matrix-org/synapse/issues/6984))
- Change date in [INSTALL.md](./INSTALL.md#tls-certificates) for last date of getting TLS certificates to November 2019. ([\#7015](https://github.com/matrix-org/synapse/issues/7015))
- Document that the fallback auth endpoints must be routed to the same worker node as the register endpoints. ([\#7048](https://github.com/matrix-org/synapse/issues/7048))
Deprecations and Removals
-------------------------
- Remove the unused query_auth federation endpoint per [MSC2451](https://github.com/matrix-org/matrix-doc/pull/2451). ([\#7026](https://github.com/matrix-org/synapse/issues/7026))
Internal Changes
----------------
- Add type hints to `logging/context.py`. ([\#6309](https://github.com/matrix-org/synapse/issues/6309))
- Add some clarifications to `README.md` in the database schema directory. ([\#6615](https://github.com/matrix-org/synapse/issues/6615))
- Refactoring work in preparation for changing the event redaction algorithm. ([\#6874](https://github.com/matrix-org/synapse/issues/6874), [\#6875](https://github.com/matrix-org/synapse/issues/6875), [\#6983](https://github.com/matrix-org/synapse/issues/6983), [\#7003](https://github.com/matrix-org/synapse/issues/7003))
- Improve performance of v2 state resolution for large rooms. ([\#6952](https://github.com/matrix-org/synapse/issues/6952), [\#7095](https://github.com/matrix-org/synapse/issues/7095))
- Reduce time spent doing GC, by freezing objects on startup. ([\#6953](https://github.com/matrix-org/synapse/issues/6953))
- Minor perfermance fixes to `get_auth_chain_ids`. ([\#6954](https://github.com/matrix-org/synapse/issues/6954))
- Don't record remote cross-signing keys in the `devices` table. ([\#6956](https://github.com/matrix-org/synapse/issues/6956))
- Use flake8-comprehensions to enforce good hygiene of list/set/dict comprehensions. ([\#6957](https://github.com/matrix-org/synapse/issues/6957))
- Merge worker apps together. ([\#6964](https://github.com/matrix-org/synapse/issues/6964), [\#7002](https://github.com/matrix-org/synapse/issues/7002), [\#7055](https://github.com/matrix-org/synapse/issues/7055), [\#7104](https://github.com/matrix-org/synapse/issues/7104))
- Remove redundant `store_room` call from `FederationHandler._process_received_pdu`. ([\#6979](https://github.com/matrix-org/synapse/issues/6979))
- Update warning for incorrect database collation/ctype to include link to documentation. ([\#6985](https://github.com/matrix-org/synapse/issues/6985))
- Add some type annotations to the database storage classes. ([\#6987](https://github.com/matrix-org/synapse/issues/6987))
- Port `synapse.handlers.presence` to async/await. ([\#6991](https://github.com/matrix-org/synapse/issues/6991), [\#7019](https://github.com/matrix-org/synapse/issues/7019))
- Add some type annotations to the federation base & client classes. ([\#6995](https://github.com/matrix-org/synapse/issues/6995))
- Port `synapse.rest.keys` to async/await. ([\#7020](https://github.com/matrix-org/synapse/issues/7020))
- Add a type check to `is_verified` when processing room keys. ([\#7045](https://github.com/matrix-org/synapse/issues/7045))
- Add type annotations and comments to the auth handler. ([\#7063](https://github.com/matrix-org/synapse/issues/7063))
|
| | | | |
| | | |
| | | | |
fix broken link
|
| | | |/
| |/|
| | |
| | |
| | | |
Attempts to clarify the sample config for databases, and add some stuff about
tcp keepalives to `postgres.md`.
|
| | | | |
|
| | | | |
|
| | | | |
|
| |\| |
| | |
| | |
| | |
| | |
| | |
| | | |
devices. (#7085)
* commit '88b41986d':
Add an option to the set password API to choose whether to logout other devices. (#7085)
|
| | | |
| | |
| | |
| | | |
devices. (#7085)
|
| |\| |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* commit '6a3504636': (29 commits)
Revert "Add options to disable setting profile info for prevent changes. (#7053)"
Populate the room version from state events (#7070)
Fix buggy condition in account validity handler (#7074)
Use innerText instead of innerHTML
Add type annotations and comments to auth handler (#7063)
Lint
Put the file in the templates directory
Update wording and config
Changelog
Move the default SAML2 error HTML to a dedicated file
Refactor a bit
Also don't fail on aliases events in this case
Lint
Changelog
Also don't filter out events sent by ignored users when checking state visibility
Fix condition
Don't filter out dummy events when we're checking the visibility of state
Update sample_config.yaml
Update synapse/config/registration.py
lint, fix tests
...
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
(#7053)"
This reverts commit 54dd28621b070ca67de9f773fe9a89e1f4dc19da, reversing
changes made to 6640460d054e8f4444046a34bdf638921b31c01e.
|
| | | | |
|
| | | | |
|
| | |\ \ |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| |\| | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* commit '6640460d0':
Rephrase default message
Hopefully mypy is happy now
Attempt at appeasing the gods of mypy
Lint
Changelog
Update sample config
SAML2: render a comprehensible error page if something goes wrong
|
| | | | | |
|
| |\| | |
| | | |
| | | |
| | | |
| | | | |
* commit '66315d862':
Update routing of fallback auth in the worker docs. (#7048)
|
| | | | | |
|
| | |\ \ \
| | |/ /
| |/| /
| | |/ |
|
| |\ \ \
| | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | | |
* commit 'fd983fad9':
v1.11.1
Fix wrong handler being used in SAML handler
Factor out complete_sso_login and expose it to the Module API
Add a whitelist for the SSO confirmation step.
Add a confirmation step to the SSO login flow
|
| | | | |
|
| | | | |
|
| |\ \ \
| | |/
| |/|
| | |
| | | |
* commit '4c2ed3f20':
Fix minor issues with email config (#6962)
|
| | | |
| | |
| | |
| | |
| | |
| | | |
* Give `notif_template_html`, `notif_template_text` default values (fixes #6960)
* Don't complain if `smtp_host` and `smtp_port` are unset, since they have sensible defaults (fixes #6961)
* Set the example for `enable_notifs` to `True`, for consistency and because it's more useful
* Raise errors as ConfigError rather than RuntimeError for nicer formatting
|
| |\| |
| | |
| | |
| | |
| | |
| | |
| | | |
* commit '509e381af':
Clarify list/set/dict/tuple comprehensions and enforce via flake8 (#6957)
changelog
Increase MAX_EVENTS_BEHIND for replication clients
|
| | |/
| |
| |
| | |
Ensure good comprehension hygiene using flake8-comprehensions.
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* commit 'bbe39f808':
Incorporate review
Incorporate review
Phrasing
Changelog
Add mention of SRV records as an advanced topic
Argh trailing spaces
Fix links in the reverse proxy doc
Make federate.md more of a sumary of the steps to follow to set up replication
Split the delegating documentation out of federate.md and trim it down
|
| | |\
| | |
| | | |
Clean up and update federation docs
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| |\| |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* commit 'd484126bf':
Make the log more noticeable
Print the error as an error log and raise the same exception we got
Linters are hard but in they end they just want what's best for us
Lint
Changelog
Lint
Add a separator for the config warning
Add a comprehensive error when failing to register for an ACME account
Add mention and warning about ACME v1 deprecation to the Synapse config
|
| | |\ \
| | | |
| | | | |
Add mention and warning about ACME v1 deprecation to the TLS config
|
| | | | | |
|
| |\| | |
| | | |
| | | |
| | | |
| | | | |
* commit '818def824':
Fix worker docs to point `/publicised_groups` API correctly. (#6938)
|
| | | | | |
|
| |\| | |
| | | |
| | | |
| | | |
| | | | |
* commit '97a42bbc3':
Add a warning about indentation to generated config (#6920)
|
| | | | |
| | | |
| | | | |
Fixes #6916.
|
| |\| | |
| | | |
| | | |
| | | |
| | | | |
* commit '49f877d32':
Filter the results of user directory searching via the spam checker (#6888)
|
| | | |/
| |/|
| | | |
Add a method to the spam checker to filter the user directory results.
|
| |\| |
| | |
| | |
| | |
| | | |
* commit '361de49c9':
Add documentation for the spam checker module (#6906)
|
| | | |
| | |
| | | |
Add documentation for the spam checker.
|
| |\| |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* commit 'f48bf4feb':
Update docs/ACME.md
Mention that using Synapse to serve certificates requires restarts
Changelog
Remove duplicated info about certbot et al
Update ACME.md to mention ACME v1 deprecation
|
| | | | |
|
| | | | |
|
| | | | |
|
| | |/ |
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| | |
* commit '6cd34da8b':
Rephrase
Update the changelog file
Also spell it out in the purge history API doc
Changelog
Spell out that Synapse never purges the last event sent in a room
|
| | |\
| | |
| | | |
Spell out that the last event sent to a room won't be deleted by a purge
|
| | | | |
|
| | | | |
|
| | | | |
|
| | |\ \
| | |/
| |/| |
|
| | | |\
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Synapse 1.10.0 (2020-02-12)
===========================
**WARNING to client developers**: As of this release Synapse validates `client_secret` parameters in the Client-Server API as per the spec. See [\#6766](https://github.com/matrix-org/synapse/issues/6766) for details.
Updates to the Docker image
---------------------------
- Update the docker images to Alpine Linux 3.11. ([\#6897](https://github.com/matrix-org/synapse/issues/6897))
Synapse 1.10.0rc5 (2020-02-11)
==============================
Bugfixes
--------
- Fix the filtering introduced in 1.10.0rc3 to also apply to the state blocks returned by `/sync`. ([\#6884](https://github.com/matrix-org/synapse/issues/6884))
Synapse 1.10.0rc4 (2020-02-11)
==============================
This release candidate was built incorrectly and is superceded by 1.10.0rc5.
Synapse 1.10.0rc3 (2020-02-10)
==============================
Features
--------
- Filter out `m.room.aliases` from the CS API to mitigate abuse while a better solution is specced. ([\#6878](https://github.com/matrix-org/synapse/issues/6878))
Internal Changes
----------------
- Fix continuous integration failures with old versions of `pip`, which were introduced by a release of the `zipp` library. ([\#6880](https://github.com/matrix-org/synapse/issues/6880))
Synapse 1.10.0rc2 (2020-02-06)
==============================
Bugfixes
--------
- Fix an issue with cross-signing where device signatures were not sent to remote servers. ([\#6844](https://github.com/matrix-org/synapse/issues/6844))
- Fix to the unknown remote device detection which was introduced in 1.10.rc1. ([\#6848](https://github.com/matrix-org/synapse/issues/6848))
Internal Changes
----------------
- Detect unexpected sender keys on remote encrypted events and resync device lists. ([\#6850](https://github.com/matrix-org/synapse/issues/6850))
Synapse 1.10.0rc1 (2020-01-31)
==============================
Features
--------
- Add experimental support for updated authorization rules for aliases events, from [MSC2260](https://github.com/matrix-org/matrix-doc/pull/2260). ([\#6787](https://github.com/matrix-org/synapse/issues/6787), [\#6790](https://github.com/matrix-org/synapse/issues/6790), [\#6794](https://github.com/matrix-org/synapse/issues/6794))
Bugfixes
--------
- Warn if postgres database has a non-C locale, as that can cause issues when upgrading locales (e.g. due to upgrading OS). ([\#6734](https://github.com/matrix-org/synapse/issues/6734))
- Minor fixes to `PUT /_synapse/admin/v2/users` admin api. ([\#6761](https://github.com/matrix-org/synapse/issues/6761))
- Validate `client_secret` parameter using the regex provided by the Client-Server API, temporarily allowing `:` characters for older clients. The `:` character will be removed in a future release. ([\#6767](https://github.com/matrix-org/synapse/issues/6767))
- Fix persisting redaction events that have been redacted (or otherwise don't have a redacts key). ([\#6771](https://github.com/matrix-org/synapse/issues/6771))
- Fix outbound federation request metrics. ([\#6795](https://github.com/matrix-org/synapse/issues/6795))
- Fix bug where querying a remote user's device keys that weren't cached resulted in only returning a single device. ([\#6796](https://github.com/matrix-org/synapse/issues/6796))
- Fix race in federation sender worker that delayed sending of device updates. ([\#6799](https://github.com/matrix-org/synapse/issues/6799), [\#6800](https://github.com/matrix-org/synapse/issues/6800))
- Fix bug where Synapse didn't invalidate cache of remote users' devices when Synapse left a room. ([\#6801](https://github.com/matrix-org/synapse/issues/6801))
- Fix waking up other workers when remote server is detected to have come back online. ([\#6811](https://github.com/matrix-org/synapse/issues/6811))
Improved Documentation
----------------------
- Clarify documentation related to `user_dir` and `federation_reader` workers. ([\#6775](https://github.com/matrix-org/synapse/issues/6775))
Internal Changes
----------------
- Record room versions in the `rooms` table. ([\#6729](https://github.com/matrix-org/synapse/issues/6729), [\#6788](https://github.com/matrix-org/synapse/issues/6788), [\#6810](https://github.com/matrix-org/synapse/issues/6810))
- Propagate cache invalidates from workers to other workers. ([\#6748](https://github.com/matrix-org/synapse/issues/6748))
- Remove some unnecessary admin handler abstraction methods. ([\#6751](https://github.com/matrix-org/synapse/issues/6751))
- Add some debugging for media storage providers. ([\#6757](https://github.com/matrix-org/synapse/issues/6757))
- Detect unknown remote devices and mark cache as stale. ([\#6776](https://github.com/matrix-org/synapse/issues/6776), [\#6819](https://github.com/matrix-org/synapse/issues/6819))
- Attempt to resync remote users' devices when detected as stale. ([\#6786](https://github.com/matrix-org/synapse/issues/6786))
- Delete current state from the database when server leaves a room. ([\#6792](https://github.com/matrix-org/synapse/issues/6792))
- When a client asks for a remote user's device keys check if the local cache for that user has been marked as potentially stale. ([\#6797](https://github.com/matrix-org/synapse/issues/6797))
- Add background update to clean out left rooms from current state. ([\#6802](https://github.com/matrix-org/synapse/issues/6802), [\#6816](https://github.com/matrix-org/synapse/issues/6816))
- Refactoring work in preparation for changing the event redaction algorithm. ([\#6803](https://github.com/matrix-org/synapse/issues/6803), [\#6805](https://github.com/matrix-org/synapse/issues/6805), [\#6806](https://github.com/matrix-org/synapse/issues/6806), [\#6807](https://github.com/matrix-org/synapse/issues/6807), [\#6820](https://github.com/matrix-org/synapse/issues/6820))
|
| |\| | |
| | | |
| | | |
| | | |
| | | | |
* commit '21db35f77':
Add support for putting fed user query API on workers (#6873)
|
| | | | | |
|
| |\| | |
| | | |
| | | |
| | | |
| | | | |
* commit 'de2d26737':
Allow moving group read APIs to workers (#6866)
|
| | | | | |
|
| |\| | |
| | | |
| | | |
| | | |
| | | | |
* commit '56ca93ef5':
Admin api to add an email address (#6789)
|
| | | |/
| |/| |
|
