Merge branch 'release-v1.84' into matrix-org-hotfixes

2023-05-16 12:14:55 +01:00 · 2023-05-16 12:14:55 +01:00 · 184a688c64
parent 106fb7005d 0ccfb9318c
commit 184a688c64
54 changed files with 384 additions and 68 deletions
--- a/CHANGES.md
+++ b/CHANGES.md
@ -1,3 +1,80 @@
+Synapse 1.84.0rc1 (2023-05-16)
+==============================
+
+Features
+--------
+
+- Add an option to prevent media downloads from configured domains. ([\#15197](https://github.com/matrix-org/synapse/issues/15197))
+- Add `forget_rooms_on_leave` config option to automatically forget rooms when users leave them or are removed from them. ([\#15224](https://github.com/matrix-org/synapse/issues/15224))
+- Add redis TLS configuration options. ([\#15312](https://github.com/matrix-org/synapse/issues/15312))
+- Add a config option to delay push notifications by a random amount, to discourage time-based profiling. ([\#15516](https://github.com/matrix-org/synapse/issues/15516))
+- Stabilize support for [MSC2659](https://github.com/matrix-org/matrix-spec-proposals/pull/2659): application service ping endpoint. Contributed by Tulir @ Beeper. ([\#15528](https://github.com/matrix-org/synapse/issues/15528))
+- Implement [MSC4009](https://github.com/matrix-org/matrix-spec-proposals/pull/4009) to expand the supported characters in Matrix IDs. ([\#15536](https://github.com/matrix-org/synapse/issues/15536))
+- Advertise support for Matrix 1.6 on `/_matrix/client/versions`. ([\#15559](https://github.com/matrix-org/synapse/issues/15559))
+- Print full error and stack-trace of any exception that occurs during startup/initialization. ([\#15569](https://github.com/matrix-org/synapse/issues/15569))
+
+
+Bugfixes
+--------
+
+- Don't fail on federation over TOR where SRV queries are not supported. Contributed by Zdzichu. ([\#15523](https://github.com/matrix-org/synapse/issues/15523))
+- Experimental support for [MSC4010](https://github.com/matrix-org/matrix-spec-proposals/pull/4010) which rejects setting the `"m.push_rules"` via account data. ([\#15554](https://github.com/matrix-org/synapse/issues/15554), [\#15555](https://github.com/matrix-org/synapse/issues/15555))
+- Fix a long-standing bug where an invalid membership event could cause an internal server error. ([\#15564](https://github.com/matrix-org/synapse/issues/15564))
+- Require at least poetry-core v1.1.0. ([\#15566](https://github.com/matrix-org/synapse/issues/15566), [\#15571](https://github.com/matrix-org/synapse/issues/15571))
+
+
+Updates to the Docker image
+---------------------------
+
+- Add pkg-config package to Stage 0 to be able to build Dockerfile on ppc64le architecture. ([\#15567](https://github.com/matrix-org/synapse/issues/15567))
+
+
+Improved Documentation
+----------------------
+
+- Clarify documentation of the "Create or modify account" Admin API. ([\#15544](https://github.com/matrix-org/synapse/issues/15544))
+- Fix path to the `statistics/database/rooms` admin API in documentation. ([\#15560](https://github.com/matrix-org/synapse/issues/15560))
+- Update and improve Mastodon Single Sign-On documentation. ([\#15587](https://github.com/matrix-org/synapse/issues/15587))
+
+
+Internal Changes
+----------------
+
+- Use oEmbed to generate URL previews for YouTube Shorts. ([\#15025](https://github.com/matrix-org/synapse/issues/15025))
+- Create new `Client` for use with HTTP Replication between workers. Contributed by Jason Little. ([\#15470](https://github.com/matrix-org/synapse/issues/15470))
+- Remove need for `worker_replication_*` based settings in worker configuration yaml by placing this data directly on the `instance_map` instead. ([\#15491](https://github.com/matrix-org/synapse/issues/15491))
+- Bump pyicu from 2.10.2 to 2.11. ([\#15509](https://github.com/matrix-org/synapse/issues/15509))
+- Remove references to supporting per-user flag for [MSC2654](https://github.com/matrix-org/matrix-spec-proposals/pull/2654). ([\#15522](https://github.com/matrix-org/synapse/issues/15522))
+- Don't use a trusted key server when running the demo scripts. ([\#15527](https://github.com/matrix-org/synapse/issues/15527))
+- Speed up rebuilding of the user directory for local users. ([\#15529](https://github.com/matrix-org/synapse/issues/15529))
+- Speed up deleting of old rows in `event_push_actions`. ([\#15531](https://github.com/matrix-org/synapse/issues/15531))
+- Install the `xmlsec` and `mdbook` packages and switch back to the upstream [cachix/devenv](https://github.com/cachix/devenv) repo in the nix development environment. ([\#15532](https://github.com/matrix-org/synapse/issues/15532), [\#15533](https://github.com/matrix-org/synapse/issues/15533), [\#15545](https://github.com/matrix-org/synapse/issues/15545))
+- Implement [MSC3987](https://github.com/matrix-org/matrix-spec-proposals/pull/3987) by removing `"dont_notify"` from the list of actions in default push rules. ([\#15534](https://github.com/matrix-org/synapse/issues/15534))
+- Move various module API callback registration methods to a dedicated class. ([\#15535](https://github.com/matrix-org/synapse/issues/15535))
+- Proxy `/user/devices` federation queries to application services for [MSC3984](https://github.com/matrix-org/matrix-spec-proposals/pull/3984). ([\#15539](https://github.com/matrix-org/synapse/issues/15539))
+- Factor out an `is_mine_server_name` method. ([\#15542](https://github.com/matrix-org/synapse/issues/15542))
+- Allow running Complement tests using [podman](https://podman.io/) by adding a `PODMAN` environment variable to `scripts-dev/complement.sh`. ([\#15543](https://github.com/matrix-org/synapse/issues/15543))
+- Bump serde from 1.0.160 to 1.0.162. ([\#15548](https://github.com/matrix-org/synapse/issues/15548))
+- Bump types-setuptools from 67.6.0.5 to 67.7.0.1. ([\#15549](https://github.com/matrix-org/synapse/issues/15549))
+- Bump sentry-sdk from 1.19.1 to 1.22.1. ([\#15550](https://github.com/matrix-org/synapse/issues/15550))
+- Bump ruff from 0.0.259 to 0.0.265. ([\#15551](https://github.com/matrix-org/synapse/issues/15551))
+- Bump hiredis from 2.2.2 to 2.2.3. ([\#15552](https://github.com/matrix-org/synapse/issues/15552))
+- Bump types-requests from 2.29.0.0 to 2.30.0.0. ([\#15553](https://github.com/matrix-org/synapse/issues/15553))
+- Add `org.matrix.msc3981` info to `/_matrix/client/versions`. ([\#15558](https://github.com/matrix-org/synapse/issues/15558))
+- Declare unstable support for [MSC3391](https://github.com/matrix-org/matrix-spec-proposals/pull/3391) under `/_matrix/client/versions` if the experimental implementation is enabled. ([\#15562](https://github.com/matrix-org/synapse/issues/15562))
+- Implement [MSC3821](https://github.com/matrix-org/matrix-spec-proposals/pull/3821) to update the redaction rules. ([\#15563](https://github.com/matrix-org/synapse/issues/15563))
+- Implement updated redaction rules from [MSC3389](https://github.com/matrix-org/matrix-spec-proposals/pull/3389). ([\#15565](https://github.com/matrix-org/synapse/issues/15565))
+- Allow `pip install` to use setuptools_rust 1.6.0 when building Synapse. ([\#15570](https://github.com/matrix-org/synapse/issues/15570))
+- Deal with upcoming Github Actions deprecations. ([\#15576](https://github.com/matrix-org/synapse/issues/15576))
+- Export `run_as_background_process` from the module API. ([\#15577](https://github.com/matrix-org/synapse/issues/15577))
+- Update build system requirements to allow building with poetry-core==1.6.0. ([\#15588](https://github.com/matrix-org/synapse/issues/15588))
+- Bump serde from 1.0.162 to 1.0.163. ([\#15589](https://github.com/matrix-org/synapse/issues/15589))
+- Bump phonenumbers from 8.13.7 to 8.13.11. ([\#15590](https://github.com/matrix-org/synapse/issues/15590))
+- Bump types-psycopg2 from 2.9.21.9 to 2.9.21.10. ([\#15591](https://github.com/matrix-org/synapse/issues/15591))
+- Bump types-commonmark from 0.9.2.2 to 0.9.2.3. ([\#15592](https://github.com/matrix-org/synapse/issues/15592))
+- Bump types-setuptools from 67.7.0.1 to 67.7.0.2. ([\#15594](https://github.com/matrix-org/synapse/issues/15594))
+
+
 Synapse 1.83.0 (2023-05-09)
 ===========================

--- a/Cargo.lock
+++ b/Cargo.lock
@ -323,18 +323,18 @@ checksum = "d29ab0c6d3fc0ee92fe66e2d99f700eab17a8d57d1c1d3b748380fb20baa78cd"

 [[package]]
 name = "serde"
-version = "1.0.162"
+version = "1.0.163"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "71b2f6e1ab5c2b98c05f0f35b236b22e8df7ead6ffbf51d7808da7f8817e7ab6"
+checksum = "2113ab51b87a539ae008b5c6c02dc020ffa39afd2d83cffcb3f4eb2722cebec2"
 dependencies = [
 "serde_derive",
 ]

 [[package]]
 name = "serde_derive"
-version = "1.0.162"
+version = "1.0.163"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a2a0814352fd64b58489904a44ea8d90cb1a91dcb6b4f5ebabc32c8318e93cb6"
+checksum = "8c805777e3930c8883389c602315a24224bcc738b63905ef87cd1420353ea93e"
 dependencies = [
 "proc-macro2",
 "quote",
--- a/changelog.d/15025.misc
+++ b/changelog.d/15025.misc
@ -1 +0,0 @@
-Use oEmbed to generate URL previews for YouTube Shorts.
--- a/changelog.d/15197.feature
+++ b/changelog.d/15197.feature
@ -1 +0,0 @@
-Add an option to prevent media downloads from configured domains.
--- a/changelog.d/15224.feature
+++ b/changelog.d/15224.feature
@ -1 +0,0 @@
-Add `forget_rooms_on_leave` config option to automatically forget rooms when users leave them or are removed from them.
--- a/changelog.d/15312.feature
+++ b/changelog.d/15312.feature
@ -1 +0,0 @@
-Add redis TLS configuration options.
--- a/changelog.d/15470.misc
+++ b/changelog.d/15470.misc
@ -1 +0,0 @@
-Create new `Client` for use with HTTP Replication between workers. Contributed by Jason Little.
--- a/changelog.d/15491.misc
+++ b/changelog.d/15491.misc
@ -1 +0,0 @@
-Remove need for `worker_replication_*` based settings in worker configuration yaml by placing this data directly on the `instance_map` instead.
--- a/changelog.d/15509.misc
+++ b/changelog.d/15509.misc
@ -1 +0,0 @@
-Bump pyicu from 2.10.2 to 2.11.
--- a/changelog.d/15516.feature
+++ b/changelog.d/15516.feature
@ -1 +0,0 @@
-Add a config option to delay push notifications by a random amount, to discourage time-based profiling.
--- a/changelog.d/15522.misc
+++ b/changelog.d/15522.misc
@ -1 +0,0 @@
-Remove references to supporting per-user flag for [MSC2654](https://github.com/matrix-org/matrix-spec-proposals/pull/2654) (#15522).
--- a/changelog.d/15523.bugfix
+++ b/changelog.d/15523.bugfix
@ -1 +0,0 @@
-Don't fail on federation over TOR where SRV queries are not supported. Contributed by Zdzichu.
--- a/changelog.d/15527.misc
+++ b/changelog.d/15527.misc
@ -1 +0,0 @@
-Don't use a trusted key server when running the demo scripts.
--- a/changelog.d/15528.feature
+++ b/changelog.d/15528.feature
@ -1 +0,0 @@
-Stabilize support for [MSC2659](https://github.com/matrix-org/matrix-spec-proposals/pull/2659): application service ping endpoint. Contributed by Tulir @ Beeper.
--- a/changelog.d/15529.misc
+++ b/changelog.d/15529.misc
@ -1 +0,0 @@
-Speed up rebuilding of the user directory for local users.
--- a/changelog.d/15531.misc
+++ b/changelog.d/15531.misc
@ -1 +0,0 @@
-Speed up deleting of old rows in `event_push_actions`.
--- a/changelog.d/15532.misc
+++ b/changelog.d/15532.misc
@ -1 +0,0 @@
-Install the `xmlsec` and `mdbook` packages and switch back to the upstream [cachix/devenv](https://github.com/cachix/devenv) repo in the nix development environment.
--- a/changelog.d/15533.misc
+++ b/changelog.d/15533.misc
@ -1 +0,0 @@
-Install the `xmlsec` and `mdbook` packages and switch back to the upstream [cachix/devenv](https://github.com/cachix/devenv) repo in the nix development environment.
--- a/changelog.d/15534.misc
+++ b/changelog.d/15534.misc
@ -1 +0,0 @@
-Implement [MSC3987](https://github.com/matrix-org/matrix-spec-proposals/pull/3987) by removing `"dont_notify"` from the list of actions in default push rules.
--- a/changelog.d/15535.misc
+++ b/changelog.d/15535.misc
@ -1 +0,0 @@
-Move various module API callback registration methods to a dedicated class.
--- a/changelog.d/15536.feature
+++ b/changelog.d/15536.feature
@ -1 +0,0 @@
-Implement [MSC4009](https://github.com/matrix-org/matrix-spec-proposals/pull/4009) to expand the supported characters in Matrix IDs.
--- a/changelog.d/15539.misc
+++ b/changelog.d/15539.misc
@ -1 +0,0 @@
-Proxy `/user/devices` federation queries to application services for [MSC3984](https://github.com/matrix-org/matrix-spec-proposals/pull/3984).
--- a/changelog.d/15542.misc
+++ b/changelog.d/15542.misc
@ -1 +0,0 @@
-Factor out an `is_mine_server_name` method.
--- a/changelog.d/15543.misc
+++ b/changelog.d/15543.misc
@ -1 +0,0 @@
-Allow running Complement tests using [podman](https://podman.io/) by adding a `PODMAN` environment variable to `scripts-dev/complement.sh`.
--- a/changelog.d/15544.doc
+++ b/changelog.d/15544.doc
@ -1 +0,0 @@
-Clarify documentation of the "Create or modify account" Admin API.
--- a/changelog.d/15545.misc
+++ b/changelog.d/15545.misc
@ -1 +0,0 @@
- Install the `xmlsec` and `mdbook` packages and switch back to the upstream [cachix/devenv](https://github.com/cachix/devenv) repo in the nix development environment.
--- a/changelog.d/15548.misc
+++ b/changelog.d/15548.misc
@ -1 +0,0 @@
-Bump serde from 1.0.160 to 1.0.162.
--- a/changelog.d/15549.misc
+++ b/changelog.d/15549.misc
@ -1 +0,0 @@
-Bump types-setuptools from 67.6.0.5 to 67.7.0.1.
--- a/changelog.d/15550.misc
+++ b/changelog.d/15550.misc
@ -1 +0,0 @@
-Bump sentry-sdk from 1.19.1 to 1.22.1.
--- a/changelog.d/15551.misc
+++ b/changelog.d/15551.misc
@ -1 +0,0 @@
-Bump ruff from 0.0.259 to 0.0.265.
--- a/changelog.d/15552.misc
+++ b/changelog.d/15552.misc
@ -1 +0,0 @@
-Bump hiredis from 2.2.2 to 2.2.3.
--- a/changelog.d/15553.misc
+++ b/changelog.d/15553.misc
@ -1 +0,0 @@
-Bump types-requests from 2.29.0.0 to 2.30.0.0.
--- a/changelog.d/15554.bugfix
+++ b/changelog.d/15554.bugfix
@ -1 +0,0 @@
-Experimental support for [MSC4010](https://github.com/matrix-org/matrix-spec-proposals/pull/4010) which rejects setting the `"m.push_rules"` via account data.
--- a/changelog.d/15555.bugfix
+++ b/changelog.d/15555.bugfix
@ -1 +0,0 @@
-Experimental support for [MSC4010](https://github.com/matrix-org/matrix-spec-proposals/pull/4010) which rejects setting the `"m.push_rules"` via account data.
--- a/changelog.d/15560.doc
+++ b/changelog.d/15560.doc
@ -1 +0,0 @@
-Fix path to the `statistics/database/rooms` admin API in documentation.
--- a/changelog.d/15562.misc
+++ b/changelog.d/15562.misc
@ -1 +0,0 @@
-Declare unstable support for [MSC3391](https://github.com/matrix-org/matrix-spec-proposals/pull/3391) under `/_matrix/client/versions` if the experimental implementation is enabled.
--- a/changelog.d/15566.bugfix
+++ b/changelog.d/15566.bugfix
@ -1 +0,0 @@
-Require at least poetry-core v1.1.0.
--- a/changelog.d/15567.docker
+++ b/changelog.d/15567.docker
@ -1 +0,0 @@
-Add pkg-config package to Stage 0 to be able to build Dockerfile on ppc64le architecture.
--- a/changelog.d/15569.feature
+++ b/changelog.d/15569.feature
@ -1 +0,0 @@
-Print full error and stack-trace of any exception that occurs during startup/initialization.
--- a/changelog.d/15570.misc
+++ b/changelog.d/15570.misc
@ -1 +0,0 @@
-Allow `pip install` to use setuptools_rust 1.6.0 when building Synapse.
--- a/changelog.d/15571.bugfix
+++ b/changelog.d/15571.bugfix
@ -1 +0,0 @@
-Require at least poetry-core v1.1.0.
--- a/changelog.d/15576.misc
+++ b/changelog.d/15576.misc
@ -1 +0,0 @@
-Deal with upcoming Github Actions deprecations.
--- a/debian/changelog
+++ b/debian/changelog
@ -1,3 +1,9 @@
+matrix-synapse-py3 (1.84.0~rc1) stable; urgency=medium
+
+  * New Synapse release 1.84.0rc1.
+
+ -- Synapse Packaging team <packages@matrix.org>  Tue, 16 May 2023 11:12:02 +0100
+
 matrix-synapse-py3 (1.83.0) stable; urgency=medium

  * New Synapse release 1.83.0.
--- a/docs/openid.md
+++ b/docs/openid.md
@ -569,7 +569,7 @@ You should receive a response similar to the following. Make sure to save it.
 {"client_id":"someclientid_123","client_secret":"someclientsecret_123","id":"12345","name":"my_synapse_app","redirect_uri":"https://[synapse_public_baseurl]/_synapse/client/oidc/callback","website":null,"vapid_key":"somerandomvapidkey_123"}
 ```

-As the Synapse login mechanism needs an attribute to uniquely identify users, and Mastodon's endpoint does not return a `sub` property, an alternative `subject_claim` has to be set. Your Synapse configuration should include the following:
+As the Synapse login mechanism needs an attribute to uniquely identify users, and Mastodon's endpoint does not return a `sub` property, an alternative `subject_template` has to be set. Your Synapse configuration should include the following:

 ```yaml
 oidc_providers:
@ -585,7 +585,9 @@ oidc_providers:
    scopes: ["read"]
    user_mapping_provider:
      config:
-        subject_claim: "id"
+        subject_template: "{{ user.id }}"
+        localpart_template: "{{ user.username }}"
+        display_name_template: "{{ user.display_name }}"
 ```

 Note that the fields `client_id` and `client_secret` are taken from the CURL response above.
--- a/poetry.lock
+++ b/poetry.lock
@ -1632,14 +1632,14 @@ files = [

 [[package]]
 name = "phonenumbers"
-version = "8.13.7"
+version = "8.13.11"
 description = "Python version of Google's common library for parsing, formatting, storing and validating international phone numbers."
 category = "main"
 optional = false
 python-versions = "*"
 files = [
-    {file = "phonenumbers-8.13.7-py2.py3-none-any.whl", hash = "sha256:d3e3555b38c89b121f5b2e917847003bdd07027569d758d5f40156c01aeac089"},
-    {file = "phonenumbers-8.13.7.tar.gz", hash = "sha256:253bb0e01250d21a11f2b42b3e6e161b7f6cb2ac440e2e2a95c1da71d221ee1a"},
+    {file = "phonenumbers-8.13.11-py2.py3-none-any.whl", hash = "sha256:107469114fd297258a485bdf8238d0522cb392db1257faf2bf23384ecbdb0e8a"},
+    {file = "phonenumbers-8.13.11.tar.gz", hash = "sha256:3e3274d88cab3609b55ff5b93417075dbca2d13064f103fbf562e0ea1dda0f9a"},
 ]

 [[package]]
@ -3010,14 +3010,14 @@ files = [

 [[package]]
 name = "types-commonmark"
-version = "0.9.2.2"
+version = "0.9.2.3"
 description = "Typing stubs for commonmark"
 category = "dev"
 optional = false
 python-versions = "*"
 files = [
-    {file = "types-commonmark-0.9.2.2.tar.gz", hash = "sha256:f3259350634c2ce68ae503398430482f7cf44e5cae3d344995e916fbf453b4be"},
-    {file = "types_commonmark-0.9.2.2-py3-none-any.whl", hash = "sha256:d3d878692615e7fbe47bf19ba67497837b135812d665012a3d42219c1f2c3a61"},
+    {file = "types-commonmark-0.9.2.3.tar.gz", hash = "sha256:42769a2c194fd5b49fd9eedfd4a83cd1d2514c6d0a36f00f5c5ffe0b6a2d2fcf"},
+    {file = "types_commonmark-0.9.2.3-py3-none-any.whl", hash = "sha256:b575156e1b8a292d43acb36f861110b85c4bc7aa53bbfb5ac64addec15d18cfa"},
 ]

 [[package]]
@ -3070,14 +3070,14 @@ files = [

 [[package]]
 name = "types-psycopg2"
-version = "2.9.21.9"
+version = "2.9.21.10"
 description = "Typing stubs for psycopg2"
 category = "dev"
 optional = false
 python-versions = "*"
 files = [
-    {file = "types-psycopg2-2.9.21.9.tar.gz", hash = "sha256:388dc36a04551632289c4aaf1fc5b91e147654b165db896d094844e216f22bf5"},
-    {file = "types_psycopg2-2.9.21.9-py3-none-any.whl", hash = "sha256:0332525fb9d3031d3da46f091e7d40b2c4d4958e9c00d2b4c1eaaa9f8ef9de4e"},
+    {file = "types-psycopg2-2.9.21.10.tar.gz", hash = "sha256:c2600892312ae1c34e12f145749795d93dc4eac3ef7dbf8a9c1bfd45385e80d7"},
+    {file = "types_psycopg2-2.9.21.10-py3-none-any.whl", hash = "sha256:918224a0731a3650832e46633e720703b5beef7693a064e777d9748654fcf5e5"},
 ]

 [[package]]
@ -3124,14 +3124,14 @@ types-urllib3 = "*"

 [[package]]
 name = "types-setuptools"
-version = "67.7.0.1"
+version = "67.7.0.2"
 description = "Typing stubs for setuptools"
 category = "dev"
 optional = false
 python-versions = "*"
 files = [
-    {file = "types-setuptools-67.7.0.1.tar.gz", hash = "sha256:980a2651b2b019809817e1585071596b87fbafcb54433ff3b12445461db23790"},
-    {file = "types_setuptools-67.7.0.1-py3-none-any.whl", hash = "sha256:471a4ecf6984ffada63ffcfa884bfcb62718bd2d1a1acf8ee5513ec99789ed5e"},
+    {file = "types-setuptools-67.7.0.2.tar.gz", hash = "sha256:155789e85e79d5682b0d341919d4beb6140408ae52bac922af25b54e36ab25c0"},
+    {file = "types_setuptools-67.7.0.2-py3-none-any.whl", hash = "sha256:bd30f6dbe9b83f0a7e6e3eab6d2df748aa4f55700d54e9f077d3aa30cc019445"},
 ]

 [[package]]
--- a/pyproject.toml
+++ b/pyproject.toml
@ -89,7 +89,7 @@ manifest-path = "rust/Cargo.toml"

 [tool.poetry]
 name = "matrix-synapse"
-version = "1.83.0"
+version = "1.84.0rc1"
 description = "Homeserver for the Matrix decentralised comms protocol"
 authors = ["Matrix.org Team and Contributors <packages@matrix.org>"]
 license = "Apache-2.0"
@ -368,7 +368,7 @@ furo = ">=2022.12.7,<2024.0.0"
 # system changes.
 # We are happy to raise these upper bounds upon request,
 # provided we check that it's safe to do so (i.e. that CI passes).
-requires = ["poetry-core>=1.1.0,<=1.5.0", "setuptools_rust>=1.3,<=1.6.0"]
+requires = ["poetry-core>=1.1.0,<=1.6.0", "setuptools_rust>=1.3,<=1.6.0"]
 build-backend = "poetry.core.masonry.api"


--- a/synapse/api/room_versions.py
+++ b/synapse/api/room_versions.py
@ -96,11 +96,15 @@ class RoomVersion:
    msc2716_historical: bool
    # MSC2716: Adds support for redacting "insertion", "chunk", and "marker" events
    msc2716_redactions: bool
+    # MSC3389: Protect relation information from redaction.
+    msc3389_relation_redactions: bool
    # MSC3787: Adds support for a `knock_restricted` join rule, mixing concepts of
    # knocks and restricted join rules into the same join condition.
    msc3787_knock_restricted_join_rule: bool
    # MSC3667: Enforce integer power levels
    msc3667_int_only_power_levels: bool
+    # MSC3821: Do not redact the third_party_invite content field for membership events.
+    msc3821_redaction_rules: bool
    # MSC3931: Adds a push rule condition for "room version feature flags", making
    # some push rules room version dependent. Note that adding a flag to this list
    # is not enough to mark it "supported": the push rule evaluator also needs to
@ -128,8 +132,10 @@ class RoomVersions:
        msc2403_knocking=False,
        msc2716_historical=False,
        msc2716_redactions=False,
+        msc3389_relation_redactions=False,
        msc3787_knock_restricted_join_rule=False,
        msc3667_int_only_power_levels=False,
+        msc3821_redaction_rules=False,
        msc3931_push_features=(),
        msc3989_redaction_rules=False,
    )
@ -149,8 +155,10 @@ class RoomVersions:
        msc2403_knocking=False,
        msc2716_historical=False,
        msc2716_redactions=False,
+        msc3389_relation_redactions=False,
        msc3787_knock_restricted_join_rule=False,
        msc3667_int_only_power_levels=False,
+        msc3821_redaction_rules=False,
        msc3931_push_features=(),
        msc3989_redaction_rules=False,
    )
@ -170,8 +178,10 @@ class RoomVersions:
        msc2403_knocking=False,
        msc2716_historical=False,
        msc2716_redactions=False,
+        msc3389_relation_redactions=False,
        msc3787_knock_restricted_join_rule=False,
        msc3667_int_only_power_levels=False,
+        msc3821_redaction_rules=False,
        msc3931_push_features=(),
        msc3989_redaction_rules=False,
    )
@ -191,8 +201,10 @@ class RoomVersions:
        msc2403_knocking=False,
        msc2716_historical=False,
        msc2716_redactions=False,
+        msc3389_relation_redactions=False,
        msc3787_knock_restricted_join_rule=False,
        msc3667_int_only_power_levels=False,
+        msc3821_redaction_rules=False,
        msc3931_push_features=(),
        msc3989_redaction_rules=False,
    )
@ -212,8 +224,10 @@ class RoomVersions:
        msc2403_knocking=False,
        msc2716_historical=False,
        msc2716_redactions=False,
+        msc3389_relation_redactions=False,
        msc3787_knock_restricted_join_rule=False,
        msc3667_int_only_power_levels=False,
+        msc3821_redaction_rules=False,
        msc3931_push_features=(),
        msc3989_redaction_rules=False,
    )
@ -233,8 +247,10 @@ class RoomVersions:
        msc2403_knocking=False,
        msc2716_historical=False,
        msc2716_redactions=False,
+        msc3389_relation_redactions=False,
        msc3787_knock_restricted_join_rule=False,
        msc3667_int_only_power_levels=False,
+        msc3821_redaction_rules=False,
        msc3931_push_features=(),
        msc3989_redaction_rules=False,
    )
@ -254,8 +270,10 @@ class RoomVersions:
        msc2403_knocking=False,
        msc2716_historical=False,
        msc2716_redactions=False,
+        msc3389_relation_redactions=False,
        msc3787_knock_restricted_join_rule=False,
        msc3667_int_only_power_levels=False,
+        msc3821_redaction_rules=False,
        msc3931_push_features=(),
        msc3989_redaction_rules=False,
    )
@ -275,8 +293,10 @@ class RoomVersions:
        msc2403_knocking=True,
        msc2716_historical=False,
        msc2716_redactions=False,
+        msc3389_relation_redactions=False,
        msc3787_knock_restricted_join_rule=False,
        msc3667_int_only_power_levels=False,
+        msc3821_redaction_rules=False,
        msc3931_push_features=(),
        msc3989_redaction_rules=False,
    )
@ -296,8 +316,10 @@ class RoomVersions:
        msc2403_knocking=True,
        msc2716_historical=False,
        msc2716_redactions=False,
+        msc3389_relation_redactions=False,
        msc3787_knock_restricted_join_rule=False,
        msc3667_int_only_power_levels=False,
+        msc3821_redaction_rules=False,
        msc3931_push_features=(),
        msc3989_redaction_rules=False,
    )
@ -317,8 +339,10 @@ class RoomVersions:
        msc2403_knocking=True,
        msc2716_historical=False,
        msc2716_redactions=False,
+        msc3389_relation_redactions=False,
        msc3787_knock_restricted_join_rule=False,
        msc3667_int_only_power_levels=False,
+        msc3821_redaction_rules=False,
        msc3931_push_features=(),
        msc3989_redaction_rules=False,
    )
@ -338,8 +362,33 @@ class RoomVersions:
        msc2403_knocking=True,
        msc2716_historical=False,
        msc2716_redactions=False,
+        msc3389_relation_redactions=False,
        msc3787_knock_restricted_join_rule=True,
        msc3667_int_only_power_levels=False,
+        msc3821_redaction_rules=False,
+        msc3931_push_features=(),
+        msc3989_redaction_rules=False,
+    )
+    MSC3821 = RoomVersion(
+        "org.matrix.msc3821.opt1",
+        RoomDisposition.UNSTABLE,
+        EventFormatVersions.ROOM_V4_PLUS,
+        StateResolutionVersions.V2,
+        enforce_key_validity=True,
+        special_case_aliases_auth=False,
+        strict_canonicaljson=True,
+        limit_notifications_power_levels=True,
+        msc2175_implicit_room_creator=False,
+        msc2176_redaction_rules=False,
+        msc3083_join_rules=True,
+        msc3375_redaction_rules=True,
+        msc2403_knocking=True,
+        msc2716_historical=False,
+        msc2716_redactions=False,
+        msc3389_relation_redactions=False,
+        msc3787_knock_restricted_join_rule=False,
+        msc3667_int_only_power_levels=False,
+        msc3821_redaction_rules=True,
        msc3931_push_features=(),
        msc3989_redaction_rules=False,
    )
@ -359,8 +408,10 @@ class RoomVersions:
        msc2403_knocking=True,
        msc2716_historical=False,
        msc2716_redactions=False,
+        msc3389_relation_redactions=False,
        msc3787_knock_restricted_join_rule=True,
        msc3667_int_only_power_levels=True,
+        msc3821_redaction_rules=False,
        msc3931_push_features=(),
        msc3989_redaction_rules=False,
    )
@ -380,8 +431,10 @@ class RoomVersions:
        msc2403_knocking=True,
        msc2716_historical=True,
        msc2716_redactions=True,
+        msc3389_relation_redactions=False,
        msc3787_knock_restricted_join_rule=False,
        msc3667_int_only_power_levels=False,
+        msc3821_redaction_rules=False,
        msc3931_push_features=(),
        msc3989_redaction_rules=False,
    )
@ -402,8 +455,10 @@ class RoomVersions:
        msc2403_knocking=True,
        msc2716_historical=False,
        msc2716_redactions=False,
+        msc3389_relation_redactions=False,
        msc3787_knock_restricted_join_rule=True,
        msc3667_int_only_power_levels=True,
+        msc3821_redaction_rules=False,
        msc3931_push_features=(PushRuleRoomFlag.EXTENSIBLE_EVENTS,),
        msc3989_redaction_rules=False,
    )
@ -423,8 +478,10 @@ class RoomVersions:
        msc2403_knocking=True,
        msc2716_historical=False,
        msc2716_redactions=False,
+        msc3389_relation_redactions=False,
        msc3787_knock_restricted_join_rule=True,
        msc3667_int_only_power_levels=True,
+        msc3821_redaction_rules=False,
        msc3931_push_features=(),
        msc3989_redaction_rules=True,
    )
--- a/synapse/event_auth.py
+++ b/synapse/event_auth.py
@ -1054,10 +1054,15 @@ def _verify_third_party_invite(
    """
    if "third_party_invite" not in event.content:
        return False
-    if "signed" not in event.content["third_party_invite"]:
+    third_party_invite = event.content["third_party_invite"]
+    if not isinstance(third_party_invite, collections.abc.Mapping):
        return False
-    signed = event.content["third_party_invite"]["signed"]
-    for key in {"mxid", "token"}:
+    if "signed" not in third_party_invite:
+        return False
+    signed = third_party_invite["signed"]
+    if not isinstance(signed, collections.abc.Mapping):
+        return False
+    for key in {"mxid", "token", "signatures"}:
        if key not in signed:
            return False

@ -1075,8 +1080,6 @@ def _verify_third_party_invite(

    if signed["mxid"] != event.state_key:
        return False
-    if signed["token"] != token:
-        return False

    for public_key_object in get_public_keys(invite_event):
        public_key = public_key_object["public_key"]
@ -1088,7 +1091,9 @@ def _verify_third_party_invite(
                    verify_key = decode_verify_key_bytes(
                        key_name, decode_base64(public_key)
                    )
-                    verify_signed_json(signed, server, verify_key)
+                    # verify_signed_json incorrectly states it wants a dict, it
+                    # just needs a mapping.
+                    verify_signed_json(signed, server, verify_key)  # type: ignore[arg-type]

                    # We got the public key from the invite, so we know that the
                    # correct server signed the signed bundle.
--- a/synapse/events/utils.py
+++ b/synapse/events/utils.py
@ -130,6 +130,16 @@ def prune_event_dict(room_version: RoomVersion, event_dict: JsonDict) -> JsonDic
        add_fields("membership")
        if room_version.msc3375_redaction_rules:
            add_fields(EventContentFields.AUTHORISING_USER)
+        if room_version.msc3821_redaction_rules:
+            # Preserve the signed field under third_party_invite.
+            third_party_invite = event_dict["content"].get("third_party_invite")
+            if isinstance(third_party_invite, collections.abc.Mapping):
+                new_content["third_party_invite"] = {}
+                if "signed" in third_party_invite:
+                    new_content["third_party_invite"]["signed"] = third_party_invite[
+                        "signed"
+                    ]
+
    elif event_type == EventTypes.Create:
        # MSC2176 rules state that create events cannot be redacted.
        if room_version.msc2176_redaction_rules:
@ -171,6 +181,18 @@ def prune_event_dict(room_version: RoomVersion, event_dict: JsonDict) -> JsonDic
    elif room_version.msc2716_redactions and event_type == EventTypes.MSC2716_MARKER:
        add_fields(EventContentFields.MSC2716_INSERTION_EVENT_REFERENCE)

+    # Protect the rel_type and event_id fields under the m.relates_to field.
+    if room_version.msc3389_relation_redactions:
+        relates_to = event_dict["content"].get("m.relates_to")
+        if isinstance(relates_to, collections.abc.Mapping):
+            new_relates_to = {}
+            for field in ("rel_type", "event_id"):
+                if field in relates_to:
+                    new_relates_to[field] = relates_to[field]
+            # Only include a non-empty relates_to field.
+            if new_relates_to:
+                new_content["m.relates_to"] = new_relates_to
+
    allowed_fields = {k: v for k, v in event_dict.items() if k in allowed_keys}

    allowed_fields["content"] = new_content
--- a/synapse/module_api/init.py
+++ b/synapse/module_api/init.py
@ -156,6 +156,7 @@ __all__ = [
    "parse_json_object_from_request",
    "respond_with_html",
    "run_in_background",
+    "run_as_background_process",
    "cached",
    "NOT_SPAM",
    "UserID",
--- a/synapse/rest/client/versions.py
+++ b/synapse/rest/client/versions.py
@ -79,6 +79,7 @@ class VersionsRestServlet(RestServlet):
                    "v1.3",
                    "v1.4",
                    "v1.5",
+                    "v1.6",
                ],
                # as per MSC1497:
                "unstable_features": {
@ -125,6 +126,8 @@ class VersionsRestServlet(RestServlet):
                    "org.matrix.msc3912": self.config.experimental.msc3912_enabled,
                    # Adds support for unstable "intentional mentions" behaviour.
                    "org.matrix.msc3952_intentional_mentions": self.config.experimental.msc3952_intentional_mentions,
+                    # Whether recursively provide relations is supported.
+                    "org.matrix.msc3981": self.config.experimental.msc3981_recurse_relations,
                    # Adds support for deleting account data.
                    "org.matrix.msc3391": self.config.experimental.msc3391_enabled,
                },
--- a/synapse/rest/key/v2/local_key_resource.py
+++ b/synapse/rest/key/v2/local_key_resource.py
@ -34,6 +34,8 @@ class LocalKey(RestServlet):
    """HTTP resource containing encoding the TLS X.509 certificate and NACL
    signature verification keys for this server::

+        GET /_matrix/key/v2/server HTTP/1.1
+
        GET /_matrix/key/v2/server/a.key.id HTTP/1.1

        HTTP/1.1 200 OK
@ -100,6 +102,15 @@ class LocalKey(RestServlet):
    def on_GET(
        self, request: Request, key_id: Optional[str] = None
    ) -> Tuple[int, JsonDict]:
+        # Matrix 1.6 drops support for passing the key_id, this is incompatible
+        # with earlier versions and is allowed in order to support both.
+        # A warning is issued to help determine when it is safe to drop this.
+        if key_id:
+            logger.warning(
+                "Request for local server key with deprecated key ID (logging to determine usage level for future removal): %s",
+                key_id,
+            )
+
        time_now = self.clock.time_msec()
        # Update the expiry time if less than half the interval remains.
        if time_now + self.config.key.key_refresh_interval / 2 > self.valid_until_ts:
--- a/synapse/rest/key/v2/remote_key_resource.py
+++ b/synapse/rest/key/v2/remote_key_resource.py
@ -126,6 +126,15 @@ class RemoteKey(RestServlet):
        self, request: Request, server: str, key_id: Optional[str] = None
    ) -> Tuple[int, JsonDict]:
        if server and key_id:
+            # Matrix 1.6 drops support for passing the key_id, this is incompatible
+            # with earlier versions and is allowed in order to support both.
+            # A warning is issued to help determine when it is safe to drop this.
+            logger.warning(
+                "Request for remote server key with deprecated key ID (logging to determine usage level for future removal): %s / %s",
+                server,
+                key_id,
+            )
+
            minimum_valid_until_ts = parse_integer(request, "minimum_valid_until_ts")
            arguments = {}
            if minimum_valid_until_ts is not None:
@ -161,7 +170,7 @@ class RemoteKey(RestServlet):

        time_now_ms = self.clock.time_msec()

-        # Map server_name->key_id->int. Note that the value of the init is unused.
+        # Map server_name->key_id->int. Note that the value of the int is unused.
        # XXX: why don't we just use a set?
        cache_misses: Dict[str, Dict[str, int]] = {}
        for (server_name, key_id, _), key_results in cached.items():
--- a/tests/events/test_utils.py
+++ b/tests/events/test_utils.py
@ -15,6 +15,8 @@
 import unittest as stdlib_unittest
 from typing import Any, List, Mapping, Optional

+import attr
+
 from synapse.api.constants import EventContentFields
 from synapse.api.room_versions import RoomVersions
 from synapse.events import EventBase, make_event_from_dict
@ -392,7 +394,7 @@ class PruneEventTestCase(stdlib_unittest.TestCase):
        )

    def test_member(self) -> None:
-        """Member events have changed behavior starting with MSC3375."""
+        """Member events have changed behavior in MSC3375 and MSC3821."""
        self.run_test(
            {
                "type": "m.room.member",
@ -435,6 +437,167 @@ class PruneEventTestCase(stdlib_unittest.TestCase):
            room_version=RoomVersions.V9,
        )

+        # After MSC3821, the signed key under third_party_invite is protected
+        # from redaction.
+        THIRD_PARTY_INVITE = {
+            "display_name": "alice",
+            "signed": {
+                "mxid": "@alice:example.org",
+                "signatures": {
+                    "magic.forest": {
+                        "ed25519:3": "fQpGIW1Snz+pwLZu6sTy2aHy/DYWWTspTJRPyNp0PKkymfIsNffysMl6ObMMFdIJhk6g6pwlIqZ54rxo8SLmAg"
+                    }
+                },
+                "token": "abc123",
+            },
+        }
+
+        self.run_test(
+            {
+                "type": "m.room.member",
+                "content": {
+                    "membership": "invite",
+                    "third_party_invite": THIRD_PARTY_INVITE,
+                    "other_key": "stripped",
+                },
+            },
+            {
+                "type": "m.room.member",
+                "content": {
+                    "membership": "invite",
+                    "third_party_invite": {"signed": THIRD_PARTY_INVITE["signed"]},
+                },
+                "signatures": {},
+                "unsigned": {},
+            },
+            room_version=RoomVersions.MSC3821,
+        )
+
+        # Ensure this doesn't break if an invalid field is sent.
+        self.run_test(
+            {
+                "type": "m.room.member",
+                "content": {
+                    "membership": "invite",
+                    "third_party_invite": {},
+                    "other_key": "stripped",
+                },
+            },
+            {
+                "type": "m.room.member",
+                "content": {"membership": "invite", "third_party_invite": {}},
+                "signatures": {},
+                "unsigned": {},
+            },
+            room_version=RoomVersions.MSC3821,
+        )
+
+        self.run_test(
+            {
+                "type": "m.room.member",
+                "content": {
+                    "membership": "invite",
+                    "third_party_invite": "stripped",
+                    "other_key": "stripped",
+                },
+            },
+            {
+                "type": "m.room.member",
+                "content": {"membership": "invite"},
+                "signatures": {},
+                "unsigned": {},
+            },
+            room_version=RoomVersions.MSC3821,
+        )
+
+    def test_relations(self) -> None:
+        """Event relations get redacted until MSC3389."""
+        # Normally the m._relates_to field is redacted.
+        self.run_test(
+            {
+                "type": "m.room.message",
+                "content": {
+                    "body": "foo",
+                    "m.relates_to": {
+                        "rel_type": "rel_type",
+                        "event_id": "$parent:domain",
+                        "other": "stripped",
+                    },
+                },
+            },
+            {
+                "type": "m.room.message",
+                "content": {},
+                "signatures": {},
+                "unsigned": {},
+            },
+            room_version=RoomVersions.V10,
+        )
+
+        # Create a new room version.
+        msc3389_room_ver = attr.evolve(
+            RoomVersions.V10, msc3389_relation_redactions=True
+        )
+
+        self.run_test(
+            {
+                "type": "m.room.message",
+                "content": {
+                    "body": "foo",
+                    "m.relates_to": {
+                        "rel_type": "rel_type",
+                        "event_id": "$parent:domain",
+                        "other": "stripped",
+                    },
+                },
+            },
+            {
+                "type": "m.room.message",
+                "content": {
+                    "m.relates_to": {
+                        "rel_type": "rel_type",
+                        "event_id": "$parent:domain",
+                    },
+                },
+                "signatures": {},
+                "unsigned": {},
+            },
+            room_version=msc3389_room_ver,
+        )
+
+        # If the field is not an object, redact it.
+        self.run_test(
+            {
+                "type": "m.room.message",
+                "content": {
+                    "body": "foo",
+                    "m.relates_to": "stripped",
+                },
+            },
+            {
+                "type": "m.room.message",
+                "content": {},
+                "signatures": {},
+                "unsigned": {},
+            },
+            room_version=msc3389_room_ver,
+        )
+
+        # If the m.relates_to property would be empty, redact it.
+        self.run_test(
+            {
+                "type": "m.room.message",
+                "content": {"body": "foo", "m.relates_to": {"foo": "stripped"}},
+            },
+            {
+                "type": "m.room.message",
+                "content": {},
+                "signatures": {},
+                "unsigned": {},
+            },
+            room_version=msc3389_room_ver,
+        )
+

 class SerializeEventTestCase(stdlib_unittest.TestCase):
    def serialize(self, ev: EventBase, fields: Optional[List[str]]) -> JsonDict:
				`@ -1 +0,0 @@`
				`Use oEmbed to generate URL previews for YouTube Shorts.`
				`@ -1 +0,0 @@`
				`Add an option to prevent media downloads from configured domains.`
				`@ -1 +0,0 @@`
				Add `forget_rooms_on_leave` config option to automatically forget rooms when users leave them or are removed from them.
				`@ -1 +0,0 @@`
				Create new `Client` for use with HTTP Replication between workers. Contributed by Jason Little.
				`@ -1 +0,0 @@`
				Remove need for `worker_replication_*` based settings in worker configuration yaml by placing this data directly on the `instance_map` instead.
				`@ -1 +0,0 @@`
				`Add a config option to delay push notifications by a random amount, to discourage time-based profiling.`
				`@ -1 +0,0 @@`
				`Remove references to supporting per-user flag for [MSC2654](https://github.com/matrix-org/matrix-spec-proposals/pull/2654) (#15522).`
				`@ -1 +0,0 @@`
				`Don't fail on federation over TOR where SRV queries are not supported. Contributed by Zdzichu.`
				`@ -1 +0,0 @@`
				`Don't use a trusted key server when running the demo scripts.`
				`@ -1 +0,0 @@`
				`Stabilize support for [MSC2659](https://github.com/matrix-org/matrix-spec-proposals/pull/2659): application service ping endpoint. Contributed by Tulir @ Beeper.`