v1.94.0

Synapse 1.94.0 (2023-10-10)

No significant changes since 1.94.0rc1.
However, please take note of the security advisory that follows.

Security advisory

The following issue is fixed in 1.94.0 (and RC).

• GHSA-5chr-wjw5-3gq4 / CVE-2023-45129 — Moderate Severity

  A malicious server ACL event can impact performance temporarily or permanently leading to a persistent denial of service.

  Homeservers running on a closed federation (which presumably do not need to use server ACLs) are not affected.

See the advisory for more details. If you have any questions, email [email protected].

Synapse 1.94.0rc1 (2023-10-03)

Features

• Render plain, CSS, CSV, JSON and common image formats in the browser (inline) when requested through the /download endpoint. (#15988)
• Add experimental support for MSC4028 to push all encrypted events to clients. (#16361)
• Minor performance improvement when sending presence to federated servers. (#16385)
• Minor performance improvement by caching server ACL checking. (#16360)

Improved Documentation

• Add developer documentation concerning gradual schema migrations with column alterations. (#15691)
• Improve documentation of the user directory search algorithm. (#16320)
• Fix rendering of user admin API documentation around deactivation. This was broken in Synapse 1.91.0. (#16355)
• Update documentation around message retention policies. (#16382)
• Add note to federation_domain_whitelist config option to clarify its usage. (#16416)
• Improve legacy release notes. (#16418)

Deprecations and Removals

• Remove Python version from /_synapse/admin/v1/server_version. (#16380)

Internal Changes

• Avoid running CI steps when the files they check have not been changed. (#14745, #16387)
• Improve type hints. (#14911, #16350, #16356, #16395)
• Added support for pydantic v2 in addition to pydantic v1. Contributed by Maxwell G (@gotmax23). (#16332)
• Get CI to check PRs have been signed-off. (#16348)
• Add missing licence header. (#16359)
• Improve type hints, and bump types-psycopg2 from 2.9.21.11 to 2.9.21.14. (#16381)
• Improve comments in StateGroupBackgroundUpdateStore. (#16383)
• Update maturin configuration. (#16394)
• Downgrade replication stream time out error log lines to warning. (#16401)

Updates to locked dependencies

• Bump actions/checkout from 3 to 4. (#16250)
• Bump cryptography from 41.0.3 to 41.0.4. (#16362)
• Bump dawidd6/action-download-artifact from 2.27.0 to 2.28.0. (#16374)
• Bump docker/setup-buildx-action from 2 to 3. (#16375)
• Bump gitpython from 3.1.35 to 3.1.37. (#16376)
• Bump msgpack from 1.0.5 to 1.0.6. (#16377)
• Bump msgpack from 1.0.6 to 1.0.7. (#16412)
• Bump phonenumbers from 8.13.19 to 8.13.22. (#16413)
• Bump psycopg2 from 2.9.7 to 2.9.8. (#16409)
• Bump pydantic from 2.3.0 to 2.4.2. (#16410)
• Bump regex from 1.9.5 to 1.9.6. (#16408)
• Bump sentry-sdk from 1.30.0 to 1.31.0. (#16378)
• Bump types-netaddr from 0.8.0.9 to 0.9.0.1. (#16411)
• Bump types-psycopg2 from 2.9.21.11 to 2.9.21.14. (#16381)
• Bump urllib3 from 1.26.15 to 1.26.17. (#16422)

v1.94.0rc1

Synapse 1.94.0rc1 (2023-10-03)

Features

• Render plain, CSS, CSV, JSON and common image formats in the browser (inline) when requested through the /download endpoint. (#15988)
• Add experimental support for MSC4028 to push all encrypted events to clients. (#16361)
• Minor performance improvement when sending presence to federated servers. (#16385)
• Minor performance improvement by caching server ACL checking. (#16360)

Improved Documentation

• Add developer documentation concerning gradual schema migrations with column alterations. (#15691)
• Improve documentation of the user directory search algorithm. (#16320)
• Fix rendering of user admin API documentation around deactivation. This was broken in Synapse 1.91.0. (#16355)
• Update documentation around message retention policies. (#16382)
• Add note to federation_domain_whitelist config option to clarify its usage. (#16416)
• Improve legacy release notes. (#16418)

Deprecations and Removals

• Remove Python version from /_synapse/admin/v1/server_version. (#16380)

Internal Changes

• Avoid running CI steps when the files they check have not been changed. (#14745, #16387)
• Improve type hints. (#14911, #16350, #16356, #16395)
• Added support for pydantic v2 in addition to pydantic v1. Contributed by Maxwell G (@gotmax23). (#16332)
• Get CI to check PRs have been signed-off. (#16348)
• Add missing licence header. (#16359)
• Improve type hints, and bump types-psycopg2 from 2.9.21.11 to 2.9.21.14. (#16381)
• Improve comments in StateGroupBackgroundUpdateStore. (#16383)
• Update maturin configuration. (#16394)
• Downgrade replication stream time out error log lines to warning. (#16401)

Updates to locked dependencies

• Bump actions/checkout from 3 to 4. (#16250)
• Bump cryptography from 41.0.3 to 41.0.4. (#16362)
• Bump dawidd6/action-download-artifact from 2.27.0 to 2.28.0. (#16374)
• Bump docker/setup-buildx-action from 2 to 3. (#16375)
• Bump gitpython from 3.1.35 to 3.1.37. (#16376)
• Bump msgpack from 1.0.5 to 1.0.6. (#16377)
• Bump msgpack from 1.0.6 to 1.0.7. (#16412)
• Bump phonenumbers from 8.13.19 to 8.13.22. (#16413)
• Bump psycopg2 from 2.9.7 to 2.9.8. (#16409)
• Bump pydantic from 2.3.0 to 2.4.2. (#16410)
• Bump regex from 1.9.5 to 1.9.6. (#16408)
• Bump sentry-sdk from 1.30.0 to 1.31.0. (#16378)
• Bump types-netaddr from 0.8.0.9 to 0.9.0.1. (#16411)
• Bump types-psycopg2 from 2.9.21.11 to 2.9.21.14. (#16381)
• Bump urllib3 from 1.26.15 to 1.26.17. (#16422)

v1.93.0

Synapse 1.93.0 (2023-09-26)

No significant changes since 1.93.0rc1.

Security advisory

The following issues are fixed in 1.93.0 (and RCs).

• GHSA-4f74-84v3-j9q5 / CVE-2023-41335 — Low Severity

  Temporary storage of plaintext passwords during password changes.

• GHSA-7565-cq32-vx2x / CVE-2023-42453 — Low Severity

  Improper validation of receipts allows forged read receipts.

See the advisories for more details. If you have any questions, email [email protected].

Synapse 1.93.0rc1 (2023-09-19)

Features

• Add automatic purge after all users have forgotten a room. (#15488)
• Restore room purge/shutdown after a Synapse restart. (#15488)
• Support resolving homeservers using matrix-fed DNS SRV records from MSC4040. (#16137)
• Add the ability to use G (GiB) and T (TiB) suffixes in configuration options that refer to numbers of bytes. (#16219)
• Add span information to requests sent to appservices. Contributed by MTRNord. (#16227)
• Add the ability to enable/disable registrations when using CAS. Contributed by Aurélien Grimpard. (#16262)
• Allow the /notifications endpoint to be routed to workers. (#16265)
• Enable users to easily unsubscribe to notifications emails via the List-Unsubscribe header. (#16274)
• Report whether a user is locked in the List Accounts admin API, and exclude locked users by default. (#16328)

Bugfixes

• Fix a long-standing bug where multi-device accounts could cause high load due to presence. (#16066, #16170, #16171, #16172, #16174)
• Fix a long-standing bug where appservices using MSC2409 to receive to_device messages would only get messages for one user. (#16251)
• Fix bug when using workers where Synapse could end up re-requesting the same remote device repeatedly. (#16252)
• Fix long-standing bug where we kept re-requesting a remote server's key repeatedly, potentially causing delays in receiving events over federation. (#16257)
• Avoid temporary storage of sensitive information. (#16272)
• Fix bug introduced in Synapse 1.49.0 when using dehydrated devices (MSC2697) and refresh tokens. Contributed by Hanadi. (#16288)
• Fix a long-standing bug where invalid receipts would be accepted. (#16327)
• Use standard name for UTF-8 charset in emails. (#16329)
• Don't try refetching device lists for users on remote hosts that are marked as "down". (#16298)

Improved Documentation

• Fix typos in the documentation. (#16282)
• Link to the Alpine Linux community package for Synapse. (#16304)
• Use string for federation_client_minimum_tls_version documentation examples. Contributed by @jcgruenhage. (#16353)

Internal Changes

• Allow modules to delete rooms. (#15997)
• Add GCC and GNU Make to the Nix flake development environment so that ruff can be compiled. (#16090, #16263)
• Fix type checking when using the new version of Twisted. (#16235)
• Delete device messages asynchronously and in staged batches using the task scheduler. (#16240, #16311, #16312, #16313)
• Bump minimum supported Rust version to 1.61.0. (#16248)
• Update rust to version 1.71.1 in the nix development environment. (#16260)
• Simplify server key storage. (#16261)
• Reduce CPU overhead of change password endpoint. (#16264)
• Stop purging from tables slated for removal. (#16273)
• Improve type hints. (#16276, #16301, #16325, #16326)
• Raise setuptools_rust version cap to 1.7.0. (#16277)
• Fix using the new task scheduler causing lots of CPU to be used. (#16278)
• Upgrade CI run of Python 3.12 from rc1 to rc2. (#16280)
• Include values in SQL debug when using execute_values with Postgres. (#16281)
• Enable additional linting checks. (#16283)
• Refactor receipts_graph Postgres transactions to stop error messages. (#16299)
• Small improvements to logging in replication code. (#16309)
• Remove a reference cycle in background processes. (#16314)
• Only use literal strings for background process names. (#16315)
• Refactor get_user_by_id. (#16316)
• Speed up task to delete to-device messages. (#16318)
• Avoid patching code in tests. (#16349)
• Test against PostgreSQL 16. (#16351)

Updates to locked dependencies

• Bump mypy from 1.4.1 to 1.5.1. (#16300)
• Bump black from 23.7.0 to 23.9.1. (#16295)
• Bump docker/build-push-action from 4 to 5. (#16336)
• Bump docker/login-action from 2 to 3. (#16339)
• Bump docker/metadata-action from 4 to 5. (#16337)
• Bump docker/setup-qemu-action from 2 to 3. (#16338)
• Bump furo from 2023.8.19 to 2023.9.10. (#16340)
• Bump gitpython from 3.1.32 to 3.1.35. (#16267, #16279)
• Bump mypy-zope from 1.0.0 to 1.0.1. (#16291)
• Bump pillow from 10.0.0 to 10.0.1. (#16344)
• Bump regex from 1.9.4 to 1.9.5. (#16233)
• Bump ruff from 0.0.286 to 0.0.290. (#16342)
• Bump serde_json from 1.0.105 to 1.0.107. (#16296, #16345)
• Bump twisted from 22.10.0 to 23.8.0. (#16235)
• Bump types-pillow from 10.0.0.2 to 10.0.0.3. (#16293)
• Bump types-setuptools from 68.0.0.3 to 68.2.0.0. (#16292)
• Bump typing-extensions from 4.7.1 to 4.8.0. (#16341)

v1.93.0rc1

Synapse 1.93.0rc1 (2023-09-19)

Features

• Add automatic purge after all users have forgotten a room. (#15488)
• Restore room purge/shutdown after a Synapse restart. (#15488)
• Support resolving homeservers using matrix-fed DNS SRV records from MSC4040. (#16137)
• Add the ability to use G (GiB) and T (TiB) suffixes in configuration options that refer to numbers of bytes. (#16219)
• Add span information to requests sent to appservices. Contributed by MTRNord. (#16227)
• Add the ability to enable/disable registrations when using CAS. Contributed by Aurélien Grimpard. (#16262)
• Allow the /notifications endpoint to be routed to workers. (#16265)
• Enable users to easily unsubscribe to notifications emails via the List-Unsubscribe header. (#16274)
• Report whether a user is locked in the List Accounts admin API, and exclude locked users by default. (#16328)

Bugfixes

• Fix a long-standing bug where multi-device accounts could cause high load due to presence. (#16066, #16170, #16171, #16172, #16174)
• Fix a long-standing bug where appservices using MSC2409 to receive to_device messages would only get messages for one user. (#16251)
• Fix bug when using workers where Synapse could end up re-requesting the same remote device repeatedly. (#16252)
• Fix long-standing bug where we kept re-requesting a remote server's key repeatedly, potentially causing delays in receiving events over federation. (#16257)
• Avoid temporary storage of sensitive information. (#16272)
• Fix bug introduced in Synapse 1.49.0 when using dehydrated devices (MSC2697) and refresh tokens. Contributed by Hanadi. (#16288)
• Fix a long-standing bug where invalid receipts would be accepted. (#16327)
• Use standard name for UTF-8 charset in emails. (#16329)
• Don't try refetching device lists for users on remote hosts that are marked as "down". (#16298)

Improved Documentation

• Fix typos in the documentation. (#16282)
• Link to the Alpine Linux community package for Synapse. (#16304)
• Use string for federation_client_minimum_tls_version documentation examples. Contributed by @jcgruenhage. (#16353)

Internal Changes

• Allow modules to delete rooms. (#15997)
• Add GCC and GNU Make to the Nix flake development environment so that ruff can be compiled. (#16090, #16263)
• Fix type checking when using the new version of Twisted. (#16235)
• Delete device messages asynchronously and in staged batches using the task scheduler. (#16240, #16311, #16312, #16313)
• Bump minimum supported Rust version to 1.61.0. (#16248)
• Update rust to version 1.71.1 in the nix development environment. (#16260)
• Simplify server key storage. (#16261)
• Reduce CPU overhead of change password endpoint. (#16264)
• Stop purging from tables slated for removal. (#16273)
• Improve type hints. (#16276, #16301, #16325, #16326)
• Raise setuptools_rust version cap to 1.7.0. (#16277)
• Fix using the new task scheduler causing lots of CPU to be used. (#16278)
• Upgrade CI run of Python 3.12 from rc1 to rc2. (#16280)
• Include values in SQL debug when using execute_values with Postgres. (#16281)
• Enable additional linting checks. (#16283)
• Refactor receipts_graph Postgres transactions to stop error messages. (#16299)
• Small improvements to logging in replication code. (#16309)
• Remove a reference cycle in background processes. (#16314)
• Only use literal strings for background process names. (#16315)
• Refactor get_user_by_id. (#16316)
• Speed up task to delete to-device messages. (#16318)
• Avoid patching code in tests. (#16349)
• Test against PostgreSQL 16. (#16351)

Updates to locked dependencies

• Bump mypy from 1.4.1 to 1.5.1. (#16300)
• Bump black from 23.7.0 to 23.9.1. (#16295)
• Bump docker/build-push-action from 4 to 5. (#16336)
• Bump docker/login-action from 2 to 3. (#16339)
• Bump docker/metadata-action from 4 to 5. (#16337)
• Bump docker/setup-qemu-action from 2 to 3. (#16338)
• Bump furo from 2023.8.19 to 2023.9.10. (#16340)
• Bump gitpython from 3.1.32 to 3.1.35. (#16267, #16279)
• Bump mypy-zope from 1.0.0 to 1.0.1. (#16291)
• Bump pillow from 10.0.0 to 10.0.1. (#16344)
• Bump regex from 1.9.4 to 1.9.5. (#16233)
• Bump ruff from 0.0.286 to 0.0.290. (#16342)
• Bump serde_json from 1.0.105 to 1.0.107. (#16296, #16345)
• Bump twisted from 22.10.0 to 23.8.0. (#16235)
• Bump types-pillow from 10.0.0.2 to 10.0.0.3. (#16293)
• Bump types-setuptools from 68.0.0.3 to 68.2.0.0. (#16292)
• Bump typing-extensions from 4.7.1 to 4.8.0. (#16341)

v1.92.3

Synapse 1.92.3 (2023-09-18)

This is again a security update targeted at mitigating CVE-2023-4863.
It turns out that libwebp is bundled statically in Pillow wheels so we need to update this dependency instead of
libwebp package at the OS level.

Unlike what was advertised in 1.92.2 changelog this release also impacts PyPI wheels and Debian packages from matrix.org.

We encourage admins to upgrade as soon as possible.

Internal Changes

• Pillow 10.0.1 is now mandatory because of libwebp CVE-2023-4863, since Pillow provides libwebp in the wheels. (#16347)

Updates to locked dependencies

• Bump pillow from 10.0.0 to 10.0.1. (#16344)

v1.92.2

Synapse 1.92.2 (2023-09-15)

This is a Docker-only update to mitigate CVE-2023-4863, a critical vulnerability in libwebp. Server admins not using Docker should ensure that their libwebp is up to date (if installed). We encourage admins to upgrade as soon as possible.

Updates to the Docker image

• Update docker image to use Debian bookworm as the base. (#16324)

v1.92.1

Synapse 1.92.1 (2023-09-12)

This minor release was needed only because of CI-related trouble on v1.92.0, which was never released.

Internal Changes

• Stop building Ubuntu Kinetic since it is EOL and repos seem to be dead.

v1.92.0

Synapse 1.92.0 (2023-09-12)

This release includes the same bugfix as Synapse 1.91.2.

This version was never released following a CI build failure, cf v1.92.1 changelog.

Bugfixes

• Revert MSC3861 introspection cache, admin impersonation and account lock. (#16258)

Internal Changes

• Fix incorrect docstring for Ratelimiter. (#16255)
• Update the release script to work on macOS. (#16266)

v1.91.2

Synapse 1.91.2 (2023-09-06)

Bugfixes

• Revert MSC3861 introspection cache, admin impersonation and account lock. (#16258)

v1.92.0rc1

Synapse 1.92.0rc1 (2023-09-05)

Features

• Add configuration setting for CAS protocol version. Contributed by Aurélien Grimpard. (#15816)
• Suppress notifications from message edits per MSC3958. (#16113)
• Return a Retry-After with M_LIMIT_EXCEEDED error responses. (#16136)
• Add last_seen_ts to the admin users API. (#16218)
• Improve resource usage when sending data to a large number of remote hosts that are marked as "down". (#16223)

Bugfixes

• Fix IPv6-related bugs on SMTP settings, adding groundwork to fix similar issues. Contributed by @evilham and @telmich (ungleich.ch). (#16155)
• Fix a spec compliance issue where requests to the /publicRooms federation API would specify include_all_networks as a string. (#16185)
• Fix inaccurate error message while attempting to ban or unban a user with the same or higher PL by spliting the conditional statements. Contributed by @leviosacz. (#16205)
• Fix a rare bug that broke looping calls, which could lead to e.g. linearly increasing memory usage. Introduced in v1.90.0. (#16210)
• Fix a long-standing bug where uploading images would fail if we could not generate thumbnails for them. (#16211)
• Fix a long-standing bug where we did not correctly back off from servers that had "gone" if they returned 4xx series error codes. (#16221)

Improved Documentation

• Update links to the matrix.org blog. (#16008)
• Document which admin APIs are disabled when experimental MSC3861 support is enabled. (#16168)
• Document exclude_rooms_from_sync configuration option. (#16178)

Internal Changes

• Prepare unit tests for Python 3.12. (#16099)
• Fix nightly CI jobs. (#16121, #16213)
• Describe which rate limiter was hit in logs. (#16135)
• Simplify presence code when using workers. (#16170)
• Track per-device information in the presence code. (#16171, #16172)
• Stop using the event_txn_id table. (#16175)
• Use AsyncMock instead of custom code. (#16179, #16180)
• Improve error reporting of invalid data passed to /_matrix/key/v2/query. (#16183)
• Task scheduler: add replication notify for new task to launch ASAP. (#16184)
• Improve type hints. (#16186, #16188, #16201)
• Bump black version to 23.7.0. (#16187)
• Log the details of background update failures. (#16212)
• Cache device resync requests over replication. (#16241)

Updates to locked dependencies

• Bump anyhow from 1.0.72 to 1.0.75. (#16141)
• Bump furo from 2023.7.26 to 2023.8.19. (#16238)
• Bump phonenumbers from 8.13.18 to 8.13.19. (#16237)
• Bump psycopg2 from 2.9.6 to 2.9.7. (#16196)
• Bump regex from 1.9.3 to 1.9.4. (#16195)
• Bump ruff from 0.0.277 to 0.0.286. (#16198)
• Bump sentry-sdk from 1.29.2 to 1.30.0. (#16236)
• Bump serde from 1.0.184 to 1.0.188. (#16194)
• Bump serde_json from 1.0.104 to 1.0.105. (#16140)
• Bump types-psycopg2 from 2.9.21.10 to 2.9.21.11. (#16200)
• Bump types-pyyaml from 6.0.12.10 to 6.0.12.11. (#16199)