d74cdc1a42
Ensure worker config exists in systemd service ( #7528 )
2020-05-21 13:47:23 +01:00
4fa74c7606
Minor clarifications to the TURN docs ( #7533 )
2020-05-20 11:04:34 +01:00
ab3e19d814
Improve API doc readability ( #7527 )
2020-05-19 11:20:23 +01:00
24d9151a08
Formatting for reverse-proxy docs ( #7514 )
...
also a small clarification to nginx
2020-05-15 15:13:39 +01:00
572b444dab
Add Caddy 2 example ( #7463 )
...
The specific headers that are passed using this new configuration format
are Host and X-Forwarded-For, which should be all that's required.
Note that for production another matcher should be added in the first
section to properly handle the base_url lookup:
reverse_proxy /.well-known/matrix/* http://localhost:8008
Signed-off-by: Jeff Peeler <jpeeler@gmail.com>
2020-05-15 14:36:01 +01:00
ec0b72bc4e
Merge branch 'master' into develop
2020-05-14 18:12:00 +01:00
66d03639dc
Notes on using git ( #7496 )
...
* general updates to CONTRIBUTING.md
* notes on updating your PR
* Notes on squash-merging or otherwise
* document git branching model
2020-05-14 18:03:10 +01:00
51fb0fc2e5
Update documentation about SSO mapping providers ( #7458 )
2020-05-12 10:51:07 -04:00
7cb8b4bc67
Allow configuration of Synapse's cache without using synctl or environment variables ( #6391 )
2020-05-11 18:45:23 +01:00
5cf758cdd6
Merge branch 'release-v1.13.0' into develop
...
* release-v1.13.0:
Don't UPGRADE database rows
RST indenting
Put rollback instructions in upgrade notes
Fix changelog typo
Oh yeah, RST
Absolute URL it is then
Fix upgrade notes link
Provide summary of upgrade issues in changelog. Fix )
Move next version notes from changelog to upgrade notes
Changelog fixes
1.13.0rc1
Documentation on setting up redis (#7446 )
Rework UI Auth session validation for registration (#7455 )
Fix errors from malformed log line (#7454 )
Drop support for redis.dbid (#7450 )
2020-05-11 16:46:33 +01:00
85155654c5
Documentation on setting up redis ( #7446 )
2020-05-11 13:21:15 +01:00
67feea8044
Extend spam checker to allow for multiple modules ( #7435 )
2020-05-08 19:25:48 +01:00
616af44137
Implement OpenID Connect-based login ( #7256 )
2020-05-08 08:30:40 -04:00
a4a5ec4096
Add room details admin endpoint ( #7317 )
2020-05-07 15:33:07 -04:00
5bb26b7c4f
Merge branch 'release-v1.13.0' into develop
2020-05-07 17:31:19 +02:00
d7983b63a6
Support any process writing to cache invalidation stream. ( #7436 )
2020-05-07 13:51:08 +01:00
d9b8d27494
Add a configuration setting for the dummy event threshold ( #7422 )
...
Add dummy_events_threshold which allows configuring the number of forward extremities a room needs for Synapse to send forward extremities in it.
2020-05-07 10:35:23 +01:00
207b1737ee
Update reverse_proxy.md
...
a couple of cleanups
2020-05-05 11:29:29 +01:00
37f6823f5b
Add instance name to RDATA/POSITION commands ( #7364 )
...
This is primarily for allowing us to send those commands from workers, but for now simply allows us to ignore echoed RDATA/POSITION commands that we sent (we get echoes of sent commands when using redis). Currently we log a WARNING on the master process every time we receive an echoed RDATA.
2020-04-29 16:23:08 +01:00
c58ae367d8
Clean up admin api docs ( #7361 )
2020-04-28 20:06:03 +01:00
04dd7d182d
Return total number of users and profile attributes in admin users endpoint ( #6881 )
...
Signed-off-by: Manuel Stahl <manuel.stahl@awesome-technologies.de>
2020-04-28 18:19:36 +01:00
036fab5d8a
Document monitoring workers ( #7357 )
...
It doesn't seem to be documented anywhere and means that you suddenly start losing metrics without any obvious reason when you go from monolith to workers (e.g. #7312 ).
2020-04-27 21:36:47 +02:00
aa2492907f
Add some explanation to application_services.md ( #7091 )
...
Signed-off-by: Simon Körner <git@lubiland.de>
2020-04-27 15:03:09 +01:00
7bfe0902ce
Add documentation to the sample config about the templates for SSO. ( #7343 )
2020-04-24 15:03:49 -04:00
204664d1ad
Synapse v1.12.4
...
Features:
* Always send users their own device updates. (#7160 )
* Add support for handling GET requests for account_data on a worker. (#7311 )
Bugfixes:
* Fix a bug that prevented cross-signing with users on worker-mode synapses. (#7255 )
* Do not treat display names as globs in push rules. (#7271 )
* Fix a bug with cross-signing devices belonging to remote users who did not share a
room with any user on the local homeserver. (#7289 )
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEF3tZXk38tRDFVnUIM/xY9qcRMEgFAl6hs9EACgkQM/xY9qcR
MEjq2w/9EC6m4Bx/2bDlohUy3GKfe9BUpZnMDGSgQR1v+J+OIA4yZ1s16hmY95fr
rGjNaZlcUbLUFj9GfaLOOZjvuXQ0KslO2ojP1lcSaKCfx9WK1CH0DtCNVB0lAYQv
sfu2C2I91XetkiMHo5GqYBP1d6IK3OTI7YRz72sHOQTVPFcSB1/wCUPuan7P90HE
gBdfxtl7Xl1TU0tfvJoeRLVarktVnE4LiXREfm1eGpRECPclewu7sbx5p1ESN5mg
/RBIh0FP4rOL4cP4Qt5qiCo68woJmBc4CwiV6pvcOyUMtMGqmwO9K/wJxqY+pxnh
JKBNqv90BCSxD55Nywslx9yA52kshuRdcdqHuOVYOHo4Dcwu+ecyySpmzuZ2EJPc
hDEkf3dnpfaVoMn3uesbwGNvHEr69QXxR8yE1XZvlAdKzvy4Po/0qRAZuD+NG9qf
YjN94bDbkASlFQgPn3wF7R+4RA/HdOf/1Ns6YKt2dFRikHb18WCBPWxHcSwscrgE
W8xma8rVTlqfRBuAcZ6y4K3KSHFX6dxLUNxqUngyAhjTInSPuqt2EzlAdqRpnJBS
t+hhj+zOh2ixxbz4ZrGdMx0jPF2XARr38x3F/LIjhHLcgOlHdCl4WWkxi9BSXOTd
cscvQ8GJBH9c0ANy7PGBntXlohQiW3eVVqblWRbV95TpHVoimME=
=Hc/7
-----END PGP SIGNATURE-----
Merge tag 'v1.12.4'
Synapse v1.12.4
Features:
* Always send users their own device updates. (#7160 )
* Add support for handling GET requests for account_data on a worker. (#7311 )
Bugfixes:
* Fix a bug that prevented cross-signing with users on worker-mode synapses. (#7255 )
* Do not treat display names as globs in push rules. (#7271 )
* Fix a bug with cross-signing devices belonging to remote users who did not share a
room with any user on the local homeserver. (#7289 )
2020-04-23 12:03:33 -04:00
2e3b9a0fcb
Revert "Revert "Merge pull request #7315 from matrix-org/babolivier/request_token""
...
This reverts commit 1adf6a5587
2020-04-23 11:23:53 +02:00
fb825759e3
Merge branch 'master' into develop
2020-04-23 11:23:33 +02:00
1adf6a5587
Revert "Merge pull request #7315 from matrix-org/babolivier/request_token"
...
This reverts commit 6f4319368b0d775fcc2d
2020-04-23 11:23:10 +02:00
6f4319368b
Merge pull request #7315 from matrix-org/babolivier/request_token
...
Config option to inhibit 3PID errors on /requestToken
2020-04-23 10:38:57 +02:00
71a1abb8a1
Stop the master relaying USER_SYNC for other workers ( #7318 )
...
Long story short: if we're handling presence on the current worker, we shouldn't be sending USER_SYNC commands over replication.
In an attempt to figure out what is going on here, I ended up refactoring some bits of the presencehandler code, so the first 4 commits here are non-functional refactors to move this code slightly closer to sanity. (There's still plenty to do here :/). Suggest reviewing individual commits.
Fixes (I hope) #7257 .
2020-04-22 22:39:04 +01:00
69ad7cc13b
Config option to inhibit 3PID errors on /requestToken
...
Adds a request_token_inhibit_errors configuration flag (disabled by
default) which, if enabled, change the behaviour of all /requestToken
endpoints so that they return a 200 and a fake sid if the 3PID was/was
not found associated with an account (depending on the endpoint),
instead of an error.
Co-Authored-By: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
2020-04-22 23:38:42 +02:00
6b6685db9f
Extend room admin api with additional attributes ( #7225 )
2020-04-22 13:38:41 +01:00
2aa5bf13c8
Merge branch 'release-v1.12.4' into develop
2020-04-22 13:09:23 +01:00
974c0d726a
Support GET account_data requests on a worker ( #7311 )
2020-04-21 10:46:30 +01:00
13917232d5
Fix indention in generated config file ( #7300 )
...
Also adjust sample_config.yaml
Signed-off-by: Lars Franke <frcl@mailbox.org>
2020-04-20 16:51:27 +01:00
0d775fcc2d
Improve example TURN configuration in documentation ( #7284 )
2020-04-17 08:04:23 -04:00
c07fca9e2f
Clarify the comments for media_storage_providers options ( #7272 )
2020-04-17 07:09:33 -04:00
a48138784e
Allow specifying the value of Accept-Language header for URL previews ( #7265 )
2020-04-15 13:35:29 +01:00
4a0dadafbe
Add setting to nginx configuration to allow larger file uploads ( #7251 )
2020-04-13 17:23:36 +01:00
a026bdaab7
Add matrix-synapse-shared-secret-auth as an example password provider ( #7248 )
2020-04-09 12:49:05 +01:00
cae4121484
Make systemd-with-workers doc official ( #7234 )
...
Simplify and update this documentation, and make it part of the core dist.
2020-04-08 11:59:26 +01:00
29b7e22b93
Add documentation to password_providers config option ( #7238 )
2020-04-08 00:46:50 +01:00
b0db928c63
Extend web_client_location to handle absolute URLs ( #7006 )
...
Log warning when filesystem path is used.
Signed-off-by: Martin Milata <martin@martinmilata.cz>
2020-04-03 11:57:34 -04:00
0122ef1037
Revert "Merge pull request #7153 from matrix-org/babolivier/sso_whitelist_login_fallback"
...
This was incorrectly merged to master.
This reverts commit 319c41f573229eb81498
2020-04-03 11:17:39 +01:00
250f87d0de
Update postgres.md ( #7119 )
2020-04-01 12:44:51 +01:00
2e826cd80c
Improve TURN documentation. ( #7167 )
2020-03-31 15:50:48 +01:00
d9f29f8dae
Fix a small typo in the `metrics_flags` config option. ( #7171 )
2020-03-30 17:38:21 +01:00
4f21c33be3
Remove usage of "conn_id" for presence. ( #7128 )
...
* Remove `conn_id` usage for UserSyncCommand.
Each tcp replication connection is assigned a "conn_id", which is used
to give an ID to a remotely connected worker. In a redis world, there
will no longer be a one to one mapping between connection and instance,
so instead we need to replace such usages with an ID generated by the
remote instances and included in the replicaiton commands.
This really only effects UserSyncCommand.
* Add CLEAR_USER_SYNCS command that is sent on shutdown.
This should help with the case where a synchrotron gets restarted
gracefully, rather than rely on 5 minute timeout.
2020-03-30 16:37:24 +01:00
c5f89fba55
Add developer documentation for running a local CAS server ( #7147 )
2020-03-30 07:28:42 -04:00
b7da598a61
Always whitelist the login fallback for SSO ( #7153 )
...
That fallback sets the redirect URL to itself (so it can process the login
token then return gracefully to the client). This would make it pointless to
ask the user for confirmation, since the URL the confirmation page would be
showing wouldn't be the client's.
2020-03-27 20:24:52 +00:00
fb69690761
Admin API to join users to a room. ( #7051 )
2020-03-27 19:16:43 +00:00
8327eb9280
Add options to prevent users from changing their profile. ( #7096 )
2020-03-27 19:15:23 +00:00
319c41f573
Merge pull request #7153 from matrix-org/babolivier/sso_whitelist_login_fallback
...
Always whitelist the login fallback for SSO
2020-03-27 15:34:41 +01:00
63aea691a7
Update the wording of the config comment
2020-03-27 15:09:12 +01:00
7083147961
Regenerate sample config
2020-03-26 19:01:54 +01:00
e8e2ddb60a
Allow server admins to define and enforce a password policy (MSC2000). ( #7118 )
2020-03-26 16:51:13 +00:00
6ca5e56fd1
Remove unused captcha_bypass_secret option ( #7137 )
...
Signed-off-by: Aaron Raimist <aaron@raim.ist>
2020-03-25 17:49:34 +00:00
4cff617df1
Move catchup of replication streams to worker. ( #7024 )
...
This changes the replication protocol so that the server does not send down `RDATA` for rows that happened before the client connected. Instead, the server will send a `POSITION` and clients then query the database (or master out of band) to get up to date.
2020-03-25 14:54:01 +00:00
39230d2171
Clean up some LoggingContext stuff ( #7120 )
...
* Pull Sentinel out of LoggingContext
... and drop a few unnecessary references to it
* Factor out LoggingContext.current_context
move `current_context` and `set_context` out to top-level functions.
Mostly this means that I can more easily trace what's actually referring to
LoggingContext, but I think it's generally neater.
* move copy-to-parent into `stop`
this really just makes `start` and `stop` more symetric. It also means that it
behaves correctly if you manually `set_log_context` rather than using the
context manager.
* Replace `LoggingContext.alive` with `finished`
Turn `alive` into `finished` and make it a bit better defined.
2020-03-24 14:45:33 +00:00
5126cb1253
Merge branch 'master' into develop
2020-03-23 13:54:29 +00:00
229eb81498
Synapse 1.12.0 (2020-03-23)
...
===========================
No significant changes since 1.12.0rc1.
Debian packages and Docker images are rebuilt using the latest versions of
dependency libraries, including Twisted 20.3.0. **Please see security advisory
below**.
Security advisory
-----------------
Synapse may be vulnerable to request-smuggling attacks when it is used with a
reverse-proxy. The vulnerabilties are fixed in Twisted 20.3.0, and are
described in
[CVE-2020-10108](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10108 )
and
[CVE-2020-10109](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10109 ).
For a good introduction to this class of request-smuggling attacks, see
https://portswigger.net/research/http-desync-attacks-request-smuggling-reborn .
We are not aware of these vulnerabilities being exploited in the wild, and
do not believe that they are exploitable with current versions of any reverse
proxies. Nevertheless, we recommend that all Synapse administrators ensure that
they have the latest versions of the Twisted library to ensure that their
installation remains secure.
* Administrators using the [`matrix.org` Docker
image](https://hub.docker.com/r/matrixdotorg/synapse/ ) or the [Debian/Ubuntu
packages from
`matrix.org`](https://github.com/matrix-org/synapse/blob/master/INSTALL.md#matrixorg-packages )
should ensure that they have version 1.12.0 installed: these images include
Twisted 20.3.0.
* Administrators who have [installed Synapse from
source](https://github.com/matrix-org/synapse/blob/master/INSTALL.md#installing-from-source )
should upgrade Twisted within their virtualenv by running:
```sh
<path_to_virtualenv>/bin/pip install 'Twisted>=20.3.0'
```
* Administrators who have installed Synapse from distribution packages should
consult the information from their distributions.
The `matrix.org` Synapse instance was not vulnerable to these vulnerabilities.
Advance notice of change to the default `git` branch for Synapse
----------------------------------------------------------------
Currently, the default `git` branch for Synapse is `master`, which tracks the
latest release.
After the release of Synapse 1.13.0, we intend to change this default to
`develop`, which is the development tip. This is more consistent with common
practice and modern `git` usage.
Although we try to keep `develop` in a stable state, there may be occasions
where regressions creep in. Developers and distributors who have scripts which
run builds using the default branch of `Synapse` should therefore consider
pinning their scripts to `master`.
Synapse 1.12.0rc1 (2020-03-19)
==============================
Features
--------
- Changes related to room alias management ([MSC2432](https://github.com/matrix-org/matrix-doc/pull/2432 )):
- Publishing/removing a room from the room directory now requires the user to have a power level capable of modifying the canonical alias, instead of the room aliases. ([\#6965](https://github.com/matrix-org/synapse/issues/6965 ))
- Validate the `alt_aliases` property of canonical alias events. ([\#6971](https://github.com/matrix-org/synapse/issues/6971 ))
- Users with a power level sufficient to modify the canonical alias of a room can now delete room aliases. ([\#6986](https://github.com/matrix-org/synapse/issues/6986 ))
- Implement updated authorization rules and redaction rules for aliases events, from [MSC2261](https://github.com/matrix-org/matrix-doc/pull/2261 ) and [MSC2432](https://github.com/matrix-org/matrix-doc/pull/2432 ). ([\#7037](https://github.com/matrix-org/synapse/issues/7037 ))
- Stop sending m.room.aliases events during room creation and upgrade. ([\#6941](https://github.com/matrix-org/synapse/issues/6941 ))
- Synapse no longer uses room alias events to calculate room names for push notifications. ([\#6966](https://github.com/matrix-org/synapse/issues/6966 ))
- The room list endpoint no longer returns a list of aliases. ([\#6970](https://github.com/matrix-org/synapse/issues/6970 ))
- Remove special handling of aliases events from [MSC2260](https://github.com/matrix-org/matrix-doc/pull/2260 ) added in v1.10.0rc1. ([\#7034](https://github.com/matrix-org/synapse/issues/7034 ))
- Expose the `synctl`, `hash_password` and `generate_config` commands in the snapcraft package. Contributed by @devec0. ([\#6315](https://github.com/matrix-org/synapse/issues/6315 ))
- Check that server_name is correctly set before running database updates. ([\#6982](https://github.com/matrix-org/synapse/issues/6982 ))
- Break down monthly active users by `appservice_id` and emit via Prometheus. ([\#7030](https://github.com/matrix-org/synapse/issues/7030 ))
- Render a configurable and comprehensible error page if something goes wrong during the SAML2 authentication process. ([\#7058](https://github.com/matrix-org/synapse/issues/7058 ), [\#7067](https://github.com/matrix-org/synapse/issues/7067 ))
- Add an optional parameter to control whether other sessions are logged out when a user's password is modified. ([\#7085](https://github.com/matrix-org/synapse/issues/7085 ))
- Add prometheus metrics for the number of active pushers. ([\#7103](https://github.com/matrix-org/synapse/issues/7103 ), [\#7106](https://github.com/matrix-org/synapse/issues/7106 ))
- Improve performance when making HTTPS requests to sygnal, sydent, etc, by sharing the SSL context object between connections. ([\#7094](https://github.com/matrix-org/synapse/issues/7094 ))
Bugfixes
--------
- When a user's profile is updated via the admin API, also generate a displayname/avatar update for that user in each room. ([\#6572](https://github.com/matrix-org/synapse/issues/6572 ))
- Fix a couple of bugs in email configuration handling. ([\#6962](https://github.com/matrix-org/synapse/issues/6962 ))
- Fix an issue affecting worker-based deployments where replication would stop working, necessitating a full restart, after joining a large room. ([\#6967](https://github.com/matrix-org/synapse/issues/6967 ))
- Fix `duplicate key` error which was logged when rejoining a room over federation. ([\#6968](https://github.com/matrix-org/synapse/issues/6968 ))
- Prevent user from setting 'deactivated' to anything other than a bool on the v2 PUT /users Admin API. ([\#6990](https://github.com/matrix-org/synapse/issues/6990 ))
- Fix py35-old CI by using native tox package. ([\#7018](https://github.com/matrix-org/synapse/issues/7018 ))
- Fix a bug causing `org.matrix.dummy_event` to be included in responses from `/sync`. ([\#7035](https://github.com/matrix-org/synapse/issues/7035 ))
- Fix a bug that renders UTF-8 text files incorrectly when loaded from media. Contributed by @TheStranjer. ([\#7044](https://github.com/matrix-org/synapse/issues/7044 ))
- Fix a bug that would cause Synapse to respond with an error about event visibility if a client tried to request the state of a room at a given token. ([\#7066](https://github.com/matrix-org/synapse/issues/7066 ))
- Repair a data-corruption issue which was introduced in Synapse 1.10, and fixed in Synapse 1.11, and which could cause `/sync` to return with 404 errors about missing events and unknown rooms. ([\#7070](https://github.com/matrix-org/synapse/issues/7070 ))
- Fix a bug causing account validity renewal emails to be sent even if the feature is turned off in some cases. ([\#7074](https://github.com/matrix-org/synapse/issues/7074 ))
Improved Documentation
----------------------
- Updated CentOS8 install instructions. Contributed by Richard Kellner. ([\#6925](https://github.com/matrix-org/synapse/issues/6925 ))
- Fix `POSTGRES_INITDB_ARGS` in the `contrib/docker/docker-compose.yml` example docker-compose configuration. ([\#6984](https://github.com/matrix-org/synapse/issues/6984 ))
- Change date in [INSTALL.md](./INSTALL.md#tls-certificates) for last date of getting TLS certificates to November 2019. ([\#7015](https://github.com/matrix-org/synapse/issues/7015 ))
- Document that the fallback auth endpoints must be routed to the same worker node as the register endpoints. ([\#7048](https://github.com/matrix-org/synapse/issues/7048 ))
Deprecations and Removals
-------------------------
- Remove the unused query_auth federation endpoint per [MSC2451](https://github.com/matrix-org/matrix-doc/pull/2451 ). ([\#7026](https://github.com/matrix-org/synapse/issues/7026 ))
Internal Changes
----------------
- Add type hints to `logging/context.py`. ([\#6309](https://github.com/matrix-org/synapse/issues/6309 ))
- Add some clarifications to `README.md` in the database schema directory. ([\#6615](https://github.com/matrix-org/synapse/issues/6615 ))
- Refactoring work in preparation for changing the event redaction algorithm. ([\#6874](https://github.com/matrix-org/synapse/issues/6874 ), [\#6875](https://github.com/matrix-org/synapse/issues/6875 ), [\#6983](https://github.com/matrix-org/synapse/issues/6983 ), [\#7003](https://github.com/matrix-org/synapse/issues/7003 ))
- Improve performance of v2 state resolution for large rooms. ([\#6952](https://github.com/matrix-org/synapse/issues/6952 ), [\#7095](https://github.com/matrix-org/synapse/issues/7095 ))
- Reduce time spent doing GC, by freezing objects on startup. ([\#6953](https://github.com/matrix-org/synapse/issues/6953 ))
- Minor perfermance fixes to `get_auth_chain_ids`. ([\#6954](https://github.com/matrix-org/synapse/issues/6954 ))
- Don't record remote cross-signing keys in the `devices` table. ([\#6956](https://github.com/matrix-org/synapse/issues/6956 ))
- Use flake8-comprehensions to enforce good hygiene of list/set/dict comprehensions. ([\#6957](https://github.com/matrix-org/synapse/issues/6957 ))
- Merge worker apps together. ([\#6964](https://github.com/matrix-org/synapse/issues/6964 ), [\#7002](https://github.com/matrix-org/synapse/issues/7002 ), [\#7055](https://github.com/matrix-org/synapse/issues/7055 ), [\#7104](https://github.com/matrix-org/synapse/issues/7104 ))
- Remove redundant `store_room` call from `FederationHandler._process_received_pdu`. ([\#6979](https://github.com/matrix-org/synapse/issues/6979 ))
- Update warning for incorrect database collation/ctype to include link to documentation. ([\#6985](https://github.com/matrix-org/synapse/issues/6985 ))
- Add some type annotations to the database storage classes. ([\#6987](https://github.com/matrix-org/synapse/issues/6987 ))
- Port `synapse.handlers.presence` to async/await. ([\#6991](https://github.com/matrix-org/synapse/issues/6991 ), [\#7019](https://github.com/matrix-org/synapse/issues/7019 ))
- Add some type annotations to the federation base & client classes. ([\#6995](https://github.com/matrix-org/synapse/issues/6995 ))
- Port `synapse.rest.keys` to async/await. ([\#7020](https://github.com/matrix-org/synapse/issues/7020 ))
- Add a type check to `is_verified` when processing room keys. ([\#7045](https://github.com/matrix-org/synapse/issues/7045 ))
- Add type annotations and comments to the auth handler. ([\#7063](https://github.com/matrix-org/synapse/issues/7063 ))
-----BEGIN PGP SIGNATURE-----
iQEzBAABCAAdFiEEv27Axt/F4vrTL/8QOSor00I9eP8FAl54vN0ACgkQOSor00I9
eP/LOgf/U22VypPu2Cl4vofxigeeUL+ph0gEQDCsF7i3EPi9ObeTi4aUggC95dBs
MY4JQENmVrk1NhVWQpC08mjehsr4xUzJuwnPPIeGQ6X5U/2BS4YUasxOt9A+iLUz
8IxTzUgx4T+CTfibZvn6xdE/tZK/b2N3BoOikesutD2aQGC5Fm6w2HReoY4Qrdgw
AwHlsIV22PYgEn0RL5y6DJ2NUU9SdeSmPjKNe+R1rHDlTpvH7LSyINhOFkYDgRPY
xmlH+Ek5+7vLi3AlWg6pA001mMWGADlC4T84URcf1fQv6hXT1iM+A9CqC57jGlfT
nHDphCtz0Uk9kmgT4To+hclLDWecYw==
=iSEk
-----END PGP SIGNATURE-----
Merge tag 'v1.12.0'
Synapse 1.12.0 (2020-03-23)
===========================
No significant changes since 1.12.0rc1.
Debian packages and Docker images are rebuilt using the latest versions of
dependency libraries, including Twisted 20.3.0. **Please see security advisory
below**.
Security advisory
-----------------
Synapse may be vulnerable to request-smuggling attacks when it is used with a
reverse-proxy. The vulnerabilties are fixed in Twisted 20.3.0, and are
described in
[CVE-2020-10108](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10108 )
and
[CVE-2020-10109](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10109 ).
For a good introduction to this class of request-smuggling attacks, see
https://portswigger.net/research/http-desync-attacks-request-smuggling-reborn .
We are not aware of these vulnerabilities being exploited in the wild, and
do not believe that they are exploitable with current versions of any reverse
proxies. Nevertheless, we recommend that all Synapse administrators ensure that
they have the latest versions of the Twisted library to ensure that their
installation remains secure.
* Administrators using the [`matrix.org` Docker
image](https://hub.docker.com/r/matrixdotorg/synapse/ ) or the [Debian/Ubuntu
packages from
`matrix.org`](https://github.com/matrix-org/synapse/blob/master/INSTALL.md#matrixorg-packages )
should ensure that they have version 1.12.0 installed: these images include
Twisted 20.3.0.
* Administrators who have [installed Synapse from
source](https://github.com/matrix-org/synapse/blob/master/INSTALL.md#installing-from-source )
should upgrade Twisted within their virtualenv by running:
```sh
<path_to_virtualenv>/bin/pip install 'Twisted>=20.3.0'
```
* Administrators who have installed Synapse from distribution packages should
consult the information from their distributions.
The `matrix.org` Synapse instance was not vulnerable to these vulnerabilities.
Advance notice of change to the default `git` branch for Synapse
----------------------------------------------------------------
Currently, the default `git` branch for Synapse is `master`, which tracks the
latest release.
After the release of Synapse 1.13.0, we intend to change this default to
`develop`, which is the development tip. This is more consistent with common
practice and modern `git` usage.
Although we try to keep `develop` in a stable state, there may be occasions
where regressions creep in. Developers and distributors who have scripts which
run builds using the default branch of `Synapse` should therefore consider
pinning their scripts to `master`.
Synapse 1.12.0rc1 (2020-03-19)
==============================
Features
--------
- Changes related to room alias management ([MSC2432](https://github.com/matrix-org/matrix-doc/pull/2432 )):
- Publishing/removing a room from the room directory now requires the user to have a power level capable of modifying the canonical alias, instead of the room aliases. ([\#6965](https://github.com/matrix-org/synapse/issues/6965 ))
- Validate the `alt_aliases` property of canonical alias events. ([\#6971](https://github.com/matrix-org/synapse/issues/6971 ))
- Users with a power level sufficient to modify the canonical alias of a room can now delete room aliases. ([\#6986](https://github.com/matrix-org/synapse/issues/6986 ))
- Implement updated authorization rules and redaction rules for aliases events, from [MSC2261](https://github.com/matrix-org/matrix-doc/pull/2261 ) and [MSC2432](https://github.com/matrix-org/matrix-doc/pull/2432 ). ([\#7037](https://github.com/matrix-org/synapse/issues/7037 ))
- Stop sending m.room.aliases events during room creation and upgrade. ([\#6941](https://github.com/matrix-org/synapse/issues/6941 ))
- Synapse no longer uses room alias events to calculate room names for push notifications. ([\#6966](https://github.com/matrix-org/synapse/issues/6966 ))
- The room list endpoint no longer returns a list of aliases. ([\#6970](https://github.com/matrix-org/synapse/issues/6970 ))
- Remove special handling of aliases events from [MSC2260](https://github.com/matrix-org/matrix-doc/pull/2260 ) added in v1.10.0rc1. ([\#7034](https://github.com/matrix-org/synapse/issues/7034 ))
- Expose the `synctl`, `hash_password` and `generate_config` commands in the snapcraft package. Contributed by @devec0. ([\#6315](https://github.com/matrix-org/synapse/issues/6315 ))
- Check that server_name is correctly set before running database updates. ([\#6982](https://github.com/matrix-org/synapse/issues/6982 ))
- Break down monthly active users by `appservice_id` and emit via Prometheus. ([\#7030](https://github.com/matrix-org/synapse/issues/7030 ))
- Render a configurable and comprehensible error page if something goes wrong during the SAML2 authentication process. ([\#7058](https://github.com/matrix-org/synapse/issues/7058 ), [\#7067](https://github.com/matrix-org/synapse/issues/7067 ))
- Add an optional parameter to control whether other sessions are logged out when a user's password is modified. ([\#7085](https://github.com/matrix-org/synapse/issues/7085 ))
- Add prometheus metrics for the number of active pushers. ([\#7103](https://github.com/matrix-org/synapse/issues/7103 ), [\#7106](https://github.com/matrix-org/synapse/issues/7106 ))
- Improve performance when making HTTPS requests to sygnal, sydent, etc, by sharing the SSL context object between connections. ([\#7094](https://github.com/matrix-org/synapse/issues/7094 ))
Bugfixes
--------
- When a user's profile is updated via the admin API, also generate a displayname/avatar update for that user in each room. ([\#6572](https://github.com/matrix-org/synapse/issues/6572 ))
- Fix a couple of bugs in email configuration handling. ([\#6962](https://github.com/matrix-org/synapse/issues/6962 ))
- Fix an issue affecting worker-based deployments where replication would stop working, necessitating a full restart, after joining a large room. ([\#6967](https://github.com/matrix-org/synapse/issues/6967 ))
- Fix `duplicate key` error which was logged when rejoining a room over federation. ([\#6968](https://github.com/matrix-org/synapse/issues/6968 ))
- Prevent user from setting 'deactivated' to anything other than a bool on the v2 PUT /users Admin API. ([\#6990](https://github.com/matrix-org/synapse/issues/6990 ))
- Fix py35-old CI by using native tox package. ([\#7018](https://github.com/matrix-org/synapse/issues/7018 ))
- Fix a bug causing `org.matrix.dummy_event` to be included in responses from `/sync`. ([\#7035](https://github.com/matrix-org/synapse/issues/7035 ))
- Fix a bug that renders UTF-8 text files incorrectly when loaded from media. Contributed by @TheStranjer. ([\#7044](https://github.com/matrix-org/synapse/issues/7044 ))
- Fix a bug that would cause Synapse to respond with an error about event visibility if a client tried to request the state of a room at a given token. ([\#7066](https://github.com/matrix-org/synapse/issues/7066 ))
- Repair a data-corruption issue which was introduced in Synapse 1.10, and fixed in Synapse 1.11, and which could cause `/sync` to return with 404 errors about missing events and unknown rooms. ([\#7070](https://github.com/matrix-org/synapse/issues/7070 ))
- Fix a bug causing account validity renewal emails to be sent even if the feature is turned off in some cases. ([\#7074](https://github.com/matrix-org/synapse/issues/7074 ))
Improved Documentation
----------------------
- Updated CentOS8 install instructions. Contributed by Richard Kellner. ([\#6925](https://github.com/matrix-org/synapse/issues/6925 ))
- Fix `POSTGRES_INITDB_ARGS` in the `contrib/docker/docker-compose.yml` example docker-compose configuration. ([\#6984](https://github.com/matrix-org/synapse/issues/6984 ))
- Change date in [INSTALL.md](./INSTALL.md#tls-certificates) for last date of getting TLS certificates to November 2019. ([\#7015](https://github.com/matrix-org/synapse/issues/7015 ))
- Document that the fallback auth endpoints must be routed to the same worker node as the register endpoints. ([\#7048](https://github.com/matrix-org/synapse/issues/7048 ))
Deprecations and Removals
-------------------------
- Remove the unused query_auth federation endpoint per [MSC2451](https://github.com/matrix-org/matrix-doc/pull/2451 ). ([\#7026](https://github.com/matrix-org/synapse/issues/7026 ))
Internal Changes
----------------
- Add type hints to `logging/context.py`. ([\#6309](https://github.com/matrix-org/synapse/issues/6309 ))
- Add some clarifications to `README.md` in the database schema directory. ([\#6615](https://github.com/matrix-org/synapse/issues/6615 ))
- Refactoring work in preparation for changing the event redaction algorithm. ([\#6874](https://github.com/matrix-org/synapse/issues/6874 ), [\#6875](https://github.com/matrix-org/synapse/issues/6875 ), [\#6983](https://github.com/matrix-org/synapse/issues/6983 ), [\#7003](https://github.com/matrix-org/synapse/issues/7003 ))
- Improve performance of v2 state resolution for large rooms. ([\#6952](https://github.com/matrix-org/synapse/issues/6952 ), [\#7095](https://github.com/matrix-org/synapse/issues/7095 ))
- Reduce time spent doing GC, by freezing objects on startup. ([\#6953](https://github.com/matrix-org/synapse/issues/6953 ))
- Minor perfermance fixes to `get_auth_chain_ids`. ([\#6954](https://github.com/matrix-org/synapse/issues/6954 ))
- Don't record remote cross-signing keys in the `devices` table. ([\#6956](https://github.com/matrix-org/synapse/issues/6956 ))
- Use flake8-comprehensions to enforce good hygiene of list/set/dict comprehensions. ([\#6957](https://github.com/matrix-org/synapse/issues/6957 ))
- Merge worker apps together. ([\#6964](https://github.com/matrix-org/synapse/issues/6964 ), [\#7002](https://github.com/matrix-org/synapse/issues/7002 ), [\#7055](https://github.com/matrix-org/synapse/issues/7055 ), [\#7104](https://github.com/matrix-org/synapse/issues/7104 ))
- Remove redundant `store_room` call from `FederationHandler._process_received_pdu`. ([\#6979](https://github.com/matrix-org/synapse/issues/6979 ))
- Update warning for incorrect database collation/ctype to include link to documentation. ([\#6985](https://github.com/matrix-org/synapse/issues/6985 ))
- Add some type annotations to the database storage classes. ([\#6987](https://github.com/matrix-org/synapse/issues/6987 ))
- Port `synapse.handlers.presence` to async/await. ([\#6991](https://github.com/matrix-org/synapse/issues/6991 ), [\#7019](https://github.com/matrix-org/synapse/issues/7019 ))
- Add some type annotations to the federation base & client classes. ([\#6995](https://github.com/matrix-org/synapse/issues/6995 ))
- Port `synapse.rest.keys` to async/await. ([\#7020](https://github.com/matrix-org/synapse/issues/7020 ))
- Add a type check to `is_verified` when processing room keys. ([\#7045](https://github.com/matrix-org/synapse/issues/7045 ))
- Add type annotations and comments to the auth handler. ([\#7063](https://github.com/matrix-org/synapse/issues/7063 ))
2020-03-23 13:54:17 +00:00
c165c1233b
Improve database configuration docs ( #6988 )
...
Attempts to clarify the sample config for databases, and add some stuff about
tcp keepalives to `postgres.md`.
2020-03-20 15:24:22 +00:00
88b41986db
Add an option to the set password API to choose whether to logout other devices. ( #7085 )
2020-03-18 07:50:00 -04:00
4ce50519cd
Update postgres.md
...
fix broken link
2020-03-17 18:08:43 +00:00
6a35046363
Revert "Add options to disable setting profile info for prevent changes. ( #7053 )"
...
This reverts commit 54dd28621b6640460d05
2020-03-17 11:25:01 +00:00
f9e98176bf
Put the file in the templates directory
2020-03-11 20:31:42 +00:00
900bca9707
Update wording and config
2020-03-11 19:40:30 +00:00
54dd28621b
Add options to disable setting profile info for prevent changes. ( #7053 )
2020-03-10 22:23:01 +00:00
751d51dd12
Update sample_config.yaml
2020-03-10 21:41:25 +01:00
51c094c4ac
Update sample config
2020-03-10 14:00:29 +00:00
885134529f
updates after review
2020-03-09 22:09:29 +01:00
66315d862f
Update routing of fallback auth in the worker docs. ( #7048 )
2020-03-09 07:19:24 -04:00
99bbe177b6
add disable_3pid_changes
2020-03-08 21:58:12 +01:00
20545a2199
lint2
2020-03-08 15:28:00 +01:00
fb078f921b
changelog
2020-03-08 15:19:07 +01:00
43f874055d
Merge branch 'master' into develop
2020-03-03 15:20:49 +00:00
b68041df3d
Add a whitelist for the SSO confirmation step.
2020-03-02 17:05:09 +00:00
b2bd54a2e3
Add a confirmation step to the SSO login flow
2020-03-02 16:36:32 +00:00
4c2ed3f20e
Fix minor issues with email config ( #6962 )
...
* Give `notif_template_html`, `notif_template_text` default values (fixes #6960 )
* Don't complain if `smtp_host` and `smtp_port` are unset, since they have sensible defaults (fixes #6961 )
* Set the example for `enable_notifs` to `True`, for consistency and because it's more useful
* Raise errors as ConfigError rather than RuntimeError for nicer formatting
2020-02-24 15:18:38 +00:00
509e381afa
Clarify list/set/dict/tuple comprehensions and enforce via flake8 ( #6957 )
...
Ensure good comprehension hygiene using flake8-comprehensions.
2020-02-21 07:15:07 -05:00
bbe39f808c
Merge pull request #6940 from matrix-org/babolivier/federate.md
...
Clean up and update federation docs
2020-02-19 10:58:59 +00:00
71d65407e7
Incorporate review
2020-02-19 10:03:19 +00:00
61b457e3ec
Incorporate review
2020-02-18 17:20:03 +00:00
a0d2f9d089
Phrasing
2020-02-18 16:16:49 +00:00
d484126bf7
Merge pull request #6907 from matrix-org/babolivier/acme-config
...
Add mention and warning about ACME v1 deprecation to the TLS config
2020-02-18 16:11:31 +00:00
818def8248
Fix worker docs to point `/publicised_groups` API correctly. ( #6938 )
2020-02-18 15:27:45 +00:00
d009535639
Add mention of SRV records as an advanced topic
2020-02-18 14:07:41 +00:00
ba7a523854
Argh trailing spaces
2020-02-18 13:57:15 +00:00
e837be5b5c
Fix links in the reverse proxy doc
2020-02-18 13:53:58 +00:00
3c67eee6dc
Make federate.md more of a sumary of the steps to follow to set up replication
2020-02-18 13:51:03 +00:00
8ee0d74516
Split the delegating documentation out of federate.md and trim it down
2020-02-18 12:05:45 +00:00
97a42bbc3a
Add a warning about indentation to generated config ( #6920 )
...
Fixes #6916 .
2020-02-14 16:22:30 +00:00
49f877d32e
Filter the results of user directory searching via the spam checker ( #6888 )
...
Add a method to the spam checker to filter the user directory results.
2020-02-14 07:17:54 -05:00
5820ed905f
Add mention and warning about ACME v1 deprecation to the Synapse config
2020-02-13 14:20:08 +00:00
361de49c90
Add documentation for the spam checker module ( #6906 )
...
Add documentation for the spam checker.
2020-02-13 07:40:57 -05:00
862669d6cc
Update docs/ACME.md
2020-02-13 11:29:08 +00:00
459d089af7
Mention that using Synapse to serve certificates requires restarts
2020-02-12 21:05:30 +00:00
e45a7c0939
Remove duplicated info about certbot et al
2020-02-12 20:14:59 +00:00
f092029d2d
Update ACME.md to mention ACME v1 deprecation
2020-02-12 20:14:16 +00:00
6cd34da8b1
Merge pull request #6891 from matrix-org/babolivier/retention-doc-amend
...
Spell out that the last event sent to a room won't be deleted by a purge
2020-02-12 20:12:20 +00:00
08e050c3fd
Rephrase
2020-02-12 15:39:40 +00:00
47acbc519f
Merge branch 'master' into develop
2020-02-12 13:24:09 +00:00
d9239b5257
Synapse 1.10.0 (2020-02-12)
...
===========================
**WARNING to client developers**: As of this release Synapse validates `client_secret` parameters in the Client-Server API as per the spec. See [\#6766](https://github.com/matrix-org/synapse/issues/6766 ) for details.
Updates to the Docker image
---------------------------
- Update the docker images to Alpine Linux 3.11. ([\#6897](https://github.com/matrix-org/synapse/issues/6897 ))
Synapse 1.10.0rc5 (2020-02-11)
==============================
Bugfixes
--------
- Fix the filtering introduced in 1.10.0rc3 to also apply to the state blocks returned by `/sync`. ([\#6884](https://github.com/matrix-org/synapse/issues/6884 ))
Synapse 1.10.0rc4 (2020-02-11)
==============================
This release candidate was built incorrectly and is superceded by 1.10.0rc5.
Synapse 1.10.0rc3 (2020-02-10)
==============================
Features
--------
- Filter out `m.room.aliases` from the CS API to mitigate abuse while a better solution is specced. ([\#6878](https://github.com/matrix-org/synapse/issues/6878 ))
Internal Changes
----------------
- Fix continuous integration failures with old versions of `pip`, which were introduced by a release of the `zipp` library. ([\#6880](https://github.com/matrix-org/synapse/issues/6880 ))
Synapse 1.10.0rc2 (2020-02-06)
==============================
Bugfixes
--------
- Fix an issue with cross-signing where device signatures were not sent to remote servers. ([\#6844](https://github.com/matrix-org/synapse/issues/6844 ))
- Fix to the unknown remote device detection which was introduced in 1.10.rc1. ([\#6848](https://github.com/matrix-org/synapse/issues/6848 ))
Internal Changes
----------------
- Detect unexpected sender keys on remote encrypted events and resync device lists. ([\#6850](https://github.com/matrix-org/synapse/issues/6850 ))
Synapse 1.10.0rc1 (2020-01-31)
==============================
Features
--------
- Add experimental support for updated authorization rules for aliases events, from [MSC2260](https://github.com/matrix-org/matrix-doc/pull/2260 ). ([\#6787](https://github.com/matrix-org/synapse/issues/6787 ), [\#6790](https://github.com/matrix-org/synapse/issues/6790 ), [\#6794](https://github.com/matrix-org/synapse/issues/6794 ))
Bugfixes
--------
- Warn if postgres database has a non-C locale, as that can cause issues when upgrading locales (e.g. due to upgrading OS). ([\#6734](https://github.com/matrix-org/synapse/issues/6734 ))
- Minor fixes to `PUT /_synapse/admin/v2/users` admin api. ([\#6761](https://github.com/matrix-org/synapse/issues/6761 ))
- Validate `client_secret` parameter using the regex provided by the Client-Server API, temporarily allowing `:` characters for older clients. The `:` character will be removed in a future release. ([\#6767](https://github.com/matrix-org/synapse/issues/6767 ))
- Fix persisting redaction events that have been redacted (or otherwise don't have a redacts key). ([\#6771](https://github.com/matrix-org/synapse/issues/6771 ))
- Fix outbound federation request metrics. ([\#6795](https://github.com/matrix-org/synapse/issues/6795 ))
- Fix bug where querying a remote user's device keys that weren't cached resulted in only returning a single device. ([\#6796](https://github.com/matrix-org/synapse/issues/6796 ))
- Fix race in federation sender worker that delayed sending of device updates. ([\#6799](https://github.com/matrix-org/synapse/issues/6799 ), [\#6800](https://github.com/matrix-org/synapse/issues/6800 ))
- Fix bug where Synapse didn't invalidate cache of remote users' devices when Synapse left a room. ([\#6801](https://github.com/matrix-org/synapse/issues/6801 ))
- Fix waking up other workers when remote server is detected to have come back online. ([\#6811](https://github.com/matrix-org/synapse/issues/6811 ))
Improved Documentation
----------------------
- Clarify documentation related to `user_dir` and `federation_reader` workers. ([\#6775](https://github.com/matrix-org/synapse/issues/6775 ))
Internal Changes
----------------
- Record room versions in the `rooms` table. ([\#6729](https://github.com/matrix-org/synapse/issues/6729 ), [\#6788](https://github.com/matrix-org/synapse/issues/6788 ), [\#6810](https://github.com/matrix-org/synapse/issues/6810 ))
- Propagate cache invalidates from workers to other workers. ([\#6748](https://github.com/matrix-org/synapse/issues/6748 ))
- Remove some unnecessary admin handler abstraction methods. ([\#6751](https://github.com/matrix-org/synapse/issues/6751 ))
- Add some debugging for media storage providers. ([\#6757](https://github.com/matrix-org/synapse/issues/6757 ))
- Detect unknown remote devices and mark cache as stale. ([\#6776](https://github.com/matrix-org/synapse/issues/6776 ), [\#6819](https://github.com/matrix-org/synapse/issues/6819 ))
- Attempt to resync remote users' devices when detected as stale. ([\#6786](https://github.com/matrix-org/synapse/issues/6786 ))
- Delete current state from the database when server leaves a room. ([\#6792](https://github.com/matrix-org/synapse/issues/6792 ))
- When a client asks for a remote user's device keys check if the local cache for that user has been marked as potentially stale. ([\#6797](https://github.com/matrix-org/synapse/issues/6797 ))
- Add background update to clean out left rooms from current state. ([\#6802](https://github.com/matrix-org/synapse/issues/6802 ), [\#6816](https://github.com/matrix-org/synapse/issues/6816 ))
- Refactoring work in preparation for changing the event redaction algorithm. ([\#6803](https://github.com/matrix-org/synapse/issues/6803 ), [\#6805](https://github.com/matrix-org/synapse/issues/6805 ), [\#6806](https://github.com/matrix-org/synapse/issues/6806 ), [\#6807](https://github.com/matrix-org/synapse/issues/6807 ), [\#6820](https://github.com/matrix-org/synapse/issues/6820 ))
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEdVkXOgzrGzds0jtrHgFcFF8ZFs0FAl5D780ACgkQHgFcFF8Z
Fs32MxAApvBbTGMhC5E2SLt8Yh4DSfDmg8yCPLMRVTdJuUQyUVgKYFSl9LqzqCGe
oLpzwbXXDpN1FYGuO3daFBSN3RaU1XCQPMayekTaF6Wvq9N9rNW1tAi6cQTjUf20
bTAxZljXAIkfXOMbahlFIqAtL+ItTbECKPW4zbndIbC4TiWw/bJPFHeSuoQbHbsI
TOgPjM4q2aydHFeTDL2Wqqm99pobPvnEji5sBzHOK+IyIaN0HZI7BZAsm38SDSEA
HQTW342RNl7Vm0t2KPdhBq/43r4ENKSUbZjCctFZA+iqbV2mmE96zd2pLOIh9OLP
7KoCDKlplQjInJjN3MQvPzn/cxHnZOmt3AwhQjfhOMcJWcwz00ouWp38oszgZi1c
8y1htf1/Tr26veYxF7umlPHT0h8LNj4Wi7ceQjoIDPu4X70X6vXOk5sJmeJ+KqI5
PJ4yUgw0erWX0I7jybavIvruyA9ZqCwk5FIIyG54IBIZLfughi/fcce49gfvJTa6
Rdjvp0g28qxynkRKq9hVOBSX/TRXTedHe8tHBvSzoDRScvI2aDWQYjJkmGzzLF6L
+eWiZ2ICJ2fs7XYIxPhEr/vSpmc/1R+k6vZIPeBTAs0muH8WoK2en6KZPmJ7C25L
2FHdA+1S1Ybqsvyue5S5Sl6yGcvpzGzc1R4mHoB0jZki2v3Cwcs=
=j25Z
-----END PGP SIGNATURE-----
Merge tag 'v1.10.0'
Synapse 1.10.0 (2020-02-12)
===========================
**WARNING to client developers**: As of this release Synapse validates `client_secret` parameters in the Client-Server API as per the spec. See [\#6766](https://github.com/matrix-org/synapse/issues/6766 ) for details.
Updates to the Docker image
---------------------------
- Update the docker images to Alpine Linux 3.11. ([\#6897](https://github.com/matrix-org/synapse/issues/6897 ))
Synapse 1.10.0rc5 (2020-02-11)
==============================
Bugfixes
--------
- Fix the filtering introduced in 1.10.0rc3 to also apply to the state blocks returned by `/sync`. ([\#6884](https://github.com/matrix-org/synapse/issues/6884 ))
Synapse 1.10.0rc4 (2020-02-11)
==============================
This release candidate was built incorrectly and is superceded by 1.10.0rc5.
Synapse 1.10.0rc3 (2020-02-10)
==============================
Features
--------
- Filter out `m.room.aliases` from the CS API to mitigate abuse while a better solution is specced. ([\#6878](https://github.com/matrix-org/synapse/issues/6878 ))
Internal Changes
----------------
- Fix continuous integration failures with old versions of `pip`, which were introduced by a release of the `zipp` library. ([\#6880](https://github.com/matrix-org/synapse/issues/6880 ))
Synapse 1.10.0rc2 (2020-02-06)
==============================
Bugfixes
--------
- Fix an issue with cross-signing where device signatures were not sent to remote servers. ([\#6844](https://github.com/matrix-org/synapse/issues/6844 ))
- Fix to the unknown remote device detection which was introduced in 1.10.rc1. ([\#6848](https://github.com/matrix-org/synapse/issues/6848 ))
Internal Changes
----------------
- Detect unexpected sender keys on remote encrypted events and resync device lists. ([\#6850](https://github.com/matrix-org/synapse/issues/6850 ))
Synapse 1.10.0rc1 (2020-01-31)
==============================
Features
--------
- Add experimental support for updated authorization rules for aliases events, from [MSC2260](https://github.com/matrix-org/matrix-doc/pull/2260 ). ([\#6787](https://github.com/matrix-org/synapse/issues/6787 ), [\#6790](https://github.com/matrix-org/synapse/issues/6790 ), [\#6794](https://github.com/matrix-org/synapse/issues/6794 ))
Bugfixes
--------
- Warn if postgres database has a non-C locale, as that can cause issues when upgrading locales (e.g. due to upgrading OS). ([\#6734](https://github.com/matrix-org/synapse/issues/6734 ))
- Minor fixes to `PUT /_synapse/admin/v2/users` admin api. ([\#6761](https://github.com/matrix-org/synapse/issues/6761 ))
- Validate `client_secret` parameter using the regex provided by the Client-Server API, temporarily allowing `:` characters for older clients. The `:` character will be removed in a future release. ([\#6767](https://github.com/matrix-org/synapse/issues/6767 ))
- Fix persisting redaction events that have been redacted (or otherwise don't have a redacts key). ([\#6771](https://github.com/matrix-org/synapse/issues/6771 ))
- Fix outbound federation request metrics. ([\#6795](https://github.com/matrix-org/synapse/issues/6795 ))
- Fix bug where querying a remote user's device keys that weren't cached resulted in only returning a single device. ([\#6796](https://github.com/matrix-org/synapse/issues/6796 ))
- Fix race in federation sender worker that delayed sending of device updates. ([\#6799](https://github.com/matrix-org/synapse/issues/6799 ), [\#6800](https://github.com/matrix-org/synapse/issues/6800 ))
- Fix bug where Synapse didn't invalidate cache of remote users' devices when Synapse left a room. ([\#6801](https://github.com/matrix-org/synapse/issues/6801 ))
- Fix waking up other workers when remote server is detected to have come back online. ([\#6811](https://github.com/matrix-org/synapse/issues/6811 ))
Improved Documentation
----------------------
- Clarify documentation related to `user_dir` and `federation_reader` workers. ([\#6775](https://github.com/matrix-org/synapse/issues/6775 ))
Internal Changes
----------------
- Record room versions in the `rooms` table. ([\#6729](https://github.com/matrix-org/synapse/issues/6729 ), [\#6788](https://github.com/matrix-org/synapse/issues/6788 ), [\#6810](https://github.com/matrix-org/synapse/issues/6810 ))
- Propagate cache invalidates from workers to other workers. ([\#6748](https://github.com/matrix-org/synapse/issues/6748 ))
- Remove some unnecessary admin handler abstraction methods. ([\#6751](https://github.com/matrix-org/synapse/issues/6751 ))
- Add some debugging for media storage providers. ([\#6757](https://github.com/matrix-org/synapse/issues/6757 ))
- Detect unknown remote devices and mark cache as stale. ([\#6776](https://github.com/matrix-org/synapse/issues/6776 ), [\#6819](https://github.com/matrix-org/synapse/issues/6819 ))
- Attempt to resync remote users' devices when detected as stale. ([\#6786](https://github.com/matrix-org/synapse/issues/6786 ))
- Delete current state from the database when server leaves a room. ([\#6792](https://github.com/matrix-org/synapse/issues/6792 ))
- When a client asks for a remote user's device keys check if the local cache for that user has been marked as potentially stale. ([\#6797](https://github.com/matrix-org/synapse/issues/6797 ))
- Add background update to clean out left rooms from current state. ([\#6802](https://github.com/matrix-org/synapse/issues/6802 ), [\#6816](https://github.com/matrix-org/synapse/issues/6816 ))
- Refactoring work in preparation for changing the event redaction algorithm. ([\#6803](https://github.com/matrix-org/synapse/issues/6803 ), [\#6805](https://github.com/matrix-org/synapse/issues/6805 ), [\#6806](https://github.com/matrix-org/synapse/issues/6806 ), [\#6807](https://github.com/matrix-org/synapse/issues/6807 ), [\#6820](https://github.com/matrix-org/synapse/issues/6820 ))
2020-02-12 13:23:22 +00:00
6b21986e4e
Also spell it out in the purge history API doc
2020-02-11 17:56:04 +00:00
a443d2a25d
Spell out that Synapse never purges the last event sent in a room
2020-02-11 17:37:09 +00:00
21db35f77e
Add support for putting fed user query API on workers ( #6873 )
2020-02-07 15:45:39 +00:00
de2d267375
Allow moving group read APIs to workers ( #6866 )
2020-02-07 11:14:19 +00:00
56ca93ef59
Admin api to add an email address ( #6789 )
2020-02-07 10:29:36 +00:00
f0561fcffd
Update documentation ( #6859 )
...
Update documentation to reflect the correct format of user_id (fully qualified).
2020-02-05 21:27:38 +00:00
02b44db922
Warn if postgres database has non-C locale. ( #6734 )
...
As using non-C locale can cause issues on upgrading OS.
2020-01-28 13:44:21 +00:00
1fe5001369
Fix federation_reader listeners doc as per PR review
...
Signed-off-by: Jason Robinson <jasonr@matrix.org>
2020-01-27 10:21:25 +02:00
aa6ad288f1
Clarifications to the workers documentation
...
* Add note that user_dir requires disabling user dir
updates from the main synapse process.
* Add note that federation_reader should have
the federation listener resource.
Signed-off-by: Jason Robinson <jasonr@matrix.org>
2020-01-24 11:08:50 +02:00
d31f5f4d89
Update admin room docs with correct endpoints ( #6770 )
2020-01-23 11:37:26 +00:00
90a28fb475
Admin API to list, filter and sort rooms ( #6720 )
2020-01-22 13:36:43 +00:00
5d7a6ad223
Allow streaming cache invalidate all to workers. ( #6749 )
2020-01-22 10:37:00 +00:00
a8a50f5b57
Wake up transaction queue when remote server comes back online ( #6706 )
...
This will be used to retry outbound transactions to a remote server if
we think it might have come back up.
2020-01-17 10:27:19 +00:00
5ce0b17e38
Clarify the `account_validity` and `email` sections of the sample configuration. ( #6685 )
...
Generally try to make this more comprehensible, and make it match the
conventions.
I've removed the documentation for all the settings which allow you to change
the names of the template files, because I can't really see why they are
useful.
2020-01-17 10:04:15 +00:00
1177d3f3a3
Quarantine media by ID or user ID ( #6681 )
2020-01-13 18:10:43 +00:00
47f4f493f0
Document more supported endpoints for workers ( #6698 )
2020-01-13 15:32:02 +00:00
d2906fe666
Allow admin users to create or modify users without a shared secret ( #6495 )
...
Signed-off-by: Manuel Stahl <manuel.stahl@awesome-technologies.de>
2020-01-09 13:31:00 +00:00
3889fcd9d7
Fix typo in message retention policies doc
2020-01-08 13:27:29 +00:00
cff1cb8685
Merge pull request #6624 from matrix-org/babolivier/retention_doc
...
Add complete documentation of the message retention policies support
2020-01-08 11:24:47 +00:00
2b6b7f482a
Merge pull request #6621 from matrix-org/babolivier/purge_job_config_typo
...
Fix a typo in the purge jobs configuration example
2020-01-07 16:17:40 +01:00
3675fb9bc6
Fix reference
2020-01-07 15:15:16 +00:00
7ba98a2874
Incorporate review
2020-01-07 15:14:33 +00:00
4be582d7c8
Merge branch 'develop' into babolivier/retention_doc
2020-01-07 15:07:19 +00:00
01fbd95736
Apply suggestions from code review
...
Co-Authored-By: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
2020-01-07 15:59:38 +01:00
391fb47791
Reword
2020-01-07 14:54:32 +00:00
3a86477162
Change the example from 5min to 12h
...
Have a purge job running every 5min is probably not something we want to advise admins to do as a sort-of default.
2020-01-07 14:53:07 +00:00
08815566bc
Automate generation of the sample and debian log configs ( #6627 )
2020-01-03 17:14:00 +00:00
98247c4a0e
Remove unused, undocumented "content repo" resource ( #6628 )
...
This looks like it got half-killed back in #888 .
Fixes #6567 .
2020-01-03 17:10:52 +00:00
b7dec300b7
Fix vacuum instructions for sqlite
2020-01-03 13:51:59 +01:00
9279a2c4e4
Add a complete documentation of the message retention policies support
2020-01-03 13:45:03 +01:00
dd2954f78d
Update sample config
2020-01-03 12:58:12 +01:00
0495097a7f
Added the section 'Configuration' in /docs/turn-howto.md ( #6614 )
...
put the 2nd part of the "source installation"-section into a new section, because it also applies to Debian packages
2020-01-02 10:41:30 +00:00
32779b59fa
Reword sections of federate.md that explained delegation at time of Synapse 1.0 transition ( #6601 )
...
* Remove sections of federate.md explaining delegation at time of Synapse 1.0 transition
Signed-off-by: Aaron Raimist <aaron@raim.ist>
* Add changelog
Signed-off-by: Aaron Raimist <aaron@raim.ist>
2020-01-02 10:28:20 +00:00
dc96943d51
Merge branch 'master' into develop
2019-12-31 11:01:06 +00:00
f03c877b32
sample log config
...
TODO: automate generation of this
2019-12-24 17:39:58 +00:00
b95b762560
Add an export_signing_key script ( #6546 )
...
I want to do some key rotation, and it is silly that we don't have a way to do
this.
2019-12-19 11:11:14 +00:00
bfb95654c9
Add option to allow profile queries without sharing a room ( #6523 )
2019-12-16 16:11:55 +00:00
0b90fc6ed2
Document Shutdown Room admin API ( #6541 )
2019-12-13 15:28:48 +00:00
f46e05d053
Merge branch 'master' into develop
2019-12-13 10:55:47 +00:00
bee1982d17
Synapse 1.7.0 (2019-12-13)
...
==========================
This release changes the default settings so that only local authenticated users can query the server's room directory. See the [upgrade notes](UPGRADE.rst#upgrading-to-v170) for details.
Support for SQLite versions before 3.11 is now deprecated. A future release will refuse to start if used with an SQLite version before 3.11.
Administrators are reminded that SQLite should not be used for production instances. Instructions for migrating to Postgres are available [here](docs/postgres.md). A future release of synapse will, by default, disable federation for servers using SQLite.
No significant changes since 1.7.0rc2.
Synapse 1.7.0rc2 (2019-12-11)
=============================
Bugfixes
--------
- Fix incorrect error message for invalid requests when setting user's avatar URL. ([\#6497](https://github.com/matrix-org/synapse/issues/6497 ))
- Fix support for SQLite 3.7. ([\#6499](https://github.com/matrix-org/synapse/issues/6499 ))
- Fix regression where sending email push would not work when using a pusher worker. ([\#6507](https://github.com/matrix-org/synapse/issues/6507 ), [\#6509](https://github.com/matrix-org/synapse/issues/6509 ))
Synapse 1.7.0rc1 (2019-12-09)
=============================
Features
--------
- Implement per-room message retention policies. ([\#5815](https://github.com/matrix-org/synapse/issues/5815 ), [\#6436](https://github.com/matrix-org/synapse/issues/6436 ))
- Add etag and count fields to key backup endpoints to help clients guess if there are new keys. ([\#5858](https://github.com/matrix-org/synapse/issues/5858 ))
- Add `/admin/v2/users` endpoint with pagination. Contributed by Awesome Technologies Innovationslabor GmbH. ([\#5925](https://github.com/matrix-org/synapse/issues/5925 ))
- Require User-Interactive Authentication for `/account/3pid/add`, meaning the user's password will be required to add a third-party ID to their account. ([\#6119](https://github.com/matrix-org/synapse/issues/6119 ))
- Implement the `/_matrix/federation/unstable/net.atleastfornow/state/<context>` API as drafted in MSC2314. ([\#6176](https://github.com/matrix-org/synapse/issues/6176 ))
- Configure privacy-preserving settings by default for the room directory. ([\#6355](https://github.com/matrix-org/synapse/issues/6355 ))
- Add ephemeral messages support by partially implementing [MSC2228](https://github.com/matrix-org/matrix-doc/pull/2228 ). ([\#6409](https://github.com/matrix-org/synapse/issues/6409 ))
- Add support for [MSC 2367](https://github.com/matrix-org/matrix-doc/pull/2367 ), which allows specifying a reason on all membership events. ([\#6434](https://github.com/matrix-org/synapse/issues/6434 ))
Bugfixes
--------
- Transfer non-standard power levels on room upgrade. ([\#6237](https://github.com/matrix-org/synapse/issues/6237 ))
- Fix error from the Pillow library when uploading RGBA images. ([\#6241](https://github.com/matrix-org/synapse/issues/6241 ))
- Correctly apply the event filter to the `state`, `events_before` and `events_after` fields in the response to `/context` requests. ([\#6329](https://github.com/matrix-org/synapse/issues/6329 ))
- Fix caching devices for remote users when using workers, so that we don't attempt to refetch (and potentially fail) each time a user requests devices. ([\#6332](https://github.com/matrix-org/synapse/issues/6332 ))
- Prevent account data syncs getting lost across TCP replication. ([\#6333](https://github.com/matrix-org/synapse/issues/6333 ))
- Fix bug: TypeError in `register_user()` while using LDAP auth module. ([\#6406](https://github.com/matrix-org/synapse/issues/6406 ))
- Fix an intermittent exception when handling read-receipts. ([\#6408](https://github.com/matrix-org/synapse/issues/6408 ))
- Fix broken guest registration when there are existing blocks of numeric user IDs. ([\#6420](https://github.com/matrix-org/synapse/issues/6420 ))
- Fix startup error when http proxy is defined. ([\#6421](https://github.com/matrix-org/synapse/issues/6421 ))
- Fix error when using synapse_port_db on a vanilla synapse db. ([\#6449](https://github.com/matrix-org/synapse/issues/6449 ))
- Fix uploading multiple cross signing signatures for the same user. ([\#6451](https://github.com/matrix-org/synapse/issues/6451 ))
- Fix bug which lead to exceptions being thrown in a loop when a cross-signed device is deleted. ([\#6462](https://github.com/matrix-org/synapse/issues/6462 ))
- Fix `synapse_port_db` not exiting with a 0 code if something went wrong during the port process. ([\#6470](https://github.com/matrix-org/synapse/issues/6470 ))
- Improve sanity-checking when receiving events over federation. ([\#6472](https://github.com/matrix-org/synapse/issues/6472 ))
- Fix inaccurate per-block Prometheus metrics. ([\#6491](https://github.com/matrix-org/synapse/issues/6491 ))
- Fix small performance regression for sending invites. ([\#6493](https://github.com/matrix-org/synapse/issues/6493 ))
- Back out cross-signing code added in Synapse 1.5.0, which caused a performance regression. ([\#6494](https://github.com/matrix-org/synapse/issues/6494 ))
Improved Documentation
----------------------
- Update documentation and variables in user contributed systemd reference file. ([\#6369](https://github.com/matrix-org/synapse/issues/6369 ), [\#6490](https://github.com/matrix-org/synapse/issues/6490 ))
- Fix link in the user directory documentation. ([\#6388](https://github.com/matrix-org/synapse/issues/6388 ))
- Add build instructions to the docker readme. ([\#6390](https://github.com/matrix-org/synapse/issues/6390 ))
- Switch Ubuntu package install recommendation to use python3 packages in INSTALL.md. ([\#6443](https://github.com/matrix-org/synapse/issues/6443 ))
- Write some docs for the quarantine_media api. ([\#6458](https://github.com/matrix-org/synapse/issues/6458 ))
- Convert CONTRIBUTING.rst to markdown (among other small fixes). ([\#6461](https://github.com/matrix-org/synapse/issues/6461 ))
Deprecations and Removals
-------------------------
- Remove admin/v1/users_paginate endpoint. Contributed by Awesome Technologies Innovationslabor GmbH. ([\#5925](https://github.com/matrix-org/synapse/issues/5925 ))
- Remove fallback for federation with old servers which lack the /federation/v1/state_ids API. ([\#6488](https://github.com/matrix-org/synapse/issues/6488 ))
Internal Changes
----------------
- Add benchmarks for structured logging and improve output performance. ([\#6266](https://github.com/matrix-org/synapse/issues/6266 ))
- Improve the performance of outputting structured logging. ([\#6322](https://github.com/matrix-org/synapse/issues/6322 ))
- Refactor some code in the event authentication path for clarity. ([\#6343](https://github.com/matrix-org/synapse/issues/6343 ), [\#6468](https://github.com/matrix-org/synapse/issues/6468 ), [\#6480](https://github.com/matrix-org/synapse/issues/6480 ))
- Clean up some unnecessary quotation marks around the codebase. ([\#6362](https://github.com/matrix-org/synapse/issues/6362 ))
- Complain on startup instead of 500'ing during runtime when `public_baseurl` isn't set when necessary. ([\#6379](https://github.com/matrix-org/synapse/issues/6379 ))
- Add a test scenario to make sure room history purges don't break `/messages` in the future. ([\#6392](https://github.com/matrix-org/synapse/issues/6392 ))
- Clarifications for the email configuration settings. ([\#6423](https://github.com/matrix-org/synapse/issues/6423 ))
- Add more tests to the blacklist when running in worker mode. ([\#6429](https://github.com/matrix-org/synapse/issues/6429 ))
- Refactor data store layer to support multiple databases in the future. ([\#6454](https://github.com/matrix-org/synapse/issues/6454 ), [\#6464](https://github.com/matrix-org/synapse/issues/6464 ), [\#6469](https://github.com/matrix-org/synapse/issues/6469 ), [\#6487](https://github.com/matrix-org/synapse/issues/6487 ))
- Port synapse.rest.client.v1 to async/await. ([\#6482](https://github.com/matrix-org/synapse/issues/6482 ))
- Port synapse.rest.client.v2_alpha to async/await. ([\#6483](https://github.com/matrix-org/synapse/issues/6483 ))
- Port SyncHandler to async/await. ([\#6484](https://github.com/matrix-org/synapse/issues/6484 ))
-----BEGIN PGP SIGNATURE-----
iQJEBAABCgAuFiEEumuwyPtYLL2OMhYdOtoG7cdT0R4FAl3zbaUQHGVyaWtAbWF0
cml4Lm9yZwAKCRA62gbtx1PRHqxED/9Ldjx5pxRm99Rkfhpv6qaw79GaQsAERW+i
rPzdC0u59PRDLyfB2MRGU+q4oTTmBN3APPuW79mhY4CRisKfUvw6tuaJM5avvRsF
vlY6m4ObewPXvK9dumlKD4ORqks45Sv0VGLHoZH4MLvWu/3Z+ycUn0qf+KNy0JrV
TNNnNfsEeo3FXrkLU/12TiEBqNTVCU2vi/nZaHoGlHtZGVoykyFk4z2i9hLKENH4
ScwaN4zeFRTIWYMiEb+kI/6QQLTASvar5FstwXPpM2F+aZhrMc5M7YsEe16jx+bQ
jOM1L67hMetcWWmE9QrgP030clIDg30xhNbVxFSD4WoGgEPFkf/zE91v0CF5ZMRJ
u83hlhe8tHoO8DOfVl2DNw3x6Evx4Vb5P8bvszNwKAyVDanvkSe0GvYm84B0Tat6
2UCyPR5mbU3fyiwpouaNYun8MppyMRQ/fCnNElvZwwoj9EQQcJ8QOnMK0pFv1AXV
n4wwXqRb+WvvbhnKPxTsiTK0DPBbIiGqo1TIONSbhPF+wySR3YV80HCWofd+qlRT
V+GbZihk4SCcmamgqYLeQYneOrIu6UWGP348t3scCz/RCUp7hmxaJhJ3GAC3hOmU
alN6tDJn7Lo0CwY2frX8xPS6S31sq9IZyDhHkaL0chsEa1rgWJMOK3FRp/b+c8yU
b3CEJObIjw==
=RQVG
-----END PGP SIGNATURE-----
Merge tag 'v1.7.0'
Synapse 1.7.0 (2019-12-13)
==========================
This release changes the default settings so that only local authenticated users can query the server's room directory. See the [upgrade notes](UPGRADE.rst#upgrading-to-v170) for details.
Support for SQLite versions before 3.11 is now deprecated. A future release will refuse to start if used with an SQLite version before 3.11.
Administrators are reminded that SQLite should not be used for production instances. Instructions for migrating to Postgres are available [here](docs/postgres.md). A future release of synapse will, by default, disable federation for servers using SQLite.
No significant changes since 1.7.0rc2.
Synapse 1.7.0rc2 (2019-12-11)
=============================
Bugfixes
--------
- Fix incorrect error message for invalid requests when setting user's avatar URL. ([\#6497](https://github.com/matrix-org/synapse/issues/6497 ))
- Fix support for SQLite 3.7. ([\#6499](https://github.com/matrix-org/synapse/issues/6499 ))
- Fix regression where sending email push would not work when using a pusher worker. ([\#6507](https://github.com/matrix-org/synapse/issues/6507 ), [\#6509](https://github.com/matrix-org/synapse/issues/6509 ))
Synapse 1.7.0rc1 (2019-12-09)
=============================
Features
--------
- Implement per-room message retention policies. ([\#5815](https://github.com/matrix-org/synapse/issues/5815 ), [\#6436](https://github.com/matrix-org/synapse/issues/6436 ))
- Add etag and count fields to key backup endpoints to help clients guess if there are new keys. ([\#5858](https://github.com/matrix-org/synapse/issues/5858 ))
- Add `/admin/v2/users` endpoint with pagination. Contributed by Awesome Technologies Innovationslabor GmbH. ([\#5925](https://github.com/matrix-org/synapse/issues/5925 ))
- Require User-Interactive Authentication for `/account/3pid/add`, meaning the user's password will be required to add a third-party ID to their account. ([\#6119](https://github.com/matrix-org/synapse/issues/6119 ))
- Implement the `/_matrix/federation/unstable/net.atleastfornow/state/<context>` API as drafted in MSC2314. ([\#6176](https://github.com/matrix-org/synapse/issues/6176 ))
- Configure privacy-preserving settings by default for the room directory. ([\#6355](https://github.com/matrix-org/synapse/issues/6355 ))
- Add ephemeral messages support by partially implementing [MSC2228](https://github.com/matrix-org/matrix-doc/pull/2228 ). ([\#6409](https://github.com/matrix-org/synapse/issues/6409 ))
- Add support for [MSC 2367](https://github.com/matrix-org/matrix-doc/pull/2367 ), which allows specifying a reason on all membership events. ([\#6434](https://github.com/matrix-org/synapse/issues/6434 ))
Bugfixes
--------
- Transfer non-standard power levels on room upgrade. ([\#6237](https://github.com/matrix-org/synapse/issues/6237 ))
- Fix error from the Pillow library when uploading RGBA images. ([\#6241](https://github.com/matrix-org/synapse/issues/6241 ))
- Correctly apply the event filter to the `state`, `events_before` and `events_after` fields in the response to `/context` requests. ([\#6329](https://github.com/matrix-org/synapse/issues/6329 ))
- Fix caching devices for remote users when using workers, so that we don't attempt to refetch (and potentially fail) each time a user requests devices. ([\#6332](https://github.com/matrix-org/synapse/issues/6332 ))
- Prevent account data syncs getting lost across TCP replication. ([\#6333](https://github.com/matrix-org/synapse/issues/6333 ))
- Fix bug: TypeError in `register_user()` while using LDAP auth module. ([\#6406](https://github.com/matrix-org/synapse/issues/6406 ))
- Fix an intermittent exception when handling read-receipts. ([\#6408](https://github.com/matrix-org/synapse/issues/6408 ))
- Fix broken guest registration when there are existing blocks of numeric user IDs. ([\#6420](https://github.com/matrix-org/synapse/issues/6420 ))
- Fix startup error when http proxy is defined. ([\#6421](https://github.com/matrix-org/synapse/issues/6421 ))
- Fix error when using synapse_port_db on a vanilla synapse db. ([\#6449](https://github.com/matrix-org/synapse/issues/6449 ))
- Fix uploading multiple cross signing signatures for the same user. ([\#6451](https://github.com/matrix-org/synapse/issues/6451 ))
- Fix bug which lead to exceptions being thrown in a loop when a cross-signed device is deleted. ([\#6462](https://github.com/matrix-org/synapse/issues/6462 ))
- Fix `synapse_port_db` not exiting with a 0 code if something went wrong during the port process. ([\#6470](https://github.com/matrix-org/synapse/issues/6470 ))
- Improve sanity-checking when receiving events over federation. ([\#6472](https://github.com/matrix-org/synapse/issues/6472 ))
- Fix inaccurate per-block Prometheus metrics. ([\#6491](https://github.com/matrix-org/synapse/issues/6491 ))
- Fix small performance regression for sending invites. ([\#6493](https://github.com/matrix-org/synapse/issues/6493 ))
- Back out cross-signing code added in Synapse 1.5.0, which caused a performance regression. ([\#6494](https://github.com/matrix-org/synapse/issues/6494 ))
Improved Documentation
----------------------
- Update documentation and variables in user contributed systemd reference file. ([\#6369](https://github.com/matrix-org/synapse/issues/6369 ), [\#6490](https://github.com/matrix-org/synapse/issues/6490 ))
- Fix link in the user directory documentation. ([\#6388](https://github.com/matrix-org/synapse/issues/6388 ))
- Add build instructions to the docker readme. ([\#6390](https://github.com/matrix-org/synapse/issues/6390 ))
- Switch Ubuntu package install recommendation to use python3 packages in INSTALL.md. ([\#6443](https://github.com/matrix-org/synapse/issues/6443 ))
- Write some docs for the quarantine_media api. ([\#6458](https://github.com/matrix-org/synapse/issues/6458 ))
- Convert CONTRIBUTING.rst to markdown (among other small fixes). ([\#6461](https://github.com/matrix-org/synapse/issues/6461 ))
Deprecations and Removals
-------------------------
- Remove admin/v1/users_paginate endpoint. Contributed by Awesome Technologies Innovationslabor GmbH. ([\#5925](https://github.com/matrix-org/synapse/issues/5925 ))
- Remove fallback for federation with old servers which lack the /federation/v1/state_ids API. ([\#6488](https://github.com/matrix-org/synapse/issues/6488 ))
Internal Changes
----------------
- Add benchmarks for structured logging and improve output performance. ([\#6266](https://github.com/matrix-org/synapse/issues/6266 ))
- Improve the performance of outputting structured logging. ([\#6322](https://github.com/matrix-org/synapse/issues/6322 ))
- Refactor some code in the event authentication path for clarity. ([\#6343](https://github.com/matrix-org/synapse/issues/6343 ), [\#6468](https://github.com/matrix-org/synapse/issues/6468 ), [\#6480](https://github.com/matrix-org/synapse/issues/6480 ))
- Clean up some unnecessary quotation marks around the codebase. ([\#6362](https://github.com/matrix-org/synapse/issues/6362 ))
- Complain on startup instead of 500'ing during runtime when `public_baseurl` isn't set when necessary. ([\#6379](https://github.com/matrix-org/synapse/issues/6379 ))
- Add a test scenario to make sure room history purges don't break `/messages` in the future. ([\#6392](https://github.com/matrix-org/synapse/issues/6392 ))
- Clarifications for the email configuration settings. ([\#6423](https://github.com/matrix-org/synapse/issues/6423 ))
- Add more tests to the blacklist when running in worker mode. ([\#6429](https://github.com/matrix-org/synapse/issues/6429 ))
- Refactor data store layer to support multiple databases in the future. ([\#6454](https://github.com/matrix-org/synapse/issues/6454 ), [\#6464](https://github.com/matrix-org/synapse/issues/6464 ), [\#6469](https://github.com/matrix-org/synapse/issues/6469 ), [\#6487](https://github.com/matrix-org/synapse/issues/6487 ))
- Port synapse.rest.client.v1 to async/await. ([\#6482](https://github.com/matrix-org/synapse/issues/6482 ))
- Port synapse.rest.client.v2_alpha to async/await. ([\#6483](https://github.com/matrix-org/synapse/issues/6483 ))
- Port SyncHandler to async/await. ([\#6484](https://github.com/matrix-org/synapse/issues/6484 ))
2019-12-13 10:55:33 +00:00
58fdcbdfe7
Update workers.md to make media_repository work (again) ( #6519 )
2019-12-11 16:23:38 +00:00
4947de5a14
Allow SAML username provider plugins ( #6411 )
2019-12-10 17:30:16 +00:00
649b6bc088
Replace /admin/v1/users_paginate endpoint with /admin/v2/users ( #5925 )
2019-12-05 18:12:23 +00:00
cb0aeb147e
privacy by default for room dir ( #6355 )
...
Ensure that the the default settings for the room directory are that the it is hidden from public view by default.
2019-12-04 09:46:16 +00:00
620f98b65b
write some docs for the quarantine_media api ( #6458 )
2019-12-03 18:20:39 +00:00
c48ea98007
Clarifications for the email configuration settings. ( #6423 )
...
Cf #6422
2019-11-28 09:29:18 +00:00
9e937c28ee
Merge branch 'develop' into babolivier/message_retention
2019-11-26 17:53:57 +00:00
24cc31ee96
Fix link to user_dir_populate.sql in the user directory docs ( #6388 )
2019-11-21 17:38:14 +00:00
473acedcdd
Merge branch 'develop' of github.com:matrix-org/synapse into anoa/homeserver_copy
...
* 'develop' of github.com:matrix-org/synapse:
Blacklist PurgeRoomTestCase (#6361 )
Set room version default to 5
2019-11-14 10:26:27 +00:00
a42567e4a8
Merge pull request #6220 from matrix-org/neilj/set_room_version_default_to_5
...
Set room version default to 5
2019-11-14 10:21:00 +00:00
e1648dc576
sample config
2019-11-12 13:15:59 +00:00
09957ce0e4
Implement per-room message retention policies
2019-11-04 17:09:22 +00:00
cc6243b4c0
document the REPLICATE command a bit better ( #6305 )
...
since I found myself wonder how it works
2019-11-04 12:40:18 +00:00
9677613e9c
Modify doc to update Google ReCaptcha terms ( #6257 )
2019-10-30 12:30:20 +00:00
46c12918ad
Fix typo in domain name in account_threepid_delegates config option ( #6273 )
2019-10-30 11:07:42 +00:00
2794b79052
Option to suppress resource exceeded alerting ( #6173 )
...
The expected use case is to suppress MAU limiting on small instances
2019-10-24 11:48:46 +01:00
409c62b27b
Add config linting script that checks for bool casing ( #6203 )
...
Add a linting script that enforces all boolean values in the default config be lowercase.
This has annoyed me for a while so I decided to fix it.
2019-10-23 13:22:54 +01:00
0327a00a37
Update postgres.md ( #6234 )
...
Added database owner authentication with `sudo` when `su` does not work
2019-10-22 13:48:02 +02:00
82c8799ec7
Set room version default to 5
2019-10-19 09:06:15 +01:00
be9b55e0d2
cas: support setting display name ( #6114 )
...
Now, the CAS server can return an attribute stating what's the desired displayname, instead of using the username directly.
2019-10-11 12:33:12 +01:00
baf12bc02a
Merge branch 'master' into develop
2019-10-02 14:41:02 +01:00
3423633d50
Fix 'redaction_retention_period' sampel config to match guidelines
2019-09-26 16:43:52 +01:00
8b8f8c7b3c
Explicitly log when a homeserver does not have a trusted key server configured ( #6090 )
2019-09-26 12:57:01 +01:00
4fb3c129aa
Merge branch 'develop' of github.com:matrix-org/synapse into erikj/cleanup_user_ips_2
2019-09-25 17:53:13 +01:00
39b50ad42a
Review comments
2019-09-25 17:22:33 +01:00
242017db8b
Prune rows in user_ips older than configured period
...
Defaults to pruning everything older than 28d.
2019-09-24 15:53:17 +01:00
ed8b92f0d2
Merge remote-tracking branch 'origin/develop' into rav/saml_mapping_work
2019-09-24 12:57:32 +01:00
50776261e1
Add submit_url response parameter to msisdn /requestToken ( #6079 )
...
Second part of solving #6076
Fixes #6076
We return a submit_url parameter on calls to POST */msisdn/requestToken so that clients know where to submit token information to.
2019-09-23 21:21:03 +01:00
78e8ec368e
Merge pull request #6064 from matrix-org/rav/saml_config_cleanup
...
Make the sample saml config closer to our standards
2019-09-23 20:36:51 +01:00
e08ea43463
Use the federation blacklist for requests to untrusted Identity Servers ( #6000 )
...
Uses a SimpleHttpClient instance equipped with the federation_ip_range_blacklist list for requests to identity servers provided by user input. Does not use a blacklist when contacting identity servers specified by account_threepid_delegates. The homeserver trusts the latter and we don't want to prevent homeserver admins from specifying delegates that are on internal IP addresses.
Fixes #5935
2019-09-23 20:23:20 +01:00
df3401a71d
Allow HS to send emails when adding an email to the HS ( #6042 )
2019-09-20 15:21:30 +01:00
b65327ff66
Merge branch 'develop' into rav/saml_mapping_work
2019-09-19 18:13:31 +01:00
b789c7eb03
Merge branch 'develop' into rav/saml_config_cleanup
2019-09-19 15:05:31 +01:00
38fd1f8e3f
Fix typo in account_threepid_delegates config ( #6028 )
2019-09-18 22:30:44 +01:00
7100b5cc9d
fix sample config
...
this was apparently broken by #6040 .
2019-09-18 10:16:00 +01:00
379d2a8c39
( #5849 ) Convert rst to markdown ( #6040 )
...
Converting some of the rst documentation to markdown. Attempted to
preserve whitespace and line breaks to minimize cosmetic change.
2019-09-17 12:55:29 +01:00
a8ac40445c
Record mappings from saml users in an external table
...
We want to assign unique mxids to saml users based on an incrementing
suffix. For that to work, we need to record the allocated mxid in a separate
table.
2019-09-13 16:01:46 +01:00
785cbd3999
Make the sample saml config closer to our standards
...
It' still not great, thanks to the nested dictionaries, but it's better.
2019-09-13 12:07:03 +01:00
c755955f33
Add developer docs for using SAML without a server ( #6032 )
2019-09-13 08:58:18 +01:00
1c7df13e7b
add explanations on how to actually include an access_token ( #6031 )
2019-09-13 08:50:17 +01:00
dd2e5b0038
add report_stats_endpoint config option ( #6012 )
...
This PR adds the optional `report_stats_endpoint` to configure where stats are reported to, if enabled.
2019-09-12 11:24:57 +01:00
66ace43546
Update sample config
2019-09-11 14:50:40 +01:00
8df88b5ff3
Update sample config
2019-09-11 10:58:26 +01:00
470dc621ae
Merge pull request #5934 from matrix-org/erikj/censor_redactions
...
Censor redactions in DB after a month
2019-09-09 15:29:39 +01:00
8b9ade8c78
Default to censoring redactions after seven days
2019-09-09 13:55:28 +01:00
55d5b3af88
Servers-known-about statistic ( #5981 )
2019-09-07 01:45:51 +10:00
0c0b82b6d1
Allow Synapse to send registration emails + choose Synapse or an external server to handle 3pid validation ( #5987 )
...
This is a combination of a few different PRs, finally all being merged into `develop`:
* #5875
* #5876
* #5868 (This one added the `/versions` flag but the flag itself was actually [backed out](891afb57cb (diff-e591d42d30690ffb79f63bb726200891)#5969 . What's left is just giving /versions access to the config file, which could be useful in the future)
* #5835
* #5969
* #5940
Clients should not actually use the new registration functionality until https://github.com/matrix-org/synapse/pull/5972 is merged.
UPGRADE.rst, changelog entries and config file changes should all be reviewed closely before this PR is merged.
2019-09-06 11:35:28 +01:00
591d82f06b
Merge branch 'develop' of github.com:matrix-org/synapse into erikj/censor_redactions
2019-09-05 17:27:46 +01:00
3ff0422d2d
Make redaction retention period configurable
2019-09-05 17:16:45 +01:00
6e834e94fc
Fix and refactor room and user stats ( #5971 )
...
Previously the stats were not being correctly populated.
2019-09-04 13:04:27 +01:00
92c1550f4a
Add a link to python's logging config schema ( #5926 )
2019-08-28 19:08:32 +01:00
6d97843793
Config templating ( #5900 )
...
Template config files
* Imagine a system composed entirely of x, y, z etc and the basic operations..
Wait George, why XOR? Why not just neq?
George: Eh, I didn't think of that..
Co-Authored-By: Erik Johnston <erik@matrix.org>
2019-08-28 13:12:22 +01:00
7dc398586c
Implement a structured logging output system. ( #5680 )
2019-08-28 21:18:53 +10:00
a3f0635686
Merge pull request #5914 from matrix-org/rei/admin_getadmin
...
Add GET method to admin API /users/@user:dom/admin
2019-08-28 09:44:22 +01:00
1b959b6977
Document GET method for retrieving admin bit of user in admin API
...
Signed-off-by: Olivier Wilkinson (reivilibre) <olivier@librepush.net>
2019-08-27 13:19:19 +01:00
f5b50d0871
Merge pull request #5895 from matrix-org/erikj/notary_key
...
Add config option to sign remote key query responses with a separate key.
2019-08-27 11:51:37 +01:00
1a7e6eb633
Add Admin API capability to set adminship of a user ( #5878 )
...
Admin API: Set adminship of a user
2019-08-27 10:14:00 +01:00
7af5a63063
Fixup review comments
2019-08-23 15:36:28 +01:00
8767b63a82
Propagate opentracing contexts through EDUs ( #5852 )
...
Propagate opentracing contexts through EDUs
Co-Authored-By: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
2019-08-22 18:21:10 +01:00
119aa31b10
Servlet to purge old rooms ( #5845 )
2019-08-22 10:42:59 +01:00
5906be8589
Add config option for keys to use to sign keys
...
This allows servers to separate keys that are used to sign remote keys
when acting as a notary server.
2019-08-21 10:44:58 +01:00
0b6fbb28a8
Don't load the media repo when configured to use an external media repo ( #5754 )
2019-08-13 21:49:28 +10:00
f25f638c35
Lint
2019-08-01 12:19:08 +02:00
3ff3dfe5a3
Sample config
2019-08-01 12:08:25 +02:00
8c97f6414c
Remove non-functional 'expire_access_token' setting ( #5782 )
...
The `expire_access_token` didn't do what it sounded like it should do. What it
actually did was make Synapse enforce the 'time' caveat on macaroons used as
access tokens, but since our access token macaroons never contained such a
caveat, it was always a no-op.
(The code to add 'time' caveats was removed back in v0.18.5, in #1656 )
2019-07-30 08:25:02 +01:00
865077f1d1
Room Complexity Client Implementation ( #5783 )
2019-07-30 02:47:27 +10:00
3641784e8c
Make Jaeger fully configurable ( #5694 )
...
* Allow Jaeger to be configured
* Update sample config
2019-07-23 15:46:04 +01:00
4806651744
Replace returnValue with return ( #5736 )
2019-07-23 23:00:55 +10:00
0fd171770a
Merge branch 'release-v1.2.0' into develop
2019-07-22 11:18:50 +01:00
826e6ec3bd
Opentracing Documentation ( #5703 )
...
* Opentracing survival guide
* Update decorator names in doc
* Doc cleanup
These are all alterations as a result of comments in #5703 , it
includes mostly typos and clarifications. The most interesting
changes are:
- Split developer and user docs into two sections
- Add a high level description of OpenTracing
* newsfile
* Move contributer specific info to docstring.
* Sample config.
* Trailing whitespace.
* Update 5703.misc
* Apply suggestions from code review
Mostly just rewording parts of the docs for clarity.
Co-Authored-By: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
2019-07-22 11:15:21 +01:00
b73ce4ba81
Update the coding style doc ( #5719 )
...
A few fixes and removal of duplicated stuff, but mostly a bunch of the words on the config file.
2019-07-19 11:55:14 +01:00
82345bc09a
Clean up opentracing configuration options ( #5712 )
...
Clean up config settings and dead code.
This is mostly about cleaning up the config format, to bring it into line with our conventions. In particular:
* There should be a blank line after `## Section ##' headings
* There should be a blank line between each config setting
* There should be a `#`-only line between a comment and the setting it describes
* We don't really do the `# #` style commenting-out of whole sections if we can help it
* rename `tracer_enabled` to `enabled`
While we're here, do more config parsing upfront, which makes it easier to use
later on.
Also removes redundant code from LogContextScopeManager.
Also changes the changelog fragment to a `feature` - it's exciting!
2019-07-18 15:06:54 +01:00
7ad1d76356
Support Prometheus_client 0.4.0+ ( #5636 )
2019-07-18 23:57:15 +10:00
1def298119
Improve `Depends` specs in debian package. ( #5675 )
...
This is basically a contrived way of adding a `Recommends` on `libpq5`, to fix #5653 .
The way this is supposed to happen in debhelper is to run
`dh_shlibdeps`, which in turn runs `dpkg-shlibdeps`, which spits things out
into `debian/<package>.substvars` whence they can later be included by
`control`.
Previously, we had disabled `dh_shlibdeps`, mostly because `dpkg-shlibdeps`
gets confused about PIL's interdependent objects, but that's not really the
right thing to do and there is another way to work around that.
Since we don't always use postgres, we don't necessarily want a hard Depends on
libpq5, so I've actually ended up adding an explicit invocation of
`dpkg-shlibdeps` for `psycopg2`.
I've also updated the build-depends list for the package, which was missing a
couple of entries.
2019-07-17 17:47:07 +01:00
5f158ec039
Implement access token expiry ( #5660 )
...
Record how long an access token is valid for, and raise a soft-logout once it
expires.
2019-07-12 17:26:02 +01:00
d445b3ae57
Update reverse_proxy.rst ( #5397 )
...
Updates reverse_proxy.rst with information about nginx' URI normalisation.
2019-07-12 11:46:18 +01:00
39e9839a04
Improved docs on setting up Postgresql ( #5661 )
...
Added that synapse_user needs a database to access before it can auth
Noted you'll need to enable password auth, linked to pg_hba.conf docs
2019-07-11 14:31:36 +01:00
38a6d3eea7
Add basic opentracing support ( #5544 )
...
* Configure and initialise tracer
Includes config options for the tracer and sets up JaegerClient.
* Scope manager using LogContexts
We piggy-back our tracer scopes by using log context.
The current log context gives us the current scope. If new scope is
created we create a stack of scopes in the context.
* jaeger is a dependency now
* Carrier inject and extraction for Twisted Headers
* Trace federation requests on the way in and out.
The span is created in _started_processing and closed in
_finished_processing because we need a meaningful log context.
* Create logcontext for new scope.
Instead of having a stack of scopes in a logcontext we create a new
context for a new scope if the current logcontext already has a scope.
* Remove scope from logcontext if logcontext is top level
* Disable tracer if not configured
* typo
* Remove dependence on jaeger internals
* bools
* Set service name
* :Explicitely state that the tracer is disabled
* Black is the new black
* Newsfile
* Code style
* Use the new config setup.
* Generate config.
* Copyright
* Rename config to opentracing
* Remove user whitelisting
* Empty whitelist by default
* User ConfigError instead of RuntimeError
* Use isinstance
* Use tag constants for opentracing.
* Remove debug comment and no need to explicitely record error
* Two errors a "s(c)entry"
* Docstrings!
* Remove debugging brainslip
* Homeserver Whitlisting
* Better opentracing config comment
* linting
* Inclue worker name in service_name
* Make opentracing an optional dependency
* Neater config retreival
* Clean up dummy tags
* Instantiate tracing as object instead of global class
* Inlcude opentracing as a homeserver member.
* Thread opentracing to the request level
* Reference opetnracing through hs
* Instantiate dummy opentracin g for tests.
* About to revert, just keeping the unfinished changes just in case
* Revert back to global state, commit number:
9ce4a3d906
2019-07-11 10:36:03 +01:00
463b072b12
Move logging utilities out of the side drawer of util/ and into logging/ ( #5606 )
2019-07-04 00:07:04 +10:00
b4fd86a9b4
Merge branch 'develop' into rav/saml2_client
2019-07-01 14:21:03 +01:00
be3b901ccd
Update the TLS cipher string and provide configurability for TLS on outgoing federation ( #5550 )
2019-06-28 18:19:09 +10:00
9646a593ac
Added possibilty to disable local password authentication ( #5092 )
...
Signed-off-by: Daniel Hoffend <dh@dotlan.net>
2019-06-27 18:37:29 +01:00
c548dbc4b1
Make it clearer that the template dir is relative to synapse's root dir ( #5543 )
...
Helps address #5444
2019-06-27 18:20:17 +01:00
47fa836abb
Merge pull request #5313 from twrist/patch-1
...
Update HAProxy example rules
2019-06-27 00:53:48 +01:00
dde4118341
update sample config
2019-06-27 00:41:04 +01:00
a0acfcc73e
update sample config
2019-06-26 23:56:28 +01:00
3eb8c7b0eb
Merge branch 'master' into develop
...
* master:
Fix broken link in MSC1711 FAQ
Update changelog to better expain password reset change (#5545 )
2019-06-25 18:08:56 +01:00
c8cb186260
Fix broken link in MSC1711 FAQ
2019-06-25 12:27:56 +01:00
28604ab03d
Add info about black to code_style.rst ( #5537 )
...
Fixes #5533
Adds information about how to install and run black on the codebase.
2019-06-24 17:48:05 +01:00
4ac7ef4b67
Merge pull request #5524 from matrix-org/rav/new_cmdline_options
...
Add --data-dir and --open-private-ports options.
2019-06-24 17:25:57 +01:00
deb4fe6ef3
Merge pull request #5534 from matrix-org/babolivier/federation-publicrooms
...
Split public rooms directory auth config in two
2019-06-24 16:08:02 +01:00
bfe84e051e
Split public rooms directory auth config in two
2019-06-24 15:42:31 +01:00
3f8a252dd8
Add "--open-private-ports" cmdline option
...
This is helpful when generating a config file for running synapse under docker.
2019-06-24 14:15:34 +01:00
edea4bb5be
Allow configuration of the path used for ACME account keys.
...
Because sticking it in the same place as the config isn't necessarily the right
thing to do.
2019-06-24 13:51:22 +01:00
6cda36777b
Drop support for cpu_affinity ( #5525 )
...
This has no useful purpose on python3, and is generally a source of confusion.
2019-06-22 11:01:55 +10:00
60b912cf0d
Update docs/workers.rst
...
E_TOO_MANY_NEGATIVES
Co-Authored-By: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
2019-06-21 11:54:03 +01:00
f3ab533374
Support pagination API in client_reader worker
2019-06-21 10:43:12 +01:00
32e7c9e7f2
Run Black. ( #5482 )
2019-06-20 19:32:02 +10:00
eba7caf09f
Remove Postgres 9.4 support ( #5448 )
2019-06-18 00:59:00 +10:00
f12e1f029c
Merge pull request #5440 from matrix-org/babolivier/third_party_event_rules
...
Allow server admins to define implementations of extra rules for allowing or denying incoming events
2019-06-14 19:37:59 +01:00
f874b16b2e
Add plugin APIs for implementations of custom event rules.
2019-06-14 18:16:03 +01:00
426218323b
Neilj/improve federation docs ( #5419 )
...
Add FAQ questions to federate.md. Add a health warning making it clear that the 1711 upgrade FAQ is now out of date.
2019-06-11 12:17:43 +01:00
a11865016e
Set default room version to v4. ( #5379 )
...
Set default room version to v4.
2019-06-06 20:13:47 +01:00
3719680ee4
Add ability to perform password reset via email without trusting the identity server ( #5377 )
...
Sends password reset emails from the homeserver instead of proxying to the identity server. This is now the default behaviour for security reasons. If you wish to continue proxying password reset requests to the identity server you must now enable the email.trust_identity_server_for_password_resets option.
This PR is a culmination of 3 smaller PRs which have each been separately reviewed:
* #5308
* #5345
* #5368
2019-06-06 17:34:07 +01:00
9fbb20a531
Stop hardcoding trust of old matrix.org key ( #5374 )
...
There are a few changes going on here:
* We make checking the signature on a key server response optional: if no
verify_keys are specified, we trust to TLS to validate the connection.
* We change the default config so that it does not require responses to be
signed by the old key.
* We replace the old 'perspectives' config with 'trusted_key_servers', which
is also formatted slightly differently.
* We emit a warning to the logs every time we trust a key server response
signed by the old key.
2019-06-06 17:33:11 +01:00
833c406b9b
Neilj/1.0 upgrade notes ( #5371 )
...
1.0 upgrade/install notes
2019-06-06 17:23:02 +01:00
7603a706eb
Merge branch 'rav/fix_custom_ca' into rav/enable_tls_verification
2019-06-05 16:32:35 +01:00
b4f1cd31f4
Update sample config
2019-06-05 15:30:10 +01:00
95ab2eb4a1
Fix notes about well-known and acme ( #5357 )
...
fixes #4951
2019-06-05 15:12:33 +01:00
26713515de
Neilj/mau tracking config explainer ( #5284 )
...
Improve documentation of monthly active user blocking and mau_trial_days
2019-06-05 13:16:23 +01:00
145f57897d
Update HAProxy example rules
...
These new rules allow a user to instead route only matrix traffic, allowing them to run matrix on the domain without affecting their existing websites
2019-06-02 23:10:27 +08:00
58cce39f3a
Merge pull request #5276 from matrix-org/babolivier/account_validity_job_delta
...
Allow configuring a range for the account validity startup job
2019-05-31 12:11:56 +01:00
e975b15101
Sample config
2019-05-31 11:14:21 +01:00
6bfc5ad3a1
Sample config
2019-05-31 09:56:57 +01:00
3e1af5109c
Clarify that the admin change password endpoint logs them out ( #5303 )
2019-05-31 09:45:46 +01:00
8541db741a
Merge pull request #5283 from aaronraimist/captcha-docs
...
Specify the type of reCAPTCHA key to use (#5013 )
2019-05-29 19:02:27 +01:00
0729ef01f8
regenerate sample config
2019-05-29 16:41:25 +10:00
f795595e95
Specify the type of reCAPTCHA key to use ( #5013 )
...
Signed-off-by: Aaron Raimist <aaron@raim.ist>
2019-05-28 22:04:27 -05:00
9b6f72663e
Fix docs on resetting the user directory ( #5036 )
...
Signed-off-by: Aaron Raimist <aaron@raim.ist>
2019-05-28 20:54:01 -05:00
4aba561c65
Config and changelog
2019-05-28 16:55:10 +01:00
dba9152d15
Add missing blank line in config ( #5249 )
2019-05-24 14:12:38 +01:00
6368150a74
Add config option for setting homeserver's default room version ( #5223 )
...
Replaces DEFAULT_ROOM_VERSION constant with a method that first checks the config, then returns a hardcoded value if the option is not present.
That hardcoded value is now located in the server.py config file.
2019-05-23 15:00:20 +01:00
4a30e4acb4
Room Statistics ( #4338 )
2019-05-21 11:36:50 -05:00
6a5a70edf0
Merge pull request #5204 from matrix-org/babolivier/account_validity_expiration_date
...
Add startup background job for account validity
2019-05-21 14:55:15 +01:00
384122efa8
Doc
2019-05-21 14:39:36 +01:00
da5ef0bb42
Merge remote-tracking branch 'origin/master' into develop
2019-05-17 12:39:48 +01:00
7ce1f97a13
Stop telling people to install the optional dependencies. ( #5197 )
...
* Stop telling people to install the optional dependencies.
They're optional.
Also update the postgres docs a bit for clarity(?)
2019-05-17 12:38:03 +01:00
a5fe16c5a7
Changelog + sample config
2019-05-16 15:11:37 +01:00
f1e5b41388
Make all the rate limiting options more consistent ( #5181 )
2019-05-15 12:06:04 -05:00
5a4b328f52
Add ability to blacklist ip ranges for federation traffic ( #5043 )
2019-05-13 19:05:06 +01:00
cd3f30014a
Make Prometheus snippet less confusing on the metrics collection doc ( #4288 )
...
Signed-off-by: Gergely Polonkai <gergely@polonkai.eu>
2019-05-10 09:15:08 +01:00
d9a02d1201
Add AllowEncodedSlashes to apache ( #5068 )
...
* Add AllowEncodedSlashes to apache
Add `AllowEncodedSlashes On` to apache config to support encoding for v3 rooms. "The AllowEncodedSlashes setting is not inherited by virtual hosts, and virtual hosts are used in many default Apache configurations, such as the one in Ubuntu. The workaround is to add the AllowEncodedSlashes setting inside a <VirtualHost> container (/etc/apache2/sites-available/default in Ubuntu)." Source: https://stackoverflow.com/questions/4390436/need-to-allow-encoded-slashes-on-apache
* change allowencodedslashes to nodecode
2019-05-09 23:27:04 +01:00
c0e0740bef
add options to require an access_token to GET /profile and /publicRooms on CS API ( #5083 )
...
This commit adds two config options:
* `restrict_public_rooms_to_local_users`
Requires auth to fetch the public rooms directory through the CS API and disables fetching it through the federation API.
* `require_auth_for_profile_requests`
When set to `true`, requires that requests to `/profile` over the CS API are authenticated, and only returns the user's profile if the requester shares a room with the profile's owner, as per MSC1301.
MSC1301 also specifies a behaviour for federation (only returning the profile if the server asking for it shares a room with the profile's owner), but that's currently really non-trivial to do in a not too expensive way. Next step is writing down a MSC that allows a HS to specify which user sent the profile query. In this implementation, Synapse won't send a profile query over federation if it doesn't believe it already shares a room with the profile's owner, though.
Groups have been intentionally omitted from this commit.
2019-05-08 18:26:56 +01:00
59e2d2694d
Remove the requirement to authenticate for /admin/server_version. ( #5122 )
...
This endpoint isn't much use for its intended purpose if you first need to get
yourself an admin's auth token.
I've restricted it to the `/_synapse/admin` path to make it a bit easier to
lock down for those concerned about exposing this information. I don't imagine
anyone is using it in anger currently.
2019-05-07 09:29:30 +01:00
3fdff14207
Fix spelling in server notices admin API docs ( #5142 )
2019-05-06 22:15:02 +01:00
4804206dbe
Fix sample config
...
... after it got broken in 1565ebec2c
2019-05-06 22:13:35 +01:00
836d3adcce
Merge branch 'master' into develop
2019-05-03 19:25:01 +01:00
1565ebec2c
more config comment updates
2019-05-03 15:50:59 +01:00
1a7104fde3
Blacklist 0.0.0.0 and :: by default for URL previews
2019-05-03 15:35:49 +01:00
12f9d51e82
Add admin api for sending server_notices ( #5121 )
2019-05-02 11:59:16 +01:00
c193b39134
Merge pull request #5124 from matrix-org/babolivier/aliases
...
Add some limitations to alias creation
2019-05-02 11:22:40 +01:00
84196cb231
Add some limitations to alias creation
2019-05-02 11:05:11 +01:00
cc4bd762df
Fix sample config
2019-05-01 16:48:23 +01:00
8e9ca83537
Move admin API to a new prefix
2019-05-01 15:44:30 +01:00
c1799b0f85
Merge pull request #5116 from matrix-org/babolivier/account_expiration
...
Fix path in account validity admin route's doc
2019-05-01 11:59:56 +01:00
031919dafb
Fix whole path for admin route
2019-05-01 11:38:27 +01:00
d8e357b7cf
Fix typo in account validity admin route
2019-05-01 11:34:22 +01:00
6824ddd93d
Config option for verifying federation certificates (MSC 1711) ( #4967 )
2019-04-25 14:22:49 +01:00
ca90336a69
Merge branch 'develop' of github.com:matrix-org/synapse into babolivier/account_expiration
2019-04-17 19:44:40 +01:00
eaf41a943b
Add management endpoints for account validity
2019-04-17 19:34:45 +01:00
91934025b9
Merge pull request #5047 from matrix-org/babolivier/account_expiration
...
Send out emails with links to extend an account's validity period
2019-04-17 14:57:39 +01:00
20f0617e87
Send out emails with links to extend an account's validity period
2019-04-17 14:42:20 +01:00
6e27a8620f
Merge pull request #5063 from matrix-org/erikj/move_endpoints
...
Move some rest endpoints to client reader
2019-04-15 18:55:01 +01:00
ec638a1602
Only handle GET requests for /push_rules
2019-04-15 18:51:48 +01:00
d5adf297e6
Move some rest endpoints to client reader
2019-04-15 17:21:03 +01:00
bfc8fdf1fc
Merge pull request #5027 from matrix-org/babolivier/account_expiration
...
Add time-based account expiration
2019-04-09 17:02:41 +01:00
747aa9f8ca
Add account expiration feature
2019-04-09 16:46:04 +01:00
b25e387c0d
add context to phonehome stats ( #5020 )
...
add context to phonehome stats
2019-04-08 15:47:39 +01:00
8e85493b0c
Add config option to block users from looking up 3PIDs ( #5010 )
2019-04-04 17:25:47 +01:00
c192bf8970
Add admin API for group deletion
2019-04-03 16:29:52 +01:00
bbd244c7b2
Support 3PID login in password providers ( #4931 )
...
Adds a new method, check_3pid_auth, which gives password providers
the chance to allow authentication with third-party identifiers such
as email or msisdn.
2019-03-26 17:48:30 +00:00
7105057cf2
Fix nginx example in ACME doc. ( #4923 )
2019-03-25 09:59:36 +00:00
ab4e4c6c2f
Update Apache Setup To Remove Location Syntax ( #4870 )
...
This one should close #4841 . Many thanks to @dev4223 for bringing it up and finding a solution.
Signed-off-by: Colin White
2019-03-21 14:05:56 +00:00
09f991a63d
Merge pull request #4896 from matrix-org/erikj/disable_room_directory
...
Add option to disable search room lists
2019-03-21 10:16:54 +00:00
263f2c9ce1
Merge pull request #4895 from matrix-org/erikj/disable_user_search
...
Add option to disable searching in the user dir
2019-03-20 16:47:15 +00:00
a902d13180
Batch up outgoing read-receipts to reduce federation traffic. ( #4890 )
...
Rate-limit outgoing read-receipts as per #4730 .
2019-03-20 16:02:25 +00:00
cd8c5b91ad
Fix up sample config
2019-03-20 14:35:41 +00:00
926f29ea6d
Fix up config comments
2019-03-20 14:24:53 +00:00
213c98c00a
Add option to disable search room lists
...
This disables both local and remote room list searching.
2019-03-19 17:10:52 +00:00
855bf4658d
Update sample config
2019-03-19 16:47:04 +00:00
b616a8717b
Add note on tuning postgres
2019-03-19 16:05:32 +00:00
d2a537ea60
Merge remote-tracking branch 'origin/master' into develop
2019-03-19 10:37:50 +00:00
9482a84c0a
Repoint docs for federation ( #4881 )
2019-03-19 10:37:18 +00:00
fd463b4f5d
Comment out most options in the generated config. ( #4863 )
...
Make it so that most options in the config are optional, and commented out in
the generated config.
The reasons this is a good thing are as follows:
* If we decide that we should change the default for an option, we can do so,
and only those admins that have deliberately chosen to override that option
will be stuck on the old setting.
* It moves us towards a point where we can get rid of the super-surprising
feature of synapse where the default settings for the config come from the
generated yaml.
* It makes setting up a test config for unit testing an order of magnitude
easier (see forthcoming PR).
* It makes the generated config more consistent, and hopefully easier for users
to understand.
2019-03-19 10:06:40 +00:00
651ad8bc96
Add ratelimiting on failed login attempts ( #4865 )
2019-03-18 12:57:20 +00:00
899e523d6d
Add ratelimiting on login ( #4821 )
...
Add two ratelimiters on login (per-IP address and per-userID).
2019-03-15 17:46:16 +00:00
9ffadcdbad
fix some typos in federate.md
2019-03-15 09:43:24 +00:00
7998ca3a66
Document using a certificate with a full chain ( #4849 )
2019-03-13 15:26:29 +00:00
332b60ec68
Merge branch 'master' of github.com:matrix-org/synapse into develop
2019-03-12 17:15:21 +00:00
83193a9362
fix orphaned sentence
2019-03-12 16:57:17 +00:00
8b692bf7c2
Neilj/improved delegation doc 2 ( #4832 )
...
Improved federation configuration docs. Specifically detailing .well-known and SRV based delegation methods.
Inspiration Valentin Lab <valentin.lab@kalysto.org> for https://github.com/matrix-org/synapse/pull/4781
2019-03-12 14:23:28 +00:00
8ea1b41a0e
Clarify what registration_shared_secret allows for ( #2885 ) ( #4844 )
...
* Clarify what registration_shared_secret allows for (#2885 )
Signed-off-by: Aaron Raimist <aaron@raim.ist>
* Add changelog
Signed-off-by: Aaron Raimist <aaron@raim.ist>
2019-03-11 18:21:52 +00:00
8f4b9f5210
Reword the sample config header to be less scary ( #4801 )
2019-03-07 07:09:01 +00:00
c23e8c3333
Update sample config
2019-03-05 18:03:48 +00:00
16c8b4ecbd
Merge pull request #4772 from jbweston/jbweston/server-version-api
...
Add 'server_version' endpoint to admin API
2019-03-05 16:31:00 +00:00
a4c3a361b7
Add rate-limiting on registration ( #4735 )
...
* Rate-limiting for registration
* Add unit test for registration rate limiting
* Add config parameters for rate limiting on auth endpoints
* Doc
* Fix doc of rate limiting function
Co-Authored-By: babolivier <contact@brendanabolivier.com>
* Incorporate review
* Fix config parsing
* Fix linting errors
* Set default config for auth rate limiting
* Fix tests
* Add changelog
* Advance reactor instead of mocked clock
* Move parameters to registration specific config and give them more sensible default values
* Remove unused config options
* Don't mock the rate limiter un MAU tests
* Rename _register_with_store into register_with_store
* Make CI happy
* Remove unused import
* Update sample config
* Fix ratelimiting test for py2
* Add non-guest test
2019-03-05 14:25:33 +00:00
c3c542bb4a
Merge pull request #4796 from matrix-org/erikj/factor_out_e2e_keys
...
Allow /keys/{changes,query} API to run on worker
2019-03-05 09:06:25 +00:00
bfa7d46a10
Allow /keys/{changes,query} API to run on worker
2019-03-04 18:30:01 +00:00
8e28bc5eee
Include a default configuration file in the 'docs' directory. ( #4791 )
2019-03-04 17:14:58 +00:00
aba5eeabd5
Fix v4v6 option in HAProxy example config ( #4790 )
...
The v4v6 option only has a usage one ipv6 socket: https://serverfault.com/q/747895
Signed-off-by: Flakebi <flakebi@t-online.de>
2019-03-04 13:19:41 +00:00
144cbfd650
add API documentation
...
Signed-off-by: Joseph Weston <joseph@weston.cloud>
2019-03-02 03:07:04 +01:00
76550c58d2
Merge pull request #4759 from matrix-org/erikj/3pid_client_reader
...
Move /account/3pid to client_reader
2019-02-27 16:11:21 +00:00
54f9ce11a7
Move /account/3pid to client_reader
2019-02-27 14:26:08 +00:00
4cff9376f7
Move server key queries to federation reader
2019-02-27 13:43:53 +00:00
7590e9fa28
Merge pull request #4749 from matrix-org/erikj/replication_connection_backoff
...
Fix tightloop over connecting to replication server
2019-02-27 11:00:59 +00:00
4bc7483518
Fix apache reverse proxy example ( #4742 )
...
So that it actually works. See https://httpd.apache.org/docs/2.4/mod/mod_proxy.html#proxypass
Signed-off-by: Paul Tötterman <paul.totterman@iki.fi>
2019-02-26 18:01:45 +00:00
313987187e
Fix tightloop over connecting to replication server
...
If the client failed to process incoming commands during the initial set
up of the replication connection it would immediately disconnect and
reconnect, resulting in a tightloop.
This can happen, for example, when subscribing to a stream that has a
row that is too long in the backlog.
The fix here is to not consider the connection successfully set up until
the client has succesfully subscribed and caught up with the streams.
This ensures that the retry logic timers aren't reset until then,
meaning that if an error does happen during start up the client will
continue backing off before retrying again.
2019-02-26 15:05:41 +00:00
fcd6f01dc7
Minor tweaks to acme docs ( #4689 )
2019-02-22 10:56:42 +00:00
16e0680498
Added HAProxy example ( #4660 )
...
* Added HAProxy example
Proposal of an example with HAProxy. Asked by #4541 .
Signed-off-by: Benoît S. (“Benpro”) <gitlab@benpro.fr>
* Following suggestions of @richvdh
2019-02-21 17:44:10 +00:00
c003450057
Merge pull request #4671 from matrix-org/erikj/state_cache_invalidation
...
Batch cache invalidation over replication
2019-02-19 13:14:30 +00:00
62175a20e5
Docs
2019-02-19 11:38:40 +00:00
bc8fa1509d
Documentation
2019-02-19 11:24:59 +00:00
128902d60a
Update worker docs
2019-02-18 17:21:51 +00:00
8b9ae6d3a6
Update docs
2019-02-18 15:26:13 +00:00
00cf679bf2
Synapse 0.99.1 (2019-02-14)
...
===========================
Features
--------
- Include m.room.encryption on invites by default ([\#3902](https://github.com/matrix-org/synapse/issues/3902 ))
- Federation OpenID listener resource can now be activated even if federation is disabled ([\#4420](https://github.com/matrix-org/synapse/issues/4420 ))
- Synapse's ACME support will now correctly reprovision a certificate that approaches its expiry while Synapse is running. ([\#4522](https://github.com/matrix-org/synapse/issues/4522 ))
- Add ability to update backup versions ([\#4580](https://github.com/matrix-org/synapse/issues/4580 ))
- Allow the "unavailable" presence status for /sync.
This change makes Synapse compliant with r0.4.0 of the Client-Server specification. ([\#4592](https://github.com/matrix-org/synapse/issues/4592 ))
- There is no longer any need to specify `no_tls`: it is inferred from the absence of TLS listeners ([\#4613](https://github.com/matrix-org/synapse/issues/4613 ), [\#4615](https://github.com/matrix-org/synapse/issues/4615 ), [\#4617](https://github.com/matrix-org/synapse/issues/4617 ), [\#4636](https://github.com/matrix-org/synapse/issues/4636 ))
- The default configuration no longer requires TLS certificates. ([\#4614](https://github.com/matrix-org/synapse/issues/4614 ))
Bugfixes
--------
- Copy over room federation ability on room upgrade. ([\#4530](https://github.com/matrix-org/synapse/issues/4530 ))
- Fix noisy "twisted.internet.task.TaskStopped" errors in logs ([\#4546](https://github.com/matrix-org/synapse/issues/4546 ))
- Synapse is now tolerant of the `tls_fingerprints` option being None or not specified. ([\#4589](https://github.com/matrix-org/synapse/issues/4589 ))
- Fix 'no unique or exclusion constraint' error ([\#4591](https://github.com/matrix-org/synapse/issues/4591 ))
- Transfer Server ACLs on room upgrade. ([\#4608](https://github.com/matrix-org/synapse/issues/4608 ))
- Fix failure to start when not TLS certificate was given even if TLS was disabled. ([\#4618](https://github.com/matrix-org/synapse/issues/4618 ))
- Fix self-signed cert notice from generate-config. ([\#4625](https://github.com/matrix-org/synapse/issues/4625 ))
- Fix performance of `user_ips` table deduplication background update ([\#4626](https://github.com/matrix-org/synapse/issues/4626 ), [\#4627](https://github.com/matrix-org/synapse/issues/4627 ))
Internal Changes
----------------
- Change the user directory state query to use a filtered call to the db instead of a generic one. ([\#4462](https://github.com/matrix-org/synapse/issues/4462 ))
- Reject federation transactions if they include more than 50 PDUs or 100 EDUs. ([\#4513](https://github.com/matrix-org/synapse/issues/4513 ))
- Reduce duplication of ``synapse.app`` code. ([\#4567](https://github.com/matrix-org/synapse/issues/4567 ))
- Fix docker upload job to push -py2 images. ([\#4576](https://github.com/matrix-org/synapse/issues/4576 ))
- Add port configuration information to ACME instructions. ([\#4578](https://github.com/matrix-org/synapse/issues/4578 ))
- Update MSC1711 FAQ to calrify .well-known usage ([\#4584](https://github.com/matrix-org/synapse/issues/4584 ))
- Clean up default listener configuration ([\#4586](https://github.com/matrix-org/synapse/issues/4586 ))
- Clarifications for reverse proxy docs ([\#4607](https://github.com/matrix-org/synapse/issues/4607 ))
- Move ClientTLSOptionsFactory init out of `refresh_certificates` ([\#4611](https://github.com/matrix-org/synapse/issues/4611 ))
- Fail cleanly if listener config lacks a 'port' ([\#4616](https://github.com/matrix-org/synapse/issues/4616 ))
- Remove redundant entries from docker config ([\#4619](https://github.com/matrix-org/synapse/issues/4619 ))
- README updates ([\#4621](https://github.com/matrix-org/synapse/issues/4621 ))
-----BEGIN PGP SIGNATURE-----
iQFHBAABCgAxFiEEQlNDQm4FMsm53u1sih+T1XW16NUFAlxlemgTHHJpY2hhcmRA
bWF0cml4Lm9yZwAKCRCKH5PVdbXo1eKYCACR9TcOvMver/YyD2qP+dY6Lt24f8zG
zYYzHGAHin+p204q8Pp6o0XLe4UuLDuhAyNVPZyj1wzwHYdubRvdah1uFwPdxmCY
tGbJG5p37ykSEfEwcxdXEjYfPqflOwQL5aCeXyCCLWSdVVFKkWCXGgw8F6WPkgrI
QwWKTfsM3wCnfa8ryKAXHxcmX2G1JncZ0ouUZTVNz5vokBsA19IaLvfJ5Rv3Kk59
eXsBB/yE+9Dat4A439AGfVDQDKiGYvuhppJmUdYRMqxulzakd8diyZqBDAHZafqt
QdjxnDx2e0OtSxI3RSevABnDnNyJ4NsUEtrny1Lh/MV72T9K3yEbHuwH
=UCD1
-----END PGP SIGNATURE-----
Merge tag 'v0.99.1'
Synapse 0.99.1 (2019-02-14)
===========================
Features
--------
- Include m.room.encryption on invites by default ([\#3902](https://github.com/matrix-org/synapse/issues/3902 ))
- Federation OpenID listener resource can now be activated even if federation is disabled ([\#4420](https://github.com/matrix-org/synapse/issues/4420 ))
- Synapse's ACME support will now correctly reprovision a certificate that approaches its expiry while Synapse is running. ([\#4522](https://github.com/matrix-org/synapse/issues/4522 ))
- Add ability to update backup versions ([\#4580](https://github.com/matrix-org/synapse/issues/4580 ))
- Allow the "unavailable" presence status for /sync.
This change makes Synapse compliant with r0.4.0 of the Client-Server specification. ([\#4592](https://github.com/matrix-org/synapse/issues/4592 ))
- There is no longer any need to specify `no_tls`: it is inferred from the absence of TLS listeners ([\#4613](https://github.com/matrix-org/synapse/issues/4613 ), [\#4615](https://github.com/matrix-org/synapse/issues/4615 ), [\#4617](https://github.com/matrix-org/synapse/issues/4617 ), [\#4636](https://github.com/matrix-org/synapse/issues/4636 ))
- The default configuration no longer requires TLS certificates. ([\#4614](https://github.com/matrix-org/synapse/issues/4614 ))
Bugfixes
--------
- Copy over room federation ability on room upgrade. ([\#4530](https://github.com/matrix-org/synapse/issues/4530 ))
- Fix noisy "twisted.internet.task.TaskStopped" errors in logs ([\#4546](https://github.com/matrix-org/synapse/issues/4546 ))
- Synapse is now tolerant of the `tls_fingerprints` option being None or not specified. ([\#4589](https://github.com/matrix-org/synapse/issues/4589 ))
- Fix 'no unique or exclusion constraint' error ([\#4591](https://github.com/matrix-org/synapse/issues/4591 ))
- Transfer Server ACLs on room upgrade. ([\#4608](https://github.com/matrix-org/synapse/issues/4608 ))
- Fix failure to start when not TLS certificate was given even if TLS was disabled. ([\#4618](https://github.com/matrix-org/synapse/issues/4618 ))
- Fix self-signed cert notice from generate-config. ([\#4625](https://github.com/matrix-org/synapse/issues/4625 ))
- Fix performance of `user_ips` table deduplication background update ([\#4626](https://github.com/matrix-org/synapse/issues/4626 ), [\#4627](https://github.com/matrix-org/synapse/issues/4627 ))
Internal Changes
----------------
- Change the user directory state query to use a filtered call to the db instead of a generic one. ([\#4462](https://github.com/matrix-org/synapse/issues/4462 ))
- Reject federation transactions if they include more than 50 PDUs or 100 EDUs. ([\#4513](https://github.com/matrix-org/synapse/issues/4513 ))
- Reduce duplication of ``synapse.app`` code. ([\#4567](https://github.com/matrix-org/synapse/issues/4567 ))
- Fix docker upload job to push -py2 images. ([\#4576](https://github.com/matrix-org/synapse/issues/4576 ))
- Add port configuration information to ACME instructions. ([\#4578](https://github.com/matrix-org/synapse/issues/4578 ))
- Update MSC1711 FAQ to calrify .well-known usage ([\#4584](https://github.com/matrix-org/synapse/issues/4584 ))
- Clean up default listener configuration ([\#4586](https://github.com/matrix-org/synapse/issues/4586 ))
- Clarifications for reverse proxy docs ([\#4607](https://github.com/matrix-org/synapse/issues/4607 ))
- Move ClientTLSOptionsFactory init out of `refresh_certificates` ([\#4611](https://github.com/matrix-org/synapse/issues/4611 ))
- Fail cleanly if listener config lacks a 'port' ([\#4616](https://github.com/matrix-org/synapse/issues/4616 ))
- Remove redundant entries from docker config ([\#4619](https://github.com/matrix-org/synapse/issues/4619 ))
- README updates ([\#4621](https://github.com/matrix-org/synapse/issues/4621 ))
2019-02-14 14:41:40 +00:00
c475275926
Clarifications for reverse proxy docs ( #4607 )
...
Factor out the reverse proxy info to a separate file, add some more info on
reverse-proxying the federation port.
2019-02-11 11:44:28 +00:00
4588b0d64a
Update MSC1711_certificates_FAQ.md
...
Fix incorrect heading level
2019-02-08 09:37:16 +00:00
acb2ac5863
Update MSC1711 FAQ to be explicit about well-known ( #4584 )
...
A surprising number of people are using the well-known method, and are
simply copying the example configuration. This is problematic as the
example includes an explicit port, which causes inbound federation
requests to have the HTTP Host header include the port, upsetting some
reverse proxies.
Given that, we update the well-known example to be more explicit about
the various ways you can set it up, and the consequence of using an
explict port.
2019-02-07 19:30:32 +00:00
7cadc4c918
cleanups
2019-02-07 19:29:20 +00:00
188ad47e73
Merge branch 'master' into erikj/msc1711_faq
2019-02-07 19:27:42 +00:00
9285d5c2ce
Update MSC1711 FAQ to be explicit about well-known
...
A surprising number of people are using the well-known method, and are
simply copying the example configuration. This is problematic as the
example includes an explicit port, which causes inbound federation
requests to have the HTTP Host header include the port, upsetting some
reverse proxies.
Given that, we update the well-known example to be more explicit about
the various ways you can set it up, and the consequence of using an
explict port.
2019-02-07 19:24:11 +00:00
624b172e08
Merge remote-tracking branch 'origin/release-v0.99.0'
2019-02-07 19:18:26 +00:00
c17b128b83
Update ACME docs to include port instructions ( #4578 )
2019-02-07 19:18:08 +00:00
9b7aa543d9
clarify option 1
2019-02-07 18:46:02 +00:00
b05dd4ac06
faq cleanups
2019-02-05 18:59:57 +00:00
39bf0ea2e8
Add notes on SRV and .well-known ( #4573 )
2019-02-05 18:11:26 +00:00
4a7524ffd3
Merge pull request #4570 from matrix-org/anoa/self_signed_upgrade
...
Add ACME docs and link to it from README and INSTALL
2019-02-05 17:34:43 +00:00
6585ef4799
Neilj/1711faq ( #4572 )
...
MSC1711 certificates FAQ
2019-02-05 17:19:28 +00:00
a6345009f9
Add TL;DR and final step details to ACME
2019-02-05 17:04:34 +00:00
56cb34ba8b
Merge branch 'anoa/self_signed_upgrade' of github.com:matrix-org/synapse into anoa/self_signed_upgrade
2019-02-05 16:53:05 +00:00
2ca63df83b
Update ACME
2019-02-05 16:50:00 +00:00
13828f7d58
Update docs/ACME.md
...
Co-Authored-By: anoadragon453 <1342360+anoadragon453@users.noreply.github.com>
2019-02-05 16:46:28 +00:00
ffcbd80982
Actually add ACME docs
2019-02-05 15:50:18 +00:00
cbdc01cc3b
Convert ACME docs to md
2019-02-05 15:38:27 +00:00
08b26afeee
Move ACME docs to docs/ACME.rst and link from UPGRADE.
2019-02-05 15:33:23 +00:00
98df67a8de
Remove mention of lt-cred-mech in the sample coturn config. ( #4333 )
...
* Remove mention of lt-cred-mech in the sample coturn config.
See https://github.com/coturn/coturn/pull/262 for more context.
Also clean up some minor formatting issues while I'm here.
* Add changelog.
Signed-off-by: Krithin Sitaram <krithin@gmail.com>
2018-12-28 23:31:49 +00:00
d2f7c4e6b1
create support user ( #4141 )
...
Allow for the creation of a support user.
A support user can access the server, join rooms, interact with other users, but does not appear in the user directory nor does it contribute to monthly active user limits.
2018-12-14 18:20:59 +00:00
de8772a655
Do a GC after each test to fix logcontext leaks ( #4227 )
...
* Some words about garbage collections and logcontexts
* Do a GC after each test to fix logcontext leaks
This feels like an awful hack, but...
* changelog
2018-11-27 13:00:33 +11:00
f6cbef6332
Add a note saying you need to manually reclaim disk space
...
People keep asking why their database hasn't gotten smaller after using this API.
Signed-off-by: Aaron Raimist <aaron@raim.ist>
2018-11-18 12:38:04 -06:00
0f5e51f726
Add config variables for enabling terms auth and the policy name ( #4142 )
...
So people can still collect consent the old way if they want to.
2018-11-06 10:32:34 +00:00
22a2004428
Update documentation and templates for new consent
2018-10-12 17:53:14 -06:00
1ca2744621
Merge pull request #3734 from matrix-org/travis/worker-docs
...
Reference that the federation_reader needs the HTTP replication port set
2018-08-23 07:51:46 -06:00
764030cf63
Merge pull request #3659 from matrix-org/erikj/split_profiles
...
Allow profile updates to happen on workers
2018-08-22 11:35:55 +01:00
dd0ac1614c
Reference that the federation_reader needs the HTTP replication port set
2018-08-21 23:35:50 -06:00
c334ca67bb
Integrate presence from hotfixes ( #3694 )
2018-08-18 01:08:45 +10:00
782689bd40
Merge branch 'develop' of github.com:matrix-org/synapse into erikj/split_profiles
2018-08-17 14:15:48 +01:00
a8ffc27db7
Update the admin register documentation to return a real user ID
...
Presumably this is the intention anyways. I've also updated the domain part to be something more along the lines of what people might expect.
2018-08-17 02:46:25 -06:00
5c6226707d
Update docs/workers.rst
2018-08-09 10:37:42 +01:00
f81f421086
Update workers.rst with new paths
2018-08-07 10:51:35 +01:00
0b0b24cb82
Merge branch 'develop' of github.com:matrix-org/synapse into erikj/client_apis_move
2018-07-23 13:21:15 +01:00
4fc52b1037
Update docs/workers.rst
2018-07-23 13:20:43 +01:00
e1a237eaab
Admin API for creating new users ( #3415 )
2018-07-20 22:41:13 +10:00
9570aa82eb
update doc for deactivate API
2018-06-26 10:42:50 +01:00
304bb22c1d
Fix metric documentation tables ( #3341 )
2018-06-06 15:52:37 +10:00
617afee069
Merge pull request #3340 from ArchangeGabriel/patch-1
...
doc/postgres.rst: fix display of the last command block
2018-06-05 17:45:17 +01:00
b50f18171d
doc/postgres.rest: fix displaying of the last command block
...
Also indent all of them with 4 spaces.
2018-06-04 22:41:52 +00:00
c2c3092cce
code_style.rst: formatting
2018-05-31 16:11:34 +01:00
febe0ec8fd
Run Prometheus on a different port, optionally. ( #3274 )
2018-05-31 19:04:50 +10:00
757ed27258
Let users leave the server notice room after joining
...
They still can't reject invites, but we let them leave it.
2018-05-25 11:07:21 +01:00
9bf4b2bda3
Allow overriding the server_notices user's avatar
...
probably should have done this in the first place, like @turt2live suggested.
2018-05-23 17:43:30 +01:00
e206b2c9ac
consent_tracking.md: clarify link
2018-05-23 15:57:10 +01:00
2df8c3139a
minor post-review tweaks
2018-05-23 15:39:52 +01:00
cd8ab9a0d8
mention public_baseurl
2018-05-23 14:43:09 +01:00
1cbb8e5a33
fix wrapping
2018-05-23 13:58:28 +01:00
052d08a6a5
Using the manhole to send server notices
2018-05-23 13:55:39 +01:00
5ad1149f38
Notes on the manhole
2018-05-23 13:47:34 +01:00
563606b8f2
consent_tracking: formatting etc
2018-05-23 12:37:39 +01:00
David Vo