Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Do not allow cross-room relations, per MSC2674. #11516

Merged
merged 7 commits into from
Dec 9, 2021

Conversation

clokep
Copy link
Member

@clokep clokep commented Dec 6, 2021

Due to some vagueness in MSC2674 Synapse could return some incorrect data. This updates our implementation to match the merged version of MSC2674, namely that it states an event and its relations must be in the same room.

@clokep clokep requested a review from a team as a code owner December 6, 2021 18:14
@clokep clokep force-pushed the clokep/thread-relation-3 branch from 8ce9f4c to e684b76 Compare December 6, 2021 18:17
@clokep clokep changed the title Apply additional validation for relations received over federation Do not allow cross-room relations, per MSC2674. Dec 6, 2021
@clokep clokep self-assigned this Dec 7, 2021
@clokep clokep removed the request for review from a team December 8, 2021 19:05
@clokep clokep removed their assignment Dec 8, 2021
@clokep clokep requested a review from a team December 8, 2021 20:42
@DMRobertson DMRobertson self-assigned this Dec 9, 2021
Copy link
Contributor

@DMRobertson DMRobertson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Broadly looks good. One small question.

And for completeness, this corresponds to matrix-org/matrix-spec-proposals@8e12152 of MSC2674. I couldn't see the motivation for this change on that PR, but let's not worry about that for now.

@@ -651,6 +653,60 @@ def test_aggregation_get_event_for_thread(self):
},
)

def test_ignore_invalid_room(self):
"""Test that we ignore invalid relations over federation."""
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why single out federation here, sorry? Because the CS API should reject this kind of event if a local client tries to send it?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why single out federation here, sorry? Because the CS API should reject this kind of event if a local client tries to send it?

Yes, exactly. We're somewhat assuming our server isn't generating "bad" events, but they could have before C-S had validation, but it is more likely to be from a buggy / malicious server over federation.

@clokep clokep requested a review from DMRobertson December 9, 2021 17:41
Copy link
Contributor

@DMRobertson DMRobertson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@clokep clokep merged commit 3b88722 into develop Dec 9, 2021
@clokep clokep deleted the clokep/thread-relation-3 branch December 9, 2021 18:16
Fizzadar pushed a commit to Fizzadar/synapse that referenced this pull request Jan 19, 2022
Synapse 1.50.0 (2022-01-18)
===========================

Please note that we now only support Python 3.7+ and PostgreSQL 10+ (if applicable), because Python 3.6 and PostgreSQL 9.6 have reached end-of-life.

No significant changes since 1.50.0rc2.

Synapse 1.50.0rc2 (2022-01-14)
==============================

This release candidate fixes a federation-breaking regression introduced in Synapse 1.50.0rc1.

Bugfixes
--------

- Fix a bug introduced in Synapse v1.0.0 whereby some device list updates would not be sent to remote homeservers if there were too many to send at once. ([\matrix-org#11729](matrix-org#11729))
- Fix a bug introduced in Synapse v1.50.0rc1 whereby outbound federation could fail because too many EDUs were produced for device updates. ([\matrix-org#11730](matrix-org#11730))

Improved Documentation
----------------------

- Document that now the minimum supported PostgreSQL version is 10. ([\matrix-org#11725](matrix-org#11725))

Internal Changes
----------------

- Fix a typechecker problem related to our (ab)use of `nacl.signing.SigningKey`s. ([\matrix-org#11714](matrix-org#11714))

Synapse 1.50.0rc1 (2022-01-05)
==============================

Features
--------

- Allow guests to send state events per [MSC3419](matrix-org/matrix-spec-proposals#3419). ([\matrix-org#11378](matrix-org#11378))
- Add experimental support for part of [MSC3202](matrix-org/matrix-spec-proposals#3202): allowing application services to masquerade as specific devices. ([\matrix-org#11538](matrix-org#11538))
- Add admin API to get users' account data. ([\matrix-org#11664](matrix-org#11664))
- Include the room topic in the stripped state included with invites and knocking. ([\matrix-org#11666](matrix-org#11666))
- Send and handle cross-signing messages using the stable prefix. ([\matrix-org#10520](matrix-org#10520))
- Support unprefixed versions of fallback key property names. ([\matrix-org#11541](matrix-org#11541))

Bugfixes
--------

- Fix a long-standing bug where relations from other rooms could be included in the bundled aggregations of an event. ([\matrix-org#11516](matrix-org#11516))
- Fix a long-standing bug which could cause `AssertionError`s to be written to the log when Synapse was restarted after purging events from the database. ([\matrix-org#11536](matrix-org#11536), [\matrix-org#11642](matrix-org#11642))
- Fix a bug introduced in Synapse 1.17.0 where a pusher created for an email with capital letters would fail to be created. ([\matrix-org#11547](matrix-org#11547))
- Fix a long-standing bug where responses included bundled aggregations when they should not, per [MSC2675](matrix-org/matrix-spec-proposals#2675). ([\matrix-org#11592](matrix-org#11592), [\matrix-org#11623](matrix-org#11623))
- Fix a long-standing bug that some unknown endpoints would return HTML error pages instead of JSON `M_UNRECOGNIZED` errors. ([\matrix-org#11602](matrix-org#11602))
- Fix a bug introduced in Synapse 1.19.3 which could sometimes cause `AssertionError`s when backfilling rooms over federation. ([\matrix-org#11632](matrix-org#11632))

Improved Documentation
----------------------

- Update Synapse install command for FreeBSD as the package is now prefixed with `py38`. Contributed by @itchychips. ([\matrix-org#11267](matrix-org#11267))
- Document the usage of refresh tokens. ([\matrix-org#11427](matrix-org#11427))
- Add details for how to configure a TURN server when behind a NAT. Contibuted by @AndrewFerr. ([\matrix-org#11553](matrix-org#11553))
- Add references for using Postgres to the Docker documentation. ([\matrix-org#11640](matrix-org#11640))
- Fix the documentation link in newly-generated configuration files. ([\matrix-org#11678](matrix-org#11678))
- Correct the documentation for `nginx` to use a case-sensitive url pattern. Fixes an error introduced in v1.21.0. ([\matrix-org#11680](matrix-org#11680))
- Clarify SSO mapping provider documentation by writing `def` or `async def` before the names of methods, as appropriate. ([\matrix-org#11681](matrix-org#11681))

Deprecations and Removals
-------------------------

- Replace `mock` package by its standard library version. ([\matrix-org#11588](matrix-org#11588))
- Drop support for Python 3.6 and Ubuntu 18.04. ([\matrix-org#11633](matrix-org#11633))

Internal Changes
----------------

- Allow specific, experimental events to be created without `prev_events`. Used by [MSC2716](matrix-org/matrix-spec-proposals#2716). ([\matrix-org#11243](matrix-org#11243))
- A test helper (`wait_for_background_updates`) no longer depends on classes defining a `store` property. ([\matrix-org#11331](matrix-org#11331))
- Add type hints to `synapse.appservice`. ([\matrix-org#11360](matrix-org#11360))
- Add missing type hints to `synapse.config` module. ([\matrix-org#11480](matrix-org#11480))
- Add test to ensure we share the same `state_group` across the whole historical batch when using the [MSC2716](matrix-org/matrix-spec-proposals#2716) `/batch_send` endpoint. ([\matrix-org#11487](matrix-org#11487))
- Refactor `tests.util.setup_test_homeserver` and `tests.server.setup_test_homeserver`. ([\matrix-org#11503](matrix-org#11503))
- Move `glob_to_regex` and `re_word_boundary` to `matrix-python-common`. ([\matrix-org#11505](matrix-org#11505), [\matrix-org#11687](matrix-org#11687))
- Use `HTTPStatus` constants in place of literals in `tests.rest.client.test_auth`. ([\matrix-org#11520](matrix-org#11520))
- Add a receipt types constant for `m.read`. ([\matrix-org#11531](matrix-org#11531))
- Clean up `synapse.rest.admin`. ([\matrix-org#11535](matrix-org#11535))
- Add missing `errcode` to `parse_string` and `parse_boolean`. ([\matrix-org#11542](matrix-org#11542))
- Use `HTTPStatus` constants in place of literals in `synapse.http`. ([\matrix-org#11543](matrix-org#11543))
- Add missing type hints to storage classes. ([\matrix-org#11546](matrix-org#11546), [\matrix-org#11549](matrix-org#11549), [\matrix-org#11551](matrix-org#11551), [\matrix-org#11555](matrix-org#11555), [\matrix-org#11575](matrix-org#11575), [\matrix-org#11589](matrix-org#11589), [\matrix-org#11594](matrix-org#11594), [\matrix-org#11652](matrix-org#11652), [\matrix-org#11653](matrix-org#11653), [\matrix-org#11654](matrix-org#11654), [\matrix-org#11657](matrix-org#11657))
- Fix an inaccurate and misleading comment in the `/sync` code. ([\matrix-org#11550](matrix-org#11550))
- Add missing type hints to `synapse.logging.context`. ([\matrix-org#11556](matrix-org#11556))
- Stop populating unused database column `state_events.prev_state`. ([\matrix-org#11558](matrix-org#11558))
- Minor efficiency improvements in event persistence. ([\matrix-org#11560](matrix-org#11560))
- Add some safety checks that storage functions are used correctly. ([\matrix-org#11564](matrix-org#11564), [\matrix-org#11580](matrix-org#11580))
- Make `get_device` return `None` if the device doesn't exist rather than raising an exception. ([\matrix-org#11565](matrix-org#11565))
- Split the HTML parsing code from the URL preview resource code. ([\matrix-org#11566](matrix-org#11566))
- Remove redundant `COALESCE()`s around `COUNT()`s in database queries. ([\matrix-org#11570](matrix-org#11570))
- Add missing type hints to `synapse.http`. ([\matrix-org#11571](matrix-org#11571))
- Add [MSC2716](matrix-org/matrix-spec-proposals#2716) and [MSC3030](matrix-org/matrix-spec-proposals#3030) to `/versions` -> `unstable_features` to detect server support. ([\matrix-org#11582](matrix-org#11582))
- Add type hints to `synapse/tests/rest/admin`. ([\matrix-org#11590](matrix-org#11590))
- Drop end-of-life Python 3.6 and Postgres 9.6 from CI. ([\matrix-org#11595](matrix-org#11595))
- Update black version and run it on all the files. ([\matrix-org#11596](matrix-org#11596))
- Add opentracing type stubs and fix associated mypy errors. ([\matrix-org#11603](matrix-org#11603), [\matrix-org#11622](matrix-org#11622))
- Improve OpenTracing support for requests which use a `ResponseCache`. ([\matrix-org#11607](matrix-org#11607))
- Improve OpenTracing support for incoming HTTP requests. ([\matrix-org#11618](matrix-org#11618))
- A number of improvements to opentracing support. ([\matrix-org#11619](matrix-org#11619))
- Refactor the way that the `outlier` flag is set on events received over federation. ([\matrix-org#11634](matrix-org#11634))
- Improve the error messages from  `get_create_event_for_room`. ([\matrix-org#11638](matrix-org#11638))
- Remove redundant `get_current_events_token` method. ([\matrix-org#11643](matrix-org#11643))
- Convert `namedtuples` to `attrs`. ([\matrix-org#11665](matrix-org#11665), [\matrix-org#11574](matrix-org#11574))
- Update the `/capabilities` response to include whether support for [MSC3440](matrix-org/matrix-spec-proposals#3440) is available. ([\matrix-org#11690](matrix-org#11690))
- Send the `Accept` header in HTTP requests made using `SimpleHttpClient.get_json`. ([\matrix-org#11677](matrix-org#11677))
- Work around Mjolnir compatibility issue by adding an import for `glob_to_regex` in `synapse.util`, where it moved from. ([\matrix-org#11696](matrix-org#11696))
netbsd-srcmastr pushed a commit to NetBSD/pkgsrc that referenced this pull request Jan 30, 2022
Synapse 1.51.0 (2022-01-25)
===========================

No significant changes since 1.51.0rc2.

Synapse 1.51.0 deprecates `webclient` listeners and non-HTTP(S) `web_client_location`s. Support for these will be removed in Synapse 1.53.0, at which point Synapse will not be capable of directly serving a web client for Matrix.

Synapse 1.51.0rc2 (2022-01-24)
==============================

Bugfixes
--------

- Fix a bug introduced in Synapse 1.40.0 that caused Synapse to fail to process incoming federation traffic after handling a large amount of events in a v1 room. ([\#11806](matrix-org/synapse#11806))


Synapse 1.51.0rc1 (2022-01-21)
==============================

Features
--------

- Add `track_puppeted_user_ips` config flag to record client IP addresses against puppeted users, and include the puppeted users in monthly active user counts. ([\#11561](matrix-org/synapse#11561), [\#11749](matrix-org/synapse#11749), [\#11757](matrix-org/synapse#11757))
- Include whether the requesting user has participated in a thread when generating a summary for [MSC3440](matrix-org/matrix-spec-proposals#3440). ([\#11577](matrix-org/synapse#11577))
- Return an `M_FORBIDDEN` error code instead of `M_UNKNOWN` when a spam checker module prevents a user from creating a room. ([\#11672](matrix-org/synapse#11672))
- Add a flag to the `synapse_review_recent_signups` script to ignore and filter appservice users. ([\#11675](matrix-org/synapse#11675), [\#11770](matrix-org/synapse#11770))


Bugfixes
--------

- Fix a long-standing issue which could cause Synapse to incorrectly accept data in the unsigned field of events
  received over federation. ([\#11530](matrix-org/synapse#11530))
- Fix a long-standing bug where Synapse wouldn't cache a response indicating that a remote user has no devices. ([\#11587](matrix-org/synapse#11587))
- Fix an error that occurs whilst trying to get the federation status of a destination server that was working normally. This admin API was newly introduced in Synapse v1.49.0. ([\#11593](matrix-org/synapse#11593))
- Fix bundled aggregations not being included in the `/sync` response, per [MSC2675](matrix-org/matrix-spec-proposals#2675). ([\#11612](matrix-org/synapse#11612), [\#11659](matrix-org/synapse#11659), [\#11791](matrix-org/synapse#11791))
- Fix the `/_matrix/client/v1/room/{roomId}/hierarchy` endpoint returning incorrect fields which have been present since Synapse 1.49.0. ([\#11667](matrix-org/synapse#11667))
- Fix preview of some GIF URLs (like tenor.com). Contributed by Philippe Daouadi. ([\#11669](matrix-org/synapse#11669))
- Fix a bug where only the first 50 rooms from a space were returned from the `/hierarchy` API. This has existed since the introduction of the API in Synapse v1.41.0. ([\#11695](matrix-org/synapse#11695))
- Fix a bug introduced in Synapse v1.18.0 where password reset and address validation emails would not be sent if their subject was configured to use the 'app' template variable. Contributed by @br4nnigan. ([\#11710](matrix-org/synapse#11710), [\#11745](matrix-org/synapse#11745))
- Make the 'List Rooms' Admin API sort stable. Contributed by Daniël Sonck. ([\#11737](matrix-org/synapse#11737))
- Fix a long-standing bug where space hierarchy over federation would only work correctly some of the time. ([\#11775](matrix-org/synapse#11775))
- Fix a bug introduced in Synapse v1.46.0 that prevented `on_logged_out` module callbacks from being correctly awaited by Synapse. ([\#11786](matrix-org/synapse#11786))


Improved Documentation
----------------------

- Warn against using a Let's Encrypt certificate for TLS/DTLS TURN server client connections, and suggest using ZeroSSL certificate instead. This works around client-side connectivity errors caused by WebRTC libraries that reject Let's Encrypt certificates. Contibuted by @AndrewFerr. ([\#11686](matrix-org/synapse#11686))
- Document the new `SYNAPSE_TEST_PERSIST_SQLITE_DB` environment variable in the contributing guide. ([\#11715](matrix-org/synapse#11715))
- Document that the minimum supported PostgreSQL version is now 10. ([\#11725](matrix-org/synapse#11725))
- Fix typo in demo docs: differnt. ([\#11735](matrix-org/synapse#11735))
- Update room spec URL in config files. ([\#11739](matrix-org/synapse#11739))
- Mention `python3-venv` and `libpq-dev` dependencies in the contribution guide. ([\#11740](matrix-org/synapse#11740))
- Update documentation for configuring login with Facebook. ([\#11755](matrix-org/synapse#11755))
- Update installation instructions to note that Python 3.6 is no longer supported. ([\#11781](matrix-org/synapse#11781))


Deprecations and Removals
-------------------------

- Remove the unstable `/send_relation` endpoint. ([\#11682](matrix-org/synapse#11682))
- Remove `python_twisted_reactor_pending_calls` Prometheus metric. ([\#11724](matrix-org/synapse#11724))
- Remove the `password_hash` field from the response dictionaries of the [Users Admin API](https://matrix-org.github.io/synapse/latest/admin_api/user_admin_api.html). ([\#11576](matrix-org/synapse#11576))
- **Deprecate support for `webclient` listeners and non-HTTP(S) `web_client_location` configuration. ([\#11774](matrix-org/synapse#11774), [\#11783](matrix-org/synapse#11783


Internal Changes
----------------

- Run `pyupgrade --py37-plus --keep-percent-format` on Synapse. ([\#11685](matrix-org/synapse#11685))
- Use buildkit's cache feature to speed up docker builds. ([\#11691](matrix-org/synapse#11691))
- Use `auto_attribs` and native type hints for attrs classes. ([\#11692](matrix-org/synapse#11692), [\#11768](matrix-org/synapse#11768))
- Remove debug logging for #4422, which has been closed since Synapse 0.99. ([\#11693](matrix-org/synapse#11693))
- Remove fallback code for Python 2. ([\#11699](matrix-org/synapse#11699))
- Add a test for [an edge case](matrix-org/synapse#11532 (comment)) in the `/sync` logic. ([\#11701](matrix-org/synapse#11701))
- Add the option to write SQLite test dbs to disk when running tests. ([\#11702](matrix-org/synapse#11702))
- Improve Complement test output for Gitub Actions. ([\#11707](matrix-org/synapse#11707))
- Fix docstring on `add_account_data_for_user`. ([\#11716](matrix-org/synapse#11716))
- Complement environment variable name change and update `.gitignore`. ([\#11718](matrix-org/synapse#11718))
- Simplify calculation of Prometheus metrics for garbage collection. ([\#11723](matrix-org/synapse#11723))
- Improve accuracy of `python_twisted_reactor_tick_time` Prometheus metric. ([\#11724](matrix-org/synapse#11724), [\#11771](matrix-org/synapse#11771))
- Minor efficiency improvements when inserting many values into the database. ([\#11742](matrix-org/synapse#11742))
- Invite PR authors to give themselves credit in the changelog. ([\#11744](matrix-org/synapse#11744))
- Add optional debugging to investigate [issue 8631](matrix-org/synapse#8631). ([\#11760](matrix-org/synapse#11760))
- Remove `log_function` utility function and its uses. ([\#11761](matrix-org/synapse#11761))
- Add a unit test that checks both `client` and `webclient` resources will function when simultaneously enabled. ([\#11765](matrix-org/synapse#11765))
- Allow overriding complement commit using `COMPLEMENT_REF`. ([\#11766](matrix-org/synapse#11766))
- Add some comments and type annotations for `_update_outliers_txn`. ([\#11776](matrix-org/synapse#11776))


Synapse 1.50.1 (2022-01-18)
===========================

This release fixes a bug in Synapse 1.50.0 that could prevent clients from being able to connect to Synapse if the `webclient` resource was enabled. Further details are available in [this issue](matrix-org/synapse#11763).

Bugfixes
--------

- Fix a bug introduced in Synapse 1.50.0rc1 that could cause Matrix clients to be unable to connect to Synapse instances with the `webclient` resource enabled. ([\#11764](matrix-org/synapse#11764))


Synapse 1.50.0 (2022-01-18)
===========================

**This release contains a critical bug that may prevent clients from being able to connect.
As such, it is not recommended to upgrade to 1.50.0. Instead, please upgrade straight to
to 1.50.1. Further details are available in [this issue](matrix-org/synapse#11763

Please note that we now only support Python 3.7+ and PostgreSQL 10+ (if applicable), because Python 3.6 and PostgreSQL 9.6 have reached end-of-life.

No significant changes since 1.50.0rc2.


Synapse 1.50.0rc2 (2022-01-14)
==============================

This release candidate fixes a federation-breaking regression introduced in Synapse 1.50.0rc1.

Bugfixes
--------

- Fix a bug introduced in Synapse v1.0.0 whereby some device list updates would not be sent to remote homeservers if there were too many to send at once. ([\#11729](matrix-org/synapse#11729))
- Fix a bug introduced in Synapse v1.50.0rc1 whereby outbound federation could fail because too many EDUs were produced for device updates. ([\#11730](matrix-org/synapse#11730))


Improved Documentation
----------------------

- Document that now the minimum supported PostgreSQL version is 10. ([\#11725](matrix-org/synapse#11725))


Internal Changes
----------------

- Fix a typechecker problem related to our (ab)use of `nacl.signing.SigningKey`s. ([\#11714](matrix-org/synapse#11714))


Synapse 1.50.0rc1 (2022-01-05)
==============================


Features
--------

- Allow guests to send state events per [MSC3419](matrix-org/matrix-spec-proposals#3419). ([\#11378](matrix-org/synapse#11378))
- Add experimental support for part of [MSC3202](matrix-org/matrix-spec-proposals#3202): allowing application services to masquerade as specific devices. ([\#11538](matrix-org/synapse#11538))
- Add admin API to get users' account data. ([\#11664](matrix-org/synapse#11664))
- Include the room topic in the stripped state included with invites and knocking. ([\#11666](matrix-org/synapse#11666))
- Send and handle cross-signing messages using the stable prefix. ([\#10520](matrix-org/synapse#10520))
- Support unprefixed versions of fallback key property names. ([\#11541](matrix-org/synapse#11541))


Bugfixes
--------

- Fix a long-standing bug where relations from other rooms could be included in the bundled aggregations of an event. ([\#11516](matrix-org/synapse#11516))
- Fix a long-standing bug which could cause `AssertionError`s to be written to the log when Synapse was restarted after purging events from the database. ([\#11536](matrix-org/synapse#11536), [\#11642](matrix-org/synapse#11642))
- Fix a bug introduced in Synapse 1.17.0 where a pusher created for an email with capital letters would fail to be created. ([\#11547](matrix-org/synapse#11547))
- Fix a long-standing bug where responses included bundled aggregations when they should not, per [MSC2675](matrix-org/matrix-spec-proposals#2675). ([\#11592](matrix-org/synapse#11592), [\#11623](matrix-org/synapse#11623))
- Fix a long-standing bug that some unknown endpoints would return HTML error pages instead of JSON `M_UNRECOGNIZED` errors. ([\#11602](matrix-org/synapse#11602))
- Fix a bug introduced in Synapse 1.19.3 which could sometimes cause `AssertionError`s when backfilling rooms over federation. ([\#11632](matrix-org/synapse#11632))


Improved Documentation
----------------------

- Update Synapse install command for FreeBSD as the package is now prefixed with `py38`. Contributed by @itchychips. ([\#11267](matrix-org/synapse#11267))
- Document the usage of refresh tokens. ([\#11427](matrix-org/synapse#11427))
- Add details for how to configure a TURN server when behind a NAT. Contibuted by @AndrewFerr. ([\#11553](matrix-org/synapse#11553))
- Add references for using Postgres to the Docker documentation. ([\#11640](matrix-org/synapse#11640))
- Fix the documentation link in newly-generated configuration files. ([\#11678](matrix-org/synapse#11678))
- Correct the documentation for `nginx` to use a case-sensitive url pattern. Fixes an error introduced in v1.21.0. ([\#11680](matrix-org/synapse#11680))
- Clarify SSO mapping provider documentation by writing `def` or `async def` before the names of methods, as appropriate. ([\#11681](matrix-org/synapse#11681))


Deprecations and Removals
-------------------------

- Replace `mock` package by its standard library version. ([\#11588](matrix-org/synapse#11588))
- Drop support for Python 3.6 and Ubuntu 18.04. ([\#11633](matrix-org/synapse#11633))


Internal Changes
----------------

- Allow specific, experimental events to be created without `prev_events`. Used by [MSC2716](matrix-org/matrix-spec-proposals#2716). ([\#11243](matrix-org/synapse#11243))
- A test helper (`wait_for_background_updates`) no longer depends on classes defining a `store` property. ([\#11331](matrix-org/synapse#11331))
- Add type hints to `synapse.appservice`. ([\#11360](matrix-org/synapse#11360))
- Add missing type hints to `synapse.config` module. ([\#11480](matrix-org/synapse#11480))
- Add test to ensure we share the same `state_group` across the whole historical batch when using the [MSC2716](matrix-org/matrix-spec-proposals#2716) `/batch_send` endpoint. ([\#11487](matrix-org/synapse#11487))
- Refactor `tests.util.setup_test_homeserver` and `tests.server.setup_test_homeserver`. ([\#11503](matrix-org/synapse#11503))
- Move `glob_to_regex` and `re_word_boundary` to `matrix-python-common`. ([\#11505](matrix-org/synapse#11505), [\#11687](matrix-org/synapse#11687))
- Use `HTTPStatus` constants in place of literals in `tests.rest.client.test_auth`. ([\#11520](matrix-org/synapse#11520))
- Add a receipt types constant for `m.read`. ([\#11531](matrix-org/synapse#11531))
- Clean up `synapse.rest.admin`. ([\#11535](matrix-org/synapse#11535))
- Add missing `errcode` to `parse_string` and `parse_boolean`. ([\#11542](matrix-org/synapse#11542))
- Use `HTTPStatus` constants in place of literals in `synapse.http`. ([\#11543](matrix-org/synapse#11543))
- Add missing type hints to storage classes. ([\#11546](matrix-org/synapse#11546), [\#11549](matrix-org/synapse#11549), [\#11551](matrix-org/synapse#11551), [\#11555](matrix-org/synapse#11555), [\#11575](matrix-org/synapse#11575), [\#11589](matrix-org/synapse#11589), [\#11594](matrix-org/synapse#11594), [\#11652](matrix-org/synapse#11652), [\#11653](matrix-org/synapse#11653), [\#11654](matrix-org/synapse#11654), [\#11657](matrix-org/synapse#11657))
- Fix an inaccurate and misleading comment in the `/sync` code. ([\#11550](matrix-org/synapse#11550))
- Add missing type hints to `synapse.logging.context`. ([\#11556](matrix-org/synapse#11556))
- Stop populating unused database column `state_events.prev_state`. ([\#11558](matrix-org/synapse#11558))
- Minor efficiency improvements in event persistence. ([\#11560](matrix-org/synapse#11560))
- Add some safety checks that storage functions are used correctly. ([\#11564](matrix-org/synapse#11564), [\#11580](matrix-org/synapse#11580))
- Make `get_device` return `None` if the device doesn't exist rather than raising an exception. ([\#11565](matrix-org/synapse#11565))
- Split the HTML parsing code from the URL preview resource code. ([\#11566](matrix-org/synapse#11566))
- Remove redundant `COALESCE()`s around `COUNT()`s in database queries. ([\#11570](matrix-org/synapse#11570))
- Add missing type hints to `synapse.http`. ([\#11571](matrix-org/synapse#11571))
- Add [MSC2716](matrix-org/matrix-spec-proposals#2716) and [MSC3030](matrix-org/matrix-spec-proposals#3030) to `/versions` -> `unstable_features` to detect server support. ([\#11582](matrix-org/synapse#11582))
- Add type hints to `synapse/tests/rest/admin`. ([\#11590](matrix-org/synapse#11590))
- Drop end-of-life Python 3.6 and Postgres 9.6 from CI. ([\#11595](matrix-org/synapse#11595))
- Update black version and run it on all the files. ([\#11596](matrix-org/synapse#11596))
- Add opentracing type stubs and fix associated mypy errors. ([\#11603](matrix-org/synapse#11603), [\#11622](matrix-org/synapse#11622))
- Improve OpenTracing support for requests which use a `ResponseCache`. ([\#11607](matrix-org/synapse#11607))
- Improve OpenTracing support for incoming HTTP requests. ([\#11618](matrix-org/synapse#11618))
- A number of improvements to opentracing support. ([\#11619](matrix-org/synapse#11619))
- Refactor the way that the `outlier` flag is set on events received over federation. ([\#11634](matrix-org/synapse#11634))
- Improve the error messages from  `get_create_event_for_room`. ([\#11638](matrix-org/synapse#11638))
- Remove redundant `get_current_events_token` method. ([\#11643](matrix-org/synapse#11643))
- Convert `namedtuples` to `attrs`. ([\#11665](matrix-org/synapse#11665), [\#11574](matrix-org/synapse#11574))
- Update the `/capabilities` response to include whether support for [MSC3440](matrix-org/matrix-spec-proposals#3440) is available. ([\#11690](matrix-org/synapse#11690))
- Send the `Accept` header in HTTP requests made using `SimpleHttpClient.get_json`. ([\#11677](matrix-org/synapse#11677))
- Work around Mjolnir compatibility issue by adding an import for `glob_to_regex` in `synapse.util`, where it moved from. ([\#11696](matrix-org/synapse#11696))


Synapse 1.49.2 (2021-12-21)
===========================

This release fixes a regression introduced in Synapse 1.49.0 which could cause `/sync` requests to take significantly longer. This would particularly affect "initial" syncs for users participating in a large number of rooms, and in extreme cases, could make it impossible for such users to log in on a new client.

**Note:** in line with our [deprecation policy](https://matrix-org.github.io/synapse/latest/deprecation_policy.html) for platform dependencies, this will be the last release to support Python 3.6 and PostgreSQL 9.6, both of which have now reached upstream end-of-life. Synapse will require Python 3.7+ and PostgreSQL 10+.

**Note:** We will also stop producing packages for Ubuntu 18.04 (Bionic Beaver) after this release, as it uses Python 3.6.

Bugfixes
--------

- Fix a performance regression in `/sync` handling, introduced in 1.49.0. ([\#11583](matrix-org/synapse#11583))

Internal Changes
----------------

- Work around a build problem on Debian Buster. ([\#11625](matrix-org/synapse#11625))


Synapse 1.49.1 (2021-12-21)
===========================

Not released due to problems building the debian packages.


Synapse 1.49.0 (2021-12-14)
===========================

No significant changes since version 1.49.0rc1.


Support for Ubuntu 21.04 ends next month on the 20th of January
---------------------------------------------------------------

For users of Ubuntu 21.04 (Hirsute Hippo), please be aware that [upstream support for this version of Ubuntu will end next month][Ubuntu2104EOL].
We will stop producing packages for Ubuntu 21.04 after upstream support ends.

[Ubuntu2104EOL]: https://lists.ubuntu.com/archives/ubuntu-announce/2021-December/000275.html


The wiki has been migrated to the documentation website
-------------------------------------------------------

We've decided to move the existing, somewhat stagnant pages from the GitHub wiki
to the [documentation website](https://matrix-org.github.io/synapse/latest/).

This was done for two reasons. The first was to ensure that changes are checked by
multiple authors before being committed (everyone makes mistakes!) and the second
was visibility of the documentation. Not everyone knows that Synapse has some very
useful information hidden away in its GitHub wiki pages. Bringing them to the
documentation website should help with visibility, as well as keep all Synapse documentation
in one, easily-searchable location.

Note that contributions to the documentation website happen through [GitHub pull
requests](https://github.com/matrix-org/synapse/pulls). Please visit [#synapse-dev:matrix.org](https://matrix.to/#/#synapse-dev:matrix.org)
if you need help with the process!


Synapse 1.49.0rc1 (2021-12-07)
==============================

Features
--------

- Add [MSC3030](matrix-org/matrix-spec-proposals#3030) experimental client and federation API endpoints to get the closest event to a given timestamp. ([\#9445](matrix-org/synapse#9445))
- Include bundled relation aggregations during a limited `/sync` request and `/relations` request, per [MSC2675](matrix-org/matrix-spec-proposals#2675). ([\#11284](matrix-org/synapse#11284), [\#11478](matrix-org/synapse#11478))
- Add plugin support for controlling database background updates. ([\#11306](matrix-org/synapse#11306), [\#11475](matrix-org/synapse#11475), [\#11479](matrix-org/synapse#11479))
- Support the stable API endpoints for [MSC2946](matrix-org/matrix-spec-proposals#2946): the room `/hierarchy` endpoint. ([\#11329](matrix-org/synapse#11329))
- Add admin API to get some information about federation status with remote servers. ([\#11407](matrix-org/synapse#11407))
- Support expiry of refresh tokens and expiry of the overall session when refresh tokens are in use. ([\#11425](matrix-org/synapse#11425))
- Stabilise support for [MSC2918](https://github.com/matrix-org/matrix-doc/blob/main/proposals/2918-refreshtokens.md#msc2918-refresh-tokens) refresh tokens as they have now been merged into the Matrix specification. ([\#11435](matrix-org/synapse#11435), [\#11522](matrix-org/synapse#11522))
- Update [MSC2918 refresh token](https://github.com/matrix-org/matrix-doc/blob/main/proposals/2918-refreshtokens.md#msc2918-refresh-tokens) support to confirm with the latest revision: accept the `refresh_tokens` parameter in the request body rather than in the URL parameters. ([\#11430](matrix-org/synapse#11430))
- Support configuring the lifetime of non-refreshable access tokens separately to refreshable access tokens. ([\#11445](matrix-org/synapse#11445))
- Expose `synapse_homeserver` and `synapse_worker` commands as entry points to run Synapse's main process and worker processes, respectively. Contributed by @Ma27. ([\#11449](matrix-org/synapse#11449))
- `synctl stop` will now wait for Synapse to exit before returning. ([\#11459](matrix-org/synapse#11459), [\#11490](matrix-org/synapse#11490))
- Extend the "delete room" admin api to work correctly on rooms which have previously been partially deleted. ([\#11523](matrix-org/synapse#11523))
- Add support for the `/_matrix/client/v3/login/sso/redirect/{idpId}` API from Matrix v1.1. This endpoint was overlooked when support for v3 endpoints was added in Synapse 1.48.0rc1. ([\#11451](matrix-org/synapse#11451))


Bugfixes
--------

- Fix using [MSC2716](matrix-org/matrix-spec-proposals#2716) batch sending in combination with event persistence workers. Contributed by @tulir at Beeper. ([\#11220](matrix-org/synapse#11220))
- Fix a long-standing bug where all requests that read events from the database could get stuck as a result of losing the database connection, properly this time. Also fix a race condition introduced in the previous insufficient fix in Synapse 1.47.0. ([\#11376](matrix-org/synapse#11376))
- The `/send_join` response now includes the stable `event` field instead of the unstable field from [MSC3083](matrix-org/matrix-spec-proposals#3083). ([\#11413](matrix-org/synapse#11413))
- Fix a bug introduced in Synapse 1.47.0 where `send_join` could fail due to an outdated `ijson` version. ([\#11439](matrix-org/synapse#11439), [\#11441](matrix-org/synapse#11441), [\#11460](matrix-org/synapse#11460))
- Fix a bug introduced in Synapse 1.36.0 which could cause problems fetching event-signing keys from trusted key servers. ([\#11440](matrix-org/synapse#11440))
- Fix a bug introduced in Synapse 1.47.1 where the media repository would fail to work if the media store path contained any symbolic links. ([\#11446](matrix-org/synapse#11446))
- Fix an `LruCache` corruption bug, introduced in Synapse 1.38.0, that would cause certain requests to fail until the next Synapse restart. ([\#11454](matrix-org/synapse#11454))
- Fix a long-standing bug where invites from ignored users were included in incremental syncs. ([\#11511](matrix-org/synapse#11511))
- Fix a regression in Synapse 1.48.0 where presence workers would not clear their presence updates over replication on shutdown. ([\#11518](matrix-org/synapse#11518))
- Fix a regression in Synapse 1.48.0 where the module API's `looping_background_call` method would spam errors to the logs when given a non-async function. ([\#11524](matrix-org/synapse#11524))


Updates to the Docker image
---------------------------

- Update `Dockerfile-workers` to healthcheck all workers in the container. ([\#11429](matrix-org/synapse#11429))


Improved Documentation
----------------------

- Update the media repository documentation. ([\#11415](matrix-org/synapse#11415))
- Update section about backward extremities in the room DAG concepts doc to correct the misconception about backward extremities indicating whether we have fetched an events' `prev_events`. ([\#11469](matrix-org/synapse#11469))


Internal Changes
----------------

- Add `Final` annotation to string constants in `synapse.api.constants` so that they get typed as `Literal`s. ([\#11356](matrix-org/synapse#11356))
- Add a check to ensure that users cannot start the Synapse master process when `worker_app` is set. ([\#11416](matrix-org/synapse#11416))
- Add a note about postgres memory management and hugepages to postgres doc. ([\#11467](matrix-org/synapse#11467))
- Add missing type hints to `synapse.config` module. ([\#11465](matrix-org/synapse#11465))
- Add missing type hints to `synapse.federation`. ([\#11483](matrix-org/synapse#11483))
- Add type annotations to `tests.storage.test_appservice`. ([\#11488](matrix-org/synapse#11488), [\#11492](matrix-org/synapse#11492))
- Add type annotations to some of the configuration surrounding refresh tokens. ([\#11428](matrix-org/synapse#11428))
- Add type hints to `synapse/tests/rest/admin`. ([\#11501](matrix-org/synapse#11501))
- Add type hints to storage classes. ([\#11411](matrix-org/synapse#11411))
- Add wiki pages to documentation website. ([\#11402](matrix-org/synapse#11402))
- Clean up `tests.storage.test_main` to remove use of legacy code. ([\#11493](matrix-org/synapse#11493))
- Clean up `tests.test_visibility` to remove legacy code. ([\#11495](matrix-org/synapse#11495))
- Convert status codes to `HTTPStatus` in `synapse.rest.admin`. ([\#11452](matrix-org/synapse#11452), [\#11455](matrix-org/synapse#11455))
- Extend the `scripts-dev/sign_json` script to support signing events. ([\#11486](matrix-org/synapse#11486))
- Improve internal types in push code. ([\#11409](matrix-org/synapse#11409))
- Improve type annotations in `synapse.module_api`. ([\#11029](matrix-org/synapse#11029))
- Improve type hints for `LruCache`. ([\#11453](matrix-org/synapse#11453))
- Preparation for database schema simplifications: disambiguate queries on `state_key`. ([\#11497](matrix-org/synapse#11497))
- Refactor `backfilled` into specific behavior function arguments (`_persist_events_and_state_updates` and downstream calls). ([\#11417](matrix-org/synapse#11417))
- Refactor `get_version_string` to fix-up types and duplicated code. ([\#11468](matrix-org/synapse#11468))
- Refactor various parts of the `/sync` handler. ([\#11494](matrix-org/synapse#11494), [\#11515](matrix-org/synapse#11515))
- Remove unnecessary `json.dumps` from `tests.rest.admin`. ([\#11461](matrix-org/synapse#11461))
- Save the OpenID Connect session ID on login. ([\#11482](matrix-org/synapse#11482))
- Update and clean up recently ported documentation pages. ([\#11466](matrix-org/synapse#11466))
babolivier added a commit to matrix-org/synapse-dinsic that referenced this pull request Feb 7, 2022
Synapse 1.50.0 (2022-01-18)
===========================

Please note that we now only support Python 3.7+ and PostgreSQL 10+ (if applicable), because Python 3.6 and PostgreSQL 9.6 have reached end-of-life.

No significant changes since 1.50.0rc2.

Synapse 1.50.0rc2 (2022-01-14)
==============================

This release candidate fixes a federation-breaking regression introduced in Synapse 1.50.0rc1.

Bugfixes
--------

- Fix a bug introduced in Synapse v1.0.0 whereby some device list updates would not be sent to remote homeservers if there were too many to send at once. ([\#11729](matrix-org/synapse#11729))
- Fix a bug introduced in Synapse v1.50.0rc1 whereby outbound federation could fail because too many EDUs were produced for device updates. ([\#11730](matrix-org/synapse#11730))

Improved Documentation
----------------------

- Document that now the minimum supported PostgreSQL version is 10. ([\#11725](matrix-org/synapse#11725))

Internal Changes
----------------

- Fix a typechecker problem related to our (ab)use of `nacl.signing.SigningKey`s. ([\#11714](matrix-org/synapse#11714))

Synapse 1.50.0rc1 (2022-01-05)
==============================

Features
--------

- Allow guests to send state events per [MSC3419](matrix-org/matrix-spec-proposals#3419). ([\#11378](matrix-org/synapse#11378))
- Add experimental support for part of [MSC3202](matrix-org/matrix-spec-proposals#3202): allowing application services to masquerade as specific devices. ([\#11538](matrix-org/synapse#11538))
- Add admin API to get users' account data. ([\#11664](matrix-org/synapse#11664))
- Include the room topic in the stripped state included with invites and knocking. ([\#11666](matrix-org/synapse#11666))
- Send and handle cross-signing messages using the stable prefix. ([\#10520](matrix-org/synapse#10520))
- Support unprefixed versions of fallback key property names. ([\#11541](matrix-org/synapse#11541))

Bugfixes
--------

- Fix a long-standing bug where relations from other rooms could be included in the bundled aggregations of an event. ([\#11516](matrix-org/synapse#11516))
- Fix a long-standing bug which could cause `AssertionError`s to be written to the log when Synapse was restarted after purging events from the database. ([\#11536](matrix-org/synapse#11536), [\#11642](matrix-org/synapse#11642))
- Fix a bug introduced in Synapse 1.17.0 where a pusher created for an email with capital letters would fail to be created. ([\#11547](matrix-org/synapse#11547))
- Fix a long-standing bug where responses included bundled aggregations when they should not, per [MSC2675](matrix-org/matrix-spec-proposals#2675). ([\#11592](matrix-org/synapse#11592), [\#11623](matrix-org/synapse#11623))
- Fix a long-standing bug that some unknown endpoints would return HTML error pages instead of JSON `M_UNRECOGNIZED` errors. ([\#11602](matrix-org/synapse#11602))
- Fix a bug introduced in Synapse 1.19.3 which could sometimes cause `AssertionError`s when backfilling rooms over federation. ([\#11632](matrix-org/synapse#11632))

Improved Documentation
----------------------

- Update Synapse install command for FreeBSD as the package is now prefixed with `py38`. Contributed by @itchychips. ([\#11267](matrix-org/synapse#11267))
- Document the usage of refresh tokens. ([\#11427](matrix-org/synapse#11427))
- Add details for how to configure a TURN server when behind a NAT. Contibuted by @AndrewFerr. ([\#11553](matrix-org/synapse#11553))
- Add references for using Postgres to the Docker documentation. ([\#11640](matrix-org/synapse#11640))
- Fix the documentation link in newly-generated configuration files. ([\#11678](matrix-org/synapse#11678))
- Correct the documentation for `nginx` to use a case-sensitive url pattern. Fixes an error introduced in v1.21.0. ([\#11680](matrix-org/synapse#11680))
- Clarify SSO mapping provider documentation by writing `def` or `async def` before the names of methods, as appropriate. ([\#11681](matrix-org/synapse#11681))

Deprecations and Removals
-------------------------

- Replace `mock` package by its standard library version. ([\#11588](matrix-org/synapse#11588))
- Drop support for Python 3.6 and Ubuntu 18.04. ([\#11633](matrix-org/synapse#11633))

Internal Changes
----------------

- Allow specific, experimental events to be created without `prev_events`. Used by [MSC2716](matrix-org/matrix-spec-proposals#2716). ([\#11243](matrix-org/synapse#11243))
- A test helper (`wait_for_background_updates`) no longer depends on classes defining a `store` property. ([\#11331](matrix-org/synapse#11331))
- Add type hints to `synapse.appservice`. ([\#11360](matrix-org/synapse#11360))
- Add missing type hints to `synapse.config` module. ([\#11480](matrix-org/synapse#11480))
- Add test to ensure we share the same `state_group` across the whole historical batch when using the [MSC2716](matrix-org/matrix-spec-proposals#2716) `/batch_send` endpoint. ([\#11487](matrix-org/synapse#11487))
- Refactor `tests.util.setup_test_homeserver` and `tests.server.setup_test_homeserver`. ([\#11503](matrix-org/synapse#11503))
- Move `glob_to_regex` and `re_word_boundary` to `matrix-python-common`. ([\#11505](matrix-org/synapse#11505), [\#11687](matrix-org/synapse#11687))
- Use `HTTPStatus` constants in place of literals in `tests.rest.client.test_auth`. ([\#11520](matrix-org/synapse#11520))
- Add a receipt types constant for `m.read`. ([\#11531](matrix-org/synapse#11531))
- Clean up `synapse.rest.admin`. ([\#11535](matrix-org/synapse#11535))
- Add missing `errcode` to `parse_string` and `parse_boolean`. ([\#11542](matrix-org/synapse#11542))
- Use `HTTPStatus` constants in place of literals in `synapse.http`. ([\#11543](matrix-org/synapse#11543))
- Add missing type hints to storage classes. ([\#11546](matrix-org/synapse#11546), [\#11549](matrix-org/synapse#11549), [\#11551](matrix-org/synapse#11551), [\#11555](matrix-org/synapse#11555), [\#11575](matrix-org/synapse#11575), [\#11589](matrix-org/synapse#11589), [\#11594](matrix-org/synapse#11594), [\#11652](matrix-org/synapse#11652), [\#11653](matrix-org/synapse#11653), [\#11654](matrix-org/synapse#11654), [\#11657](matrix-org/synapse#11657))
- Fix an inaccurate and misleading comment in the `/sync` code. ([\#11550](matrix-org/synapse#11550))
- Add missing type hints to `synapse.logging.context`. ([\#11556](matrix-org/synapse#11556))
- Stop populating unused database column `state_events.prev_state`. ([\#11558](matrix-org/synapse#11558))
- Minor efficiency improvements in event persistence. ([\#11560](matrix-org/synapse#11560))
- Add some safety checks that storage functions are used correctly. ([\#11564](matrix-org/synapse#11564), [\#11580](matrix-org/synapse#11580))
- Make `get_device` return `None` if the device doesn't exist rather than raising an exception. ([\#11565](matrix-org/synapse#11565))
- Split the HTML parsing code from the URL preview resource code. ([\#11566](matrix-org/synapse#11566))
- Remove redundant `COALESCE()`s around `COUNT()`s in database queries. ([\#11570](matrix-org/synapse#11570))
- Add missing type hints to `synapse.http`. ([\#11571](matrix-org/synapse#11571))
- Add [MSC2716](matrix-org/matrix-spec-proposals#2716) and [MSC3030](matrix-org/matrix-spec-proposals#3030) to `/versions` -> `unstable_features` to detect server support. ([\#11582](matrix-org/synapse#11582))
- Add type hints to `synapse/tests/rest/admin`. ([\#11590](matrix-org/synapse#11590))
- Drop end-of-life Python 3.6 and Postgres 9.6 from CI. ([\#11595](matrix-org/synapse#11595))
- Update black version and run it on all the files. ([\#11596](matrix-org/synapse#11596))
- Add opentracing type stubs and fix associated mypy errors. ([\#11603](matrix-org/synapse#11603), [\#11622](matrix-org/synapse#11622))
- Improve OpenTracing support for requests which use a `ResponseCache`. ([\#11607](matrix-org/synapse#11607))
- Improve OpenTracing support for incoming HTTP requests. ([\#11618](matrix-org/synapse#11618))
- A number of improvements to opentracing support. ([\#11619](matrix-org/synapse#11619))
- Refactor the way that the `outlier` flag is set on events received over federation. ([\#11634](matrix-org/synapse#11634))
- Improve the error messages from  `get_create_event_for_room`. ([\#11638](matrix-org/synapse#11638))
- Remove redundant `get_current_events_token` method. ([\#11643](matrix-org/synapse#11643))
- Convert `namedtuples` to `attrs`. ([\#11665](matrix-org/synapse#11665), [\#11574](matrix-org/synapse#11574))
- Update the `/capabilities` response to include whether support for [MSC3440](matrix-org/matrix-spec-proposals#3440) is available. ([\#11690](matrix-org/synapse#11690))
- Send the `Accept` header in HTTP requests made using `SimpleHttpClient.get_json`. ([\#11677](matrix-org/synapse#11677))
- Work around Mjolnir compatibility issue by adding an import for `glob_to_regex` in `synapse.util`, where it moved from. ([\#11696](matrix-org/synapse#11696))
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants