5cf758cdd6 
								
							
								 
							
						 
						
							
							
								
								Merge branch 'release-v1.13.0' into develop  
							
							... 
							
							
							
							* release-v1.13.0:
  Don't UPGRADE database rows
  RST indenting
  Put rollback instructions in upgrade notes
  Fix changelog typo
  Oh yeah, RST
  Absolute URL it is then
  Fix upgrade notes link
  Provide summary of upgrade issues in changelog. Fix )
  Move next version notes from changelog to upgrade notes
  Changelog fixes
  1.13.0rc1
  Documentation on setting up redis (#7446 )
  Rework UI Auth session validation for registration (#7455 )
  Fix errors from malformed log line (#7454 )
  Drop support for redis.dbid (#7450 ) 
							
						 
						
							2020-05-11 16:46:33 +01:00  
				
					
						
							
							
								 
						
							
							
								85155654c5 
								
									
								
							
								 
							
						 
						
							
							
								
								Documentation on setting up redis ( #7446 )  
							
							
							
						 
						
							2020-05-11 13:21:15 +01:00  
				
					
						
							
							
								 
						
							
							
								67feea8044 
								
									
								
							
								 
							
						 
						
							
							
								
								Extend spam checker to allow for multiple modules ( #7435 )  
							
							
							
						 
						
							2020-05-08 19:25:48 +01:00  
				
					
						
							
							
								 
						
							
							
								616af44137 
								
									
								
							
								 
							
						 
						
							
							
								
								Implement OpenID Connect-based login ( #7256 )  
							
							
							
						 
						
							2020-05-08 08:30:40 -04:00  
				
					
						
							
							
								 
						
							
							
								a4a5ec4096 
								
									
								
							
								 
							
						 
						
							
							
								
								Add room details admin endpoint ( #7317 )  
							
							
							
						 
						
							2020-05-07 15:33:07 -04:00  
				
					
						
							
							
								 
						
							
							
								5bb26b7c4f 
								
							
								 
							
						 
						
							
							
								
								Merge branch 'release-v1.13.0' into develop  
							
							
							
						 
						
							2020-05-07 17:31:19 +02:00  
				
					
						
							
							
								 
						
							
							
								d7983b63a6 
								
									
								
							
								 
							
						 
						
							
							
								
								Support any process writing to cache invalidation stream. ( #7436 )  
							
							
							
						 
						
							2020-05-07 13:51:08 +01:00  
				
					
						
							
							
								 
						
							
							
								d9b8d27494 
								
									
								
							
								 
							
						 
						
							
							
								
								Add a configuration setting for the dummy event threshold ( #7422 )  
							
							... 
							
							
							
							Add dummy_events_threshold which allows configuring the number of forward extremities a room needs for Synapse to send forward extremities in it. 
							
						 
						
							2020-05-07 10:35:23 +01:00  
				
					
						
							
							
								 
						
							
							
								37f6823f5b 
								
									
								
							
								 
							
						 
						
							
							
								
								Add instance name to RDATA/POSITION commands ( #7364 )  
							
							... 
							
							
							
							This is primarily for allowing us to send those commands from workers, but for now simply allows us to ignore echoed RDATA/POSITION commands that we sent (we get echoes of sent commands when using redis). Currently we log a WARNING on the master process every time we receive an echoed RDATA. 
							
						 
						
							2020-04-29 16:23:08 +01:00  
				
					
						
							
							
								 
						
							
							
								c58ae367d8 
								
									
								
							
								 
							
						 
						
							
							
								
								Clean up admin api docs ( #7361 )  
							
							
							
						 
						
							2020-04-28 20:06:03 +01:00  
				
					
						
							
							
								 
						
							
							
								04dd7d182d 
								
									
								
							
								 
							
						 
						
							
							
								
								Return total number of users and profile attributes in admin users endpoint ( #6881 )  
							
							... 
							
							
							
							Signed-off-by: Manuel Stahl <manuel.stahl@awesome-technologies.de> 
							
						 
						
							2020-04-28 18:19:36 +01:00  
				
					
						
							
							
								 
						
							
							
								036fab5d8a 
								
									
								
							
								 
							
						 
						
							
							
								
								Document monitoring workers ( #7357 )  
							
							... 
							
							
							
							It doesn't seem to be documented anywhere and means that you suddenly start losing metrics without any obvious reason when you go from monolith to workers (e.g. #7312 ). 
							
						 
						
							2020-04-27 21:36:47 +02:00  
				
					
						
							
							
								 
						
							
							
								aa2492907f 
								
									
								
							
								 
							
						 
						
							
							
								
								Add some explanation to application_services.md ( #7091 )  
							
							... 
							
							
							
							Signed-off-by: Simon Körner <git@lubiland.de> 
							
						 
						
							2020-04-27 15:03:09 +01:00  
				
					
						
							
							
								 
						
							
							
								7bfe0902ce 
								
									
								
							
								 
							
						 
						
							
							
								
								Add documentation to the sample config about the templates for SSO. ( #7343 )  
							
							
							
						 
						
							2020-04-24 15:03:49 -04:00  
				
					
						
							
							
								 
						
							
							
								2e3b9a0fcb 
								
									
								
							
								 
							
						 
						
							
							
								
								Revert "Revert "Merge pull request  #7315  from matrix-org/babolivier/request_token""  
							
							... 
							
							
							
							This reverts commit 1adf6a5587 
							
						 
						
							2020-04-23 11:23:53 +02:00  
				
					
						
							
							
								 
						
							
							
								fb825759e3 
								
							
								 
							
						 
						
							
							
								
								Merge branch 'master' into develop  
							
							
							
						 
						
							2020-04-23 11:23:33 +02:00  
				
					
						
							
							
								 
						
							
							
								1adf6a5587 
								
									
								
							
								 
							
						 
						
							
							
								
								Revert "Merge pull request  #7315  from matrix-org/babolivier/request_token"  
							
							... 
							
							
							
							This reverts commit 6f4319368b0d775fcc2d 
							
						 
						
							2020-04-23 11:23:10 +02:00  
				
					
						
							
							
								 
						
							
							
								6f4319368b 
								
									
								
							
								 
							
						 
						
							
							
								
								Merge pull request  #7315  from matrix-org/babolivier/request_token  
							
							... 
							
							
							
							Config option to inhibit 3PID errors on /requestToken 
							
						 
						
							2020-04-23 10:38:57 +02:00  
				
					
						
							
							
								 
						
							
							
								71a1abb8a1 
								
									
								
							
								 
							
						 
						
							
							
								
								Stop the master relaying USER_SYNC for other workers ( #7318 )  
							
							... 
							
							
							
							Long story short: if we're handling presence on the current worker, we shouldn't be sending USER_SYNC commands over replication.
In an attempt to figure out what is going on here, I ended up refactoring some bits of the presencehandler code, so the first 4 commits here are non-functional refactors to move this code slightly closer to sanity. (There's still plenty to do here :/). Suggest reviewing individual commits.
Fixes (I hope) #7257 . 
							
						 
						
							2020-04-22 22:39:04 +01:00  
				
					
						
							
							
								 
						
							
							
								69ad7cc13b 
								
									
								
							
								 
							
						 
						
							
							
								
								Config option to inhibit 3PID errors on /requestToken  
							
							... 
							
							
							
							Adds a request_token_inhibit_errors configuration flag (disabled by
default) which, if enabled, change the behaviour of all /requestToken
endpoints so that they return a 200 and a fake sid if the 3PID was/was
not found associated with an account (depending on the endpoint),
instead of an error.
Co-Authored-By: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com> 
							
						 
						
							2020-04-22 23:38:42 +02:00  
				
					
						
							
							
								 
						
							
							
								6b6685db9f 
								
									
								
							
								 
							
						 
						
							
							
								
								Extend room admin api with additional attributes ( #7225 )  
							
							
							
						 
						
							2020-04-22 13:38:41 +01:00  
				
					
						
							
							
								 
						
							
							
								2aa5bf13c8 
								
							
								 
							
						 
						
							
							
								
								Merge branch 'release-v1.12.4' into develop  
							
							
							
						 
						
							2020-04-22 13:09:23 +01:00  
				
					
						
							
							
								 
						
							
							
								974c0d726a 
								
									
								
							
								 
							
						 
						
							
							
								
								Support GET account_data requests on a worker ( #7311 )  
							
							
							
						 
						
							2020-04-21 10:46:30 +01:00  
				
					
						
							
							
								 
						
							
							
								13917232d5 
								
									
								
							
								 
							
						 
						
							
							
								
								Fix indention in generated config file ( #7300 )  
							
							... 
							
							
							
							Also adjust sample_config.yaml
Signed-off-by: Lars Franke <frcl@mailbox.org> 
							
						 
						
							2020-04-20 16:51:27 +01:00  
				
					
						
							
							
								 
						
							
							
								0d775fcc2d 
								
									
								
							
								 
							
						 
						
							
							
								
								Improve example TURN configuration in documentation ( #7284 )  
							
							
							
						 
						
							2020-04-17 08:04:23 -04:00  
				
					
						
							
							
								 
						
							
							
								c07fca9e2f 
								
									
								
							
								 
							
						 
						
							
							
								
								Clarify the comments for media_storage_providers options ( #7272 )  
							
							
							
						 
						
							2020-04-17 07:09:33 -04:00  
				
					
						
							
							
								 
						
							
							
								a48138784e 
								
									
								
							
								 
							
						 
						
							
							
								
								Allow specifying the value of Accept-Language header for URL previews ( #7265 )  
							
							
							
						 
						
							2020-04-15 13:35:29 +01:00  
				
					
						
							
							
								 
						
							
							
								4a0dadafbe 
								
									
								
							
								 
							
						 
						
							
							
								
								Add setting to nginx configuration to allow larger file uploads ( #7251 )  
							
							
							
						 
						
							2020-04-13 17:23:36 +01:00  
				
					
						
							
							
								 
						
							
							
								a026bdaab7 
								
									
								
							
								 
							
						 
						
							
							
								
								Add matrix-synapse-shared-secret-auth as an example password provider ( #7248 )  
							
							
							
						 
						
							2020-04-09 12:49:05 +01:00  
				
					
						
							
							
								 
						
							
							
								cae4121484 
								
									
								
							
								 
							
						 
						
							
							
								
								Make systemd-with-workers doc official ( #7234 )  
							
							... 
							
							
							
							Simplify and update this documentation, and make it part of the core dist. 
							
						 
						
							2020-04-08 11:59:26 +01:00  
				
					
						
							
							
								 
						
							
							
								29b7e22b93 
								
									
								
							
								 
							
						 
						
							
							
								
								Add documentation to password_providers config option ( #7238 )  
							
							
							
						 
						
							2020-04-08 00:46:50 +01:00  
				
					
						
							
							
								 
						
							
							
								b0db928c63 
								
									
								
							
								 
							
						 
						
							
							
								
								Extend web_client_location to handle absolute URLs ( #7006 )  
							
							... 
							
							
							
							Log warning when filesystem path is used.
Signed-off-by: Martin Milata <martin@martinmilata.cz> 
							
						 
						
							2020-04-03 11:57:34 -04:00  
				
					
						
							
							
								 
						
							
							
								0122ef1037 
								
							
								 
							
						 
						
							
							
								
								Revert "Merge pull request  #7153  from matrix-org/babolivier/sso_whitelist_login_fallback"  
							
							... 
							
							
							
							This was incorrectly merged to master.
This reverts commit 319c41f573229eb81498 
							
						 
						
							2020-04-03 11:17:39 +01:00  
				
					
						
							
							
								 
						
							
							
								250f87d0de 
								
									
								
							
								 
							
						 
						
							
							
								
								Update postgres.md ( #7119 )  
							
							
							
						 
						
							2020-04-01 12:44:51 +01:00  
				
					
						
							
							
								 
						
							
							
								2e826cd80c 
								
									
								
							
								 
							
						 
						
							
							
								
								Improve TURN documentation. ( #7167 )  
							
							
							
						 
						
							2020-03-31 15:50:48 +01:00  
				
					
						
							
							
								 
						
							
							
								d9f29f8dae 
								
									
								
							
								 
							
						 
						
							
							
								
								Fix a small typo in the `metrics_flags` config option. ( #7171 )  
							
							
							
						 
						
							2020-03-30 17:38:21 +01:00  
				
					
						
							
							
								 
						
							
							
								4f21c33be3 
								
									
								
							
								 
							
						 
						
							
							
								
								Remove usage of "conn_id" for presence. ( #7128 )  
							
							... 
							
							
							
							* Remove `conn_id` usage for UserSyncCommand.
Each tcp replication connection is assigned a "conn_id", which is used
to give an ID to a remotely connected worker. In a redis world, there
will no longer be a one to one mapping between connection and instance,
so instead we need to replace such usages with an ID generated by the
remote instances and included in the replicaiton commands.
This really only effects UserSyncCommand.
* Add CLEAR_USER_SYNCS command that is sent on shutdown.
This should help with the case where a synchrotron gets restarted
gracefully, rather than rely on 5 minute timeout. 
							
						 
						
							2020-03-30 16:37:24 +01:00  
				
					
						
							
							
								 
						
							
							
								c5f89fba55 
								
									
								
							
								 
							
						 
						
							
							
								
								Add developer documentation for running a local CAS server ( #7147 )  
							
							
							
						 
						
							2020-03-30 07:28:42 -04:00  
				
					
						
							
							
								 
						
							
							
								b7da598a61 
								
							
								 
							
						 
						
							
							
								
								Always whitelist the login fallback for SSO ( #7153 )  
							
							... 
							
							
							
							That fallback sets the redirect URL to itself (so it can process the login
token then return gracefully to the client). This would make it pointless to
ask the user for confirmation, since the URL the confirmation page would be
showing wouldn't be the client's. 
							
						 
						
							2020-03-27 20:24:52 +00:00  
				
					
						
							
							
								 
						
							
							
								fb69690761 
								
									
								
							
								 
							
						 
						
							
							
								
								Admin API to join users to a room. ( #7051 )  
							
							
							
						 
						
							2020-03-27 19:16:43 +00:00  
				
					
						
							
							
								 
						
							
							
								8327eb9280 
								
									
								
							
								 
							
						 
						
							
							
								
								Add options to prevent users from changing their profile. ( #7096 )  
							
							
							
						 
						
							2020-03-27 19:15:23 +00:00  
				
					
						
							
							
								 
						
							
							
								319c41f573 
								
									
								
							
								 
							
						 
						
							
							
								
								Merge pull request  #7153  from matrix-org/babolivier/sso_whitelist_login_fallback  
							
							... 
							
							
							
							Always whitelist the login fallback for SSO 
							
						 
						
							2020-03-27 15:34:41 +01:00  
				
					
						
							
							
								 
						
							
							
								63aea691a7 
								
									
								
							
								 
							
						 
						
							
							
								
								Update the wording of the config comment  
							
							
							
						 
						
							2020-03-27 15:09:12 +01:00  
				
					
						
							
							
								 
						
							
							
								7083147961 
								
									
								
							
								 
							
						 
						
							
							
								
								Regenerate sample config  
							
							
							
						 
						
							2020-03-26 19:01:54 +01:00  
				
					
						
							
							
								 
						
							
							
								e8e2ddb60a 
								
									
								
							
								 
							
						 
						
							
							
								
								Allow server admins to define and enforce a password policy (MSC2000). ( #7118 )  
							
							
							
						 
						
							2020-03-26 16:51:13 +00:00  
				
					
						
							
							
								 
						
							
							
								6ca5e56fd1 
								
									
								
							
								 
							
						 
						
							
							
								
								Remove unused captcha_bypass_secret option ( #7137 )  
							
							... 
							
							
							
							Signed-off-by: Aaron Raimist <aaron@raim.ist> 
							
						 
						
							2020-03-25 17:49:34 +00:00  
				
					
						
							
							
								 
						
							
							
								4cff617df1 
								
									
								
							
								 
							
						 
						
							
							
								
								Move catchup of replication streams to worker. ( #7024 )  
							
							... 
							
							
							
							This changes the replication protocol so that the server does not send down `RDATA` for rows that happened before the client connected. Instead, the server will send a `POSITION` and clients then query the database (or master out of band) to get up to date. 
							
						 
						
							2020-03-25 14:54:01 +00:00  
				
					
						
							
							
								 
						
							
							
								39230d2171 
								
									
								
							
								 
							
						 
						
							
							
								
								Clean up some LoggingContext stuff ( #7120 )  
							
							... 
							
							
							
							* Pull Sentinel out of LoggingContext
... and drop a few unnecessary references to it
* Factor out LoggingContext.current_context
move `current_context` and `set_context` out to top-level functions.
Mostly this means that I can more easily trace what's actually referring to
LoggingContext, but I think it's generally neater.
* move copy-to-parent into `stop`
this really just makes `start` and `stop` more symetric. It also means that it
behaves correctly if you manually `set_log_context` rather than using the
context manager.
* Replace `LoggingContext.alive` with `finished`
Turn `alive` into `finished` and make it a bit better defined. 
							
						 
						
							2020-03-24 14:45:33 +00:00  
				
					
						
							
							
								 
						
							
							
								5126cb1253 
								
							
								 
							
						 
						
							
							
								
								Merge branch 'master' into develop  
							
							
							
						 
						
							2020-03-23 13:54:29 +00:00  
				
					
						
							
							
								 
						
							
							
								229eb81498 
								
							
								 
							
						 
						
							
							
								
								Synapse 1.12.0 (2020-03-23)  
							
							... 
							
							
							
							===========================
 
 No significant changes since 1.12.0rc1.
 
 Debian packages and Docker images are rebuilt using the latest versions of
 dependency libraries, including Twisted 20.3.0. **Please see security advisory
 below**.
 
 Security advisory
 -----------------
 
 Synapse may be vulnerable to request-smuggling attacks when it is used with a
 reverse-proxy. The vulnerabilties are fixed in Twisted 20.3.0, and are
 described in
 [CVE-2020-10108](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10108 )
 and
 [CVE-2020-10109](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10109 ).
 For a good introduction to this class of request-smuggling attacks, see
 https://portswigger.net/research/http-desync-attacks-request-smuggling-reborn .
 
 We are not aware of these vulnerabilities being exploited in the wild, and
 do not believe that they are exploitable with current versions of any reverse
 proxies. Nevertheless, we recommend that all Synapse administrators ensure that
 they have the latest versions of the Twisted library to ensure that their
 installation remains secure.
 
 * Administrators using the [`matrix.org` Docker
   image](https://hub.docker.com/r/matrixdotorg/synapse/ ) or the [Debian/Ubuntu
   packages from
   `matrix.org`](https://github.com/matrix-org/synapse/blob/master/INSTALL.md#matrixorg-packages )
   should ensure that they have version 1.12.0 installed: these images include
   Twisted 20.3.0.
 * Administrators who have [installed Synapse from
   source](https://github.com/matrix-org/synapse/blob/master/INSTALL.md#installing-from-source )
   should upgrade Twisted within their virtualenv by running:
   ```sh
   <path_to_virtualenv>/bin/pip install 'Twisted>=20.3.0'
   ```
 * Administrators who have installed Synapse from distribution packages should
   consult the information from their distributions.
 
 The `matrix.org` Synapse instance was not vulnerable to these vulnerabilities.
 
 Advance notice of change to the default `git` branch for Synapse
 ----------------------------------------------------------------
 
 Currently, the default `git` branch for Synapse is `master`, which tracks the
 latest release.
 
 After the release of Synapse 1.13.0, we intend to change this default to
 `develop`, which is the development tip. This is more consistent with common
 practice and modern `git` usage.
 
 Although we try to keep `develop` in a stable state, there may be occasions
 where regressions creep in. Developers and distributors who have scripts which
 run builds using the default branch of `Synapse` should therefore consider
 pinning their scripts to `master`.
 
 Synapse 1.12.0rc1 (2020-03-19)
 ==============================
 
 Features
 --------
 
 - Changes related to room alias management ([MSC2432](https://github.com/matrix-org/matrix-doc/pull/2432 )):
   - Publishing/removing a room from the room directory now requires the user to have a power level capable of modifying the canonical alias, instead of the room aliases. ([\#6965](https://github.com/matrix-org/synapse/issues/6965 ))
   - Validate the `alt_aliases` property of canonical alias events. ([\#6971](https://github.com/matrix-org/synapse/issues/6971 ))
   - Users with a power level sufficient to modify the canonical alias of a room can now delete room aliases. ([\#6986](https://github.com/matrix-org/synapse/issues/6986 ))
   - Implement updated authorization rules and redaction rules for aliases events, from [MSC2261](https://github.com/matrix-org/matrix-doc/pull/2261 ) and [MSC2432](https://github.com/matrix-org/matrix-doc/pull/2432 ). ([\#7037](https://github.com/matrix-org/synapse/issues/7037 ))
   - Stop sending m.room.aliases events during room creation and upgrade. ([\#6941](https://github.com/matrix-org/synapse/issues/6941 ))
   - Synapse no longer uses room alias events to calculate room names for push notifications. ([\#6966](https://github.com/matrix-org/synapse/issues/6966 ))
   - The room list endpoint no longer returns a list of aliases. ([\#6970](https://github.com/matrix-org/synapse/issues/6970 ))
   - Remove special handling of aliases events from [MSC2260](https://github.com/matrix-org/matrix-doc/pull/2260 ) added in v1.10.0rc1. ([\#7034](https://github.com/matrix-org/synapse/issues/7034 ))
 - Expose the `synctl`, `hash_password` and `generate_config` commands in the snapcraft package. Contributed by @devec0. ([\#6315](https://github.com/matrix-org/synapse/issues/6315 ))
 - Check that server_name is correctly set before running database updates. ([\#6982](https://github.com/matrix-org/synapse/issues/6982 ))
 - Break down monthly active users by `appservice_id` and emit via Prometheus. ([\#7030](https://github.com/matrix-org/synapse/issues/7030 ))
 - Render a configurable and comprehensible error page if something goes wrong during the SAML2 authentication process. ([\#7058](https://github.com/matrix-org/synapse/issues/7058 ), [\#7067](https://github.com/matrix-org/synapse/issues/7067 ))
 - Add an optional parameter to control whether other sessions are logged out when a user's password is modified. ([\#7085](https://github.com/matrix-org/synapse/issues/7085 ))
 - Add prometheus metrics for the number of active pushers. ([\#7103](https://github.com/matrix-org/synapse/issues/7103 ), [\#7106](https://github.com/matrix-org/synapse/issues/7106 ))
 - Improve performance when making HTTPS requests to sygnal, sydent, etc, by sharing the SSL context object between connections. ([\#7094](https://github.com/matrix-org/synapse/issues/7094 ))
 
 Bugfixes
 --------
 
 - When a user's profile is updated via the admin API, also generate a displayname/avatar update for that user in each room. ([\#6572](https://github.com/matrix-org/synapse/issues/6572 ))
 - Fix a couple of bugs in email configuration handling. ([\#6962](https://github.com/matrix-org/synapse/issues/6962 ))
 - Fix an issue affecting worker-based deployments where replication would stop working, necessitating a full restart, after joining a large room. ([\#6967](https://github.com/matrix-org/synapse/issues/6967 ))
 - Fix `duplicate key` error which was logged when rejoining a room over federation. ([\#6968](https://github.com/matrix-org/synapse/issues/6968 ))
 - Prevent user from setting 'deactivated' to anything other than a bool on the v2 PUT /users Admin API. ([\#6990](https://github.com/matrix-org/synapse/issues/6990 ))
 - Fix py35-old CI by using native tox package. ([\#7018](https://github.com/matrix-org/synapse/issues/7018 ))
 - Fix a bug causing `org.matrix.dummy_event` to be included in responses from `/sync`. ([\#7035](https://github.com/matrix-org/synapse/issues/7035 ))
 - Fix a bug that renders UTF-8 text files incorrectly when loaded from media. Contributed by @TheStranjer. ([\#7044](https://github.com/matrix-org/synapse/issues/7044 ))
 - Fix a bug that would cause Synapse to respond with an error about event visibility if a client tried to request the state of a room at a given token. ([\#7066](https://github.com/matrix-org/synapse/issues/7066 ))
 - Repair a data-corruption issue which was introduced in Synapse 1.10, and fixed in Synapse 1.11, and which could cause `/sync` to return with 404 errors about missing events and unknown rooms. ([\#7070](https://github.com/matrix-org/synapse/issues/7070 ))
 - Fix a bug causing account validity renewal emails to be sent even if the feature is turned off in some cases. ([\#7074](https://github.com/matrix-org/synapse/issues/7074 ))
 
 Improved Documentation
 ----------------------
 
 - Updated CentOS8 install instructions. Contributed by Richard Kellner. ([\#6925](https://github.com/matrix-org/synapse/issues/6925 ))
 - Fix `POSTGRES_INITDB_ARGS` in the `contrib/docker/docker-compose.yml` example docker-compose configuration. ([\#6984](https://github.com/matrix-org/synapse/issues/6984 ))
 - Change date in [INSTALL.md](./INSTALL.md#tls-certificates) for last date of getting TLS certificates to November 2019. ([\#7015](https://github.com/matrix-org/synapse/issues/7015 ))
 - Document that the fallback auth endpoints must be routed to the same worker node as the register endpoints. ([\#7048](https://github.com/matrix-org/synapse/issues/7048 ))
 
 Deprecations and Removals
 -------------------------
 
 - Remove the unused query_auth federation endpoint per [MSC2451](https://github.com/matrix-org/matrix-doc/pull/2451 ). ([\#7026](https://github.com/matrix-org/synapse/issues/7026 ))
 
 Internal Changes
 ----------------
 
 - Add type hints to `logging/context.py`. ([\#6309](https://github.com/matrix-org/synapse/issues/6309 ))
 - Add some clarifications to `README.md` in the database schema directory. ([\#6615](https://github.com/matrix-org/synapse/issues/6615 ))
 - Refactoring work in preparation for changing the event redaction algorithm. ([\#6874](https://github.com/matrix-org/synapse/issues/6874 ), [\#6875](https://github.com/matrix-org/synapse/issues/6875 ), [\#6983](https://github.com/matrix-org/synapse/issues/6983 ), [\#7003](https://github.com/matrix-org/synapse/issues/7003 ))
 - Improve performance of v2 state resolution for large rooms. ([\#6952](https://github.com/matrix-org/synapse/issues/6952 ), [\#7095](https://github.com/matrix-org/synapse/issues/7095 ))
 - Reduce time spent doing GC, by freezing objects on startup. ([\#6953](https://github.com/matrix-org/synapse/issues/6953 ))
 - Minor perfermance fixes to `get_auth_chain_ids`. ([\#6954](https://github.com/matrix-org/synapse/issues/6954 ))
 - Don't record remote cross-signing keys in the `devices` table. ([\#6956](https://github.com/matrix-org/synapse/issues/6956 ))
 - Use flake8-comprehensions to enforce good hygiene of list/set/dict comprehensions. ([\#6957](https://github.com/matrix-org/synapse/issues/6957 ))
 - Merge worker apps together. ([\#6964](https://github.com/matrix-org/synapse/issues/6964 ), [\#7002](https://github.com/matrix-org/synapse/issues/7002 ), [\#7055](https://github.com/matrix-org/synapse/issues/7055 ), [\#7104](https://github.com/matrix-org/synapse/issues/7104 ))
 - Remove redundant `store_room` call from `FederationHandler._process_received_pdu`. ([\#6979](https://github.com/matrix-org/synapse/issues/6979 ))
 - Update warning for incorrect database collation/ctype to include link to documentation. ([\#6985](https://github.com/matrix-org/synapse/issues/6985 ))
 - Add some type annotations to the database storage classes. ([\#6987](https://github.com/matrix-org/synapse/issues/6987 ))
 - Port `synapse.handlers.presence` to async/await. ([\#6991](https://github.com/matrix-org/synapse/issues/6991 ), [\#7019](https://github.com/matrix-org/synapse/issues/7019 ))
 - Add some type annotations to the federation base & client classes. ([\#6995](https://github.com/matrix-org/synapse/issues/6995 ))
 - Port `synapse.rest.keys` to async/await. ([\#7020](https://github.com/matrix-org/synapse/issues/7020 ))
 - Add a type check to `is_verified` when processing room keys. ([\#7045](https://github.com/matrix-org/synapse/issues/7045 ))
 - Add type annotations and comments to the auth handler. ([\#7063](https://github.com/matrix-org/synapse/issues/7063 ))
 -----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCAAdFiEEv27Axt/F4vrTL/8QOSor00I9eP8FAl54vN0ACgkQOSor00I9
 eP/LOgf/U22VypPu2Cl4vofxigeeUL+ph0gEQDCsF7i3EPi9ObeTi4aUggC95dBs
 MY4JQENmVrk1NhVWQpC08mjehsr4xUzJuwnPPIeGQ6X5U/2BS4YUasxOt9A+iLUz
 8IxTzUgx4T+CTfibZvn6xdE/tZK/b2N3BoOikesutD2aQGC5Fm6w2HReoY4Qrdgw
 AwHlsIV22PYgEn0RL5y6DJ2NUU9SdeSmPjKNe+R1rHDlTpvH7LSyINhOFkYDgRPY
 xmlH+Ek5+7vLi3AlWg6pA001mMWGADlC4T84URcf1fQv6hXT1iM+A9CqC57jGlfT
 nHDphCtz0Uk9kmgT4To+hclLDWecYw==
 =iSEk
 -----END PGP SIGNATURE-----
Merge tag 'v1.12.0'
Synapse 1.12.0 (2020-03-23)
===========================
No significant changes since 1.12.0rc1.
Debian packages and Docker images are rebuilt using the latest versions of
dependency libraries, including Twisted 20.3.0. **Please see security advisory
below**.
Security advisory
-----------------
Synapse may be vulnerable to request-smuggling attacks when it is used with a
reverse-proxy. The vulnerabilties are fixed in Twisted 20.3.0, and are
described in
[CVE-2020-10108](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10108 )
and
[CVE-2020-10109](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10109 ).
For a good introduction to this class of request-smuggling attacks, see
https://portswigger.net/research/http-desync-attacks-request-smuggling-reborn .
We are not aware of these vulnerabilities being exploited in the wild, and
do not believe that they are exploitable with current versions of any reverse
proxies. Nevertheless, we recommend that all Synapse administrators ensure that
they have the latest versions of the Twisted library to ensure that their
installation remains secure.
* Administrators using the [`matrix.org` Docker
  image](https://hub.docker.com/r/matrixdotorg/synapse/ ) or the [Debian/Ubuntu
  packages from
  `matrix.org`](https://github.com/matrix-org/synapse/blob/master/INSTALL.md#matrixorg-packages )
  should ensure that they have version 1.12.0 installed: these images include
  Twisted 20.3.0.
* Administrators who have [installed Synapse from
  source](https://github.com/matrix-org/synapse/blob/master/INSTALL.md#installing-from-source )
  should upgrade Twisted within their virtualenv by running:
  ```sh
  <path_to_virtualenv>/bin/pip install 'Twisted>=20.3.0'
  ```
* Administrators who have installed Synapse from distribution packages should
  consult the information from their distributions.
The `matrix.org` Synapse instance was not vulnerable to these vulnerabilities.
Advance notice of change to the default `git` branch for Synapse
----------------------------------------------------------------
Currently, the default `git` branch for Synapse is `master`, which tracks the
latest release.
After the release of Synapse 1.13.0, we intend to change this default to
`develop`, which is the development tip. This is more consistent with common
practice and modern `git` usage.
Although we try to keep `develop` in a stable state, there may be occasions
where regressions creep in. Developers and distributors who have scripts which
run builds using the default branch of `Synapse` should therefore consider
pinning their scripts to `master`.
Synapse 1.12.0rc1 (2020-03-19)
==============================
Features
--------
- Changes related to room alias management ([MSC2432](https://github.com/matrix-org/matrix-doc/pull/2432 )):
  - Publishing/removing a room from the room directory now requires the user to have a power level capable of modifying the canonical alias, instead of the room aliases. ([\#6965](https://github.com/matrix-org/synapse/issues/6965 ))
  - Validate the `alt_aliases` property of canonical alias events. ([\#6971](https://github.com/matrix-org/synapse/issues/6971 ))
  - Users with a power level sufficient to modify the canonical alias of a room can now delete room aliases. ([\#6986](https://github.com/matrix-org/synapse/issues/6986 ))
  - Implement updated authorization rules and redaction rules for aliases events, from [MSC2261](https://github.com/matrix-org/matrix-doc/pull/2261 ) and [MSC2432](https://github.com/matrix-org/matrix-doc/pull/2432 ). ([\#7037](https://github.com/matrix-org/synapse/issues/7037 ))
  - Stop sending m.room.aliases events during room creation and upgrade. ([\#6941](https://github.com/matrix-org/synapse/issues/6941 ))
  - Synapse no longer uses room alias events to calculate room names for push notifications. ([\#6966](https://github.com/matrix-org/synapse/issues/6966 ))
  - The room list endpoint no longer returns a list of aliases. ([\#6970](https://github.com/matrix-org/synapse/issues/6970 ))
  - Remove special handling of aliases events from [MSC2260](https://github.com/matrix-org/matrix-doc/pull/2260 ) added in v1.10.0rc1. ([\#7034](https://github.com/matrix-org/synapse/issues/7034 ))
- Expose the `synctl`, `hash_password` and `generate_config` commands in the snapcraft package. Contributed by @devec0. ([\#6315](https://github.com/matrix-org/synapse/issues/6315 ))
- Check that server_name is correctly set before running database updates. ([\#6982](https://github.com/matrix-org/synapse/issues/6982 ))
- Break down monthly active users by `appservice_id` and emit via Prometheus. ([\#7030](https://github.com/matrix-org/synapse/issues/7030 ))
- Render a configurable and comprehensible error page if something goes wrong during the SAML2 authentication process. ([\#7058](https://github.com/matrix-org/synapse/issues/7058 ), [\#7067](https://github.com/matrix-org/synapse/issues/7067 ))
- Add an optional parameter to control whether other sessions are logged out when a user's password is modified. ([\#7085](https://github.com/matrix-org/synapse/issues/7085 ))
- Add prometheus metrics for the number of active pushers. ([\#7103](https://github.com/matrix-org/synapse/issues/7103 ), [\#7106](https://github.com/matrix-org/synapse/issues/7106 ))
- Improve performance when making HTTPS requests to sygnal, sydent, etc, by sharing the SSL context object between connections. ([\#7094](https://github.com/matrix-org/synapse/issues/7094 ))
Bugfixes
--------
- When a user's profile is updated via the admin API, also generate a displayname/avatar update for that user in each room. ([\#6572](https://github.com/matrix-org/synapse/issues/6572 ))
- Fix a couple of bugs in email configuration handling. ([\#6962](https://github.com/matrix-org/synapse/issues/6962 ))
- Fix an issue affecting worker-based deployments where replication would stop working, necessitating a full restart, after joining a large room. ([\#6967](https://github.com/matrix-org/synapse/issues/6967 ))
- Fix `duplicate key` error which was logged when rejoining a room over federation. ([\#6968](https://github.com/matrix-org/synapse/issues/6968 ))
- Prevent user from setting 'deactivated' to anything other than a bool on the v2 PUT /users Admin API. ([\#6990](https://github.com/matrix-org/synapse/issues/6990 ))
- Fix py35-old CI by using native tox package. ([\#7018](https://github.com/matrix-org/synapse/issues/7018 ))
- Fix a bug causing `org.matrix.dummy_event` to be included in responses from `/sync`. ([\#7035](https://github.com/matrix-org/synapse/issues/7035 ))
- Fix a bug that renders UTF-8 text files incorrectly when loaded from media. Contributed by @TheStranjer. ([\#7044](https://github.com/matrix-org/synapse/issues/7044 ))
- Fix a bug that would cause Synapse to respond with an error about event visibility if a client tried to request the state of a room at a given token. ([\#7066](https://github.com/matrix-org/synapse/issues/7066 ))
- Repair a data-corruption issue which was introduced in Synapse 1.10, and fixed in Synapse 1.11, and which could cause `/sync` to return with 404 errors about missing events and unknown rooms. ([\#7070](https://github.com/matrix-org/synapse/issues/7070 ))
- Fix a bug causing account validity renewal emails to be sent even if the feature is turned off in some cases. ([\#7074](https://github.com/matrix-org/synapse/issues/7074 ))
Improved Documentation
----------------------
- Updated CentOS8 install instructions. Contributed by Richard Kellner. ([\#6925](https://github.com/matrix-org/synapse/issues/6925 ))
- Fix `POSTGRES_INITDB_ARGS` in the `contrib/docker/docker-compose.yml` example docker-compose configuration. ([\#6984](https://github.com/matrix-org/synapse/issues/6984 ))
- Change date in [INSTALL.md](./INSTALL.md#tls-certificates) for last date of getting TLS certificates to November 2019. ([\#7015](https://github.com/matrix-org/synapse/issues/7015 ))
- Document that the fallback auth endpoints must be routed to the same worker node as the register endpoints. ([\#7048](https://github.com/matrix-org/synapse/issues/7048 ))
Deprecations and Removals
-------------------------
- Remove the unused query_auth federation endpoint per [MSC2451](https://github.com/matrix-org/matrix-doc/pull/2451 ). ([\#7026](https://github.com/matrix-org/synapse/issues/7026 ))
Internal Changes
----------------
- Add type hints to `logging/context.py`. ([\#6309](https://github.com/matrix-org/synapse/issues/6309 ))
- Add some clarifications to `README.md` in the database schema directory. ([\#6615](https://github.com/matrix-org/synapse/issues/6615 ))
- Refactoring work in preparation for changing the event redaction algorithm. ([\#6874](https://github.com/matrix-org/synapse/issues/6874 ), [\#6875](https://github.com/matrix-org/synapse/issues/6875 ), [\#6983](https://github.com/matrix-org/synapse/issues/6983 ), [\#7003](https://github.com/matrix-org/synapse/issues/7003 ))
- Improve performance of v2 state resolution for large rooms. ([\#6952](https://github.com/matrix-org/synapse/issues/6952 ), [\#7095](https://github.com/matrix-org/synapse/issues/7095 ))
- Reduce time spent doing GC, by freezing objects on startup. ([\#6953](https://github.com/matrix-org/synapse/issues/6953 ))
- Minor perfermance fixes to `get_auth_chain_ids`. ([\#6954](https://github.com/matrix-org/synapse/issues/6954 ))
- Don't record remote cross-signing keys in the `devices` table. ([\#6956](https://github.com/matrix-org/synapse/issues/6956 ))
- Use flake8-comprehensions to enforce good hygiene of list/set/dict comprehensions. ([\#6957](https://github.com/matrix-org/synapse/issues/6957 ))
- Merge worker apps together. ([\#6964](https://github.com/matrix-org/synapse/issues/6964 ), [\#7002](https://github.com/matrix-org/synapse/issues/7002 ), [\#7055](https://github.com/matrix-org/synapse/issues/7055 ), [\#7104](https://github.com/matrix-org/synapse/issues/7104 ))
- Remove redundant `store_room` call from `FederationHandler._process_received_pdu`. ([\#6979](https://github.com/matrix-org/synapse/issues/6979 ))
- Update warning for incorrect database collation/ctype to include link to documentation. ([\#6985](https://github.com/matrix-org/synapse/issues/6985 ))
- Add some type annotations to the database storage classes. ([\#6987](https://github.com/matrix-org/synapse/issues/6987 ))
- Port `synapse.handlers.presence` to async/await. ([\#6991](https://github.com/matrix-org/synapse/issues/6991 ), [\#7019](https://github.com/matrix-org/synapse/issues/7019 ))
- Add some type annotations to the federation base & client classes. ([\#6995](https://github.com/matrix-org/synapse/issues/6995 ))
- Port `synapse.rest.keys` to async/await. ([\#7020](https://github.com/matrix-org/synapse/issues/7020 ))
- Add a type check to `is_verified` when processing room keys. ([\#7045](https://github.com/matrix-org/synapse/issues/7045 ))
- Add type annotations and comments to the auth handler. ([\#7063](https://github.com/matrix-org/synapse/issues/7063 )) 
							
						 
						
							2020-03-23 13:54:17 +00:00