-
Notifications
You must be signed in to change notification settings - Fork 6
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore(deps): update dependency element-hq/synapse to v1 #614
Conversation
Test coverage for a6bc365
Static code analysis report
|
This is a bug with our renovate configuration, we'll need to update the renovate regexp, I'm closing this PR for now |
Renovate Ignore NotificationBecause you closed this PR without merging, Renovate will ignore this update. You will not get PRs for any future If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR. |
This PR contains the following updates:
v0.12.0
->v1.120.0
Release Notes
element-hq/synapse (element-hq/synapse)
v1.120.0
Compare Source
Synapse 1.120.0 (2024-11-26)
This release enables the enforcement of authenticated media by default, with exemptions for media that is already present in the
homeserver's media store.
Most homeservers operating in the public federation will not be impacted by this change, given that
the large homeserver
matrix.org
enabled this in September 2024 and therefore most clients and serverswill already have updated as a result.
Some server administrators may still wish to disable this enforcement for the time being, in the interest of compatibility with older clients
and older federated homeservers.
See the upgrade notes for more information.
Bugfixes
delete_old_otks
job to fail in worker-mode deployments. (#17960)Synapse 1.120.0rc1 (2024-11-20)
Features
enable_authenticated_media
tofalse
. In a future release of Synapse, this option will be removed and become always-on. (#17889)Improved Documentation
enable_authenticated_media
configuration option. (#17913)Deprecations and Removals
Internal Changes
python-multipart
0.0.13 so that distro packagers do not need to work around name conflict with PyPI packagemultipart
. (#17932)Updates to locked dependencies
v1.119.0
Compare Source
Synapse 1.119.0 (2024-11-13)
No significant changes since 1.119.0rc2.
Python 3.8 support dropped
Python 3.8 is end-of-life and is no longer supported by Synapse. The minimum supported Python version is now 3.9.
If you are running Synapse with Python 3.8, please upgrade to Python 3.9 (or greater) before upgrading Synapse.
Synapse 1.119.0rc2 (2024-11-11)
Note that due to packaging issues there was no v1.119.0rc1.
Features
state_after
to sync v2). (#17888)Bugfixes
$LAZY
-loading room members would not returnrequired_state
membership in incremental syncs. (#17809)the config option
run_background_tasks_on
. (#17847)state_after
to sync v2) where we would return the full state on incremental syncs when using lazy loaded members and there were no new events in the timeline. (#17915)Internal Changes
Generator
usage. (#17813, #17814, #17815, #17816, #17817, #17818, #17890)current_state_delta_stream
table. (#17912)Updates to locked dependencies
v1.118.0
Compare Source
Synapse 1.118.0 (2024-10-29)
No significant changes since 1.118.0rc1.
Python 3.8 support will be dropped in the next release
Python 3.8 is now end-of-life. As per our Deprecation Policy for Platform Dependencies, Synapse will be dropping support for Python 3.8 in the next release; Synapse 1.119.0.
Synapse 1.118.x will be the final release to support Python 3.8. If you are running Synapse with Python 3.8, please upgrade before the 1.119.0 release, due in less than one month.
Python 3.13 and PostgreSQL 17 support
On the other end of the spectrum, Synapse 1.118.0 is the first release to support Python 3.13! PostgreSQL 17 is also supported as of this release.
Synapse 1.118.0rc1 (2024-10-22)
Features
display_name_claim
option to the JWT configuration. This option allows specifying the claim key that contains the user's display name in the JWT payload. (#17708)Bugfixes
required_state
config. (#17785, #17805)Improved Documentation
user_may_invite
anduser_may_send_3pid_invite
module callbacks are called. (#17627)--config-path
argument instead of--config-file
. (#17802)target_cache_memory_usage
docs. (#17825)Internal Changes
.org.matrix.msc4028.encrypted_event
push rule by default in accordance with MSC4028. Note that the corresponding experimental feature must still be switched on for this push rule to have any effect. (#17826)Updates to locked dependencies
v1.117.0
Compare Source
Synapse 1.117.0 (2024-10-15)
No significant changes since 1.117.0rc1.
Synapse 1.117.0rc1 (2024-10-08)
Features
redis.password_path
. (#17717)Bugfixes
GET /_matrix/client/versions
, set theunstable_features
flag for MSC4140 tofalse
when server configuration disables support for delayed events. (#17780)Improved Documentation
test_forget_when_not_left
. (#17628)federation_sender_instances
. (#17776)Internal Changes
Updates to locked dependencies
v1.116.0
Compare Source
Synapse 1.116.0 (2024-10-01)
No significant changes since 1.116.0rc2.
Synapse 1.116.0rc2 (2024-09-26)
Features
Synapse 1.116.0rc1 (2024-09-25)
Features
and an endpoint to check on the status of that redaction task. (#17506)
tags
andnot_tags
filters for MSC4186 Sliding Sync. (#17662)turn_shared_secret_path
. (#17690)Bugfixes
Internal Changes
_pydantic_compat
module.This allows
check_pydantic_models.py
to mock those pydantic objectsonly in the synapse module, and not interfere with pydantic objects in
external dependencies. (#17667)
event_stream_ordering
of rooms. (#17693)bump_stamp
s more efficiently in MSC4186 Sliding Sync. (#17723)_bulk_get_max_event_pos
being inefficient. (#17728)get_tags_for_room(...)
. (#17730)cgi
module, deprecated in Python 3.11 and removed in Python 3.13. (#17741)Unknown
anymore after updatingtreq
. (#17744)Updates to locked dependencies
v1.115.0
Compare Source
Synapse 1.115.0 (2024-09-17)
No significant changes since 1.115.0rc2.
Synapse 1.115.0rc2 (2024-09-12)
Internal Changes
/sync
endpoint for quick filtering/sorting. (#17652)Synapse 1.115.0rc1 (2024-09-10)
Features
Bugfixes
400 M_BAD_JSON
upon attempting to complete various room actions with a non-local user ID and unknown room ID, rather than an internal server error. (#17607)bump_stamp
for invites in sliding sync response, causing incorrect ordering of invites in the room list. (#17674)Improved Documentation
saml2_config
config example. (#17594)Deprecations and Removals
msc4156_enabled
config setting and defaulting it totrue
. (#17650)Internal Changes
/sync
endpoint for quick filtering/sorting. (#17512, #17632, #17633, #17634, #17635, #17636, #17641, #17654, #17673)PerConnectionState
class immutable. (#17600)isort
andblack
withruff
. (#17620, #17643)get_room_membership_for_user_at_to_token
. (#17629)bump_stamp
from new sliding sync tables which should be faster. (#17658)Updates to locked dependencies
v1.114.0
Compare Source
Synapse 1.114.0 (2024-09-02)
This release enables support for MSC4186 — Simplified Sliding Sync. This allows using the upcoming releases of the Element X mobile apps without having to run a Sliding Sync Proxy.
Features
Synapse 1.114.0rc3 (2024-08-30)
Bugfixes
Synapse 1.114.0rc2 (2024-08-30)
Features
hash_password
script accept password input from stdin. (#17608)Bugfixes
/thumbnail
responses. (#17532)Internal Changes
PerConnectionState
class immutable. (#17600)@tag_args
for standalone functions. (#17604)isort
andblack
withruff
. (#17620)Updates to locked dependencies
Synapse 1.114.0rc1 (2024-08-20)
Features
/versions
,org.matrix.simplified_msc3575
, to indicate whether experimental sliding sync support has been enabled. (#17571)timeline_limit
in experimental sliding sync. (#17579)Bugfixes
stream_ordering
instead of topological ordering) in experimental MSC3575 Sliding Sync/sync
endpoint. (#17510)/sync
endpoint. (#17538)_Mulitpart_Parser_Protocol
. (#17545)old_verify_keys
. Contributed by @tulir @ Beeper. (#17568)Improved Documentation
auto_accept_invites.worker_to_run_on
option. (#17515)
Internal Changes
/sync
endpoint. (#17514)HTTPAdapter.get_connection
withget_connection_with_tls_context
. (#17536)/key/changes
and sliding sync. (#17537, #17548)Updates to locked dependencies
v1.113.0
Compare Source
Synapse 1.113.0 (2024-08-13)
No significant changes since 1.113.0rc1.
Synapse 1.113.0rc1 (2024-08-06)
Features
/sync
endpoint. (#17447)/sync
endpoint. (#17477)/sync
endpoint. (#17489)/sync
endpoint. (#17505)Bugfixes
/sync
endpoint to handle invite/knock rooms when filtering. (#17450)/keys/query
to return incomplete results, leading to high network activity and CPU usage on Matrix clients. (#17499)Improved Documentation
allowed_local_3pids
config option's msisdn address to a working example. (#17476)Internal Changes
bump_stamp
in experimental sliding sync endpoint. (#17478)SlidingSyncBase
. (#17481, #17482)limited
field description in the Sliding Sync response to accurately describe what it actually represents. (#17507)timeline
assertions in Sliding Sync tests. (#17511)Updates to locked dependencies
v1.112.0
Compare Source
Synapse 1.112.0 (2024-07-30)
This security release is to update our locked dependency on Twisted to 24.7.0rc1, which includes a security fix for CVE-2024-41671 / GHSA-c8m8-j448-xjx7: Disordered HTTP pipeline response in twisted.web, again.
Note that this security fix is also available as Synapse 1.111.1, which does not include the rest of the changes in Synapse 1.112.0.
This issue means that, if multiple HTTP requests are pipelined in the same TCP connection, Synapse can send responses to the wrong HTTP request.
If a reverse proxy was configured to use HTTP pipelining, this could result in responses being sent to the wrong user, severely harming confidentiality.
With that said, despite being a high severity issue, we consider it unlikely that Synapse installations will be affected.
The use of HTTP pipelining in this fashion would cause worse performance for clients (request-response latencies would be increased as users' responses would be artificially blocked behind other users' slow requests). Further, Nginx and Haproxy, two common reverse proxies, do not appear to support configuring their upstreams to use HTTP pipelining and thus would not be affected. For both of these reasons, we consider it unlikely that a Synapse deployment would be set up in such a configuration.
Despite that, we cannot rule out that some installations may exist with this unusual setup and so we are releasing this security update today.
pip users: Note that by default, upgrading Synapse using pip will not automatically upgrade Twisted. Please manually install the new version of Twisted using
pip install Twisted==24.7.0rc1
. Note also that even the--upgrade-strategy=eager
flag topip install -U matrix-synapse
will not upgrade Twisted to a patched version because it is only a release candidate at this time.Internal Changes
Synapse 1.112.0rc1 (2024-07-23)
Please note that this release candidate does not include the security dependency update
included in version 1.111.1 as this version was released before 1.111.1.
The same security fix can be found in the full release of 1.112.0.
Features
/sync
endpoint. (#17416)name
/avatar
fields in experimental MSC3575 Sliding Sync/sync
endpoint. (#17418)heroes
and room summary fields (joined_count
,invited_count
) in experimental MSC3575 Sliding Sync/sync
endpoint. (#17419)is_dm
room field in experimental MSC3575 Sliding Sync/sync
endpoint. (#17429)/sync
endpoint. (#17432)/sync
endpoint. (#17454)Bugfixes
/sync
endpoint when using room type filters and the user has one or more remote invites. (#17434)heroes
bystream_ordering
as the Matrix specification states (applies to/sync
). (#17435)/sync
would break for a user when using workers with multiple stream writers. (#17438)Improved Documentation
default_power_level_content_override
config option. (#17451)Internal Changes
RateLimiter.record_action
. ([#17426](https://redirect.github.com/element-hq/syConfiguration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.