kaslo/synapse
1
0
Fork 0
Code Wiki Activity
18,848 Commits 1,048 Branches 805 Tags
a67a65afbf100ea09b0dd477cd12fa6fc4e07c87
Commit Graph

924 Commits

Author SHA1 Message Date
Andrew Morgan
ac99b4a37f Add support for putting fed user query API on workers (#6873) 
* commit '21db35f77':
  Add support for putting fed user query API on workers (#6873)
 2020-03-23 17:11:07 +00:00
Andrew Morgan
5bb1eb6136 Allow moving group read APIs to workers (#6866) 
* commit 'de2d26737':
  Allow moving group read APIs to workers (#6866)
 2020-03-23 17:10:38 +00:00
Andrew Morgan
3b0ce55bf7 Admin api to add an email address (#6789) 
* commit '56ca93ef5':
  Admin api to add an email address (#6789)
 2020-03-23 17:10:32 +00:00
Andrew Morgan
0057df8072 Update documentation (#6859) 
* commit 'f0561fcff':
  Update documentation (#6859)
 2020-03-23 17:09:18 +00:00
Andrew Morgan
4f66a15d64 Warn if postgres database has non-C locale. (#6734) 
* commit '02b44db92':
  Warn if postgres database has non-C locale. (#6734)
 2020-03-23 17:01:09 +00:00
Richard van der Hoff
5126cb1253 Merge branch 'master' into develop 2020-03-23 13:54:29 +00:00
Richard van der Hoff
229eb81498 Merge tag 'v1.12.0' 
Synapse 1.12.0 (2020-03-23)
===========================

No significant changes since 1.12.0rc1.

Debian packages and Docker images are rebuilt using the latest versions of
dependency libraries, including Twisted 20.3.0. **Please see security advisory
below**.

Security advisory
-----------------

Synapse may be vulnerable to request-smuggling attacks when it is used with a
reverse-proxy. The vulnerabilties are fixed in Twisted 20.3.0, and are
described in
[CVE-2020-10108](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10108)
and
[CVE-2020-10109](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10109).
For a good introduction to this class of request-smuggling attacks, see
https://portswigger.net/research/http-desync-attacks-request-smuggling-reborn.

We are not aware of these vulnerabilities being exploited in the wild, and
do not believe that they are exploitable with current versions of any reverse
proxies. Nevertheless, we recommend that all Synapse administrators ensure that
they have the latest versions of the Twisted library to ensure that their
installation remains secure.

* Administrators using the [`matrix.org` Docker
  image](https://hub.docker.com/r/matrixdotorg/synapse/) or the [Debian/Ubuntu
  packages from
  `matrix.org`](https://github.com/matrix-org/synapse/blob/master/INSTALL.md#matrixorg-packages)
  should ensure that they have version 1.12.0 installed: these images include
  Twisted 20.3.0.
* Administrators who have [installed Synapse from
  source](https://github.com/matrix-org/synapse/blob/master/INSTALL.md#installing-from-source)
  should upgrade Twisted within their virtualenv by running:
  ```sh
  <path_to_virtualenv>/bin/pip install 'Twisted>=20.3.0'
  ```
* Administrators who have installed Synapse from distribution packages should
  consult the information from their distributions.

The `matrix.org` Synapse instance was not vulnerable to these vulnerabilities.

Advance notice of change to the default `git` branch for Synapse
----------------------------------------------------------------

Currently, the default `git` branch for Synapse is `master`, which tracks the
latest release.

After the release of Synapse 1.13.0, we intend to change this default to
`develop`, which is the development tip. This is more consistent with common
practice and modern `git` usage.

Although we try to keep `develop` in a stable state, there may be occasions
where regressions creep in. Developers and distributors who have scripts which
run builds using the default branch of `Synapse` should therefore consider
pinning their scripts to `master`.

Synapse 1.12.0rc1 (2020-03-19)
==============================

Features
--------

- Changes related to room alias management ([MSC2432](https://github.com/matrix-org/matrix-doc/pull/2432)):
  - Publishing/removing a room from the room directory now requires the user to have a power level capable of modifying the canonical alias, instead of the room aliases. ([\#6965](https://github.com/matrix-org/synapse/issues/6965))
  - Validate the `alt_aliases` property of canonical alias events. ([\#6971](https://github.com/matrix-org/synapse/issues/6971))
  - Users with a power level sufficient to modify the canonical alias of a room can now delete room aliases. ([\#6986](https://github.com/matrix-org/synapse/issues/6986))
  - Implement updated authorization rules and redaction rules for aliases events, from [MSC2261](https://github.com/matrix-org/matrix-doc/pull/2261) and [MSC2432](https://github.com/matrix-org/matrix-doc/pull/2432). ([\#7037](https://github.com/matrix-org/synapse/issues/7037))
  - Stop sending m.room.aliases events during room creation and upgrade. ([\#6941](https://github.com/matrix-org/synapse/issues/6941))
  - Synapse no longer uses room alias events to calculate room names for push notifications. ([\#6966](https://github.com/matrix-org/synapse/issues/6966))
  - The room list endpoint no longer returns a list of aliases. ([\#6970](https://github.com/matrix-org/synapse/issues/6970))
  - Remove special handling of aliases events from [MSC2260](https://github.com/matrix-org/matrix-doc/pull/2260) added in v1.10.0rc1. ([\#7034](https://github.com/matrix-org/synapse/issues/7034))
- Expose the `synctl`, `hash_password` and `generate_config` commands in the snapcraft package. Contributed by @devec0. ([\#6315](https://github.com/matrix-org/synapse/issues/6315))
- Check that server_name is correctly set before running database updates. ([\#6982](https://github.com/matrix-org/synapse/issues/6982))
- Break down monthly active users by `appservice_id` and emit via Prometheus. ([\#7030](https://github.com/matrix-org/synapse/issues/7030))
- Render a configurable and comprehensible error page if something goes wrong during the SAML2 authentication process. ([\#7058](https://github.com/matrix-org/synapse/issues/7058), [\#7067](https://github.com/matrix-org/synapse/issues/7067))
- Add an optional parameter to control whether other sessions are logged out when a user's password is modified. ([\#7085](https://github.com/matrix-org/synapse/issues/7085))
- Add prometheus metrics for the number of active pushers. ([\#7103](https://github.com/matrix-org/synapse/issues/7103), [\#7106](https://github.com/matrix-org/synapse/issues/7106))
- Improve performance when making HTTPS requests to sygnal, sydent, etc, by sharing the SSL context object between connections. ([\#7094](https://github.com/matrix-org/synapse/issues/7094))

Bugfixes
--------

- When a user's profile is updated via the admin API, also generate a displayname/avatar update for that user in each room. ([\#6572](https://github.com/matrix-org/synapse/issues/6572))
- Fix a couple of bugs in email configuration handling. ([\#6962](https://github.com/matrix-org/synapse/issues/6962))
- Fix an issue affecting worker-based deployments where replication would stop working, necessitating a full restart, after joining a large room. ([\#6967](https://github.com/matrix-org/synapse/issues/6967))
- Fix `duplicate key` error which was logged when rejoining a room over federation. ([\#6968](https://github.com/matrix-org/synapse/issues/6968))
- Prevent user from setting 'deactivated' to anything other than a bool on the v2 PUT /users Admin API. ([\#6990](https://github.com/matrix-org/synapse/issues/6990))
- Fix py35-old CI by using native tox package. ([\#7018](https://github.com/matrix-org/synapse/issues/7018))
- Fix a bug causing `org.matrix.dummy_event` to be included in responses from `/sync`. ([\#7035](https://github.com/matrix-org/synapse/issues/7035))
- Fix a bug that renders UTF-8 text files incorrectly when loaded from media. Contributed by @TheStranjer. ([\#7044](https://github.com/matrix-org/synapse/issues/7044))
- Fix a bug that would cause Synapse to respond with an error about event visibility if a client tried to request the state of a room at a given token. ([\#7066](https://github.com/matrix-org/synapse/issues/7066))
- Repair a data-corruption issue which was introduced in Synapse 1.10, and fixed in Synapse 1.11, and which could cause `/sync` to return with 404 errors about missing events and unknown rooms. ([\#7070](https://github.com/matrix-org/synapse/issues/7070))
- Fix a bug causing account validity renewal emails to be sent even if the feature is turned off in some cases. ([\#7074](https://github.com/matrix-org/synapse/issues/7074))

Improved Documentation
----------------------

- Updated CentOS8 install instructions. Contributed by Richard Kellner. ([\#6925](https://github.com/matrix-org/synapse/issues/6925))
- Fix `POSTGRES_INITDB_ARGS` in the `contrib/docker/docker-compose.yml` example docker-compose configuration. ([\#6984](https://github.com/matrix-org/synapse/issues/6984))
- Change date in [INSTALL.md](./INSTALL.md#tls-certificates) for last date of getting TLS certificates to November 2019. ([\#7015](https://github.com/matrix-org/synapse/issues/7015))
- Document that the fallback auth endpoints must be routed to the same worker node as the register endpoints. ([\#7048](https://github.com/matrix-org/synapse/issues/7048))

Deprecations and Removals
-------------------------

- Remove the unused query_auth federation endpoint per [MSC2451](https://github.com/matrix-org/matrix-doc/pull/2451). ([\#7026](https://github.com/matrix-org/synapse/issues/7026))

Internal Changes
----------------

- Add type hints to `logging/context.py`. ([\#6309](https://github.com/matrix-org/synapse/issues/6309))
- Add some clarifications to `README.md` in the database schema directory. ([\#6615](https://github.com/matrix-org/synapse/issues/6615))
- Refactoring work in preparation for changing the event redaction algorithm. ([\#6874](https://github.com/matrix-org/synapse/issues/6874), [\#6875](https://github.com/matrix-org/synapse/issues/6875), [\#6983](https://github.com/matrix-org/synapse/issues/6983), [\#7003](https://github.com/matrix-org/synapse/issues/7003))
- Improve performance of v2 state resolution for large rooms. ([\#6952](https://github.com/matrix-org/synapse/issues/6952), [\#7095](https://github.com/matrix-org/synapse/issues/7095))
- Reduce time spent doing GC, by freezing objects on startup. ([\#6953](https://github.com/matrix-org/synapse/issues/6953))
- Minor perfermance fixes to `get_auth_chain_ids`. ([\#6954](https://github.com/matrix-org/synapse/issues/6954))
- Don't record remote cross-signing keys in the `devices` table. ([\#6956](https://github.com/matrix-org/synapse/issues/6956))
- Use flake8-comprehensions to enforce good hygiene of list/set/dict comprehensions. ([\#6957](https://github.com/matrix-org/synapse/issues/6957))
- Merge worker apps together. ([\#6964](https://github.com/matrix-org/synapse/issues/6964), [\#7002](https://github.com/matrix-org/synapse/issues/7002), [\#7055](https://github.com/matrix-org/synapse/issues/7055), [\#7104](https://github.com/matrix-org/synapse/issues/7104))
- Remove redundant `store_room` call from `FederationHandler._process_received_pdu`. ([\#6979](https://github.com/matrix-org/synapse/issues/6979))
- Update warning for incorrect database collation/ctype to include link to documentation. ([\#6985](https://github.com/matrix-org/synapse/issues/6985))
- Add some type annotations to the database storage classes. ([\#6987](https://github.com/matrix-org/synapse/issues/6987))
- Port `synapse.handlers.presence` to async/await. ([\#6991](https://github.com/matrix-org/synapse/issues/6991), [\#7019](https://github.com/matrix-org/synapse/issues/7019))
- Add some type annotations to the federation base & client classes. ([\#6995](https://github.com/matrix-org/synapse/issues/6995))
- Port `synapse.rest.keys` to async/await. ([\#7020](https://github.com/matrix-org/synapse/issues/7020))
- Add a type check to `is_verified` when processing room keys. ([\#7045](https://github.com/matrix-org/synapse/issues/7045))
- Add type annotations and comments to the auth handler. ([\#7063](https://github.com/matrix-org/synapse/issues/7063))
 2020-03-23 13:54:17 +00:00
Andrew Morgan
645a30b002 Merge pull request #6775 from matrix-org/jaywink/worker-docs-tweaks 
* commit 'f74d178b1':
  Formatting of changelog
  Fix federation_reader listeners doc as per PR review
  Clarifications to the workers documentation
 2020-03-23 13:25:24 +00:00
Andrew Morgan
42732de3bc Update admin room docs with correct endpoints (#6770) 
* commit 'd31f5f4d8':
  Update admin room docs with correct endpoints (#6770)
 2020-03-23 13:16:30 +00:00
Andrew Morgan
fc43d20d9d Admin API to list, filter and sort rooms (#6720) 
* commit '90a28fb47':
  Admin API to list, filter and sort rooms (#6720)
 2020-03-23 13:15:24 +00:00
Andrew Morgan
060343d534 Allow streaming cache invalidate all to workers. (#6749) 
* commit '5d7a6ad22':
  Allow streaming cache invalidate all to workers. (#6749)
 2020-03-23 11:39:24 +00:00
Andrew Morgan
bd6344c729 Wake up transaction queue when remote server comes back online (#6706) 
* commit 'a8a50f5b5':
  Wake up transaction queue when remote server comes back online (#6706)
 2020-03-23 11:36:27 +00:00
Andrew Morgan
09cdecd44d Clarify the account_validity and email sections of the sample configuration. (#6685) 
* commit '5ce0b17e3':
  Clarify the `account_validity` and `email` sections of the sample configuration. (#6685)
 2020-03-23 11:36:19 +00:00
Andrew Morgan
061c671c6c Quarantine media by ID or user ID (#6681) 
* commit '1177d3f3a':
  Quarantine media by ID or user ID (#6681)
 2020-03-23 11:33:54 +00:00
Andrew Morgan
9483cb6ced Document more supported endpoints for workers (#6698) 
* commit '47f4f493f':
  Document more supported endpoints for workers (#6698)
 2020-03-23 11:33:47 +00:00
Andrew Morgan
35d1ec2c8f Allow admin users to create or modify users without a shared secret (#6495) 
* commit 'd2906fe66':
  Allow admin users to create or modify users without a shared secret (#6495)
  Fixup changelog
 2020-03-23 11:31:22 +00:00
Andrew Morgan
27ecf74366 Merge pull request #6665 from matrix-org/babolivier/retention_doc_typo 
* commit 'e16521faa':
  Changelog
  Fix typo in message retention policies doc
 2020-03-20 17:01:22 +00:00
Andrew Morgan
6827282aa4 Merge pull request #6624 from matrix-org/babolivier/retention_doc 
* commit 'cff1cb868':
  Fix reference
  Incorporate review
  Apply suggestions from code review
  Update changelog.d/6624.doc
  Fix vacuum instructions for sqlite
  Rename changelog
  Add a complete documentation of the message retention policies support
 2020-03-20 17:00:51 +00:00
Andrew Morgan
0450704071 Merge pull request #6621 from matrix-org/babolivier/purge_job_config_typo 
* commit '2b6b7f482':
  Reword
  Change the example from 5min to 12h
  Fixup changelog
  Fixup changelog
  Fixup changelog
  Changelog
  Update sample config
  Fix a typo in the purge jobs configuration example
 2020-03-20 17:00:26 +00:00
Andrew Morgan
1b410419c2 Automate generation of the sample and debian log configs (#6627) 
* commit '08815566b':
  Automate generation of the sample and debian log configs (#6627)
 2020-03-20 16:58:07 +00:00
Andrew Morgan
8fced9e2ac Remove unused, undocumented "content repo" resource (#6628) 
* commit '98247c4a0':
  Remove unused, undocumented "content repo" resource (#6628)
 2020-03-20 16:57:48 +00:00
Andrew Morgan
10396544f5 Added the section 'Configuration' in /docs/turn-howto.md (#6614) 
* commit '0495097a7':
  Added the section 'Configuration' in /docs/turn-howto.md (#6614)
 2020-03-20 16:57:22 +00:00
Andrew Morgan
7dca131010 Reword sections of federate.md that explained delegation at time of Synapse 1.0 transition (#6601) 
* commit '32779b59f':
  Reword sections of federate.md that explained delegation at time of Synapse 1.0 transition (#6601)
 2020-03-20 16:57:12 +00:00
Richard van der Hoff
c165c1233b Improve database configuration docs (#6988) 
Attempts to clarify the sample config for databases, and add some stuff about
tcp keepalives to `postgres.md`.
 2020-03-20 15:24:22 +00:00
Andrew Morgan
7a4b2b4883 Hacks to work around #6605 (#6608) 
* commit '92eac974b':
  Hacks to work around #6605 (#6608)
  sample log config
 2020-03-20 15:05:00 +00:00
Andrew Morgan
f1735cb718 Add an export_signing_key script (#6546) 
* commit 'b95b76256':
  Add an export_signing_key script (#6546)
 2020-03-20 14:40:29 +00:00
Andrew Morgan
1964f11955 Add option to allow profile queries without sharing a room (#6523) 
* commit 'bfb95654c':
  Add option to allow profile queries without sharing a room (#6523)
 2020-03-19 19:15:45 +00:00
Andrew Morgan
88fc911614 Document Shutdown Room admin API (#6541) 
* commit '0b90fc6ed':
  Document Shutdown Room admin API (#6541)
 2020-03-19 18:01:13 +00:00
Andrew Morgan
e71d3cdb7c Update workers.md to make media_repository work (again) (#6519) 
* commit '58fdcbdfe':
  Update  workers.md to make media_repository work (again) (#6519)
  Remove #6369 changelog
 2020-03-19 17:58:47 +00:00
Andrew Morgan
f131b1a36d Allow SAML username provider plugins (#6411) 
* commit '4947de5a1':
  Allow SAML username provider plugins (#6411)
 2020-03-19 17:47:57 +00:00
Andrew Morgan
968c74c132 Replace /admin/v1/users_paginate endpoint with /admin/v2/users (#5925) 
* commit '649b6bc08':
  Replace /admin/v1/users_paginate endpoint with /admin/v2/users (#5925)
 2020-03-19 16:56:29 +00:00
Andrew Morgan
0427f070cb privacy by default for room dir (#6355) 
* commit 'cb0aeb147':
  privacy by default for room dir (#6355)
 2020-03-19 16:17:40 +00:00
Andrew Morgan
f57cfa30f4 write some docs for the quarantine_media api (#6458) 
* commit '620f98b65':
  write some docs for the quarantine_media api (#6458)
 2020-03-19 16:08:07 +00:00
Andrew Morgan
f724a2afba Clarifications for the email configuration settings. (#6423) 
* commit 'c48ea9800':
  Clarifications for the email configuration settings. (#6423)
 2020-03-18 17:54:04 +00:00
Andrew Morgan
b8344cabcd Merge pull request #6358 from matrix-org/babolivier/message_retention 
* commit 'd31f69afa':
  clean up buildkite output
  Don't restrict the tests to v1 rooms
  Fix worker mode
  Fix 3PID invite exchange
  Lint again
  Lint again
  Lint
  Don't apply retention policy based filtering on state events
  Implement per-room message retention policies
 2020-03-18 17:22:33 +00:00
Andrew Morgan
0d89ceb2fb Fix link to user_dir_populate.sql in the user directory docs (#6388) 
* commit '24cc31ee9':
  Fix link to user_dir_populate.sql in the user directory docs (#6388)
 2020-03-18 16:31:51 +00:00
Andrew Morgan
8299874aa2 Replace instance variations of homeserver with correct case/spacing (#6357) 
* commit '6e1b40dc2':
  sample config
  Add changelog
  A couple more instances
  Replace instance variations of homeserver with correct case/spacing
 2020-03-18 16:29:02 +00:00
Andrew Morgan
5dde341dc3 Merge pull request #6220 from matrix-org/neilj/set_room_version_default_to_5 
* commit 'a42567e4a':
  Set room version default to 5
 2020-03-18 16:28:54 +00:00
Patrick Cloke
88b41986db Add an option to the set password API to choose whether to logout other devices. (#7085) 2020-03-18 07:50:00 -04:00
Richard van der Hoff
4ce50519cd Update postgres.md 
fix broken link
 2020-03-17 18:08:43 +00:00
Richard van der Hoff
6a35046363 Revert "Add options to disable setting profile info for prevent changes. (#7053)" 
This reverts commit 54dd28621b, reversing
changes made to 6640460d05.
 2020-03-17 11:25:01 +00:00
Andrew Morgan
4a634efaf8 document the REPLICATE command a bit better (#6305) 
* commit 'cc6243b4c':
  document the REPLICATE command a bit better (#6305)
 2020-03-16 19:24:50 +00:00
Andrew Morgan
45d81c26f7 Modify doc to update Google ReCaptcha terms (#6257) 
* commit '9677613e9':
 2020-03-16 15:36:50 +00:00
Andrew Morgan
5bbc257762 Fix typo in domain name in account_threepid_delegates config option (#6273) 
* commit '46c12918a':
  Fix typo in domain name in account_threepid_delegates config option (#6273)
 2020-03-16 15:36:10 +00:00
Andrew Morgan
759e8dd793 Option to suppress resource exceeded alerting (#6173) 
* commit '2794b7905':
  Option to suppress resource exceeded alerting (#6173)
 2020-03-16 15:27:03 +00:00
Andrew Morgan
3d5a537934 Add config linting script that checks for bool casing (#6203) 
* commit '409c62b27':
  Add config linting script that checks for bool casing (#6203)
 2020-03-16 15:26:24 +00:00
Andrew Morgan
036d8ea0da Update postgres.md (#6234) 
* commit '0327a00a3':
  Update postgres.md (#6234)
 2020-03-16 14:56:30 +00:00
Brendan Abolivier
f9e98176bf Put the file in the templates directory 2020-03-11 20:31:42 +00:00
Brendan Abolivier
900bca9707 Update wording and config 2020-03-11 19:40:30 +00:00
Brendan Abolivier
54dd28621b Add options to disable setting profile info for prevent changes. (#7053) 2020-03-10 22:23:01 +00:00