summary refs log tree commit diff
path: root/docs
diff options
context:
space:
mode:
authorShay <hillerys@element.io>2022-03-25 10:11:01 -0700
committerGitHub <noreply@github.com>2022-03-25 10:11:01 -0700
commit3c41d87b67d3a62edfc660b4fe8f2545f5dbee4f (patch)
treeb11ef0e94c7bbe343f976836a92ca9905c4f6016 /docs
parentAdd cache for `get_membership_from_event_ids` (#12272) (diff)
downloadsynapse-3c41d87b67d3a62edfc660b4fe8f2545f5dbee4f.tar.xz
Add restrictions by default to open registration in Synapse (#12091)
Diffstat (limited to 'docs')
-rw-r--r--docs/sample_config.yaml10
-rw-r--r--docs/upgrade.md6
2 files changed, 15 insertions, 1 deletions
diff --git a/docs/sample_config.yaml b/docs/sample_config.yaml
index 9c2359ed8e..a21b48ab2e 100644
--- a/docs/sample_config.yaml
+++ b/docs/sample_config.yaml
@@ -1218,10 +1218,18 @@ oembed:
 # Registration can be rate-limited using the parameters in the "Ratelimiting"
 # section of this file.
 
-# Enable registration for new users.
+# Enable registration for new users. Defaults to 'false'. It is highly recommended that if you enable registration,
+# you use either captcha, email, or token-based verification to verify that new users are not bots. In order to enable registration
+# without any verification, you must also set `enable_registration_without_verification`, found below.
 #
 #enable_registration: false
 
+# Enable registration without email or captcha verification. Note: this option is *not* recommended,
+# as registration without verification is a known vector for spam and abuse. Defaults to false. Has no effect
+# unless `enable_registration` is also enabled.
+#
+#enable_registration_without_verification: true
+
 # Time that a user's session remains valid for, after they log in.
 #
 # Note that this is not currently compatible with guest logins.
diff --git a/docs/upgrade.md b/docs/upgrade.md
index f039710520..062e823333 100644
--- a/docs/upgrade.md
+++ b/docs/upgrade.md
@@ -108,6 +108,12 @@ for more information and instructions on how to fix a database with incorrect va
 
 # Upgrading to v1.55.0
 
+## Open registration without verification is now disabled by default
+
+Synapse will refuse to start if registration is enabled without email, captcha, or token-based verification unless the new config 
+flag `enable_registration_without_verification` is set to "true".
+
+
 ## `synctl` script has been moved
 
 The `synctl` script