-
v1.130.0 Stable
released this
2025-05-20 14:53:29 +00:00 | 736 commits to develop since this releaseSynapse 1.130.0 (2025-05-20)
Bugfixes
- Fix startup being blocked on creating a new index that was introduced in v1.130.0rc1. (#18439)
- Fix the ordering of local messages in rooms that were affected by GHSA-v56r-hwv5-mxg6. (#18447)
Synapse 1.130.0rc1 (2025-05-13)
Features
- Add an Admin API endpoint
GET /_synapse/admin/v1/scheduled_tasksto fetch scheduled tasks. (#18214) - Add config option
user_directory.exclude_remote_userswhich, when enabled, excludes remote users from user directory search results. (#18300) - Add support for handling
GET /devices/on workers. (#18355)
Bugfixes
- Fix a longstanding bug where Synapse would immediately retry a failing push endpoint when a new event is received, ignoring any backoff timers. (#18363)
- Pass leave from remote invite rejection down Sliding Sync. (#18375)
Updates to the Docker image
- In
configure_workers_and_start.py, use the same absolute path of Python in the interpreter shebang, and invoke child Python processes withsys.executable. (#18291) - Optimize the build of the workers image. (#18292)
- In
start_for_complement.sh, replace some external program calls with shell builtins. (#18293) - When generating container scripts from templates, don't add a leading newline so that their shebangs may be handled correctly. (#18295)
Improved Documentation
- Improve formatting of the README file. (#18218)
- Add documentation for configuring Pocket ID as an OIDC provider. (#18237)
- Fix typo in docs about the
pushconfig option. Contributed by @HarHarLinks. (#18320) - Add
/_matrix/federation/v1/versionto list of federation endpoints that can be handled by workers. (#18377) - Add an Admin API endpoint
GET /_synapse/admin/v1/scheduled_tasksto fetch scheduled tasks. (#18384)
Internal Changes
- Return specific error code when adding an email address / phone number to account is not supported (MSC4178). (#17578)
- Stop auto-provisionning missing users & devices when delegating auth to Matrix Authentication Service. Requires MAS 0.13.0 or later. (#18181)
- Apply file hashing and existing quarantines to media downloaded for URL previews. (#18297)
- Allow a few admin APIs used by matrix-authentication-service to run on workers. (#18313)
- Apply
should_drop_federated_eventto federation invites. (#18330) - Allow
/rooms/admin API to be run on workers. (#18360) - Minor performance improvements to the notifier. (#18367)
- Slight performance increase when using the ratelimiter. (#18369)
- Don't validate the
at_hash(access token hash) field in OIDC ID Tokens if we don't end up actually using the OIDC Access Token. (#18374, #18385) - Fixed test failures when using authlib 1.5.2. (#18390)
- Refactor MSC4186 Simplified Sliding Sync room list tests to cover both new and fallback logic paths. (#18399)
Updates to locked dependencies
- Bump actions/add-to-project from 280af8ae1f83a494cfad2cb10f02f6d13529caa9 to 5b1a254a3546aef88e0a7724a77a623fa2e47c36. (#18365)
- Bump actions/download-artifact from 4.2.1 to 4.3.0. (#18364)
- Bump actions/setup-go from 5.4.0 to 5.5.0. (#18426)
- Bump anyhow from 1.0.97 to 1.0.98. (#18336)
- Bump packaging from 24.2 to 25.0. (#18393)
- Bump pillow from 11.1.0 to 11.2.1. (#18429)
- Bump pydantic from 2.10.3 to 2.11.4. (#18394)
- Bump pyo3-log from 0.12.2 to 0.12.3. (#18317)
- Bump pyopenssl from 24.3.0 to 25.0.0. (#18315)
- Bump sha2 from 0.10.8 to 0.10.9. (#18395)
- Bump sigstore/cosign-installer from 3.8.1 to 3.8.2. (#18366)
- Bump softprops/action-gh-release from 1 to 2. (#18264)
- Bump stefanzweifel/git-auto-commit-action from 5.1.0 to 5.2.0. (#18354)
- Bump txredisapi from 1.4.10 to 1.4.11. (#18392)
- Bump types-jsonschema from 4.23.0.20240813 to 4.23.0.20241208. (#18305)
- Bump types-psycopg2 from 2.9.21.20250121 to 2.9.21.20250318. (#18316)
Downloads
-
v1.130.0rc1 Pre-Release
released this
2025-05-13 10:00:45 +00:00 | 740 commits to develop since this releaseSynapse 1.130.0rc1 (2025-05-13)
Features
- Add an Admin API endpoint
GET /_synapse/admin/v1/scheduled_tasksto fetch scheduled tasks. (#18214) - Add config option
user_directory.exclude_remote_userswhich, when enabled, excludes remote users from user directory search results. (#18300) - Add support for handling
GET /devices/on workers. (#18355)
Bugfixes
- Fix a longstanding bug where Synapse would immediately retry a failing push endpoint when a new event is received, ignoring any backoff timers. (#18363)
- Pass leave from remote invite rejection down Sliding Sync. (#18375)
Updates to the Docker image
- In
configure_workers_and_start.py, use the same absolute path of Python in the interpreter shebang, and invoke child Python processes withsys.executable. (#18291) - Optimize the build of the workers image. (#18292)
- In
start_for_complement.sh, replace some external program calls with shell builtins. (#18293) - When generating container scripts from templates, don't add a leading newline so that their shebangs may be handled correctly. (#18295)
Improved Documentation
- Improve formatting of the README file. (#18218)
- Add documentation for configuring Pocket ID as an OIDC provider. (#18237)
- Fix typo in docs about the
pushconfig option. Contributed by @HarHarLinks. (#18320) - Add
/_matrix/federation/v1/versionto list of federation endpoints that can be handled by workers. (#18377) - Add an Admin API endpoint
GET /_synapse/admin/v1/scheduled_tasksto fetch scheduled tasks. (#18384)
Internal Changes
- Return specific error code when adding an email address / phone number to account is not supported (MSC4178). (#17578)
- Stop auto-provisionning missing users & devices when delegating auth to Matrix Authentication Service. Requires MAS 0.13.0 or later. (#18181)
- Apply file hashing and existing quarantines to media downloaded for URL previews. (#18297)
- Allow a few admin APIs used by matrix-authentication-service to run on workers. (#18313)
- Apply
should_drop_federated_eventto federation invites. (#18330) - Allow
/rooms/admin API to be run on workers. (#18360) - Minor performance improvements to the notifier. (#18367)
- Slight performance increase when using the ratelimiter. (#18369)
- Don't validate the
at_hash(access token hash) field in OIDC ID Tokens if we don't end up actually using the OIDC Access Token. (#18374, #18385) - Fixed test failures when using authlib 1.5.2. (#18390)
- Refactor MSC4186 Simplified Sliding Sync room list tests to cover both new and fallback logic paths. (#18399)
Updates to locked dependencies
- Bump actions/add-to-project from 280af8ae1f83a494cfad2cb10f02f6d13529caa9 to 5b1a254a3546aef88e0a7724a77a623fa2e47c36. (#18365)
- Bump actions/download-artifact from 4.2.1 to 4.3.0. (#18364)
- Bump actions/setup-go from 5.4.0 to 5.5.0. (#18426)
- Bump anyhow from 1.0.97 to 1.0.98. (#18336)
- Bump packaging from 24.2 to 25.0. (#18393)
- Bump pillow from 11.1.0 to 11.2.1. (#18429)
- Bump pydantic from 2.10.3 to 2.11.4. (#18394)
- Bump pyo3-log from 0.12.2 to 0.12.3. (#18317)
- Bump pyopenssl from 24.3.0 to 25.0.0. (#18315)
- Bump sha2 from 0.10.8 to 0.10.9. (#18395)
- Bump sigstore/cosign-installer from 3.8.1 to 3.8.2. (#18366)
- Bump softprops/action-gh-release from 1 to 2. (#18264)
- Bump stefanzweifel/git-auto-commit-action from 5.1.0 to 5.2.0. (#18354)
- Bump txredisapi from 1.4.10 to 1.4.11. (#18392)
- Bump types-jsonschema from 4.23.0.20240813 to 4.23.0.20241208. (#18305)
- Bump types-psycopg2 from 2.9.21.20250121 to 2.9.21.20250318. (#18316)
Downloads
- Add an Admin API endpoint
-
v1.129.0 Stable
released this
2025-05-06 11:25:39 +00:00 | 785 commits to develop since this releaseSynapse 1.129.0 (2025-05-06)
No significant changes since 1.129.0rc2.
Synapse 1.129.0rc2 (2025-04-30)
Synapse 1.129.0rc1 was never formally released due to regressions discovered during the release process. 1.129.0rc2 fixes those regressions by reverting the affected PRs.
Internal Changes
- Revert the slow background update introduced by #18068 in v1.128.0. (#18372)
- Revert "Add
total_event_count,total_message_count, andtotal_e2ee_event_countfields to the homeserver usage statistics.", added in v1.129.0rc1. (#18373)
Synapse 1.129.0rc1 (2025-04-15)
Features
- Add
passthrough_authorization_parametersin OIDC configuration to allow passing parameters to the authorization grant URL. (#18232) AddThis was reverted in 1.129.0rc2.total_event_count,total_message_count, andtotal_e2ee_event_countfields to the homeserver usage statistics. (#18260)
Bugfixes
- Fix
force_tracing_for_usersconfig when using delegated auth. (#18334) - Fix the token introspection cache logging access tokens when MAS integration is in use. (#18335)
- Stop caching introspection failures when delegating auth to MAS. (#18339)
- Fix
ExternalIDReuseexception after migrating to MAS on workers with a high traffic. (#18342) - Fix minor performance regression caused by tracking of room participation. Regressed in v1.128.0. (#18345)
Updates to the Docker image
- Optimize the build of the complement-synapse image. (#18294)
Internal Changes
Downloads
-
v1.129.0rc2 Pre-Release
released this
2025-04-30 14:40:40 +00:00 | 786 commits to develop since this releaseSynapse 1.129.0rc2 (2025-04-30)
Synapse 1.129.0rc1 was never formally released due to regressions discovered during the release process. 1.129.0rc2 fixes those regressions by reverting the affected PRs.
Internal Changes
- Revert the slow background update introduced by #18068 in v1.128.0. (#18372)
- Revert "Add total event, unencrypted message, and e2ee event counts to stats reporting", added in v1.129.0rc1. (#18373)
Synapse 1.129.0rc1 (2025-04-15)
Features
- Add
passthrough_authorization_parametersin OIDC configuration to allow passing parameters to the authorization grant URL. (#18232) - Add
total_event_count,total_message_count, andtotal_e2ee_event_countfields to the homeserver usage statistics. (#18260)
Bugfixes
- Fix
force_tracing_for_usersconfig when using delegated auth. (#18334) - Fix the token introspection cache logging access tokens when MAS integration is in use. (#18335)
- Stop caching introspection failures when delegating auth to MAS. (#18339)
- Fix
ExternalIDReuseexception after migrating to MAS on workers with a high traffic. (#18342) - Fix minor performance regression caused by tracking of room participation. Regressed in v1.128.0. (#18345)
Updates to the Docker image
- Optimize the build of the complement-synapse image. (#18294)
Internal Changes
Downloads
-
v1.128.0 Stable
released this
2025-04-08 13:10:24 +00:00 | 807 commits to develop since this releaseSynapse 1.128.0 (2025-04-08)
No significant changes since 1.128.0rc1.
Synapse 1.128.0rc1 (2025-04-01)
Features
- Add an access token introspection cache to make Matrix Authentication Service integration (MSC3861) more efficient. (#18231)
- Add background job to clear unreferenced state groups. (#18254)
- Hashes of media files are now tracked by Synapse. Media quarantines will now apply to all files with the same hash. (#18277, #18302, #18296)
Bugfixes
Updates to the Docker image
- Specify the architecture of installed packages via an APT config option, which is more reliable than appending package names with
:{arch}. (#18271) - Always specify base image debian versions with a build argument. (#18272)
- Allow passing arguments to
start_for_complement.sh(to be sent toconfigure_workers_and_start.py). (#18273) - Make some improvements to the
prefix-logscript in the workers image. (#18274) - Use
uv pipto installsupervisorin the worker image. (#18275) - Avoid needing to download & use
rsyncin a build layer. (#18287)
Improved Documentation
- Fix how to obtain access token and change naming from riot to element (#18225)
- Correct a small typo in the SSO mapping providers documentation. (#18276)
- Add docs for how to clear out the Poetry wheel cache. (#18283)
Internal Changes
- Add a column
participanttoroom_membershipstable. (#18068) - Update Poetry to 2.1.1, including updating the lock file version. (#18251)
- Pin GitHub Actions dependencies by commit hash. (#18255)
- Add DB delta to remove the old state group deletion job. (#18284)
Updates to locked dependencies
- Bump actions/add-to-project from f5473ace9aeee8b97717b281e26980aa5097023f to 280af8ae1f83a494cfad2cb10f02f6d13529caa9. (#18303)
- Bump actions/cache from 4.2.2 to 4.2.3. (#18266)
- Bump actions/download-artifact from 4.2.0 to 4.2.1. (#18268)
- Bump actions/setup-python from 5.4.0 to 5.5.0. (#18298)
- Bump actions/upload-artifact from 4.6.1 to 4.6.2. (#18304)
- Bump authlib from 1.4.1 to 1.5.1. (#18306)
- Bump dawidd6/action-download-artifact from 8 to 9. (#18204)
- Bump jinja2 from 3.1.5 to 3.1.6. (#18223)
- Bump log from 0.4.26 to 0.4.27. (#18267)
- Bump phonenumbers from 8.13.50 to 9.0.2. (#18299)
- Bump pygithub from 2.5.0 to 2.6.1. (#18243)
- Bump pyo3-log from 0.12.1 to 0.12.2. (#18269)
Downloads
-
v1.128.0rc1 Pre-Release
released this
2025-04-01 14:54:09 +00:00 | 808 commits to develop since this releaseSynapse 1.128.0rc1 (2025-04-01)
Features
- Add an access token introspection cache to make Matrix Authentication Service integration (MSC3861) more efficient. (#18231)
- Add background job to clear unreferenced state groups. (#18254)
- Hashes of media files are now tracked by Synapse. Media quarantines will now apply to all files with the same hash. (#18277, #18302, #18296)
Bugfixes
Updates to the Docker image
- Specify the architecture of installed packages via an APT config option, which is more reliable than appending package names with
:{arch}. (#18271) - Always specify base image debian versions with a build argument. (#18272)
- Allow passing arguments to
start_for_complement.sh(to be sent toconfigure_workers_and_start.py). (#18273) - Make some improvements to the
prefix-logscript in the workers image. (#18274) - Use
uv pipto installsupervisorin the worker image. (#18275) - Avoid needing to download & use
rsyncin a build layer. (#18287)
Improved Documentation
- Fix how to obtain access token and change naming from riot to element (#18225)
- Correct a small typo in the SSO mapping providers documentation. (#18276)
- Add docs for how to clear out the Poetry wheel cache. (#18283)
Internal Changes
- Add a column
participanttoroom_membershipstable. (#18068) - Update Poetry to 2.1.1, including updating the lock file version. (#18251)
- Pin GitHub Actions dependencies by commit hash. (#18255)
- Add DB delta to remove the old state group deletion job. (#18284)
Updates to locked dependencies
- Bump actions/add-to-project from f5473ace9aeee8b97717b281e26980aa5097023f to 280af8ae1f83a494cfad2cb10f02f6d13529caa9. (#18303)
- Bump actions/cache from 4.2.2 to 4.2.3. (#18266)
- Bump actions/download-artifact from 4.2.0 to 4.2.1. (#18268)
- Bump actions/setup-python from 5.4.0 to 5.5.0. (#18298)
- Bump actions/upload-artifact from 4.6.1 to 4.6.2. (#18304)
- Bump authlib from 1.4.1 to 1.5.1. (#18306)
- Bump dawidd6/action-download-artifact from 8 to 9. (#18204)
- Bump jinja2 from 3.1.5 to 3.1.6. (#18223)
- Bump log from 0.4.26 to 0.4.27. (#18267)
- Bump phonenumbers from 8.13.50 to 9.0.2. (#18299)
- Bump pygithub from 2.5.0 to 2.6.1. (#18243)
- Bump pyo3-log from 0.12.1 to 0.12.2. (#18269)
Downloads
-
v1.127.1 Stable
released this
2025-03-26 21:08:50 +00:00 | 844 commits to develop since this releaseSynapse 1.127.1 (2025-03-26)
Security
- Fix CVE-2025-30355 / GHSA-v56r-hwv5-mxg6. High severity vulnerability affecting federation. The vulnerability has been exploited in the wild.
Downloads
-
v1.127.0 Stable
released this
2025-03-25 12:04:50 +00:00 | 846 commits to develop since this releaseSynapse 1.127.0 (2025-03-25)
No significant changes since 1.127.0rc1.
Synapse 1.127.0rc1 (2025-03-18)
Features
- Update MSC4140 implementation to no longer cancel a user's own delayed state events with an event type & state key that match a more recent state event sent by that user. (#17810)
Improved Documentation
- Fixed a minor typo in the Synapse documentation. Contributed by @karuto12. (#18224)
Internal Changes
- Remove undocumented
SYNAPSE_USE_FROZEN_DICTSenvironment variable. (#18123) - Fix detection of workflow failures in the release script. (#18211)
- Add caching support to media endpoints. (#18235)
Updates to locked dependencies
- Bump anyhow from 1.0.96 to 1.0.97. (#18201)
- Bump bcrypt from 4.2.1 to 4.3.0. (#18207)
- Bump bytes from 1.10.0 to 1.10.1. (#18227)
- Bump http from 1.2.0 to 1.3.1. (#18245)
- Bump sentry-sdk from 2.19.2 to 2.22.0. (#18205)
- Bump serde from 1.0.218 to 1.0.219. (#18228)
- Bump serde_json from 1.0.139 to 1.0.140. (#18202)
- Bump ulid from 1.2.0 to 1.2.1. (#18246)
Downloads
-
v1.127.0rc1 Pre-Release
released this
2025-03-18 13:34:42 +00:00 | 847 commits to develop since this releaseSynapse 1.127.0rc1 (2025-03-18)
Features
- Update MSC4140 implementation to no longer cancel a user's own delayed state events with an event type & state key that match a more recent state event sent by that user. (#17810)
Improved Documentation
- Fixed a minor typo in the Synapse documentation. Contributed by @karuto12. (#18224)
Internal Changes
- Remove undocumented
SYNAPSE_USE_FROZEN_DICTSenvironment variable. (#18123) - Fix detection of workflow failures in the release script. (#18211)
- Add caching support to media endpoints. (#18235)
Updates to locked dependencies
- Bump anyhow from 1.0.96 to 1.0.97. (#18201)
- Bump bcrypt from 4.2.1 to 4.3.0. (#18207)
- Bump bytes from 1.10.0 to 1.10.1. (#18227)
- Bump http from 1.2.0 to 1.3.1. (#18245)
- Bump sentry-sdk from 2.19.2 to 2.22.0. (#18205)
- Bump serde from 1.0.218 to 1.0.219. (#18228)
- Bump serde_json from 1.0.139 to 1.0.140. (#18202)
- Bump ulid from 1.2.0 to 1.2.1. (#18246)
Downloads
-
v1.126.0 Stable
released this
2025-03-11 13:12:22 +00:00 | 863 commits to develop since this releaseSynapse 1.126.0 (2025-03-11)
No significant changes since 1.126.0rc3.
Synapse 1.126.0rc3 (2025-03-07)
Bugfixes
- Revert the background job to clear unreferenced state groups (that was introduced in v1.126.0rc1), due to a suspected issue that causes increased disk usage. (#18222)
Synapse 1.126.0rc2 (2025-03-05)
Administrators using the Debian/Ubuntu packages from
packages.matrix.org, please check the relevant section in the upgrade notes as we have recently updated the expiry date on the repository's GPG signing key. The old version of the key will expire on2025-03-15.Internal Changes
Synapse 1.126.0rc1 (2025-03-04)
Synapse 1.126.0rc1 was not fully released due to an error in CI.
Features
- Define ratelimit configuration for delayed event management. (#18019)
- Add
form_secret_pathconfig option. (#18090) - Add the
--no-secrets-in-configcommand line option. (#18092) - Add background job to clear unreferenced state groups. (#18154)
- Add support for specifying/overriding
id_token_signing_alg_values_supportedfor an OpenID identity provider. (#18177) - Add
worker_replication_secret_pathconfig option. (#18191) - Add support for specifying/overriding
redirect_uriin the authorization and token requests against an OpenID identity provider. (#18197)
Bugfixes
- Make sure we advertise registration as disabled when MSC3861 is enabled. (#17661)
- Prevent suspended users from sending encrypted messages. (#18157)
- Cleanup deleted state group references. (#18165)
- Fix MSC4108 QR-code login not working with some reverse-proxy setups. (#18178)
- Support device IDs that can't be represented in a scope when delegating auth to Matrix Authentication Service 0.15.0+. (#18174)
Updates to the Docker image
- Speed up the building of the Docker image. (#18038)
Improved Documentation
- Move incorrectly placed version indicator in User Event Redaction Admin API docs. (#18152)
- Document suspension Admin API. (#18162)
Deprecations and Removals
- Disable room list publication by default. (#18175)
Updates to locked dependencies
- Bump anyhow from 1.0.95 to 1.0.96. (#18187)
- Bump authlib from 1.4.0 to 1.4.1. (#18190)
- Bump click from 8.1.7 to 8.1.8. (#18189)
- Bump log from 0.4.25 to 0.4.26. (#18184)
- Bump pyo3-log from 0.12.0 to 0.12.1. (#18046)
- Bump serde from 1.0.217 to 1.0.218. (#18183)
- Bump serde_json from 1.0.138 to 1.0.139. (#18186)
- Bump sigstore/cosign-installer from 3.8.0 to 3.8.1. (#18185)
- Bump types-psycopg2 from 2.9.21.20241019 to 2.9.21.20250121. (#18188)
Downloads