v1.91.1

Synapse 1.91.1 (2023-09-04)

Bugfixes

• Fix a performance regression introduced in Synapse 1.91.0 where event persistence would cause an excessive linear growth in CPU usage. (#16220)

v1.91.0

Synapse 1.91.0 (2023-08-30)

No significant changes since 1.91.0rc1.

Synapse 1.91.0rc1 (2023-08-23)

Features

• Implements an admin API to lock an user without deactivating them. Based on MSC3939. (#15870)
• Implements a task scheduler for resumable potentially long running tasks. (#15891)
• Allow specifying client_secret_path as alternative to client_secret for OIDC providers. This avoids leaking the client secret in the homeserver config. Contributed by @Ma27. (#16030)
• Allow customising the IdP display name, icon, and brand for SAML and CAS providers (in addition to OIDC provider). (#16094)
• Add an admins query parameter to the List Accounts admin API, to include only admins or to exclude admins in user queries. (#16114)

Bugfixes

• Fix long-standing bug where concurrent requests to change a user's push rules could cause a deadlock. Contributed by Nick @ Beeper (@Fizzadar). (#16052)
• Fix a long-standing bug in /sync where timeout=0 does not skip caching, resulting in slow calls in cases where there are no new changes. Contributed by @PlasmaIntec. (#16080)
• Fix performance of state resolutions for large, old rooms that did not have the full auth chain persisted. (#16116)
• Filter out user agent references to the sliding sync proxy and rust-sdk from the user_daily_visits table to ensure that Element X can be represented fully. (#16124)
• User constent and 3-PID changes capability cannot be enabled when using experimental MSC3861 support. (#16127, #16134)
• Fix a rare race that could block new events from being sent for up to two minutes. Introduced in v1.90.0. (#16133, #16169)
• Fix performance degredation when there are a lot of in-flight replication requests. (#16148)
• Fix a bug introduced in 1.87 where synapse would send an excessive amount of federation requests to servers which have been offline for a long time. Contributed by Nico. (#16156, #16164)

Improved Documentation

• Structured logging docs: add a link to explain the ELK stack (#16091)

Internal Changes

• Update dehydrated devices implementation. (#16010)
• Fix database performance of read/write worker locks. (#16061)
• Fix building the nix development environment on MacOS systems. (#16063)
• Override global statement timeout when creating indexes in Postgres. (#16085)
• Fix the type annotation on run_db_interaction in the Module API. (#16089)
• Clean-up the presence code. (#16092)
• Run pyupgrade for Python 3.8+. (#16110)
• Rename pagination and purge locks and add comments to explain why they exist and how they work. (#16112)
• Attempt to fix the twisted trunk job. (#16115)
• Cache token introspection response from OIDC provider. (#16117)
• Add cache to get_server_keys_json_for_remote. (#16123)
• Add an admin endpoint to allow authorizing server to signal token revocations. (#16125)
• Add response time metrics for introspection requests for delegated auth. (#16131)
• MSC3861: allow impersonation by an admin user using _oidc_admin_impersonate_user_id query parameter. (#16132)
• Increase performance of read/write locks. (#16149)
• Improve presence tests. (#16150, #16151, #16158)
• Raised the poetry-core version cap to 1.7.0. (#16152)
• Fix assertion in user directory unit tests. (#16157)
• Reduce scope of locks when paginating to alleviate DB contention. (#16159)
• Reduce DB contention on worker locks. (#16160)
• Task scheduler: mark task as active if we are scheduling as soon as possible. (#16165)

Updates to locked dependencies

• Bump click from 8.1.6 to 8.1.7. (#16145)
• Bump gitpython from 3.1.31 to 3.1.32. (#16103)
• Bump ijson from 3.2.1 to 3.2.3. (#16143)
• Bump isort from 5.11.5 to 5.12.0. (#16108)
• Bump log from 0.4.19 to 0.4.20. (#16109)
• Bump pygithub from 1.59.0 to 1.59.1. (#16144)
• Bump sentry-sdk from 1.28.1 to 1.29.2. (#16142)
• Bump serde from 1.0.183 to 1.0.184. (#16139)
• Bump txredisapi from 1.4.9 to 1.4.10. (#16107)
• Bump types-bleach from 6.0.0.3 to 6.0.0.4. (#16106)
• Bump types-pillow from 10.0.0.1 to 10.0.0.2. (#16105)
• Bump types-pyopenssl from 23.2.0.1 to 23.2.0.2. (#16146)

v1.91.0rc1

Synapse 1.91.0rc1 (2023-08-23)

Features

• Implements an admin API to lock an user without deactivating them. Based on MSC3939. (#15870)
• Allow specifying client_secret_path as alternative to client_secret for OIDC providers. This avoids leaking the client secret in the homeserver config. Contributed by @Ma27. (#16030)
• Allow customising the IdP display name, icon, and brand for SAML and CAS providers (in addition to OIDC provider). (#16094)
• Add an admins query parameter to the List Accounts admin API, to include only admins or to exclude admins in user queries. (#16114)

Bugfixes

• Fix long-standing bug where concurrent requests to change a user's push rules could cause a deadlock. Contributed by Nick @ Beeper (@Fizzadar). (#16052)
• Fix a long-standing bug in /sync where timeout=0 does not skip caching, resulting in slow calls in cases where there are no new changes. Contributed by @PlasmaIntec. (#16080)
• Fix performance of state resolutions for large, old rooms that did not have the full auth chain persisted. (#16116)
• Filter out user agent references to the sliding sync proxy and rust-sdk from the user_daily_visits table to ensure that Element X can be represented fully. (#16124)
• User constent and third-party changes capability cannot be enabled when using experimental MSC3861 support. (#16127, #16134)
• Fix a rare race that could block new events from being sent for up to two minutes. Introduced in v1.90.0. (#16133, #16169)
• Fix performance degredation when there are a lot of in-flight replication requests. (#16148)
• Fix a bug introduced in 1.87 where synapse would send an excessive amount of federation requests to servers which have been offline for a long time. Contributed by Nico. (#16156, #16164)

Improved Documentation

• Structured logging docs: add a link to explain the ELK stack (#16091)

Internal Changes

• Update dehydrated devices implementation. (#16010)
• Fix database performance of read/write worker locks. (#16061)
• Fix building the nix development environment on MacOS systems. (#16063)
• Override global statement timeout when creating indexes in Postgres. (#16085)
• Fix the type annotation on run_db_interaction in the Module API. (#16089)
• Clean-up the presence code. (#16092)
• Run pyupgrade for Python 3.8+. (#16110)
• Rename pagination and purge locks and add comments to explain why they exist and how they work. (#16112)
• Attempt to fix the twisted trunk job. (#16115)
• Cache token introspection response from OIDC provider. (#16117)
• Add cache to get_server_keys_json_for_remote. (#16123)
• Add an admin endpoint to allow authorizing server to signal token revocations. (#16125)
• Add response time metrics for introspection requests for delegated auth. (#16131)
• MSC3861: allow impersonation by an admin user using _oidc_admin_impersonate_user_id query parameter. (#16132)
• Increase performance of read/write locks. (#16149)
• Improve presence tests. (#16150, #16151, #16158)
• Raised the poetry-core version cap to 1.7.0. (#16152)
• Fix assertion in user directory unit tests. (#16157)
• Reduce scope of locks when paginating to alleviate DB contention. (#16159)
• Reduce DB contention on worker locks. (#16160)
• Task scheduler: mark task as active if we are scheduling as soon as possible. (#16165)
• Implements a task scheduler for resumable potentially long running tasks. (#15891)

Updates to locked dependencies

• Bump click from 8.1.6 to 8.1.7. (#16145)
• Bump gitpython from 3.1.31 to 3.1.32. (#16103)
• Bump ijson from 3.2.1 to 3.2.3. (#16143)
• Bump isort from 5.11.5 to 5.12.0. (#16108)
• Bump log from 0.4.19 to 0.4.20. (#16109)
• Bump pygithub from 1.59.0 to 1.59.1. (#16144)
• Bump sentry-sdk from 1.28.1 to 1.29.2. (#16142)
• Bump serde from 1.0.183 to 1.0.184. (#16139)
• Bump txredisapi from 1.4.9 to 1.4.10. (#16107)
• Bump types-bleach from 6.0.0.3 to 6.0.0.4. (#16106)
• Bump types-pillow from 10.0.0.1 to 10.0.0.2. (#16105)
• Bump types-pyopenssl from 23.2.0.1 to 23.2.0.2. (#16146)

v1.90.0

Synapse 1.90.0 (2023-08-15)

No significant changes since 1.90.0rc1.

Synapse 1.90.0rc1 (2023-08-08)

Features

• Scope transaction IDs to devices (implement MSC3970). (#15629)
• Remove old rows from the cache_invalidation_stream_by_instance table automatically (this table is unused in SQLite). (#15868)

Bugfixes

• Fix a long-standing bug where purging history and paginating simultaneously could lead to database corruption when using workers. (#15791)
• Fix a long-standing bug where profile endpoint returned a 404 when the user's display name was empty. (#16012)
• Fix a long-standing bug where the synapse_port_db failed to configure sequences for application services and partial stated rooms. (#16043)
• Fix long-standing bug with deletion in dehydrated devices v2. (#16046)

Updates to the Docker image

• Add org.opencontainers.image.version labels to Docker containers published by Matrix.org. Contributed by Mo Balaa. (#15972, #16009)

Improved Documentation

• Add a internal documentation page describing the "streams" used within Synapse. (#16015)
• Clarify comment on the keys/upload over replication enpoint. (#16016)
• Do not expose Admin API in caddy reverse proxy example. Contributed by @NilsIrl. (#16027)

Deprecations and Removals

• Remove support for legacy application service paths. (#15964)
• Move support for application service query parameter authorization behind a configuration option. (#16017)

Internal Changes

• Update SQL queries to inline boolean parameters as supported in SQLite 3.27. (#15525)
• Allow for the configuration of the backoff algorithm for federation destinations. (#15754)
• Allow modules to check whether the current worker is configured to run background tasks. (#15991)
• Update support for MSC3958 to match the latest revision of the MSC. (#15992)
• Allow modules to schedule delayed background calls. (#15993)
• Properly overwrite the redacts content-property for forwards-compatibility with room versions 1 through 10. (#16013)
• Fix building the nix development environment on MacOS systems. (#16019)
• Remove leading and trailing spaces when setting a display name. (#16031)
• Combine duplicated code. (#16023)
• Collect additional metrics from ResponseCache for eviction. (#16028)
• Fix endpoint improperly declaring support for MSC3814. (#16068)
• Drop backwards compat hack for event serialization. (#16069)

Updates to locked dependencies

• Update PyYAML to 6.0.1. (#16011)
• Bump cryptography from 41.0.2 to 41.0.3. (#16048)
• Bump furo from 2023.5.20 to 2023.7.26. (#16077)
• Bump immutabledict from 2.2.4 to 3.0.0. (#16034)
• Update certifi to 2023.7.22 and pygments to 2.15.1. (#16044)
• Bump jsonschema from 4.18.3 to 4.19.0. (#16081)
• Bump phonenumbers from 8.13.14 to 8.13.18. (#16076)
• Bump regex from 1.9.1 to 1.9.3. (#16073)
• Bump serde from 1.0.171 to 1.0.175. (#15982)
• Bump serde from 1.0.175 to 1.0.179. (#16033)
• Bump serde from 1.0.179 to 1.0.183. (#16074)
• Bump serde_json from 1.0.103 to 1.0.104. (#16032)
• Bump service-identity from 21.1.0 to 23.1.0. (#16038)
• Bump types-commonmark from 0.9.2.3 to 0.9.2.4. (#16037)
• Bump types-jsonschema from 4.17.0.8 to 4.17.0.10. (#16036)
• Bump types-netaddr from 0.8.0.8 to 0.8.0.9. (#16035)
• Bump types-opentracing from 2.4.10.5 to 2.4.10.6. (#16078)
• Bump types-setuptools from 68.0.0.0 to 68.0.0.3. (#16079)

v1.90.0rc1

Synapse 1.90.0rc1 (2023-08-08)

Features

• Scope transaction IDs to devices (implement MSC3970). (#15629)
• Remove old rows from the cache_invalidation_stream_by_instance table automatically (this table is unused in SQLite). (#15868)

Bugfixes

• Fix a long-standing bug where purging history and paginating simultaneously could lead to database corruption when using workers. (#15791)
• Fix a long-standing bug where profile endpoint returned a 404 when the user's display name was empty. (#16012)
• Fix a long-standing bug where the synapse_port_db failed to configure sequences for application services and partial stated rooms. (#16043)
• Fix long-standing bug with deletion in dehydrated devices v2. (#16046)

Updates to the Docker image

• Add org.opencontainers.image.version labels to Docker containers published by Matrix.org. Contributed by Mo Balaa. (#15972, #16009)

Improved Documentation

• Add a internal documentation page describing the "streams" used within Synapse. (#16015)
• Clarify comment on the keys/upload over replication enpoint. (#16016)
• Do not expose Admin API in caddy reverse proxy example. Contributed by @NilsIrl. (#16027)

Deprecations and Removals

• Remove support for legacy application service paths. (#15964)
• Move support for application service query parameter authorization behind a configuration option. (#16017)

Internal Changes

• Update SQL queries to inline boolean parameters as supported in SQLite 3.27. (#15525)
• Allow for the configuration of the backoff algorithm for federation destinations. (#15754)
• Allow modules to check whether the current worker is configured to run background tasks. (#15991)
• Update support for MSC3958 to match the latest revision of the MSC. (#15992)
• Allow modules to schedule delayed background calls. (#15993)
• Properly overwrite the redacts content-property for forwards-compatibility with room versions 1 through 10. (#16013)
• Fix building the nix development environment on MacOS systems. (#16019)
• Remove leading and trailing spaces when setting a display name. (#16031)
• Combine duplicated code. (#16023)
• Collect additional metrics from ResponseCache for eviction. (#16028)
• Fix endpoint improperly declaring support for MSC3814. (#16068)
• Drop backwards compat hack for event serialization. (#16069)

Updates to locked dependencies

• Update PyYAML to 6.0.1. (#16011)
• Bump cryptography from 41.0.2 to 41.0.3. (#16048)
• Bump furo from 2023.5.20 to 2023.7.26. (#16077)
• Bump immutabledict from 2.2.4 to 3.0.0. (#16034)
• Update certifi to 2023.7.22 and pygments to 2.15.1. (#16044)
• Bump jsonschema from 4.18.3 to 4.19.0. (#16081)
• Bump phonenumbers from 8.13.14 to 8.13.18. (#16076)
• Bump regex from 1.9.1 to 1.9.3. (#16073)
• Bump serde from 1.0.171 to 1.0.175. (#15982)
• Bump serde from 1.0.175 to 1.0.179. (#16033)
• Bump serde from 1.0.179 to 1.0.183. (#16074)
• Bump serde_json from 1.0.103 to 1.0.104. (#16032)
• Bump service-identity from 21.1.0 to 23.1.0. (#16038)
• Bump types-commonmark from 0.9.2.3 to 0.9.2.4. (#16037)
• Bump types-jsonschema from 4.17.0.8 to 4.17.0.10. (#16036)
• Bump types-netaddr from 0.8.0.8 to 0.8.0.9. (#16035)
• Bump types-opentracing from 2.4.10.5 to 2.4.10.6. (#16078)
• Bump types-setuptools from 68.0.0.0 to 68.0.0.3. (#16079)

v1.89.0

Synapse 1.89.0 (2023-08-01)

No significant changes since 1.89.0rc1.

Synapse 1.89.0rc1 (2023-07-25)

Features

• Add Unix Socket support for HTTP Replication Listeners. Document and provide usage instructions for utilizing Unix sockets in Synapse. Contributed by Jason Little. (#15708, #15924)
• Allow + in Matrix IDs, per MSC4009. (#15911)
• Support room version 11 from MSC3820. (#15912)
• Allow configuring the set of workers to proxy outbound federation traffic through via outbound_federation_restricted_to. (#15913, #15969)
• Implement MSC3814, dehydrated devices v2/shrivelled sessions and move MSC2697 behind a config flag. Contributed by Nico from Famedly, H-Shay and poljar. (#15929)

Bugfixes

• Fix a long-standing bug where remote invites weren't correctly pushed. (#15820)
• Fix background schema updates failing over a large upgrade gap. (#15887)
• Fix a bug introduced in 1.86.0 where Synapse starting with an empty experimental_features configuration setting. (#15925)
• Fixed deploy annotations in the provided Grafana dashboard config, so that it shows for any homeserver and not just matrix.org. Contributed by @wrjlewis. (#15957)
• Ensure a long state res does not starve CPU by occasionally yielding to the reactor. (#15960)
• Properly handle redactions of creation events. (#15973)
• Fix a bug where resyncing stale device lists could block responding to federation transactions, and thus delay receiving new data from the remote server. (#15975)

Improved Documentation

• Better clarify how to run a worker instance (pass both configs). (#15921)
• Improve the documentation for the login as a user admin API. (#15938)
• Fix broken Arch Linux package link. Contributed by @SnipeXandrej. (#15981)

Deprecations and Removals

• Remove support for calling the /register endpoint with an unspecced user property for application services. (#15928)

Internal Changes

• Mark get_user_in_directory private since it is only used in tests. Also remove the cache from it. (#15884)
• Document which Python version runs on a given Linux distribution so we can more easily clean up later. (#15909)
• Add details to warning in log when we fail to fetch an alias. (#15922)
• Remove unneeded __init__. (#15926)
• Fix bug with read/write lock implementation. This is currently unused so has no observable effects. (#15933, #15958)
• Unbreak the nix development environment by pinning the Rust version to 1.70.0. (#15940)
• Update presence metrics to differentiate remote vs local users. (#15952)
• Stop reading from column user_id of table profiles. (#15955)
• Build packages for Debian Trixie. (#15961)
• Reduce the amount of state we pull out. (#15968)
• Speed up updating state in large rooms. (#15971)

Updates to locked dependencies

• Bump anyhow from 1.0.71 to 1.0.72. (#15949)
• Bump click from 8.1.3 to 8.1.6. (#15984)
• Bump cryptography from 41.0.1 to 41.0.2. (#15943)
• Bump jsonschema from 4.17.3 to 4.18.3. (#15948)
• Bump pillow from 9.4.0 to 10.0.0. (#15986)
• Bump prometheus-client from 0.17.0 to 0.17.1. (#15945)
• Bump pydantic from 1.10.10 to 1.10.11. (#15946)
• Bump pygithub from 1.58.2 to 1.59.0. (#15834)
• Bump pyo3-log from 0.8.2 to 0.8.3. (#15951)
• Bump sentry-sdk from 1.26.0 to 1.28.1. (#15985)
• Bump serde_json from 1.0.100 to 1.0.103. (#15950)
• Bump types-pillow from 9.5.0.4 to 10.0.0.1. (#15932)
• Bump types-requests from 2.31.0.1 to 2.31.0.2. (#15983)
• Bump typing-extensions from 4.5.0 to 4.7.1. (#15947)

v1.89.0rc1

Synapse 1.89.0rc1 (2023-07-25)

Features

• Add Unix Socket support for HTTP Replication Listeners. Document and provide usage instructions for utilizing Unix sockets in Synapse. Contributed by Jason Little. (#15708, #15924)
• Allow + in Matrix IDs, per MSC4009. (#15911)
• Support room version 11 from MSC3820. (#15912)
• Allow configuring the set of workers to proxy outbound federation traffic through via outbound_federation_restricted_to. (#15913, #15969)
• Implement MSC3814, dehydrated devices v2/shrivelled sessions and move MSC2697 behind a config flag. Contributed by Nico from Famedly, H-Shay and poljar. (#15929)

Bugfixes

• Fix a long-standing bug where remote invites weren't correctly pushed. (#15820)
• Fix background schema updates failing over a large upgrade gap. (#15887)
• Fix a bug introduced in 1.86.0 where Synapse starting with an empty experimental_features configuration setting. (#15925)
• Fixed deploy annotations in the provided Grafana dashboard config, so that it shows for any homeserver and not just matrix.org. Contributed by @wrjlewis. (#15957)
• Ensure a long state res does not starve CPU by occasionally yielding to the reactor. (#15960)
• Properly handle redactions of creation events. (#15973)
• Fix a bug where resyncing stale device lists could block responding to federation transactions, and thus delay receiving new data from the remote server. (#15975)

Improved Documentation

• Better clarify how to run a worker instance (pass both configs). (#15921)
• Improve the documentation for the login as a user admin API. (#15938)
• Fix broken Arch Linux package link. Contributed by @SnipeXandrej. (#15981)

Deprecations and Removals

• Remove support for calling the /register endpoint with an unspecced user property for application services. (#15928)

Internal Changes

• Mark get_user_in_directory private since it is only used in tests. Also remove the cache from it. (#15884)
• Document which Python version runs on a given Linux distribution so we can more easily clean up later. (#15909)
• Add details to warning in log when we fail to fetch an alias. (#15922)
• Remove unneeded __init__. (#15926)
• Fix bug with read/write lock implementation. This is currently unused so has no observable effects. (#15933, #15958)
• Unbreak the nix development environment by pinning the Rust version to 1.70.0. (#15940)
• Update presence metrics to differentiate remote vs local users. (#15952)
• Stop reading from column user_id of table profiles. (#15955)
• Build packages for Debian Trixie. (#15961)
• Reduce the amount of state we pull out. (#15968)
• Speed up updating state in large rooms. (#15971)

Updates to locked dependencies

• Bump anyhow from 1.0.71 to 1.0.72. (#15949)
• Bump click from 8.1.3 to 8.1.6. (#15984)
• Bump cryptography from 41.0.1 to 41.0.2. (#15943)
• Bump jsonschema from 4.17.3 to 4.18.3. (#15948)
• Bump pillow from 9.4.0 to 10.0.0. (#15986)
• Bump prometheus-client from 0.17.0 to 0.17.1. (#15945)
• Bump pydantic from 1.10.10 to 1.10.11. (#15946)
• Bump pygithub from 1.58.2 to 1.59.0. (#15834)
• Bump pyo3-log from 0.8.2 to 0.8.3. (#15951)
• Bump sentry-sdk from 1.26.0 to 1.28.1. (#15985)
• Bump serde_json from 1.0.100 to 1.0.103. (#15950)
• Bump types-pillow from 9.5.0.4 to 10.0.0.1. (#15932)
• Bump types-requests from 2.31.0.1 to 2.31.0.2. (#15983)
• Bump typing-extensions from 4.5.0 to 4.7.1. (#15947)

v1.88.0

Synapse 1.88.0 (2023-07-18)

This release

• raises the minimum supported version of Python to 3.8, as Python 3.7 is now end-of-life, and
• removes deprecated config options related to worker deployment.

See the upgrade notes for more information.

Bugfixes

• Revert "Stop writing to column user_id of tables profiles and user_filters", which was introduced in Synapse 1.88.0rc1. (#15953)

Synapse 1.88.0rc1 (2023-07-11)

Features

• Add not_user_type param to the list accounts admin API. (#15844)

Bugfixes

• Pin pydantic to ^=1.7.4 to avoid backwards-incompatible API changes from the 2.0.0 release.
  Contributed by @PaarthShah. (#15862)
• Correctly resize thumbnails with pillow version >=10. (#15876)

Improved Documentation

• Fixed header levels on the Admin API "Users" documentation page. Contributed by @sumnerevans at @beeper. (#15852)
• Remove deprecated worker_replication_host, worker_replication_http_port and worker_replication_http_tls configuration options. (#15872)

Deprecations and Removals

• Remove deprecated worker_replication_host, worker_replication_http_port and worker_replication_http_tls configuration options. See the upgrade notes for more details. (#15860)
• Remove support for Python 3.7 and hence for Debian Buster. (#15851, #15892, #15893, #15917)

Internal Changes

• Add foreign key constraint to event_forward_extremities. (#15751, #15907)
• Add read/write style cross-worker locks. (#15782)
• Stop writing to column user_id of tables profiles and user_filters. (#15787)
• Use lower isolation level when cleaning old presence stream data to avoid serialization errors. (#15826)
• Add tracing to media /upload code paths. (#15850, #15888)
• Add a timeout that aborts any Postgres statement taking more than 1 hour. (#15853)
• Fix the devenv up configuration which was ignoring the config overrides. (#15854)
• Optimised cleanup of old entries in device_lists_stream. (#15861)
• Update the Matrix clients link in the It works! Synapse is running landing page. (#15874)
• Fix building Synapse with the nightly Rust compiler. (#15906)
• Add Server to Access-Control-Expose-Headers header. (#15908)

Updates to locked dependencies

• Bump authlib from 1.2.0 to 1.2.1. (#15864)
• Bump importlib-metadata from 6.6.0 to 6.7.0. (#15865)
• Bump lxml from 4.9.2 to 4.9.3. (#15897)
• Bump regex from 1.8.4 to 1.9.1. (#15902)
• Bump ruff from 0.0.275 to 0.0.277. (#15900)
• Bump sentry-sdk from 1.25.1 to 1.26.0. (#15867)
• Bump serde_json from 1.0.99 to 1.0.100. (#15901)
• Bump types-pyopenssl from 23.2.0.0 to 23.2.0.1. (#15866)

v1.88.0rc1

Synapse 1.88.0rc1 (2023-07-11)

This release

• raises the minimum supported version of Python to 3.8, as Python 3.7 is now end-of-life, and
• removes deprecated config options related to worker deployment.

See the upgrade notes for more information.

Features

• Add not_user_type param to the list accounts admin API. (#15844)

Bugfixes

• Pin pydantic to ^=1.7.4 to avoid backwards-incompatible API changes from the 2.0.0 release.
  Contributed by @PaarthShah. (#15862)
• Correctly resize thumbnails with pillow version >=10. (#15876)

Improved Documentation

• Fixed header levels on the Admin API "Users" documentation page. Contributed by @sumnerevans at @beeper. (#15852)
• Remove deprecated worker_replication_host, worker_replication_http_port and worker_replication_http_tls configuration options. (#15872)

Deprecations and Removals

• Remove deprecated worker_replication_host, worker_replication_http_port and worker_replication_http_tls configuration options. See the upgrade notes for more details. (#15860)
• Remove support for Python 3.7 and hence for Debian Buster. (#15851, #15892, #15893, #15917)

Internal Changes

• Add foreign key constraint to event_forward_extremities. (#15751, #15907)
• Add read/write style cross-worker locks. (#15782)
• Stop writing to column user_id of tables profiles and user_filters. (#15787)
• Use lower isolation level when cleaning old presence stream data to avoid serialization errors. (#15826)
• Add tracing to media /upload code paths. (#15850, #15888)
• Add a timeout that aborts any Postgres statement taking more than 1 hour. (#15853)
• Fix the devenv up configuration which was ignoring the config overrides. (#15854)
• Optimised cleanup of old entries in device_lists_stream. (#15861)
• Update the Matrix clients link in the It works! Synapse is running landing page. (#15874)
• Fix building Synapse with the nightly Rust compiler. (#15906)
• Add Server to Access-Control-Expose-Headers header. (#15908)

Updates to locked dependencies

• Bump authlib from 1.2.0 to 1.2.1. (#15864)
• Bump importlib-metadata from 6.6.0 to 6.7.0. (#15865)
• Bump lxml from 4.9.2 to 4.9.3. (#15897)
• Bump regex from 1.8.4 to 1.9.1. (#15902)
• Bump ruff from 0.0.275 to 0.0.277. (#15900)
• Bump sentry-sdk from 1.25.1 to 1.26.0. (#15867)
• Bump serde_json from 1.0.99 to 1.0.100. (#15901)
• Bump types-pyopenssl from 23.2.0.0 to 23.2.0.1. (#15866)

v1.87.0

Synapse 1.87.0 (2023-07-04)

Please note that this will be the last release of Synapse that is compatible with
Python 3.7 and earlier.
This is due to Python 3.7 now having reached End of Life; see our deprecation policy
for more details.

Bugfixes

• Pin pydantic to ^1.7.4 to avoid backwards-incompatible API changes from the 2.0.0 release.
  Resolves #15858.
  Contributed by @PaarthShah. (#15862)

Internal Changes

• Split out 2022 changes from the changelog so the rendered version in GitHub doesn't timeout as much. (#15846)

Synapse 1.87.0rc1 (2023-06-27)

Features

• Improve /messages response time by avoiding backfill when we already have messages to return. (#15737)
• Add spam checker module API for logins. (#15838)

Bugfixes

• Fix a long-standing bug where media files were served in an unsafe manner. Contributed by @joshqou. (#15680)
• Avoid invalidating a cache that was just prefilled. (#15758)
• Fix requesting multiple keys at once over federation, related to MSC3983. (#15770)
• Fix joining rooms through aliases where the alias server isn't a real homeserver. Contributed by @tulir @ Beeper. (#15776)
• Fix a bug in push rules handling leading to an invalid (per spec) is_user_mention rule sent to clients. Also fix wrong rule names for is_user_mention and is_room_mention. (#15781)
• Fix a bug introduced in 1.57.0 where the wrong table would be locked on updating database rows when using SQLite as the database backend. (#15788)
• Fix Sytest environmental variable evaluation in CI. (#15804)
• Fix forgotten rooms missing from initial sync after rejoining them. Contributed by Nico from Famedly. (#15815)
• Fix sqlite user_filters upgrade introduced in v1.86.0. (#15817)

Improved Documentation

• Document looping_call() functionality that will wait for the given function to finish before scheduling another. (#15772)
• Fix a typo in the Admin API. (#15805)
• Fix typo in MSC number in faster remote room join architecture doc. (#15812)

Deprecations and Removals

• Remove experimental MSC2716 implementation to incrementally import history into existing rooms. (#15748)

Internal Changes

• Replace EventContext fields prev_group and delta_ids with field state_group_deltas. (#15233)
• Regularly try to send transactions to other servers after they failed instead of waiting for a new event to be available before trying. (#15743)
• Fix requesting multiple keys at once over federation, related to MSC3983. (#15755)
• Allow for the configuration of max request retries and min/max retry delays in the matrix federation client. (#15783)
• Switch from matrix:// to matrix-federation:// scheme for internal Synapse routing of outbound federation traffic. (#15806)
• Fix harmless exceptions being printed when running the port DB script. (#15814)

Updates to locked dependencies

• Bump attrs from 22.2.0 to 23.1.0. (#15801)
• Bump cryptography from 40.0.2 to 41.0.1. (#15800)
• Bump ijson from 3.2.0.post0 to 3.2.1. (#15802)
• Bump phonenumbers from 8.13.13 to 8.13.14. (#15798)
• Bump ruff from 0.0.265 to 0.0.272. (#15799)
• Bump ruff from 0.0.272 to 0.0.275. (#15833)
• Bump serde_json from 1.0.96 to 1.0.97. (#15797)
• Bump serde_json from 1.0.97 to 1.0.99. (#15832)
• Bump towncrier from 22.12.0 to 23.6.0. (#15831)
• Bump types-opentracing from 2.4.10.4 to 2.4.10.5. (#15830)
• Bump types-setuptools from 67.8.0.0 to 68.0.0.0. (#15835)