Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Commit

Permalink
Merge tag 'v1.13.0'
Browse files Browse the repository at this point in the history
Synapse 1.13.0 (2020-05-19)
===========================

This release brings some potential changes necessary for certain
configurations of Synapse:

* If your Synapse is configured to use SSO and have a custom
  `sso_redirect_confirm_template_dir` configuration option set, you will need
  to duplicate the new `sso_auth_confirm.html`, `sso_auth_success.html` and
  `sso_account_deactivated.html` templates into that directory.
* Synapse plugins using the `complete_sso_login` method of
  `synapse.module_api.ModuleApi` should instead switch to the async/await
  version, `complete_sso_login_async`, which includes additional checks. The
  former version is now deprecated.
* A bug was introduced in Synapse 1.4.0 which could cause the room directory
  to be incomplete or empty if Synapse was upgraded directly from v1.2.1 or
  earlier, to versions between v1.4.0 and v1.12.x.

Please review [UPGRADE.rst](https://github.com/matrix-org/synapse/blob/master/UPGRADE.rst)
for more details on these changes and for general upgrade guidance.

Notice of change to the default `git` branch for Synapse
--------------------------------------------------------

With the release of Synapse 1.13.0, the default `git` branch for Synapse has
changed to `develop`, which is the development tip. This is more consistent with
common practice and modern `git` usage.

The `master` branch, which tracks the latest release, is still available. It is
recommended that developers and distributors who have scripts which run builds
using the default branch of Synapse should therefore consider pinning their
scripts to `master`.

Features
--------

- Extend the `web_client_location` option to accept an absolute URL to use as a redirect. Adds a warning when running the web client on the same hostname as homeserver. Contributed by Martin Milata. ([\#7006](#7006))
- Set `Referrer-Policy` header to `no-referrer` on media downloads. ([\#7009](#7009))
- Add support for running replication over Redis when using workers. ([\#7040](#7040), [\#7325](#7325), [\#7352](#7352), [\#7401](#7401), [\#7427](#7427), [\#7439](#7439), [\#7446](#7446), [\#7450](#7450), [\#7454](#7454))
- Admin API `POST /_synapse/admin/v1/join/<roomIdOrAlias>` to join users to a room like `auto_join_rooms` for creation of users. ([\#7051](#7051))
- Add options to prevent users from changing their profile or associated 3PIDs. ([\#7096](#7096))
- Support SSO in the user interactive authentication workflow. ([\#7102](#7102), [\#7186](#7186), [\#7279](#7279), [\#7343](#7343))
- Allow server admins to define and enforce a password policy ([MSC2000](matrix-org/matrix-spec-proposals#2000)). ([\#7118](#7118))
- Improve the support for SSO authentication on the login fallback page. ([\#7152](#7152), [\#7235](#7235))
- Always whitelist the login fallback in the SSO configuration if `public_baseurl` is set. ([\#7153](#7153))
- Admin users are no longer required to be in a room to create an alias for it. ([\#7191](#7191))
- Require admin privileges to enable room encryption by default. This does not affect existing rooms. ([\#7230](#7230))
- Add a config option for specifying the value of the Accept-Language HTTP header when generating URL previews. ([\#7265](#7265))
- Allow `/requestToken` endpoints to hide the existence (or lack thereof) of 3PID associations on the homeserver. ([\#7315](#7315))
- Add a configuration setting to tweak the threshold for dummy events. ([\#7422](#7422))

Bugfixes
--------

- Don't attempt to use an invalid sqlite config if no database configuration is provided. Contributed by @nekatak. ([\#6573](#6573))
- Fix single-sign on with CAS systems: pass the same service URL when requesting the CAS ticket and when calling the `proxyValidate` URL. Contributed by @Naugrimm. ([\#6634](#6634))
- Fix missing field `default` when fetching user-defined push rules. ([\#6639](#6639))
- Improve error responses when accessing remote public room lists. ([\#6899](#6899), [\#7368](#7368))
- Transfer alias mappings on room upgrade. ([\#6946](#6946))
- Ensure that a user interactive authentication session is tied to a single request. ([\#7068](#7068), [\#7455](#7455))
- Fix a bug in the federation API which could cause occasional "Failed to get PDU" errors. ([\#7089](#7089))
- Return the proper error (`M_BAD_ALIAS`) when a non-existant canonical alias is provided. ([\#7109](#7109))
- Fix a bug which meant that groups updates were not correctly replicated between workers. ([\#7117](#7117))
- Fix starting workers when federation sending not split out. ([\#7133](#7133))
- Ensure `is_verified` is a boolean in responses to `GET /_matrix/client/r0/room_keys/keys`. Also warn the user if they forgot the `version` query param. ([\#7150](#7150))
- Fix error page being shown when a custom SAML handler attempted to redirect when processing an auth response. ([\#7151](#7151))
- Avoid importing `sqlite3` when using the postgres backend. Contributed by David Vo. ([\#7155](#7155))
- Fix excessive CPU usage by `prune_old_outbound_device_pokes` job. ([\#7159](#7159))
- Fix a bug which could cause outbound federation traffic to stop working if a client uploaded an incorrect e2e device signature. ([\#7177](#7177))
- Fix a bug which could cause incorrect 'cyclic dependency' error. ([\#7178](#7178))
- Fix a bug that could cause a user to be invited to a server notices (aka System Alerts) room without any notice being sent. ([\#7199](#7199))
- Fix some worker-mode replication handling not being correctly recorded in CPU usage stats. ([\#7203](#7203))
- Do not allow a deactivated user to login via SSO. ([\#7240](#7240), [\#7259](#7259))
- Fix --help command-line argument. ([\#7249](#7249))
- Fix room publish permissions not being checked on room creation. ([\#7260](#7260))
- Reject unknown session IDs during user interactive authentication instead of silently creating a new session. ([\#7268](#7268))
- Fix a SQL query introduced in Synapse 1.12.0 which could cause large amounts of logging to the postgres slow-query log. ([\#7274](#7274))
- Persist user interactive authentication sessions across workers and Synapse restarts. ([\#7302](#7302))
- Fixed backwards compatibility logic of the first value of `trusted_third_party_id_servers` being used for `account_threepid_delegates.email`, which occurs when the former, deprecated option is set and the latter is not. ([\#7316](#7316))
- Fix a bug where event updates might not be sent over replication to worker processes after the stream falls behind. ([\#7337](#7337), [\#7358](#7358))
- Fix bad error handling that would cause Synapse to crash if it's provided with a YAML configuration file that's either empty or doesn't parse into a key-value map. ([\#7341](#7341))
- Fix incorrect metrics reporting for `renew_attestations` background task. ([\#7344](#7344))
- Prevent non-federating rooms from appearing in responses to federated `POST /publicRoom` requests when a filter was included. ([\#7367](#7367))
- Fix a bug which would cause the room durectory to be incorrectly populated if Synapse was upgraded directly from v1.2.1 or earlier to v1.4.0 or later. Note that this fix does not apply retrospectively; see the [upgrade notes](UPGRADE.rst#upgrading-to-v1130) for more information. ([\#7387](#7387))
- Fix bug in `EventContext.deserialize`. ([\#7393](#7393))
- Fix a long-standing bug which could cause messages not to be sent over federation, when state events with state keys matching user IDs (such as custom user statuses) were received. ([\#7376](#7376))
- Restore compatibility with non-compliant clients during the user interactive authentication process, fixing a problem introduced in v1.13.0rc1. ([\#7483](#7483))
- Hash passwords as early as possible during registration. ([\#7523](#7523))

Improved Documentation
----------------------

- Update Debian installation instructions to recommend installing the `virtualenv` package instead of `python3-virtualenv`. ([\#6892](#6892))
- Improve the documentation for database configuration. ([\#6988](#6988))
- Improve the documentation of application service configuration files. ([\#7091](#7091))
- Update pre-built package name for FreeBSD. ([\#7107](#7107))
- Update postgres docs with login troubleshooting information. ([\#7119](#7119))
- Clean up INSTALL.md a bit. ([\#7141](#7141))
- Add documentation for running a local CAS server for testing. ([\#7147](#7147))
- Improve README.md by being explicit about public IP recommendation for TURN relaying. ([\#7167](#7167))
- Fix a small typo in the `metrics_flags` config option. ([\#7171](#7171))
- Update the contributed documentation on managing synapse workers with systemd, and bring it into the core distribution. ([\#7234](#7234))
- Add documentation to the `password_providers` config option. Add known password provider implementations to docs. ([\#7238](#7238), [\#7248](#7248))
- Modify suggested nginx reverse proxy configuration to match Synapse's default file upload size. Contributed by @ProCycleDev. ([\#7251](#7251))
- Documentation of media_storage_providers options updated to avoid misunderstandings. Contributed by Tristan Lins. ([\#7272](#7272))
- Add documentation on monitoring workers with Prometheus. ([\#7357](#7357))
- Clarify endpoint usage in the users admin api documentation. ([\#7361](#7361))

Deprecations and Removals
-------------------------

- Remove nonfunctional `captcha_bypass_secret` option from `homeserver.yaml`. ([\#7137](#7137))

Internal Changes
----------------

- Add benchmarks for LruCache. ([\#6446](#6446))
- Return total number of users and profile attributes in admin users endpoint. Contributed by Awesome Technologies Innovationslabor GmbH. ([\#6881](#6881))
- Change device list streams to have one row per ID. ([\#7010](#7010))
- Remove concept of a non-limited stream. ([\#7011](#7011))
- Move catchup of replication streams logic to worker. ([\#7024](#7024), [\#7195](#7195), [\#7226](#7226), [\#7239](#7239), [\#7286](#7286), [\#7290](#7290), [\#7318](#7318), [\#7326](#7326), [\#7378](#7378), [\#7421](#7421))
- Convert some of synapse.rest.media to async/await. ([\#7110](#7110), [\#7184](#7184), [\#7241](#7241))
- De-duplicate / remove unused REST code for login and auth. ([\#7115](#7115))
- Convert `*StreamRow` classes to inner classes. ([\#7116](#7116))
- Clean up some LoggingContext code. ([\#7120](#7120), [\#7181](#7181), [\#7183](#7183), [\#7408](#7408), [\#7426](#7426))
- Add explicit `instance_id` for USER_SYNC commands and remove implicit `conn_id` usage. ([\#7128](#7128))
- Refactored the CAS authentication logic to a separate class. ([\#7136](#7136))
- Run replication streamers on workers. ([\#7146](#7146))
- Add tests for outbound device pokes. ([\#7157](#7157))
- Fix device list update stream ids going backward. ([\#7158](#7158))
- Use `stream.current_token()` and remove `stream_positions()`. ([\#7172](#7172))
- Move client command handling out of TCP protocol. ([\#7185](#7185))
- Move server command handling out of TCP protocol. ([\#7187](#7187))
- Fix consistency of HTTP status codes reported in log lines. ([\#7188](#7188))
- Only run one background database update at a time. ([\#7190](#7190))
- Remove sent outbound device list pokes from the database. ([\#7192](#7192))
- Add a background database update job to clear out duplicate `device_lists_outbound_pokes`. ([\#7193](#7193))
- Remove some extraneous debugging log lines. ([\#7207](#7207))
- Add explicit Python build tooling as dependencies for the snapcraft build. ([\#7213](#7213))
- Add typing information to federation server code. ([\#7219](#7219))
- Extend room admin api (`GET /_synapse/admin/v1/rooms`) with additional attributes. ([\#7225](#7225))
- Unblacklist '/upgrade creates a new room' sytest for workers. ([\#7228](#7228))
- Remove redundant checks on `daemonize` from synctl. ([\#7233](#7233))
- Upgrade jQuery to v3.4.1 on fallback login/registration pages. ([\#7236](#7236))
- Change log line that told user to implement onLogin/onRegister fallback js functions to a warning, instead of an info, so it's more visible. ([\#7237](#7237))
- Correct the parameters of a test fixture. Contributed by Isaiah Singletary. ([\#7243](#7243))
- Convert auth handler to async/await. ([\#7261](#7261))
- Add some unit tests for replication. ([\#7278](#7278))
- Improve typing annotations in `synapse.replication.tcp.streams.Stream`. ([\#7291](#7291))
- Reduce log verbosity of url cache cleanup tasks. ([\#7295](#7295))
- Fix sample SAML Service Provider configuration. Contributed by @frcl. ([\#7300](#7300))
- Fix StreamChangeCache to work with multiple entities changing on the same stream id. ([\#7303](#7303))
- Fix an incorrect import in IdentityHandler. ([\#7319](#7319))
- Reduce logging verbosity for successful federation requests. ([\#7321](#7321))
- Convert some federation handler code to async/await. ([\#7338](#7338))
- Fix collation for postgres for unit tests. ([\#7359](#7359))
- Convert RegistrationWorkerStore.is_server_admin and dependent code to async/await. ([\#7363](#7363))
- Add an `instance_name` to `RDATA` and `POSITION` replication commands. ([\#7364](#7364))
- Thread through instance name to replication client. ([\#7369](#7369))
- Convert synapse.server_notices to async/await. ([\#7394](#7394))
- Convert synapse.notifier to async/await. ([\#7395](#7395))
- Fix issues with the Python package manifest. ([\#7404](#7404))
- Prevent methods in `synapse.handlers.auth` from polling the homeserver config every request. ([\#7420](#7420))
- Speed up fetching device lists changes when handling `/sync` requests. ([\#7423](#7423))
- Run group attestation renewal in series rather than parallel for performance. ([\#7442](#7442))
- Fix linting errors in new version of Flake8. ([\#7470](#7470))
- Update the version of dh-virtualenv we use to build debs, and add focal to the list of target distributions. ([\#7526](#7526))
  • Loading branch information
clokep committed May 19, 2020
2 parents a564ec4 + 45c8b1c commit 13a8276
Show file tree
Hide file tree
Showing 257 changed files with 12,281 additions and 5,032 deletions.
2 changes: 0 additions & 2 deletions .buildkite/worker-blacklist
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,6 @@ Message history can be paginated

Can re-join room if re-invited

/upgrade creates a new room

The only membership state included in an initial sync is for all the senders in the timeline

Local device key changes get to remote servers
Expand Down
210 changes: 204 additions & 6 deletions CHANGES.md

Large diffs are not rendered by default.

102 changes: 41 additions & 61 deletions INSTALL.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,14 +2,14 @@
- [Installing Synapse](#installing-synapse)
- [Installing from source](#installing-from-source)
- [Platform-Specific Instructions](#platform-specific-instructions)
- [Troubleshooting Installation](#troubleshooting-installation)
- [Prebuilt packages](#prebuilt-packages)
- [Setting up Synapse](#setting-up-synapse)
- [TLS certificates](#tls-certificates)
- [Email](#email)
- [Registering a user](#registering-a-user)
- [Setting up a TURN server](#setting-up-a-turn-server)
- [URL previews](#url-previews)
- [Troubleshooting Installation](#troubleshooting-installation)

# Choosing your server name

Expand Down Expand Up @@ -70,7 +70,7 @@ pip install -U matrix-synapse
```

Before you can start Synapse, you will need to generate a configuration
file. To do this, run (in your virtualenv, as before)::
file. To do this, run (in your virtualenv, as before):

```
cd ~/synapse
Expand All @@ -84,22 +84,24 @@ python -m synapse.app.homeserver \
... substituting an appropriate value for `--server-name`.

This command will generate you a config file that you can then customise, but it will
also generate a set of keys for you. These keys will allow your Home Server to
identify itself to other Home Servers, so don't lose or delete them. It would be
also generate a set of keys for you. These keys will allow your homeserver to
identify itself to other homeserver, so don't lose or delete them. It would be
wise to back them up somewhere safe. (If, for whatever reason, you do need to
change your Home Server's keys, you may find that other Home Servers have the
change your homeserver's keys, you may find that other homeserver have the
old key cached. If you update the signing key, you should change the name of the
key in the `<server name>.signing.key` file (the second word) to something
different. See the
[spec](https://matrix.org/docs/spec/server_server/latest.html#retrieving-server-keys)
for more information on key management.)
for more information on key management).

To actually run your new homeserver, pick a working directory for Synapse to
run (e.g. `~/synapse`), and::
run (e.g. `~/synapse`), and:

cd ~/synapse
source env/bin/activate
synctl start
```
cd ~/synapse
source env/bin/activate
synctl start
```

### Platform-Specific Instructions

Expand All @@ -110,7 +112,7 @@ Installing prerequisites on Ubuntu or Debian:
```
sudo apt-get install build-essential python3-dev libffi-dev \
python3-pip python3-setuptools sqlite3 \
libssl-dev python3-virtualenv libjpeg-dev libxslt1-dev
libssl-dev virtualenv libjpeg-dev libxslt1-dev
```

#### ArchLinux
Expand Down Expand Up @@ -188,15 +190,15 @@ doas pkg_add python libffi py-pip py-setuptools sqlite3 py-virtualenv \
There is currently no port for OpenBSD. Additionally, OpenBSD's security
settings require a slightly more difficult installation process.

XXX: I suspect this is out of date.
(XXX: I suspect this is out of date)

1. Create a new directory in `/usr/local` called `_synapse`. Also, create a
new user called `_synapse` and set that directory as the new user's home.
This is required because, by default, OpenBSD only allows binaries which need
write and execute permissions on the same memory space to be run from
`/usr/local`.
2. `su` to the new `_synapse` user and change to their home directory.
3. Create a new virtualenv: `virtualenv -p python2.7 ~/.synapse`
3. Create a new virtualenv: `virtualenv -p python3 ~/.synapse`
4. Source the virtualenv configuration located at
`/usr/local/_synapse/.synapse/bin/activate`. This is done in `ksh` by
using the `.` command, rather than `bash`'s `source`.
Expand All @@ -217,45 +219,6 @@ be found at https://docs.microsoft.com/en-us/windows/wsl/install-win10 for
Windows 10 and https://docs.microsoft.com/en-us/windows/wsl/install-on-server
for Windows Server.

### Troubleshooting Installation

XXX a bunch of this is no longer relevant.

Synapse requires pip 8 or later, so if your OS provides too old a version you
may need to manually upgrade it::

sudo pip install --upgrade pip

Installing may fail with `Could not find any downloads that satisfy the requirement pymacaroons-pynacl (from matrix-synapse==0.12.0)`.
You can fix this by manually upgrading pip and virtualenv::

sudo pip install --upgrade virtualenv

You can next rerun `virtualenv -p python3 synapse` to update the virtual env.

Installing may fail during installing virtualenv with `InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.`
You can fix this by manually installing ndg-httpsclient::

pip install --upgrade ndg-httpsclient

Installing may fail with `mock requires setuptools>=17.1. Aborting installation`.
You can fix this by upgrading setuptools::

pip install --upgrade setuptools

If pip crashes mid-installation for reason (e.g. lost terminal), pip may
refuse to run until you remove the temporary installation directory it
created. To reset the installation::

rm -rf /tmp/pip_install_matrix

pip seems to leak *lots* of memory during installation. For instance, a Linux
host with 512MB of RAM may run out of memory whilst installing Twisted. If this
happens, you will have to individually install the dependencies which are
failing, e.g.::

pip install twisted

## Prebuilt packages

As an alternative to installing from source, prebuilt packages are available
Expand Down Expand Up @@ -314,7 +277,7 @@ For `buster` and `sid`, Synapse is available in the Debian repositories and
it should be possible to install it with simply:

```
sudo apt install matrix-synapse
sudo apt install matrix-synapse
```

There is also a version of `matrix-synapse` in `stretch-backports`. Please see
Expand Down Expand Up @@ -375,15 +338,17 @@ sudo pip install py-bcrypt

Synapse can be found in the void repositories as 'synapse':

xbps-install -Su
xbps-install -S synapse
```
xbps-install -Su
xbps-install -S synapse
```

### FreeBSD

Synapse can be installed via FreeBSD Ports or Packages contributed by Brendan Molloy from:

- Ports: `cd /usr/ports/net-im/py-matrix-synapse && make install clean`
- Packages: `pkg install py27-matrix-synapse`
- Packages: `pkg install py37-matrix-synapse`


### NixOS
Expand Down Expand Up @@ -420,6 +385,7 @@ so, you will need to edit `homeserver.yaml`, as follows:
resources:
- names: [client, federation]
```

* You will also need to uncomment the `tls_certificate_path` and
`tls_private_key_path` lines under the `TLS` section. You can either
point these settings at an existing certificate and key, or you can
Expand All @@ -435,7 +401,7 @@ so, you will need to edit `homeserver.yaml`, as follows:
`cert.pem`).

For a more detailed guide to configuring your server for federation, see
[federate.md](docs/federate.md)
[federate.md](docs/federate.md).


## Email
Expand Down Expand Up @@ -482,7 +448,7 @@ on your server even if `enable_registration` is `false`.
## Setting up a TURN server

For reliable VoIP calls to be routed via this homeserver, you MUST configure
a TURN server. See [docs/turn-howto.md](docs/turn-howto.md) for details.
a TURN server. See [docs/turn-howto.md](docs/turn-howto.md) for details.

## URL previews

Expand All @@ -491,10 +457,24 @@ turn it on you must enable the `url_preview_enabled: True` config parameter
and explicitly specify the IP ranges that Synapse is not allowed to spider for
previewing in the `url_preview_ip_range_blacklist` configuration parameter.
This is critical from a security perspective to stop arbitrary Matrix users
spidering 'internal' URLs on your network. At the very least we recommend that
spidering 'internal' URLs on your network. At the very least we recommend that
your loopback and RFC1918 IP addresses are blacklisted.

This also requires the optional lxml and netaddr python dependencies to be
installed. This in turn requires the libxml2 library to be available - on
This also requires the optional `lxml` and `netaddr` python dependencies to be
installed. This in turn requires the `libxml2` library to be available - on
Debian/Ubuntu this means `apt-get install libxml2-dev`, or equivalent for
your OS.

# Troubleshooting Installation

`pip` seems to leak *lots* of memory during installation. For instance, a Linux
host with 512MB of RAM may run out of memory whilst installing Twisted. If this
happens, you will have to individually install the dependencies which are
failing, e.g.:

```
pip install twisted
```

If you have any other problems, feel free to ask in
[#synapse:matrix.org](https://matrix.to/#/#synapse:matrix.org).
11 changes: 6 additions & 5 deletions MANIFEST.in
Original file line number Diff line number Diff line change
Expand Up @@ -30,23 +30,24 @@ recursive-include synapse/static *.gif
recursive-include synapse/static *.html
recursive-include synapse/static *.js

exclude Dockerfile
exclude .codecov.yml
exclude .coveragerc
exclude .dockerignore
exclude test_postgresql.sh
exclude .editorconfig
exclude Dockerfile
exclude mypy.ini
exclude sytest-blacklist
exclude test_postgresql.sh

include pyproject.toml
recursive-include changelog.d *

prune .buildkite
prune .circleci
prune .codecov.yml
prune .coveragerc
prune .github
prune contrib
prune debian
prune demo/etc
prune docker
prune mypy.ini
prune snap
prune stubs
68 changes: 68 additions & 0 deletions UPGRADE.rst
Original file line number Diff line number Diff line change
Expand Up @@ -75,6 +75,74 @@ for example:
wget https://packages.matrix.org/debian/pool/main/m/matrix-synapse-py3/matrix-synapse-py3_1.3.0+stretch1_amd64.deb
dpkg -i matrix-synapse-py3_1.3.0+stretch1_amd64.deb
Upgrading to v1.13.0
====================


Incorrect database migration in old synapse versions
----------------------------------------------------

A bug was introduced in Synapse 1.4.0 which could cause the room directory to
be incomplete or empty if Synapse was upgraded directly from v1.2.1 or
earlier, to versions between v1.4.0 and v1.12.x.

This will *not* be a problem for Synapse installations which were:
* created at v1.4.0 or later,
* upgraded via v1.3.x, or
* upgraded straight from v1.2.1 or earlier to v1.13.0 or later.

If completeness of the room directory is a concern, installations which are
affected can be repaired as follows:

1. Run the following sql from a `psql` or `sqlite3` console:

.. code:: sql
INSERT INTO background_updates (update_name, progress_json, depends_on) VALUES
('populate_stats_process_rooms', '{}', 'current_state_events_membership');
INSERT INTO background_updates (update_name, progress_json, depends_on) VALUES
('populate_stats_process_users', '{}', 'populate_stats_process_rooms');
2. Restart synapse.

New Single Sign-on HTML Templates
---------------------------------

New templates (``sso_auth_confirm.html``, ``sso_auth_success.html``, and
``sso_account_deactivated.html``) were added to Synapse. If your Synapse is
configured to use SSO and a custom ``sso_redirect_confirm_template_dir``
configuration then these templates will need to be copied from
`synapse/res/templates <synapse/res/templates>`_ into that directory.

Synapse SSO Plugins Method Deprecation
--------------------------------------

Plugins using the ``complete_sso_login`` method of
``synapse.module_api.ModuleApi`` should update to using the async/await
version ``complete_sso_login_async`` which includes additional checks. The
non-async version is considered deprecated.

Rolling back to v1.12.4 after a failed upgrade
----------------------------------------------

v1.13.0 includes a lot of large changes. If something problematic occurs, you
may want to roll-back to a previous version of Synapse. Because v1.13.0 also
includes a new database schema version, reverting that version is also required
alongside the generic rollback instructions mentioned above. In short, to roll
back to v1.12.4 you need to:

1. Stop the server
2. Decrease the schema version in the database:

.. code:: sql
UPDATE schema_version SET version = 57;
3. Downgrade Synapse by following the instructions for your installation method
in the "Rolling back to older versions" section above.


Upgrading to v1.12.0
====================

Expand Down
Loading

0 comments on commit 13a8276

Please sign in to comment.