-
v1.139.0rc2 Pre-Release
released this
2025-09-23 14:36:14 +00:00 | 322 commits to develop since this releaseSynapse 1.139.0rc2 (2025-09-23)
Internal Changes
- Drop support for Ubuntu 24.10 Oracular Oriole, and add support for Ubuntu 25.04 Plucky Puffin. (#18962)
Synapse 1.139.0rc1 (2025-09-23)
Features
- Add experimental support for MSC4308: Thread Subscriptions extension to Sliding Sync when MSC4306: Thread Subscriptions and MSC4186: Simplified Sliding Sync are enabled. (#18695)
- Update push rules for experimental MSC4306: Thread Subscriptions to follow a newer draft. (#18846)
- Add
get_media_upload_limits_for_userandon_media_upload_limit_exceededmodule API callbacks to the media repository. (#18848) - Support MSC4169 for backwards-compatible redaction sending using the
/sendendpoint. Contributed by @SpiritCroc @ Beeper. (#18898) - Add an in-memory cache to
_get_e2e_cross_signing_signatures_for_devicesto reduce DB load. (#18899) - Update MSC4190 support to return correct errors and allow appservices to reset cross-signing keys without user-interactive authentication. Contributed by @tulir @ Beeper. (#18946)
Bugfixes
- Ensure all PDUs sent via
/sendpass canonical JSON checks. (#18641) - Fix bug where we did not send invite revocations over federation. (#18823)
- Fix prefixed support for MSC4133. (#18875)
- Fix open redirect in legacy SSO flow with the
idpquery parameter. (#18909) - Fix a performance regression related to the experimental Delayed Events (MSC4140) feature. (#18926)
Updates to the Docker image
- Suppress "Applying schema" log noise bulk when
SYNAPSE_LOG_TESTINGis set. (#18878)
Improved Documentation
- Clarify Python dependency constraints in our deprecation policy. (#18856)
- Clarify necessary
jwt_configparameter in OIDC documentation for authentik. Contributed by @maxkratz. (#18931)
Deprecations and Removals
- Remove obsolete and experimental
/sync/e2eeendpoint. (#18583)
Internal Changes
- Fix
LaterGaugemetrics to collect from all servers. (#18791) - Configure Synapse to run MSC4306: Thread Subscriptions Complement tests. (#18819)
- Remove
sentinellogcontext usage where we log insetup,startandexit. (#18870) - Use the
Enum's value for the dictionary key when responding to an admin request for experimental features. (#18874) - Start background tasks after we fork the process (daemonize). (#18886)
- Better explain how we manage the logcontext in
run_in_background(...)andrun_as_background_process(...). (#18900, #18906) - Remove
sentinellogcontext usage inClockutilities likelooping_callandcall_later. (#18907) - Replace usages of the deprecated
pkg_resourcesinterface in preparation of setuptools dropping it soon. (#18910) - Split loading config from homeserver
setup. (#18933) - Fix
run_in_backgroundnot being awaited properly in some tests causingLoggingContextproblems. (#18937) - Fix
run_as_background_processnot being awaited properly causingLoggingContextproblems in experimental MSC4140: Delayed events implementation. (#18938) - Introduce
Clock.call_when_running(...)to wrap startup code in a logcontext, ensuring we can identify which server generated the logs. (#18944) - Introduce
Clock.add_system_event_trigger(...)to wrap system event callback code in a logcontext, ensuring we can identify which server generated the logs. (#18945)
Updates to locked dependencies
- Bump actions/setup-go from 5.5.0 to 6.0.0. (#18891)
- Bump actions/setup-python from 5.6.0 to 6.0.0. (#18890)
- Bump authlib from 1.6.1 to 1.6.3. (#18921)
- Bump jsonschema from 4.25.0 to 4.25.1. (#18897)
- Bump log from 0.4.27 to 0.4.28. (#18892)
- Bump phonenumbers from 9.0.12 to 9.0.13. (#18893)
- Bump pydantic from 2.11.7 to 2.11.9. (#18922)
- Bump serde from 1.0.219 to 1.0.223. (#18920)
- Bump serde_json from 1.0.143 to 1.0.145. (#18919)
- Bump sigstore/cosign-installer from 3.9.2 to 3.10.0. (#18917)
- Bump towncrier from 24.8.0 to 25.8.0. (#18894)
- Bump types-psycopg2 from 2.9.21.20250809 to 2.9.21.20250915. (#18918)
- Bump types-requests from 2.32.4.20250611 to 2.32.4.20250809. (#18895)
- Bump types-setuptools from 80.9.0.20250809 to 80.9.0.20250822. (#18924)
Downloads
-
v1.138.0 Stable
released this
2025-09-09 10:23:48 +00:00 | 372 commits to develop since this releaseSynapse 1.138.0 (2025-09-09)
No significant changes since 1.138.0rc1.
Synapse 1.138.0rc1 (2025-09-02)
Features
Bugfixes
- Improve database performance of MSC4293 - Redact on Kick/Ban. (#18851)
- Do not throw an error when fetching a rejected delayed state event on startup. (#18858)
Improved Documentation
- Fix worker documentation incorrectly indicating all room Admin API requests were capable of being handled by workers. (#18853)
Internal Changes
- Instrument
_ByteProducerwith tracing to measure potential dead time while writing bytes to the request. (#18804) - Switch to OpenTracing's
ContextVarsScopeManagerinstead of our own customLogContextScopeManager. (#18849) - Trace how much work is being done while "recursively fetching redactions". (#18854)
- Link upstream Twisted bug tracking the problem that explains why we have to use a
Producerto write bytes to the request. (#18855) - Introduce
EventPersistencePairtype. (#18857)
Updates to locked dependencies
- Bump actions/add-to-project from c0c5949b017d0d4a39f7ba888255881bdac2a823 to 4515659e2b458b27365e167605ac44f219494b66. (#18863)
- Bump actions/checkout from 4.3.0 to 5.0.0. (#18834)
- Bump anyhow from 1.0.98 to 1.0.99. (#18841)
- Bump docker/login-action from 3.4.0 to 3.5.0. (#18835)
- Bump dtolnay/rust-toolchain from b3b07ba8b418998c39fb20f53e8b695cdcc8de1b to e97e2d8cc328f1b50210efc529dca0028893a2d9. (#18862)
- Bump phonenumbers from 9.0.11 to 9.0.12. (#18837)
- Bump regex from 1.11.1 to 1.11.2. (#18864)
- Bump reqwest from 0.12.22 to 0.12.23. (#18842)
- Bump ruff from 0.12.7 to 0.12.10. (#18865)
- Bump serde_json from 1.0.142 to 1.0.143. (#18866)
- Bump types-bleach from 6.2.0.20250514 to 6.2.0.20250809. (#18838)
- Bump types-jsonschema from 4.25.0.20250720 to 4.25.1.20250822. (#18867)
- Bump types-psycopg2 from 2.9.21.20250718 to 2.9.21.20250809. (#18836)
Downloads
-
v1.138.0rc1 Pre-Release
released this
2025-09-02 14:13:52 +00:00 | 373 commits to develop since this releaseSynapse 1.138.0rc1 (2025-09-02)
Features
Bugfixes
- Improve database performance of MSC4293 - Redact on Kick/Ban. (#18851)
- Do not throw an error when fetching a rejected delayed state event on startup. (#18858)
Improved Documentation
- Fix worker documentation incorrectly indicating all room Admin API requests were capable of being handled by workers. (#18853)
Internal Changes
- Instrument
_ByteProducerwith tracing to measure potential dead time while writing bytes to the request. (#18804) - Switch to OpenTracing's
ContextVarsScopeManagerinstead of our own customLogContextScopeManager. (#18849) - Trace how much work is being done while "recursively fetching redactions". (#18854)
- Link upstream Twisted bug tracking the problem that explains why we have to use a
Producerto write bytes to the request. (#18855) - Introduce
EventPersistencePairtype. (#18857)
Updates to locked dependencies
- Bump actions/add-to-project from c0c5949b017d0d4a39f7ba888255881bdac2a823 to 4515659e2b458b27365e167605ac44f219494b66. (#18863)
- Bump actions/checkout from 4.3.0 to 5.0.0. (#18834)
- Bump anyhow from 1.0.98 to 1.0.99. (#18841)
- Bump docker/login-action from 3.4.0 to 3.5.0. (#18835)
- Bump dtolnay/rust-toolchain from b3b07ba8b418998c39fb20f53e8b695cdcc8de1b to e97e2d8cc328f1b50210efc529dca0028893a2d9. (#18862)
- Bump phonenumbers from 9.0.11 to 9.0.12. (#18837)
- Bump regex from 1.11.1 to 1.11.2. (#18864)
- Bump reqwest from 0.12.22 to 0.12.23. (#18842)
- Bump ruff from 0.12.7 to 0.12.10. (#18865)
- Bump serde_json from 1.0.142 to 1.0.143. (#18866)
- Bump types-bleach from 6.2.0.20250514 to 6.2.0.20250809. (#18838)
- Bump types-jsonschema from 4.25.0.20250720 to 4.25.1.20250822. (#18867)
- Bump types-psycopg2 from 2.9.21.20250718 to 2.9.21.20250809. (#18836)
Downloads
-
v1.137.0 Stable
released this
2025-08-26 09:25:03 +00:00 | 397 commits to develop since this releaseSynapse 1.137.0 (2025-08-26)
No significant changes since 1.137.0rc1.
Synapse 1.137.0rc1 (2025-08-19)
Bugfixes
- Fix a bug which could corrupt auth chains making it impossible to perform state resolution. (#18746)
- Fix error message in
register_new_matrix_userutility script for emptyregistration_shared_secret. (#18780) - Allow enabling MSC4108 when the stable Matrix Authentication Service integration is enabled. (#18832)
Improved Documentation
- Include IPv6 networks in
denied-peer-ipsof coturn setup. Contributed by @litetex. (#18781)
Internal Changes
- Update tests to ensure all database tables are emptied when purging a room. (#18794)
- Instrument the
encode_responsepart of Sliding Sync requests for more complete traces in Jaeger. (#18815) - Tag Sliding Sync traces when we
wait_for_events. (#18816) - Fix
portdbCI by hardcoding the newpg_dumprestrict key that was added due to CVE-2025-8714. (#18824)
Updates to locked dependencies
- Bump actions/add-to-project from 5b1a254a3546aef88e0a7724a77a623fa2e47c36 to 0c37450c4be3b6a7582b2fb013c9ebfd9c8e9300. (#18557)
- Bump actions/cache from 4.2.3 to 4.2.4. (#18799)
- Bump actions/checkout from 4.2.2 to 4.3.0. (#18800)
- Bump actions/download-artifact from 4.3.0 to 5.0.0. (#18801)
- Bump docker/metadata-action from 5.7.0 to 5.8.0. (#18773)
- Bump mypy from 1.16.1 to 1.17.1. (#18775)
- Bump phonenumbers from 9.0.10 to 9.0.11. (#18797)
- Bump pygithub from 2.6.1 to 2.7.0. (#18779)
- Bump serde_json from 1.0.141 to 1.0.142. (#18776)
- Bump slab from 0.4.10 to 0.4.11. (#18809)
- Bump tokio from 1.47.0 to 1.47.1. (#18774)
- Bump types-pyyaml from 6.0.12.20250516 to 6.0.12.20250809. (#18798)
- Bump types-setuptools from 80.9.0.20250529 to 80.9.0.20250809. (#18796)
Downloads
-
v1.137.0rc1 Pre-Release
released this
2025-08-19 10:37:34 +00:00 | 398 commits to develop since this releaseSynapse 1.137.0rc1 (2025-08-19)
Bugfixes
- Fix a bug which could corrupt auth chains making it impossible to perform state resolution. (#18746)
- Fix error message in
register_new_matrix_userutility script for emptyregistration_shared_secret. (#18780) - Allow enabling MSC4108 when the stable Matrix Authentication Service integration is enabled. (#18832)
Improved Documentation
- Include IPv6 networks in
denied-peer-ipsof coturn setup. Contributed by @litetex. (#18781)
Internal Changes
- Update tests to ensure all database tables are emptied when purging a room. (#18794)
- Instrument the
encode_responsepart of Sliding Sync requests for more complete traces in Jaeger. (#18815) - Tag Sliding Sync traces when we
wait_for_events. (#18816) - Fix
portdbCI by hardcoding the newpg_dumprestrict key that was added due to CVE-2025-8714. (#18824)
Updates to locked dependencies
- Bump actions/add-to-project from 5b1a254a3546aef88e0a7724a77a623fa2e47c36 to 0c37450c4be3b6a7582b2fb013c9ebfd9c8e9300. (#18557)
- Bump actions/cache from 4.2.3 to 4.2.4. (#18799)
- Bump actions/checkout from 4.2.2 to 4.3.0. (#18800)
- Bump actions/download-artifact from 4.3.0 to 5.0.0. (#18801)
- Bump docker/metadata-action from 5.7.0 to 5.8.0. (#18773)
- Bump mypy from 1.16.1 to 1.17.1. (#18775)
- Bump phonenumbers from 9.0.10 to 9.0.11. (#18797)
- Bump pygithub from 2.6.1 to 2.7.0. (#18779)
- Bump serde_json from 1.0.141 to 1.0.142. (#18776)
- Bump slab from 0.4.10 to 0.4.11. (#18809)
- Bump tokio from 1.47.0 to 1.47.1. (#18774)
- Bump types-pyyaml from 6.0.12.20250516 to 6.0.12.20250809. (#18798)
- Bump types-setuptools from 80.9.0.20250529 to 80.9.0.20250809. (#18796)
Downloads
-
v1.136.0 Stable
released this
2025-08-12 13:51:45 +00:00 | 445 commits to develop since this releaseSynapse 1.136.0 (2025-08-12)
Note: This release includes the security fixes from
1.135.2and1.136.0rc2, detailed below.Please also check the relevant section in the upgrade notes for the changes to MAS support, metrics labels and the module API which may require your attention when upgrading.
Bugfixes
- Fix bug introduced in 1.135.2 and 1.136.0rc2 where the Make Room Admin API would not treat a room v12's creator power level as the highest in room. (#18805)
Synapse 1.136.0rc2 (2025-08-11)
This is the Synapse portion of the Matrix coordinated security release. This release includes support for room version 12 which fixes a number of security vulnerabilities, including CVE-2025-49090.
The default room version is not changed. Not all clients will support room version 12 immediately, and not all users will be using the latest version of their clients. Large, public rooms are advised to wait a few weeks before upgrading to room version 12 to allow users throughout the Matrix ecosystem to update their clients.
Note: release 1.135.1 was skipped due to issues discovered during the release process.
Two patched Synapse releases are now available:
1.135.2: stable release comprised of1.135.0+ security patches- Upgrade to this release if you are currently running 1.135.0 or below.
1.136.0rc2: unstable release candidate comprised of1.136.0rc1+ security patches.- Upgrade to this release only if you are on 1.136.0rc1.
Bugfixes
- Update MSC4293 redaction logic for room v12. (#80)
Internal Changes
- Add a parameter to
upgrade_rooms(..)to allow auto join local users. (#83)
Synapse 1.136.0rc1 (2025-08-05)
Features
- Add configurable rate limiting for the creation of rooms. (#18514)
- Add support for MSC4293 - Redact on Kick/Ban. (#18540)
- When admins enable themselves to see soft-failed events, they will also see if the cause is due to the policy server flagging them as spam via
unsigned. (#18585) - Add ability to configure forward/outbound proxy via homeserver config instead of environment variables. See
http_proxy,https_proxy,no_proxy_hosts. (#18686) - Advertise experimental support for MSC4306 (Thread Subscriptions) through
/_matrix/clients/versionsif enabled. (#18722) - Stabilise support for delegating authentication to Matrix Authentication Service. (#18759)
- Implement the push rules for experimental MSC4306: Thread Subscriptions. (#18762)
Bugfixes
- Allow return code 403 (allowed by C2S Spec since v1.2) when fetching profiles via federation. (#18696)
- Register the MSC4306 (Thread Subscriptions) endpoints in the CS API when the experimental feature is enabled. (#18726)
- Fix a long-standing bug where suspended users could not have server notices sent to them (a 403 was returned to the admin). (#18750)
- Fix an issue that could cause logcontexts to be lost on rate-limited requests. Found by @realtyem. (#18763)
- Fix invalidation of storage cache that was broken in 1.135.0. (#18786)
Improved Documentation
- Minor improvements to README. (#18700)
- Document that there can be multiple workers handling the
receiptsstream. (#18760) - Improve worker documentation for some device paths. (#18761)
Deprecations and Removals
- Deprecate
run_as_background_processexported as part of the module API interface in favor ofModuleApi.run_as_background_process. See the relevant section in the upgrade notes for more information. (#18737)
Internal Changes
- Add debug logging for HMAC digest verification failures when using the admin API to register users. (#18474)
- Speed up upgrading a room with large numbers of banned users. (#18574)
- Fix config documentation generation script on Windows by enforcing UTF-8. (#18580)
- Refactor cache, background process,
Counter,LaterGauge,GaugeBucketCollector,Histogram, andGaugemetrics to be homeserver-scoped. (#18656, #18714, #18715, #18724, #18753, #18725, #18670, #18748, #18751) - Reduce database usage in Sliding Sync by not querying for background update completion after the update is known to be complete. (#18718)
- Improve order of validation and ratelimiting in room creation. (#18723)
- Bump minimum version bound on Twisted to 21.2.0. (#18727, #18729)
- Use
twisted.internet.testingmodule in tests instead of deprecatedtwisted.test.proto_helpers. (#18728) - Remove obsolete
/send_eventreplication endpoint. (#18730) - Update metrics linting to be able to handle custom metrics. (#18733)
- Work around
twisted.protocols.amp.TooLongerror by reducing logging in some tests. (#18736) - Prevent "Move labelled issues to correct projects" GitHub Actions workflow from failing when an issue is already on the project board. (#18755)
- Bump minimum supported Rust version (MSRV) to 1.82.0. Missed in #18553 (released in Synapse 1.134.0). (#18757)
- Make
Clock.sleep(...)return a coroutine, so that mypy can catch places where we don't await on it. (#18772) - Update implementation of MSC4306: Thread Subscriptions to include automatic subscription conflict prevention as introduced in later drafts. (#18756)
Updates to locked dependencies
- Bump gitpython from 3.1.44 to 3.1.45. (#18743)
- Bump mypy-zope from 1.0.12 to 1.0.13. (#18744)
- Bump phonenumbers from 9.0.9 to 9.0.10. (#18741)
- Bump ruff from 0.12.4 to 0.12.5. (#18742)
- Bump sentry-sdk from 2.32.0 to 2.33.2. (#18745)
- Bump tokio from 1.46.1 to 1.47.0. (#18740)
- Bump types-jsonschema from 4.24.0.20250708 to 4.25.0.20250720. (#18703)
- Bump types-psycopg2 from 2.9.21.20250516 to 2.9.21.20250718. (#18706)
Downloads
-
v1.136.0rc2 Pre-Release
released this
2025-08-11 18:23:19 +00:00 | 448 commits to develop since this releaseSynapse 1.136.0rc2 (2025-08-11)
This is the Synapse portion of the Matrix coordinated security release. This release includes support for room version 12 which fixes a number of security vulnerabilities, including CVE-2025-49090.
The default room version is not changed. Not all clients will support room version 12 immediately, and not all users will be using the latest version of their clients. Large, public rooms are advised to wait a few weeks before upgrading to room version 12 to allow users throughout the Matrix ecosystem to update their clients.
Note: release 1.135.1 was skipped due to issues discovered during the release process.
Two patched Synapse releases are now available:
1.135.2: stable release comprised of1.135.0+ security patches- Upgrade to this release if you are currently running 1.135.0 or below.
1.136.0rc2: unstable release candidate comprised of1.136.0rc1+ security patches.- Upgrade to this release only if you are on 1.136.0rc1.
Bugfixes
- Update MSC4293 redaction logic for room v12. (#80)
Internal Changes
- Add a parameter to
upgrade_rooms(..)to allow auto join local users. (#83)
Downloads
-
v1.135.2 Stable
released this
2025-08-11 17:55:34 +00:00 | 508 commits to develop since this releaseSynapse 1.135.2 (2025-08-11)
This is the Synapse portion of the Matrix coordinated security release. This release includes support for room version 12 which fixes a number of security vulnerabilities, including CVE-2025-49090.
The default room version is not changed. Not all clients will support room version 12 immediately, and not all users will be using the latest version of their clients. Large, public rooms are advised to wait a few weeks before upgrading to room version 12 to allow users throughout the Matrix ecosystem to update their clients.
Note: release 1.135.1 was skipped due to issues discovered during the release process.
Two patched Synapse releases are now available:
1.135.2: stable release comprised of1.135.0+ security patches- Upgrade to this release if you are currently running 1.135.0 or below.
1.136.0rc2: unstable release candidate comprised of1.136.0rc1+ security patches.- Upgrade to this release only if you are on 1.136.0rc1.
Bugfixes
- Fix invalidation of storage cache that was broken in 1.135.0. (#18786)
Internal Changes
Downloads
-
v1.136.0rc1 Pre-Release
released this
2025-08-07 15:26:05 +00:00 | 464 commits to develop since this releaseSynapse 1.136.0rc1 (2025-08-05)
Please check the relevant section in the upgrade notes as this release contains changes to MAS support, metrics labels and the module API which may require your attention when upgrading.
Features
- Add configurable rate limiting for the creation of rooms. (#18514)
- Add support for MSC4293 - Redact on Kick/Ban. (#18540)
- When admins enable themselves to see soft-failed events, they will also see if the cause is due to the policy server flagging them as spam via
unsigned. (#18585) - Add ability to configure forward/outbound proxy via homeserver config instead of environment variables. See
http_proxy,https_proxy,no_proxy_hosts. (#18686) - Advertise experimental support for MSC4306 (Thread Subscriptions) through
/_matrix/clients/versionsif enabled. (#18722) - Stabilise support for delegating authentication to Matrix Authentication Service. (#18759)
- Implement the push rules for experimental MSC4306: Thread Subscriptions. (#18762)
Bugfixes
- Allow return code 403 (allowed by C2S Spec since v1.2) when fetching profiles via federation. (#18696)
- Register the MSC4306 (Thread Subscriptions) endpoints in the CS API when the experimental feature is enabled. (#18726)
- Fix a long-standing bug where suspended users could not have server notices sent to them (a 403 was returned to the admin). (#18750)
- Fix an issue that could cause logcontexts to be lost on rate-limited requests. Found by @realtyem. (#18763)
- Fix invalidation of storage cache that was broken in 1.135.0. (#18786)
Improved Documentation
- Minor improvements to README. (#18700)
- Document that there can be multiple workers handling the
receiptsstream. (#18760) - Improve worker documentation for some device paths. (#18761)
Deprecations and Removals
- Deprecate
run_as_background_processexported as part of the module API interface in favor ofModuleApi.run_as_background_process. See the relevant section in the upgrade notes for more information. (#18737)
Internal Changes
- Add debug logging for HMAC digest verification failures when using the admin API to register users. (#18474)
- Speed up upgrading a room with large numbers of banned users. (#18574)
- Fix config documentation generation script on Windows by enforcing UTF-8. (#18580)
- Refactor cache, background process,
Counter,LaterGauge,GaugeBucketCollector,Histogram, andGaugemetrics to be homeserver-scoped. (#18656, #18714, #18715, #18724, #18753, #18725, #18670, #18748, #18751) - Reduce database usage in Sliding Sync by not querying for background update completion after the update is known to be complete. (#18718)
- Improve order of validation and ratelimiting in room creation. (#18723)
- Bump minimum version bound on Twisted to 21.2.0. (#18727, #18729)
- Use
twisted.internet.testingmodule in tests instead of deprecatedtwisted.test.proto_helpers. (#18728) - Remove obsolete
/send_eventreplication endpoint. (#18730) - Update metrics linting to be able to handle custom metrics. (#18733)
- Work around
twisted.protocols.amp.TooLongerror by reducing logging in some tests. (#18736) - Prevent "Move labelled issues to correct projects" GitHub Actions workflow from failing when an issue is already on the project board. (#18755)
- Bump minimum supported Rust version (MSRV) to 1.82.0. Missed in #18553 (released in Synapse 1.134.0). (#18757)
- Make
Clock.sleep(...)return a coroutine, so that mypy can catch places where we don't await on it. (#18772) - Update implementation of MSC4306: Thread Subscriptions to include automatic subscription conflict prevention as introduced in later drafts. (#18756)
Updates to locked dependencies
- Bump gitpython from 3.1.44 to 3.1.45. (#18743)
- Bump mypy-zope from 1.0.12 to 1.0.13. (#18744)
- Bump phonenumbers from 9.0.9 to 9.0.10. (#18741)
- Bump ruff from 0.12.4 to 0.12.5. (#18742)
- Bump sentry-sdk from 2.32.0 to 2.33.2. (#18745)
- Bump tokio from 1.46.1 to 1.47.0. (#18740)
- Bump types-jsonschema from 4.24.0.20250708 to 4.25.0.20250720. (#18703)
- Bump types-psycopg2 from 2.9.21.20250516 to 2.9.21.20250718. (#18706)
Downloads
-
v1.135.0 Stable
released this
2025-08-01 12:18:16 +00:00 | 525 commits to develop since this releaseSynapse 1.135.0 (2025-08-01)
No significant changes since 1.135.0rc2.
Synapse 1.135.0rc2 (2025-07-30)
Bugfixes
- Fix user failing to deactivate with MAS when
/_synapse/masis handled by a worker. (#18716)
Internal Changes
Synapse 1.135.0rc1 (2025-07-22)
Features
- Add
recaptcha_private_key_pathandrecaptcha_public_key_pathconfig option. (#17984, #18684) - Add plain-text handling for rich-text topics as per MSC3765. (#18195)
- If enabled by the user, server admins will see soft failed events over the Client-Server API. (#18238)
- Add experimental support for MSC4277: Harmonizing the reporting endpoints. (#18263)
- Add ability to limit amount of media uploaded by a user in a given time period. (#18527)
- Enable workers to write directly to the device lists stream and handle device list updates, reducing load on the main process. (#18581)
- Support arbitrary profile fields. Contributed by @clokep. (#18635)
- Advertise support for Matrix v1.12. (#18647)
- Add an option to issue redactions as an admin user via the admin redaction endpoint. (#18671)
- Add experimental and incomplete support for MSC4306: Thread Subscriptions. (#18674)
- Include
event_idwhen getting state with?format=event. Contributed by @tulir @ Beeper. (#18675)
Bugfixes
- Fix CPU and database spinning when retrying sending events to servers whilst at the same time purging those events. (#18499)
- Don't allow creation of tags with names longer than 255 bytes, as per the spec. (#18660)
- Fix
sliding_sync_connections-related errors when porting from SQLite to Postgres. (#18677) - Fix the MAS integration not working when Synapse is started with
--daemonizeor usingsynctl. (#18691)
Improved Documentation
- Document that some config options for the user directory are in violation of the Matrix spec. (#18548)
- Update
rc_delayed_event_mgmtdocs to the actual nesting level. Contributed by @HarHarLinks. (#18692)
Internal Changes
- Add a dedicated internal API for Matrix Authentication Service to Synapse communication. (#18520)
- Allow user registrations to be done on workers. (#18552)
- Remove unnecessary HTTP replication calls. (#18564)
- Refactor
Measureblock metrics to be homeserver-scoped. (#18601) - Refactor cache metrics to be homeserver-scoped. (#18604)
- Unbreak "Latest dependencies" workflow by using the
--without devpoetry option instead of removed--no-dev. (#18617) - Update URL Preview code to work with
lxml6.0.0+. (#18622) - Use
markdown-it-pyinstead ofcommonmarkin the release script. (#18637) - Fix typing errors with upgraded mypy version. (#18653)
- Add doc comment explaining that config files are shallowly merged. (#18664)
- Minor speed up of insertion into
stream_positionstable. (#18672) - Remove unused
allow_no_prev_eventsoption when creating an event. (#18676) - Clean up
MetricsResourceand Prometheus hacks. (#18687) - Fix dirty
Cargo.lockchanges appearing after install (base64). (#18689) - Prevent dirty
Cargo.lockchanges from install. (#18693) - Correct spelling of 'Admin token used' log line. (#18697)
- Reduce log spam when client stops downloading media while it is being streamed to them. (#18699)
Updates to locked dependencies
- Bump authlib from 1.6.0 to 1.6.1. (#18704)
- Bump base64 from 0.21.7 to 0.22.1. (#18666)
- Bump jsonschema from 4.24.0 to 4.25.0. (#18707)
- Bump lxml from 5.4.0 to 6.0.0. (#18631)
- Bump mypy from 1.13.0 to 1.16.1. (#18653)
- Bump once_cell from 1.19.0 to 1.21.3. (#18710)
- Bump phonenumbers from 9.0.8 to 9.0.9. (#18681)
- Bump ruff from 0.12.2 to 0.12.5. (#18683, #18705)
- Bump serde_json from 1.0.140 to 1.0.141. (#18709)
- Bump sigstore/cosign-installer from 3.9.1 to 3.9.2. (#18708)
- Bump types-jsonschema from 4.24.0.20250528 to 4.24.0.20250708. (#18682)
Downloads
- Fix user failing to deactivate with MAS when