Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Strip unauthorized fields from unsigned object in events received over federation #11530

Merged
merged 21 commits into from
Jan 6, 2022

Conversation

H-Shay
Copy link
Contributor

@H-Shay H-Shay commented Dec 7, 2021

Fixes #11080. Currently Synapse does not check if the fields in unsignedData correspond to what is outlined in the spec, this PR adds functionality to do so and strips any fields which are unauthorized.

@H-Shay H-Shay requested a review from a team as a code owner December 7, 2021 17:23
@H-Shay H-Shay marked this pull request as draft December 7, 2021 17:23
@H-Shay H-Shay removed the request for review from a team December 7, 2021 17:23
tests/test_federation.py Outdated Show resolved Hide resolved
@H-Shay H-Shay requested a review from a team December 9, 2021 17:09
@H-Shay H-Shay marked this pull request as ready for review December 9, 2021 17:09
@DMRobertson DMRobertson self-assigned this Dec 9, 2021
@H-Shay H-Shay changed the title Strip unauthorized fields from unsigned object in events recieved over federation Strip unauthorized fields from unsigned object in events received over federation Dec 9, 2021
Copy link
Contributor

@DMRobertson DMRobertson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A few thoughts. Happy to talk through them as and when.

synapse/handlers/federation_event.py Outdated Show resolved Hide resolved
synapse/handlers/federation_event.py Outdated Show resolved Hide resolved
tests/test_federation.py Outdated Show resolved Hide resolved
tests/test_federation.py Outdated Show resolved Hide resolved
synapse/handlers/federation_event.py Outdated Show resolved Hide resolved
synapse/handlers/federation_event.py Outdated Show resolved Hide resolved
tests/test_federation.py Outdated Show resolved Hide resolved
tests/test_federation.py Outdated Show resolved Hide resolved
tests/test_federation.py Outdated Show resolved Hide resolved
@DMRobertson
Copy link
Contributor

@H-Shay is this ready for another look?

@H-Shay H-Shay requested a review from DMRobertson December 16, 2021 23:42
Copy link
Contributor

@DMRobertson DMRobertson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks reasonable to me, but I'd appreciate a second review from someone who's familiar with the event format. Maybe @richvdh?

@DMRobertson DMRobertson requested a review from a team December 17, 2021 17:02
Copy link
Member

@richvdh richvdh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this is ok as far as it goes, but it misses events that we pull from the remote server, which are currently subject to the same bugs.

Could we just do the filtering at the point where we first turn the dict we receive in the JSON into an EventBase (ie, event_from_pdu_json)? I think that would be easier, as well as making sure we catch all the places it's a problem.

changelog.d/11530.misc Outdated Show resolved Hide resolved
@H-Shay
Copy link
Contributor Author

H-Shay commented Dec 21, 2021

I think this is ok as far as it goes, but it misses events that we pull from the remote server, which are currently subject to the same bugs.

Could we just do the filtering at the point where we first turn the dict we receive in the JSON into an EventBase (ie, event_from_pdu_json)? I think that would be easier, as well as making sure we catch all the places it's a problem.

Sure thing, that's a much better idea. Thanks for the suggestion!

@richvdh richvdh self-assigned this Jan 5, 2022
@richvdh richvdh self-requested a review January 5, 2022 17:06
Copy link
Member

@richvdh richvdh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thank you! a couple of minor comments...

@@ -238,6 +238,10 @@ def event_from_pdu_json(
# origin, etc etc)
assert_params_in_dict(pdu_json, ("type", "depth"))

# Strip any unauthorized values from "unsigned" if they exist
if "unsigned" in pdu_json and pdu_json["unsigned"] != {}:
pdu_json = _strip_unsigned_values(pdu_json)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it's worth noting that, because _strip_unsigned_values modifies the actual dict that pdu_json refers to, this is the same as:

Suggested change
pdu_json = _strip_unsigned_values(pdu_json)
_strip_unsigned_values(pdu_json)

Indeed, I think it's confusing to have _strip_unsigned_values return the dict at all, since it gives the incorrect impression that it returns a different dict, rather than modifying the original.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That makes sense, thank you for pointing that out!

synapse/federation/federation_base.py Outdated Show resolved Hide resolved
Comment on lines 282 to 286
filtered_unsigned = {}

for k, v in unsigned.items():
if k in whitelist:
filtered_unsigned[k] = v
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Personally, I'd find this easier to read as:

Suggested change
filtered_unsigned = {}
for k, v in unsigned.items():
if k in whitelist:
filtered_unsigned[k] = v
filtered_unsigned = {k: v for k, v in unsigned.items() if k in whitelist}

That might just be me though, this way is fine too.

@@ -276,3 +278,91 @@ def test_cross_signing_keys_retry(self):
"ed25519:" + remote_self_signing_key in self_signing_key["keys"].keys(),
)
self.assertTrue(remote_self_signing_key in self_signing_key["keys"].values())


class StripUnsignedFromEventsTestCase(MessageAcceptTests):
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

MessageAcceptTests includes a load of its own tests, so by deriving your test class from it in this way, we end up with another copy of those tests, and so do them twice (see https://github.com/matrix-org/synapse/runs/4612144055?check_suite_focus=true#step:8:2560).

I think your tests will be fine without prev_state and prev_events, so I think you can remove them and the calls to get_latest_event_ids_in_room. Then you can just inherit from UnitTest, rather than having to do all the complicated setup in MessageAcceptTests.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for pointing this out, it's helpful to know.

@H-Shay H-Shay requested a review from richvdh January 5, 2022 22:21
Copy link
Member

@richvdh richvdh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm otherwise!

filtered_unsigned = {k: v for k, v in unsigned.items() if k in whitelist}
pdu_dict["unsigned"] = filtered_unsigned

return pdu_dict
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

let's remove this: It's no longer used, and I think that returning a value makes it look like we might be returning something different from the input.

Suggested change
return pdu_dict

likewise, s/return pdu_dict/return/ above, and you'll need to change the annotation to -> None.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Right makes sense, also thank you for the quick and enlightening review!

@H-Shay H-Shay merged commit 70ce9ae into develop Jan 6, 2022
@H-Shay H-Shay deleted the shay/strip_unsigned_values branch January 6, 2022 17:09
reivilibre added a commit that referenced this pull request Jan 21, 2022
Synapse 1.51.0rc1 (2022-01-21)
==============================

Features
--------

- Add `track_puppeted_user_ips` config flag to record client IP addresses against puppeted users, and include the puppeted users in monthly active user counts. ([\#11561](#11561), [\#11749](#11749), [\#11757](#11757))
- Include whether the requesting user has participated in a thread when generating a summary for [MSC3440](matrix-org/matrix-spec-proposals#3440). ([\#11577](#11577))
- Return an `M_FORBIDDEN` error code instead of `M_UNKNOWN` when a spam checker module prevents a user from creating a room. ([\#11672](#11672))
- Add a flag to the `synapse_review_recent_signups` script to ignore and filter appservice users. ([\#11675](#11675), [\#11770](#11770))

Bugfixes
--------

- Fix a long-standing issue which could cause Synapse to incorrectly accept data in the unsigned field of events
  received over federation. ([\#11530](#11530))
- Fix a long-standing bug where Synapse wouldn't cache a response indicating that a remote user has no devices. ([\#11587](#11587))
- Fix an error that occurs whilst trying to get the federation status of a destination server that was working normally. This admin API was newly introduced in Synapse v1.49.0. ([\#11593](#11593))
- Fix bundled aggregations not being included in the `/sync` response, per [MSC2675](matrix-org/matrix-spec-proposals#2675). ([\#11612](#11612), [\#11659](#11659), [\#11791](#11791))
- Fix the `/_matrix/client/v1/room/{roomId}/hierarchy` endpoint returning incorrect fields which have been present since Synapse 1.49.0. ([\#11667](#11667))
- Fix preview of some GIF URLs (like tenor.com). Contributed by Philippe Daouadi. ([\#11669](#11669))
- Fix a bug where only the first 50 rooms from a space were returned from the `/hierarchy` API. This has existed since the introduction of the API in Synapse v1.41.0. ([\#11695](#11695))
- Fix a bug introduced in Synapse v1.18.0 where password reset and address validation emails would not be sent if their subject was configured to use the 'app' template variable. Contributed by @br4nnigan. ([\#11710](#11710), [\#11745](#11745))
- Make the 'List Rooms' Admin API sort stable. Contributed by Daniël Sonck. ([\#11737](#11737))
- Fix a long-standing bug where space hierarchy over federation would only work correctly some of the time. ([\#11775](#11775))
- Fix a bug introduced in Synapse v1.46.0 that prevented `on_logged_out` module callbacks from being correctly awaited by Synapse. ([\#11786](#11786))

Improved Documentation
----------------------

- Warn against using a Let's Encrypt certificate for TLS/DTLS TURN server client connections, and suggest using ZeroSSL certificate instead. This works around client-side connectivity errors caused by WebRTC libraries that reject Let's Encrypt certificates. Contibuted by @AndrewFerr. ([\#11686](#11686))
- Document the new `SYNAPSE_TEST_PERSIST_SQLITE_DB` environment variable in the contributing guide. ([\#11715](#11715))
- Document that the minimum supported PostgreSQL version is now 10. ([\#11725](#11725))
- Fix typo in demo docs: differnt. ([\#11735](#11735))
- Update room spec URL in config files. ([\#11739](#11739))
- Mention `python3-venv` and `libpq-dev` dependencies in the contribution guide. ([\#11740](#11740))
- Update documentation for configuring login with Facebook. ([\#11755](#11755))
- Update installation instructions to note that Python 3.6 is no longer supported. ([\#11781](#11781))

Deprecations and Removals
-------------------------

- Remove the unstable `/send_relation` endpoint. ([\#11682](#11682))
- Remove `python_twisted_reactor_pending_calls` Prometheus metric. ([\#11724](#11724))
- Remove the `password_hash` field from the response dictionaries of the [Users Admin API](https://matrix-org.github.io/synapse/latest/admin_api/user_admin_api.html). ([\#11576](#11576))
- Deprecate support for `webclient` listeners and non-HTTP(S) `web_client_location` configuration. ([\#11774](#11774), [\#11783](#11783))

Internal Changes
----------------

- Run `pyupgrade --py37-plus --keep-percent-format` on Synapse. ([\#11685](#11685))
- Use buildkit's cache feature to speed up docker builds. ([\#11691](#11691))
- Use `auto_attribs` and native type hints for attrs classes. ([\#11692](#11692), [\#11768](#11768))
- Remove debug logging for #4422, which has been closed since Synapse 0.99. ([\#11693](#11693))
- Remove fallback code for Python 2. ([\#11699](#11699))
- Add a test for [an edge case](#11532 (comment)) in the `/sync` logic. ([\#11701](#11701))
- Add the option to write SQLite test dbs to disk when running tests. ([\#11702](#11702))
- Improve Complement test output for Gitub Actions. ([\#11707](#11707))
- Fix docstring on `add_account_data_for_user`. ([\#11716](#11716))
- Complement environment variable name change and update `.gitignore`. ([\#11718](#11718))
- Simplify calculation of Prometheus metrics for garbage collection. ([\#11723](#11723))
- Improve accuracy of `python_twisted_reactor_tick_time` Prometheus metric. ([\#11724](#11724), [\#11771](#11771))
- Minor efficiency improvements when inserting many values into the database. ([\#11742](#11742))
- Invite PR authors to give themselves credit in the changelog. ([\#11744](#11744))
- Add optional debugging to investigate [issue 8631](#8631). ([\#11760](#11760))
- Remove `log_function` utility function and its uses. ([\#11761](#11761))
- Add a unit test that checks both `client` and `webclient` resources will function when simultaneously enabled. ([\#11765](#11765))
- Allow overriding complement commit using `COMPLEMENT_REF`. ([\#11766](#11766))
- Add some comments and type annotations for `_update_outliers_txn`. ([\#11776](#11776))
DMRobertson pushed a commit that referenced this pull request Jan 25, 2022
Synapse 1.51.0 (2022-01-25)
===========================

No significant changes since 1.51.0rc2.

Synapse 1.51.0 deprecates `webclient` listeners and non-HTTP(S) `web_client_location`s. Support for these will be removed in Synapse 1.53.0, at which point Synapse will not be capable of directly serving a web client for Matrix.

Synapse 1.51.0rc2 (2022-01-24)
==============================

Bugfixes
--------

- Fix a bug introduced in Synapse 1.40.0 that caused Synapse to fail to process incoming federation traffic after handling a large amount of events in a v1 room. ([\#11806](#11806))

Synapse 1.51.0rc1 (2022-01-21)
==============================

Features
--------

- Add `track_puppeted_user_ips` config flag to record client IP addresses against puppeted users, and include the puppeted users in monthly active user counts. ([\#11561](#11561), [\#11749](#11749), [\#11757](#11757))
- Include whether the requesting user has participated in a thread when generating a summary for [MSC3440](matrix-org/matrix-spec-proposals#3440). ([\#11577](#11577))
- Return an `M_FORBIDDEN` error code instead of `M_UNKNOWN` when a spam checker module prevents a user from creating a room. ([\#11672](#11672))
- Add a flag to the `synapse_review_recent_signups` script to ignore and filter appservice users. ([\#11675](#11675), [\#11770](#11770))

Bugfixes
--------

- Fix a long-standing issue which could cause Synapse to incorrectly accept data in the unsigned field of events
  received over federation. ([\#11530](#11530))
- Fix a long-standing bug where Synapse wouldn't cache a response indicating that a remote user has no devices. ([\#11587](#11587))
- Fix an error that occurs whilst trying to get the federation status of a destination server that was working normally. This admin API was newly introduced in Synapse v1.49.0. ([\#11593](#11593))
- Fix bundled aggregations not being included in the `/sync` response, per [MSC2675](matrix-org/matrix-spec-proposals#2675). ([\#11612](#11612), [\#11659](#11659), [\#11791](#11791))
- Fix the `/_matrix/client/v1/room/{roomId}/hierarchy` endpoint returning incorrect fields which have been present since Synapse 1.49.0. ([\#11667](#11667))
- Fix preview of some GIF URLs (like tenor.com). Contributed by Philippe Daouadi. ([\#11669](#11669))
- Fix a bug where only the first 50 rooms from a space were returned from the `/hierarchy` API. This has existed since the introduction of the API in Synapse v1.41.0. ([\#11695](#11695))
- Fix a bug introduced in Synapse v1.18.0 where password reset and address validation emails would not be sent if their subject was configured to use the 'app' template variable. Contributed by @br4nnigan. ([\#11710](#11710), [\#11745](#11745))
- Make the 'List Rooms' Admin API sort stable. Contributed by Daniël Sonck. ([\#11737](#11737))
- Fix a long-standing bug where space hierarchy over federation would only work correctly some of the time. ([\#11775](#11775))
- Fix a bug introduced in Synapse v1.46.0 that prevented `on_logged_out` module callbacks from being correctly awaited by Synapse. ([\#11786](#11786))

Improved Documentation
----------------------

- Warn against using a Let's Encrypt certificate for TLS/DTLS TURN server client connections, and suggest using ZeroSSL certificate instead. This works around client-side connectivity errors caused by WebRTC libraries that reject Let's Encrypt certificates. Contibuted by @AndrewFerr. ([\#11686](#11686))
- Document the new `SYNAPSE_TEST_PERSIST_SQLITE_DB` environment variable in the contributing guide. ([\#11715](#11715))
- Document that the minimum supported PostgreSQL version is now 10. ([\#11725](#11725))
- Fix typo in demo docs: differnt. ([\#11735](#11735))
- Update room spec URL in config files. ([\#11739](#11739))
- Mention `python3-venv` and `libpq-dev` dependencies in the contribution guide. ([\#11740](#11740))
- Update documentation for configuring login with Facebook. ([\#11755](#11755))
- Update installation instructions to note that Python 3.6 is no longer supported. ([\#11781](#11781))

Deprecations and Removals
-------------------------

- Remove the unstable `/send_relation` endpoint. ([\#11682](#11682))
- Remove `python_twisted_reactor_pending_calls` Prometheus metric. ([\#11724](#11724))
- Remove the `password_hash` field from the response dictionaries of the [Users Admin API](https://matrix-org.github.io/synapse/latest/admin_api/user_admin_api.html). ([\#11576](#11576))
- **Deprecate support for `webclient` listeners and non-HTTP(S) `web_client_location` configuration. ([\#11774](#11774), [\#11783](#11783

Internal Changes
----------------

- Run `pyupgrade --py37-plus --keep-percent-format` on Synapse. ([\#11685](#11685))
- Use buildkit's cache feature to speed up docker builds. ([\#11691](#11691))
- Use `auto_attribs` and native type hints for attrs classes. ([\#11692](#11692), [\#11768](#11768))
- Remove debug logging for #4422, which has been closed since Synapse 0.99. ([\#11693](#11693))
- Remove fallback code for Python 2. ([\#11699](#11699))
- Add a test for [an edge case](#11532 (comment)) in the `/sync` logic. ([\#11701](#11701))
- Add the option to write SQLite test dbs to disk when running tests. ([\#11702](#11702))
- Improve Complement test output for Gitub Actions. ([\#11707](#11707))
- Fix docstring on `add_account_data_for_user`. ([\#11716](#11716))
- Complement environment variable name change and update `.gitignore`. ([\#11718](#11718))
- Simplify calculation of Prometheus metrics for garbage collection. ([\#11723](#11723))
- Improve accuracy of `python_twisted_reactor_tick_time` Prometheus metric. ([\#11724](#11724), [\#11771](#11771))
- Minor efficiency improvements when inserting many values into the database. ([\#11742](#11742))
- Invite PR authors to give themselves credit in the changelog. ([\#11744](#11744))
- Add optional debugging to investigate [issue 8631](#8631). ([\#11760](#11760))
- Remove `log_function` utility function and its uses. ([\#11761](#11761))
- Add a unit test that checks both `client` and `webclient` resources will function when simultaneously enabled. ([\#11765](#11765))
- Allow overriding complement commit using `COMPLEMENT_REF`. ([\#11766](#11766))
- Add some comments and type annotations for `_update_outliers_txn`. ([\#11776](#11776))
netbsd-srcmastr pushed a commit to NetBSD/pkgsrc that referenced this pull request Jan 30, 2022
Synapse 1.51.0 (2022-01-25)
===========================

No significant changes since 1.51.0rc2.

Synapse 1.51.0 deprecates `webclient` listeners and non-HTTP(S) `web_client_location`s. Support for these will be removed in Synapse 1.53.0, at which point Synapse will not be capable of directly serving a web client for Matrix.

Synapse 1.51.0rc2 (2022-01-24)
==============================

Bugfixes
--------

- Fix a bug introduced in Synapse 1.40.0 that caused Synapse to fail to process incoming federation traffic after handling a large amount of events in a v1 room. ([\#11806](matrix-org/synapse#11806))


Synapse 1.51.0rc1 (2022-01-21)
==============================

Features
--------

- Add `track_puppeted_user_ips` config flag to record client IP addresses against puppeted users, and include the puppeted users in monthly active user counts. ([\#11561](matrix-org/synapse#11561), [\#11749](matrix-org/synapse#11749), [\#11757](matrix-org/synapse#11757))
- Include whether the requesting user has participated in a thread when generating a summary for [MSC3440](matrix-org/matrix-spec-proposals#3440). ([\#11577](matrix-org/synapse#11577))
- Return an `M_FORBIDDEN` error code instead of `M_UNKNOWN` when a spam checker module prevents a user from creating a room. ([\#11672](matrix-org/synapse#11672))
- Add a flag to the `synapse_review_recent_signups` script to ignore and filter appservice users. ([\#11675](matrix-org/synapse#11675), [\#11770](matrix-org/synapse#11770))


Bugfixes
--------

- Fix a long-standing issue which could cause Synapse to incorrectly accept data in the unsigned field of events
  received over federation. ([\#11530](matrix-org/synapse#11530))
- Fix a long-standing bug where Synapse wouldn't cache a response indicating that a remote user has no devices. ([\#11587](matrix-org/synapse#11587))
- Fix an error that occurs whilst trying to get the federation status of a destination server that was working normally. This admin API was newly introduced in Synapse v1.49.0. ([\#11593](matrix-org/synapse#11593))
- Fix bundled aggregations not being included in the `/sync` response, per [MSC2675](matrix-org/matrix-spec-proposals#2675). ([\#11612](matrix-org/synapse#11612), [\#11659](matrix-org/synapse#11659), [\#11791](matrix-org/synapse#11791))
- Fix the `/_matrix/client/v1/room/{roomId}/hierarchy` endpoint returning incorrect fields which have been present since Synapse 1.49.0. ([\#11667](matrix-org/synapse#11667))
- Fix preview of some GIF URLs (like tenor.com). Contributed by Philippe Daouadi. ([\#11669](matrix-org/synapse#11669))
- Fix a bug where only the first 50 rooms from a space were returned from the `/hierarchy` API. This has existed since the introduction of the API in Synapse v1.41.0. ([\#11695](matrix-org/synapse#11695))
- Fix a bug introduced in Synapse v1.18.0 where password reset and address validation emails would not be sent if their subject was configured to use the 'app' template variable. Contributed by @br4nnigan. ([\#11710](matrix-org/synapse#11710), [\#11745](matrix-org/synapse#11745))
- Make the 'List Rooms' Admin API sort stable. Contributed by Daniël Sonck. ([\#11737](matrix-org/synapse#11737))
- Fix a long-standing bug where space hierarchy over federation would only work correctly some of the time. ([\#11775](matrix-org/synapse#11775))
- Fix a bug introduced in Synapse v1.46.0 that prevented `on_logged_out` module callbacks from being correctly awaited by Synapse. ([\#11786](matrix-org/synapse#11786))


Improved Documentation
----------------------

- Warn against using a Let's Encrypt certificate for TLS/DTLS TURN server client connections, and suggest using ZeroSSL certificate instead. This works around client-side connectivity errors caused by WebRTC libraries that reject Let's Encrypt certificates. Contibuted by @AndrewFerr. ([\#11686](matrix-org/synapse#11686))
- Document the new `SYNAPSE_TEST_PERSIST_SQLITE_DB` environment variable in the contributing guide. ([\#11715](matrix-org/synapse#11715))
- Document that the minimum supported PostgreSQL version is now 10. ([\#11725](matrix-org/synapse#11725))
- Fix typo in demo docs: differnt. ([\#11735](matrix-org/synapse#11735))
- Update room spec URL in config files. ([\#11739](matrix-org/synapse#11739))
- Mention `python3-venv` and `libpq-dev` dependencies in the contribution guide. ([\#11740](matrix-org/synapse#11740))
- Update documentation for configuring login with Facebook. ([\#11755](matrix-org/synapse#11755))
- Update installation instructions to note that Python 3.6 is no longer supported. ([\#11781](matrix-org/synapse#11781))


Deprecations and Removals
-------------------------

- Remove the unstable `/send_relation` endpoint. ([\#11682](matrix-org/synapse#11682))
- Remove `python_twisted_reactor_pending_calls` Prometheus metric. ([\#11724](matrix-org/synapse#11724))
- Remove the `password_hash` field from the response dictionaries of the [Users Admin API](https://matrix-org.github.io/synapse/latest/admin_api/user_admin_api.html). ([\#11576](matrix-org/synapse#11576))
- **Deprecate support for `webclient` listeners and non-HTTP(S) `web_client_location` configuration. ([\#11774](matrix-org/synapse#11774), [\#11783](matrix-org/synapse#11783


Internal Changes
----------------

- Run `pyupgrade --py37-plus --keep-percent-format` on Synapse. ([\#11685](matrix-org/synapse#11685))
- Use buildkit's cache feature to speed up docker builds. ([\#11691](matrix-org/synapse#11691))
- Use `auto_attribs` and native type hints for attrs classes. ([\#11692](matrix-org/synapse#11692), [\#11768](matrix-org/synapse#11768))
- Remove debug logging for #4422, which has been closed since Synapse 0.99. ([\#11693](matrix-org/synapse#11693))
- Remove fallback code for Python 2. ([\#11699](matrix-org/synapse#11699))
- Add a test for [an edge case](matrix-org/synapse#11532 (comment)) in the `/sync` logic. ([\#11701](matrix-org/synapse#11701))
- Add the option to write SQLite test dbs to disk when running tests. ([\#11702](matrix-org/synapse#11702))
- Improve Complement test output for Gitub Actions. ([\#11707](matrix-org/synapse#11707))
- Fix docstring on `add_account_data_for_user`. ([\#11716](matrix-org/synapse#11716))
- Complement environment variable name change and update `.gitignore`. ([\#11718](matrix-org/synapse#11718))
- Simplify calculation of Prometheus metrics for garbage collection. ([\#11723](matrix-org/synapse#11723))
- Improve accuracy of `python_twisted_reactor_tick_time` Prometheus metric. ([\#11724](matrix-org/synapse#11724), [\#11771](matrix-org/synapse#11771))
- Minor efficiency improvements when inserting many values into the database. ([\#11742](matrix-org/synapse#11742))
- Invite PR authors to give themselves credit in the changelog. ([\#11744](matrix-org/synapse#11744))
- Add optional debugging to investigate [issue 8631](matrix-org/synapse#8631). ([\#11760](matrix-org/synapse#11760))
- Remove `log_function` utility function and its uses. ([\#11761](matrix-org/synapse#11761))
- Add a unit test that checks both `client` and `webclient` resources will function when simultaneously enabled. ([\#11765](matrix-org/synapse#11765))
- Allow overriding complement commit using `COMPLEMENT_REF`. ([\#11766](matrix-org/synapse#11766))
- Add some comments and type annotations for `_update_outliers_txn`. ([\#11776](matrix-org/synapse#11776))


Synapse 1.50.1 (2022-01-18)
===========================

This release fixes a bug in Synapse 1.50.0 that could prevent clients from being able to connect to Synapse if the `webclient` resource was enabled. Further details are available in [this issue](matrix-org/synapse#11763).

Bugfixes
--------

- Fix a bug introduced in Synapse 1.50.0rc1 that could cause Matrix clients to be unable to connect to Synapse instances with the `webclient` resource enabled. ([\#11764](matrix-org/synapse#11764))


Synapse 1.50.0 (2022-01-18)
===========================

**This release contains a critical bug that may prevent clients from being able to connect.
As such, it is not recommended to upgrade to 1.50.0. Instead, please upgrade straight to
to 1.50.1. Further details are available in [this issue](matrix-org/synapse#11763

Please note that we now only support Python 3.7+ and PostgreSQL 10+ (if applicable), because Python 3.6 and PostgreSQL 9.6 have reached end-of-life.

No significant changes since 1.50.0rc2.


Synapse 1.50.0rc2 (2022-01-14)
==============================

This release candidate fixes a federation-breaking regression introduced in Synapse 1.50.0rc1.

Bugfixes
--------

- Fix a bug introduced in Synapse v1.0.0 whereby some device list updates would not be sent to remote homeservers if there were too many to send at once. ([\#11729](matrix-org/synapse#11729))
- Fix a bug introduced in Synapse v1.50.0rc1 whereby outbound federation could fail because too many EDUs were produced for device updates. ([\#11730](matrix-org/synapse#11730))


Improved Documentation
----------------------

- Document that now the minimum supported PostgreSQL version is 10. ([\#11725](matrix-org/synapse#11725))


Internal Changes
----------------

- Fix a typechecker problem related to our (ab)use of `nacl.signing.SigningKey`s. ([\#11714](matrix-org/synapse#11714))


Synapse 1.50.0rc1 (2022-01-05)
==============================


Features
--------

- Allow guests to send state events per [MSC3419](matrix-org/matrix-spec-proposals#3419). ([\#11378](matrix-org/synapse#11378))
- Add experimental support for part of [MSC3202](matrix-org/matrix-spec-proposals#3202): allowing application services to masquerade as specific devices. ([\#11538](matrix-org/synapse#11538))
- Add admin API to get users' account data. ([\#11664](matrix-org/synapse#11664))
- Include the room topic in the stripped state included with invites and knocking. ([\#11666](matrix-org/synapse#11666))
- Send and handle cross-signing messages using the stable prefix. ([\#10520](matrix-org/synapse#10520))
- Support unprefixed versions of fallback key property names. ([\#11541](matrix-org/synapse#11541))


Bugfixes
--------

- Fix a long-standing bug where relations from other rooms could be included in the bundled aggregations of an event. ([\#11516](matrix-org/synapse#11516))
- Fix a long-standing bug which could cause `AssertionError`s to be written to the log when Synapse was restarted after purging events from the database. ([\#11536](matrix-org/synapse#11536), [\#11642](matrix-org/synapse#11642))
- Fix a bug introduced in Synapse 1.17.0 where a pusher created for an email with capital letters would fail to be created. ([\#11547](matrix-org/synapse#11547))
- Fix a long-standing bug where responses included bundled aggregations when they should not, per [MSC2675](matrix-org/matrix-spec-proposals#2675). ([\#11592](matrix-org/synapse#11592), [\#11623](matrix-org/synapse#11623))
- Fix a long-standing bug that some unknown endpoints would return HTML error pages instead of JSON `M_UNRECOGNIZED` errors. ([\#11602](matrix-org/synapse#11602))
- Fix a bug introduced in Synapse 1.19.3 which could sometimes cause `AssertionError`s when backfilling rooms over federation. ([\#11632](matrix-org/synapse#11632))


Improved Documentation
----------------------

- Update Synapse install command for FreeBSD as the package is now prefixed with `py38`. Contributed by @itchychips. ([\#11267](matrix-org/synapse#11267))
- Document the usage of refresh tokens. ([\#11427](matrix-org/synapse#11427))
- Add details for how to configure a TURN server when behind a NAT. Contibuted by @AndrewFerr. ([\#11553](matrix-org/synapse#11553))
- Add references for using Postgres to the Docker documentation. ([\#11640](matrix-org/synapse#11640))
- Fix the documentation link in newly-generated configuration files. ([\#11678](matrix-org/synapse#11678))
- Correct the documentation for `nginx` to use a case-sensitive url pattern. Fixes an error introduced in v1.21.0. ([\#11680](matrix-org/synapse#11680))
- Clarify SSO mapping provider documentation by writing `def` or `async def` before the names of methods, as appropriate. ([\#11681](matrix-org/synapse#11681))


Deprecations and Removals
-------------------------

- Replace `mock` package by its standard library version. ([\#11588](matrix-org/synapse#11588))
- Drop support for Python 3.6 and Ubuntu 18.04. ([\#11633](matrix-org/synapse#11633))


Internal Changes
----------------

- Allow specific, experimental events to be created without `prev_events`. Used by [MSC2716](matrix-org/matrix-spec-proposals#2716). ([\#11243](matrix-org/synapse#11243))
- A test helper (`wait_for_background_updates`) no longer depends on classes defining a `store` property. ([\#11331](matrix-org/synapse#11331))
- Add type hints to `synapse.appservice`. ([\#11360](matrix-org/synapse#11360))
- Add missing type hints to `synapse.config` module. ([\#11480](matrix-org/synapse#11480))
- Add test to ensure we share the same `state_group` across the whole historical batch when using the [MSC2716](matrix-org/matrix-spec-proposals#2716) `/batch_send` endpoint. ([\#11487](matrix-org/synapse#11487))
- Refactor `tests.util.setup_test_homeserver` and `tests.server.setup_test_homeserver`. ([\#11503](matrix-org/synapse#11503))
- Move `glob_to_regex` and `re_word_boundary` to `matrix-python-common`. ([\#11505](matrix-org/synapse#11505), [\#11687](matrix-org/synapse#11687))
- Use `HTTPStatus` constants in place of literals in `tests.rest.client.test_auth`. ([\#11520](matrix-org/synapse#11520))
- Add a receipt types constant for `m.read`. ([\#11531](matrix-org/synapse#11531))
- Clean up `synapse.rest.admin`. ([\#11535](matrix-org/synapse#11535))
- Add missing `errcode` to `parse_string` and `parse_boolean`. ([\#11542](matrix-org/synapse#11542))
- Use `HTTPStatus` constants in place of literals in `synapse.http`. ([\#11543](matrix-org/synapse#11543))
- Add missing type hints to storage classes. ([\#11546](matrix-org/synapse#11546), [\#11549](matrix-org/synapse#11549), [\#11551](matrix-org/synapse#11551), [\#11555](matrix-org/synapse#11555), [\#11575](matrix-org/synapse#11575), [\#11589](matrix-org/synapse#11589), [\#11594](matrix-org/synapse#11594), [\#11652](matrix-org/synapse#11652), [\#11653](matrix-org/synapse#11653), [\#11654](matrix-org/synapse#11654), [\#11657](matrix-org/synapse#11657))
- Fix an inaccurate and misleading comment in the `/sync` code. ([\#11550](matrix-org/synapse#11550))
- Add missing type hints to `synapse.logging.context`. ([\#11556](matrix-org/synapse#11556))
- Stop populating unused database column `state_events.prev_state`. ([\#11558](matrix-org/synapse#11558))
- Minor efficiency improvements in event persistence. ([\#11560](matrix-org/synapse#11560))
- Add some safety checks that storage functions are used correctly. ([\#11564](matrix-org/synapse#11564), [\#11580](matrix-org/synapse#11580))
- Make `get_device` return `None` if the device doesn't exist rather than raising an exception. ([\#11565](matrix-org/synapse#11565))
- Split the HTML parsing code from the URL preview resource code. ([\#11566](matrix-org/synapse#11566))
- Remove redundant `COALESCE()`s around `COUNT()`s in database queries. ([\#11570](matrix-org/synapse#11570))
- Add missing type hints to `synapse.http`. ([\#11571](matrix-org/synapse#11571))
- Add [MSC2716](matrix-org/matrix-spec-proposals#2716) and [MSC3030](matrix-org/matrix-spec-proposals#3030) to `/versions` -> `unstable_features` to detect server support. ([\#11582](matrix-org/synapse#11582))
- Add type hints to `synapse/tests/rest/admin`. ([\#11590](matrix-org/synapse#11590))
- Drop end-of-life Python 3.6 and Postgres 9.6 from CI. ([\#11595](matrix-org/synapse#11595))
- Update black version and run it on all the files. ([\#11596](matrix-org/synapse#11596))
- Add opentracing type stubs and fix associated mypy errors. ([\#11603](matrix-org/synapse#11603), [\#11622](matrix-org/synapse#11622))
- Improve OpenTracing support for requests which use a `ResponseCache`. ([\#11607](matrix-org/synapse#11607))
- Improve OpenTracing support for incoming HTTP requests. ([\#11618](matrix-org/synapse#11618))
- A number of improvements to opentracing support. ([\#11619](matrix-org/synapse#11619))
- Refactor the way that the `outlier` flag is set on events received over federation. ([\#11634](matrix-org/synapse#11634))
- Improve the error messages from  `get_create_event_for_room`. ([\#11638](matrix-org/synapse#11638))
- Remove redundant `get_current_events_token` method. ([\#11643](matrix-org/synapse#11643))
- Convert `namedtuples` to `attrs`. ([\#11665](matrix-org/synapse#11665), [\#11574](matrix-org/synapse#11574))
- Update the `/capabilities` response to include whether support for [MSC3440](matrix-org/matrix-spec-proposals#3440) is available. ([\#11690](matrix-org/synapse#11690))
- Send the `Accept` header in HTTP requests made using `SimpleHttpClient.get_json`. ([\#11677](matrix-org/synapse#11677))
- Work around Mjolnir compatibility issue by adding an import for `glob_to_regex` in `synapse.util`, where it moved from. ([\#11696](matrix-org/synapse#11696))


Synapse 1.49.2 (2021-12-21)
===========================

This release fixes a regression introduced in Synapse 1.49.0 which could cause `/sync` requests to take significantly longer. This would particularly affect "initial" syncs for users participating in a large number of rooms, and in extreme cases, could make it impossible for such users to log in on a new client.

**Note:** in line with our [deprecation policy](https://matrix-org.github.io/synapse/latest/deprecation_policy.html) for platform dependencies, this will be the last release to support Python 3.6 and PostgreSQL 9.6, both of which have now reached upstream end-of-life. Synapse will require Python 3.7+ and PostgreSQL 10+.

**Note:** We will also stop producing packages for Ubuntu 18.04 (Bionic Beaver) after this release, as it uses Python 3.6.

Bugfixes
--------

- Fix a performance regression in `/sync` handling, introduced in 1.49.0. ([\#11583](matrix-org/synapse#11583))

Internal Changes
----------------

- Work around a build problem on Debian Buster. ([\#11625](matrix-org/synapse#11625))


Synapse 1.49.1 (2021-12-21)
===========================

Not released due to problems building the debian packages.


Synapse 1.49.0 (2021-12-14)
===========================

No significant changes since version 1.49.0rc1.


Support for Ubuntu 21.04 ends next month on the 20th of January
---------------------------------------------------------------

For users of Ubuntu 21.04 (Hirsute Hippo), please be aware that [upstream support for this version of Ubuntu will end next month][Ubuntu2104EOL].
We will stop producing packages for Ubuntu 21.04 after upstream support ends.

[Ubuntu2104EOL]: https://lists.ubuntu.com/archives/ubuntu-announce/2021-December/000275.html


The wiki has been migrated to the documentation website
-------------------------------------------------------

We've decided to move the existing, somewhat stagnant pages from the GitHub wiki
to the [documentation website](https://matrix-org.github.io/synapse/latest/).

This was done for two reasons. The first was to ensure that changes are checked by
multiple authors before being committed (everyone makes mistakes!) and the second
was visibility of the documentation. Not everyone knows that Synapse has some very
useful information hidden away in its GitHub wiki pages. Bringing them to the
documentation website should help with visibility, as well as keep all Synapse documentation
in one, easily-searchable location.

Note that contributions to the documentation website happen through [GitHub pull
requests](https://github.com/matrix-org/synapse/pulls). Please visit [#synapse-dev:matrix.org](https://matrix.to/#/#synapse-dev:matrix.org)
if you need help with the process!


Synapse 1.49.0rc1 (2021-12-07)
==============================

Features
--------

- Add [MSC3030](matrix-org/matrix-spec-proposals#3030) experimental client and federation API endpoints to get the closest event to a given timestamp. ([\#9445](matrix-org/synapse#9445))
- Include bundled relation aggregations during a limited `/sync` request and `/relations` request, per [MSC2675](matrix-org/matrix-spec-proposals#2675). ([\#11284](matrix-org/synapse#11284), [\#11478](matrix-org/synapse#11478))
- Add plugin support for controlling database background updates. ([\#11306](matrix-org/synapse#11306), [\#11475](matrix-org/synapse#11475), [\#11479](matrix-org/synapse#11479))
- Support the stable API endpoints for [MSC2946](matrix-org/matrix-spec-proposals#2946): the room `/hierarchy` endpoint. ([\#11329](matrix-org/synapse#11329))
- Add admin API to get some information about federation status with remote servers. ([\#11407](matrix-org/synapse#11407))
- Support expiry of refresh tokens and expiry of the overall session when refresh tokens are in use. ([\#11425](matrix-org/synapse#11425))
- Stabilise support for [MSC2918](https://github.com/matrix-org/matrix-doc/blob/main/proposals/2918-refreshtokens.md#msc2918-refresh-tokens) refresh tokens as they have now been merged into the Matrix specification. ([\#11435](matrix-org/synapse#11435), [\#11522](matrix-org/synapse#11522))
- Update [MSC2918 refresh token](https://github.com/matrix-org/matrix-doc/blob/main/proposals/2918-refreshtokens.md#msc2918-refresh-tokens) support to confirm with the latest revision: accept the `refresh_tokens` parameter in the request body rather than in the URL parameters. ([\#11430](matrix-org/synapse#11430))
- Support configuring the lifetime of non-refreshable access tokens separately to refreshable access tokens. ([\#11445](matrix-org/synapse#11445))
- Expose `synapse_homeserver` and `synapse_worker` commands as entry points to run Synapse's main process and worker processes, respectively. Contributed by @Ma27. ([\#11449](matrix-org/synapse#11449))
- `synctl stop` will now wait for Synapse to exit before returning. ([\#11459](matrix-org/synapse#11459), [\#11490](matrix-org/synapse#11490))
- Extend the "delete room" admin api to work correctly on rooms which have previously been partially deleted. ([\#11523](matrix-org/synapse#11523))
- Add support for the `/_matrix/client/v3/login/sso/redirect/{idpId}` API from Matrix v1.1. This endpoint was overlooked when support for v3 endpoints was added in Synapse 1.48.0rc1. ([\#11451](matrix-org/synapse#11451))


Bugfixes
--------

- Fix using [MSC2716](matrix-org/matrix-spec-proposals#2716) batch sending in combination with event persistence workers. Contributed by @tulir at Beeper. ([\#11220](matrix-org/synapse#11220))
- Fix a long-standing bug where all requests that read events from the database could get stuck as a result of losing the database connection, properly this time. Also fix a race condition introduced in the previous insufficient fix in Synapse 1.47.0. ([\#11376](matrix-org/synapse#11376))
- The `/send_join` response now includes the stable `event` field instead of the unstable field from [MSC3083](matrix-org/matrix-spec-proposals#3083). ([\#11413](matrix-org/synapse#11413))
- Fix a bug introduced in Synapse 1.47.0 where `send_join` could fail due to an outdated `ijson` version. ([\#11439](matrix-org/synapse#11439), [\#11441](matrix-org/synapse#11441), [\#11460](matrix-org/synapse#11460))
- Fix a bug introduced in Synapse 1.36.0 which could cause problems fetching event-signing keys from trusted key servers. ([\#11440](matrix-org/synapse#11440))
- Fix a bug introduced in Synapse 1.47.1 where the media repository would fail to work if the media store path contained any symbolic links. ([\#11446](matrix-org/synapse#11446))
- Fix an `LruCache` corruption bug, introduced in Synapse 1.38.0, that would cause certain requests to fail until the next Synapse restart. ([\#11454](matrix-org/synapse#11454))
- Fix a long-standing bug where invites from ignored users were included in incremental syncs. ([\#11511](matrix-org/synapse#11511))
- Fix a regression in Synapse 1.48.0 where presence workers would not clear their presence updates over replication on shutdown. ([\#11518](matrix-org/synapse#11518))
- Fix a regression in Synapse 1.48.0 where the module API's `looping_background_call` method would spam errors to the logs when given a non-async function. ([\#11524](matrix-org/synapse#11524))


Updates to the Docker image
---------------------------

- Update `Dockerfile-workers` to healthcheck all workers in the container. ([\#11429](matrix-org/synapse#11429))


Improved Documentation
----------------------

- Update the media repository documentation. ([\#11415](matrix-org/synapse#11415))
- Update section about backward extremities in the room DAG concepts doc to correct the misconception about backward extremities indicating whether we have fetched an events' `prev_events`. ([\#11469](matrix-org/synapse#11469))


Internal Changes
----------------

- Add `Final` annotation to string constants in `synapse.api.constants` so that they get typed as `Literal`s. ([\#11356](matrix-org/synapse#11356))
- Add a check to ensure that users cannot start the Synapse master process when `worker_app` is set. ([\#11416](matrix-org/synapse#11416))
- Add a note about postgres memory management and hugepages to postgres doc. ([\#11467](matrix-org/synapse#11467))
- Add missing type hints to `synapse.config` module. ([\#11465](matrix-org/synapse#11465))
- Add missing type hints to `synapse.federation`. ([\#11483](matrix-org/synapse#11483))
- Add type annotations to `tests.storage.test_appservice`. ([\#11488](matrix-org/synapse#11488), [\#11492](matrix-org/synapse#11492))
- Add type annotations to some of the configuration surrounding refresh tokens. ([\#11428](matrix-org/synapse#11428))
- Add type hints to `synapse/tests/rest/admin`. ([\#11501](matrix-org/synapse#11501))
- Add type hints to storage classes. ([\#11411](matrix-org/synapse#11411))
- Add wiki pages to documentation website. ([\#11402](matrix-org/synapse#11402))
- Clean up `tests.storage.test_main` to remove use of legacy code. ([\#11493](matrix-org/synapse#11493))
- Clean up `tests.test_visibility` to remove legacy code. ([\#11495](matrix-org/synapse#11495))
- Convert status codes to `HTTPStatus` in `synapse.rest.admin`. ([\#11452](matrix-org/synapse#11452), [\#11455](matrix-org/synapse#11455))
- Extend the `scripts-dev/sign_json` script to support signing events. ([\#11486](matrix-org/synapse#11486))
- Improve internal types in push code. ([\#11409](matrix-org/synapse#11409))
- Improve type annotations in `synapse.module_api`. ([\#11029](matrix-org/synapse#11029))
- Improve type hints for `LruCache`. ([\#11453](matrix-org/synapse#11453))
- Preparation for database schema simplifications: disambiguate queries on `state_key`. ([\#11497](matrix-org/synapse#11497))
- Refactor `backfilled` into specific behavior function arguments (`_persist_events_and_state_updates` and downstream calls). ([\#11417](matrix-org/synapse#11417))
- Refactor `get_version_string` to fix-up types and duplicated code. ([\#11468](matrix-org/synapse#11468))
- Refactor various parts of the `/sync` handler. ([\#11494](matrix-org/synapse#11494), [\#11515](matrix-org/synapse#11515))
- Remove unnecessary `json.dumps` from `tests.rest.admin`. ([\#11461](matrix-org/synapse#11461))
- Save the OpenID Connect session ID on login. ([\#11482](matrix-org/synapse#11482))
- Update and clean up recently ported documentation pages. ([\#11466](matrix-org/synapse#11466))
PiotrKozimor added a commit to globekeeper/synapse that referenced this pull request Feb 1, 2022
Synapse 1.51.0 (2022-01-25)
===========================

No significant changes since 1.51.0rc2.

Synapse 1.51.0 deprecates `webclient` listeners and non-HTTP(S) `web_client_location`s. Support for these will be removed in Synapse 1.53.0, at which point Synapse will not be capable of directly serving a web client for Matrix.

Synapse 1.51.0rc2 (2022-01-24)
==============================

Bugfixes
--------

- Fix a bug introduced in Synapse 1.40.0 that caused Synapse to fail to process incoming federation traffic after handling a large amount of events in a v1 room. ([\matrix-org#11806](matrix-org#11806))

Synapse 1.51.0rc1 (2022-01-21)
==============================

Features
--------

- Add `track_puppeted_user_ips` config flag to record client IP addresses against puppeted users, and include the puppeted users in monthly active user counts. ([\matrix-org#11561](matrix-org#11561), [\matrix-org#11749](matrix-org#11749), [\matrix-org#11757](matrix-org#11757))
- Include whether the requesting user has participated in a thread when generating a summary for [MSC3440](matrix-org/matrix-spec-proposals#3440). ([\matrix-org#11577](matrix-org#11577))
- Return an `M_FORBIDDEN` error code instead of `M_UNKNOWN` when a spam checker module prevents a user from creating a room. ([\matrix-org#11672](matrix-org#11672))
- Add a flag to the `synapse_review_recent_signups` script to ignore and filter appservice users. ([\matrix-org#11675](matrix-org#11675), [\matrix-org#11770](matrix-org#11770))

Bugfixes
--------

- Fix a long-standing issue which could cause Synapse to incorrectly accept data in the unsigned field of events
  received over federation. ([\matrix-org#11530](matrix-org#11530))
- Fix a long-standing bug where Synapse wouldn't cache a response indicating that a remote user has no devices. ([\matrix-org#11587](matrix-org#11587))
- Fix an error that occurs whilst trying to get the federation status of a destination server that was working normally. This admin API was newly introduced in Synapse v1.49.0. ([\matrix-org#11593](matrix-org#11593))
- Fix bundled aggregations not being included in the `/sync` response, per [MSC2675](matrix-org/matrix-spec-proposals#2675). ([\matrix-org#11612](matrix-org#11612), [\matrix-org#11659](matrix-org#11659), [\matrix-org#11791](matrix-org#11791))
- Fix the `/_matrix/client/v1/room/{roomId}/hierarchy` endpoint returning incorrect fields which have been present since Synapse 1.49.0. ([\matrix-org#11667](matrix-org#11667))
- Fix preview of some GIF URLs (like tenor.com). Contributed by Philippe Daouadi. ([\matrix-org#11669](matrix-org#11669))
- Fix a bug where only the first 50 rooms from a space were returned from the `/hierarchy` API. This has existed since the introduction of the API in Synapse v1.41.0. ([\matrix-org#11695](matrix-org#11695))
- Fix a bug introduced in Synapse v1.18.0 where password reset and address validation emails would not be sent if their subject was configured to use the 'app' template variable. Contributed by @br4nnigan. ([\matrix-org#11710](matrix-org#11710), [\matrix-org#11745](matrix-org#11745))
- Make the 'List Rooms' Admin API sort stable. Contributed by Daniël Sonck. ([\matrix-org#11737](matrix-org#11737))
- Fix a long-standing bug where space hierarchy over federation would only work correctly some of the time. ([\matrix-org#11775](matrix-org#11775))
- Fix a bug introduced in Synapse v1.46.0 that prevented `on_logged_out` module callbacks from being correctly awaited by Synapse. ([\matrix-org#11786](matrix-org#11786))

Improved Documentation
----------------------

- Warn against using a Let's Encrypt certificate for TLS/DTLS TURN server client connections, and suggest using ZeroSSL certificate instead. This works around client-side connectivity errors caused by WebRTC libraries that reject Let's Encrypt certificates. Contibuted by @AndrewFerr. ([\matrix-org#11686](matrix-org#11686))
- Document the new `SYNAPSE_TEST_PERSIST_SQLITE_DB` environment variable in the contributing guide. ([\matrix-org#11715](matrix-org#11715))
- Document that the minimum supported PostgreSQL version is now 10. ([\matrix-org#11725](matrix-org#11725))
- Fix typo in demo docs: differnt. ([\matrix-org#11735](matrix-org#11735))
- Update room spec URL in config files. ([\matrix-org#11739](matrix-org#11739))
- Mention `python3-venv` and `libpq-dev` dependencies in the contribution guide. ([\matrix-org#11740](matrix-org#11740))
- Update documentation for configuring login with Facebook. ([\matrix-org#11755](matrix-org#11755))
- Update installation instructions to note that Python 3.6 is no longer supported. ([\matrix-org#11781](matrix-org#11781))

Deprecations and Removals
-------------------------

- Remove the unstable `/send_relation` endpoint. ([\matrix-org#11682](matrix-org#11682))
- Remove `python_twisted_reactor_pending_calls` Prometheus metric. ([\matrix-org#11724](matrix-org#11724))
- Remove the `password_hash` field from the response dictionaries of the [Users Admin API](https://matrix-org.github.io/synapse/latest/admin_api/user_admin_api.html). ([\matrix-org#11576](matrix-org#11576))
- **Deprecate support for `webclient` listeners and non-HTTP(S) `web_client_location` configuration. ([\matrix-org#11774](matrix-org#11774), [\matrix-org#11783](matrix-org#11783

Internal Changes
----------------

- Run `pyupgrade --py37-plus --keep-percent-format` on Synapse. ([\matrix-org#11685](matrix-org#11685))
- Use buildkit's cache feature to speed up docker builds. ([\matrix-org#11691](matrix-org#11691))
- Use `auto_attribs` and native type hints for attrs classes. ([\matrix-org#11692](matrix-org#11692), [\matrix-org#11768](matrix-org#11768))
- Remove debug logging for matrix-org#4422, which has been closed since Synapse 0.99. ([\matrix-org#11693](matrix-org#11693))
- Remove fallback code for Python 2. ([\matrix-org#11699](matrix-org#11699))
- Add a test for [an edge case](matrix-org#11532 (comment)) in the `/sync` logic. ([\matrix-org#11701](matrix-org#11701))
- Add the option to write SQLite test dbs to disk when running tests. ([\matrix-org#11702](matrix-org#11702))
- Improve Complement test output for Gitub Actions. ([\matrix-org#11707](matrix-org#11707))
- Fix docstring on `add_account_data_for_user`. ([\matrix-org#11716](matrix-org#11716))
- Complement environment variable name change and update `.gitignore`. ([\matrix-org#11718](matrix-org#11718))
- Simplify calculation of Prometheus metrics for garbage collection. ([\matrix-org#11723](matrix-org#11723))
- Improve accuracy of `python_twisted_reactor_tick_time` Prometheus metric. ([\matrix-org#11724](matrix-org#11724), [\matrix-org#11771](matrix-org#11771))
- Minor efficiency improvements when inserting many values into the database. ([\matrix-org#11742](matrix-org#11742))
- Invite PR authors to give themselves credit in the changelog. ([\matrix-org#11744](matrix-org#11744))
- Add optional debugging to investigate [issue 8631](matrix-org#8631). ([\matrix-org#11760](matrix-org#11760))
- Remove `log_function` utility function and its uses. ([\matrix-org#11761](matrix-org#11761))
- Add a unit test that checks both `client` and `webclient` resources will function when simultaneously enabled. ([\matrix-org#11765](matrix-org#11765))
- Allow overriding complement commit using `COMPLEMENT_REF`. ([\matrix-org#11766](matrix-org#11766))
- Add some comments and type annotations for `_update_outliers_txn`. ([\matrix-org#11776](matrix-org#11776))
babolivier added a commit to matrix-org/synapse-dinsic that referenced this pull request Feb 7, 2022
Synapse 1.51.0 (2022-01-25)
===========================

No significant changes since 1.51.0rc2.

Synapse 1.51.0 deprecates `webclient` listeners and non-HTTP(S) `web_client_location`s. Support for these will be removed in Synapse 1.53.0, at which point Synapse will not be capable of directly serving a web client for Matrix.

Synapse 1.51.0rc2 (2022-01-24)
==============================

Bugfixes
--------

- Fix a bug introduced in Synapse 1.40.0 that caused Synapse to fail to process incoming federation traffic after handling a large amount of events in a v1 room. ([\#11806](matrix-org/synapse#11806))

Synapse 1.51.0rc1 (2022-01-21)
==============================

Features
--------

- Add `track_puppeted_user_ips` config flag to record client IP addresses against puppeted users, and include the puppeted users in monthly active user counts. ([\#11561](matrix-org/synapse#11561), [\#11749](matrix-org/synapse#11749), [\#11757](matrix-org/synapse#11757))
- Include whether the requesting user has participated in a thread when generating a summary for [MSC3440](matrix-org/matrix-spec-proposals#3440). ([\#11577](matrix-org/synapse#11577))
- Return an `M_FORBIDDEN` error code instead of `M_UNKNOWN` when a spam checker module prevents a user from creating a room. ([\#11672](matrix-org/synapse#11672))
- Add a flag to the `synapse_review_recent_signups` script to ignore and filter appservice users. ([\#11675](matrix-org/synapse#11675), [\#11770](matrix-org/synapse#11770))

Bugfixes
--------

- Fix a long-standing issue which could cause Synapse to incorrectly accept data in the unsigned field of events
  received over federation. ([\#11530](matrix-org/synapse#11530))
- Fix a long-standing bug where Synapse wouldn't cache a response indicating that a remote user has no devices. ([\#11587](matrix-org/synapse#11587))
- Fix an error that occurs whilst trying to get the federation status of a destination server that was working normally. This admin API was newly introduced in Synapse v1.49.0. ([\#11593](matrix-org/synapse#11593))
- Fix bundled aggregations not being included in the `/sync` response, per [MSC2675](matrix-org/matrix-spec-proposals#2675). ([\#11612](matrix-org/synapse#11612), [\#11659](matrix-org/synapse#11659), [\#11791](matrix-org/synapse#11791))
- Fix the `/_matrix/client/v1/room/{roomId}/hierarchy` endpoint returning incorrect fields which have been present since Synapse 1.49.0. ([\#11667](matrix-org/synapse#11667))
- Fix preview of some GIF URLs (like tenor.com). Contributed by Philippe Daouadi. ([\#11669](matrix-org/synapse#11669))
- Fix a bug where only the first 50 rooms from a space were returned from the `/hierarchy` API. This has existed since the introduction of the API in Synapse v1.41.0. ([\#11695](matrix-org/synapse#11695))
- Fix a bug introduced in Synapse v1.18.0 where password reset and address validation emails would not be sent if their subject was configured to use the 'app' template variable. Contributed by @br4nnigan. ([\#11710](matrix-org/synapse#11710), [\#11745](matrix-org/synapse#11745))
- Make the 'List Rooms' Admin API sort stable. Contributed by Daniël Sonck. ([\#11737](matrix-org/synapse#11737))
- Fix a long-standing bug where space hierarchy over federation would only work correctly some of the time. ([\#11775](matrix-org/synapse#11775))
- Fix a bug introduced in Synapse v1.46.0 that prevented `on_logged_out` module callbacks from being correctly awaited by Synapse. ([\#11786](matrix-org/synapse#11786))

Improved Documentation
----------------------

- Warn against using a Let's Encrypt certificate for TLS/DTLS TURN server client connections, and suggest using ZeroSSL certificate instead. This works around client-side connectivity errors caused by WebRTC libraries that reject Let's Encrypt certificates. Contibuted by @AndrewFerr. ([\#11686](matrix-org/synapse#11686))
- Document the new `SYNAPSE_TEST_PERSIST_SQLITE_DB` environment variable in the contributing guide. ([\#11715](matrix-org/synapse#11715))
- Document that the minimum supported PostgreSQL version is now 10. ([\#11725](matrix-org/synapse#11725))
- Fix typo in demo docs: differnt. ([\#11735](matrix-org/synapse#11735))
- Update room spec URL in config files. ([\#11739](matrix-org/synapse#11739))
- Mention `python3-venv` and `libpq-dev` dependencies in the contribution guide. ([\#11740](matrix-org/synapse#11740))
- Update documentation for configuring login with Facebook. ([\#11755](matrix-org/synapse#11755))
- Update installation instructions to note that Python 3.6 is no longer supported. ([\#11781](matrix-org/synapse#11781))

Deprecations and Removals
-------------------------

- Remove the unstable `/send_relation` endpoint. ([\#11682](matrix-org/synapse#11682))
- Remove `python_twisted_reactor_pending_calls` Prometheus metric. ([\#11724](matrix-org/synapse#11724))
- Remove the `password_hash` field from the response dictionaries of the [Users Admin API](https://matrix-org.github.io/synapse/latest/admin_api/user_admin_api.html). ([\#11576](matrix-org/synapse#11576))
- **Deprecate support for `webclient` listeners and non-HTTP(S) `web_client_location` configuration. ([\#11774](matrix-org/synapse#11774), [\#11783](matrix-org/synapse#11783

Internal Changes
----------------

- Run `pyupgrade --py37-plus --keep-percent-format` on Synapse. ([\#11685](matrix-org/synapse#11685))
- Use buildkit's cache feature to speed up docker builds. ([\#11691](matrix-org/synapse#11691))
- Use `auto_attribs` and native type hints for attrs classes. ([\#11692](matrix-org/synapse#11692), [\#11768](matrix-org/synapse#11768))
- Remove debug logging for #4422, which has been closed since Synapse 0.99. ([\#11693](matrix-org/synapse#11693))
- Remove fallback code for Python 2. ([\#11699](matrix-org/synapse#11699))
- Add a test for [an edge case](matrix-org/synapse#11532 (comment)) in the `/sync` logic. ([\#11701](matrix-org/synapse#11701))
- Add the option to write SQLite test dbs to disk when running tests. ([\#11702](matrix-org/synapse#11702))
- Improve Complement test output for Gitub Actions. ([\#11707](matrix-org/synapse#11707))
- Fix docstring on `add_account_data_for_user`. ([\#11716](matrix-org/synapse#11716))
- Complement environment variable name change and update `.gitignore`. ([\#11718](matrix-org/synapse#11718))
- Simplify calculation of Prometheus metrics for garbage collection. ([\#11723](matrix-org/synapse#11723))
- Improve accuracy of `python_twisted_reactor_tick_time` Prometheus metric. ([\#11724](matrix-org/synapse#11724), [\#11771](matrix-org/synapse#11771))
- Minor efficiency improvements when inserting many values into the database. ([\#11742](matrix-org/synapse#11742))
- Invite PR authors to give themselves credit in the changelog. ([\#11744](matrix-org/synapse#11744))
- Add optional debugging to investigate [issue 8631](matrix-org/synapse#8631). ([\#11760](matrix-org/synapse#11760))
- Remove `log_function` utility function and its uses. ([\#11761](matrix-org/synapse#11761))
- Add a unit test that checks both `client` and `webclient` resources will function when simultaneously enabled. ([\#11765](matrix-org/synapse#11765))
- Allow overriding complement commit using `COMPLEMENT_REF`. ([\#11766](matrix-org/synapse#11766))
- Add some comments and type annotations for `_update_outliers_txn`. ([\#11776](matrix-org/synapse#11776))
Fizzadar pushed a commit to Fizzadar/synapse that referenced this pull request Mar 7, 2022
Synapse 1.51.0 (2022-01-25)
===========================

No significant changes since 1.51.0rc2.

Synapse 1.51.0 deprecates `webclient` listeners and non-HTTP(S) `web_client_location`s. Support for these will be removed in Synapse 1.53.0, at which point Synapse will not be capable of directly serving a web client for Matrix.

Synapse 1.51.0rc2 (2022-01-24)
==============================

Bugfixes
--------

- Fix a bug introduced in Synapse 1.40.0 that caused Synapse to fail to process incoming federation traffic after handling a large amount of events in a v1 room. ([\matrix-org#11806](matrix-org#11806))

Synapse 1.51.0rc1 (2022-01-21)
==============================

Features
--------

- Add `track_puppeted_user_ips` config flag to record client IP addresses against puppeted users, and include the puppeted users in monthly active user counts. ([\matrix-org#11561](matrix-org#11561), [\matrix-org#11749](matrix-org#11749), [\matrix-org#11757](matrix-org#11757))
- Include whether the requesting user has participated in a thread when generating a summary for [MSC3440](matrix-org/matrix-spec-proposals#3440). ([\matrix-org#11577](matrix-org#11577))
- Return an `M_FORBIDDEN` error code instead of `M_UNKNOWN` when a spam checker module prevents a user from creating a room. ([\matrix-org#11672](matrix-org#11672))
- Add a flag to the `synapse_review_recent_signups` script to ignore and filter appservice users. ([\matrix-org#11675](matrix-org#11675), [\matrix-org#11770](matrix-org#11770))

Bugfixes
--------

- Fix a long-standing issue which could cause Synapse to incorrectly accept data in the unsigned field of events
  received over federation. ([\matrix-org#11530](matrix-org#11530))
- Fix a long-standing bug where Synapse wouldn't cache a response indicating that a remote user has no devices. ([\matrix-org#11587](matrix-org#11587))
- Fix an error that occurs whilst trying to get the federation status of a destination server that was working normally. This admin API was newly introduced in Synapse v1.49.0. ([\matrix-org#11593](matrix-org#11593))
- Fix bundled aggregations not being included in the `/sync` response, per [MSC2675](matrix-org/matrix-spec-proposals#2675). ([\matrix-org#11612](matrix-org#11612), [\matrix-org#11659](matrix-org#11659), [\matrix-org#11791](matrix-org#11791))
- Fix the `/_matrix/client/v1/room/{roomId}/hierarchy` endpoint returning incorrect fields which have been present since Synapse 1.49.0. ([\matrix-org#11667](matrix-org#11667))
- Fix preview of some GIF URLs (like tenor.com). Contributed by Philippe Daouadi. ([\matrix-org#11669](matrix-org#11669))
- Fix a bug where only the first 50 rooms from a space were returned from the `/hierarchy` API. This has existed since the introduction of the API in Synapse v1.41.0. ([\matrix-org#11695](matrix-org#11695))
- Fix a bug introduced in Synapse v1.18.0 where password reset and address validation emails would not be sent if their subject was configured to use the 'app' template variable. Contributed by @br4nnigan. ([\matrix-org#11710](matrix-org#11710), [\matrix-org#11745](matrix-org#11745))
- Make the 'List Rooms' Admin API sort stable. Contributed by Daniël Sonck. ([\matrix-org#11737](matrix-org#11737))
- Fix a long-standing bug where space hierarchy over federation would only work correctly some of the time. ([\matrix-org#11775](matrix-org#11775))
- Fix a bug introduced in Synapse v1.46.0 that prevented `on_logged_out` module callbacks from being correctly awaited by Synapse. ([\matrix-org#11786](matrix-org#11786))

Improved Documentation
----------------------

- Warn against using a Let's Encrypt certificate for TLS/DTLS TURN server client connections, and suggest using ZeroSSL certificate instead. This works around client-side connectivity errors caused by WebRTC libraries that reject Let's Encrypt certificates. Contibuted by @AndrewFerr. ([\matrix-org#11686](matrix-org#11686))
- Document the new `SYNAPSE_TEST_PERSIST_SQLITE_DB` environment variable in the contributing guide. ([\matrix-org#11715](matrix-org#11715))
- Document that the minimum supported PostgreSQL version is now 10. ([\matrix-org#11725](matrix-org#11725))
- Fix typo in demo docs: differnt. ([\matrix-org#11735](matrix-org#11735))
- Update room spec URL in config files. ([\matrix-org#11739](matrix-org#11739))
- Mention `python3-venv` and `libpq-dev` dependencies in the contribution guide. ([\matrix-org#11740](matrix-org#11740))
- Update documentation for configuring login with Facebook. ([\matrix-org#11755](matrix-org#11755))
- Update installation instructions to note that Python 3.6 is no longer supported. ([\matrix-org#11781](matrix-org#11781))

Deprecations and Removals
-------------------------

- Remove the unstable `/send_relation` endpoint. ([\matrix-org#11682](matrix-org#11682))
- Remove `python_twisted_reactor_pending_calls` Prometheus metric. ([\matrix-org#11724](matrix-org#11724))
- Remove the `password_hash` field from the response dictionaries of the [Users Admin API](https://matrix-org.github.io/synapse/latest/admin_api/user_admin_api.html). ([\matrix-org#11576](matrix-org#11576))
- **Deprecate support for `webclient` listeners and non-HTTP(S) `web_client_location` configuration. ([\matrix-org#11774](matrix-org#11774), [\matrix-org#11783](matrix-org#11783

Internal Changes
----------------

- Run `pyupgrade --py37-plus --keep-percent-format` on Synapse. ([\matrix-org#11685](matrix-org#11685))
- Use buildkit's cache feature to speed up docker builds. ([\matrix-org#11691](matrix-org#11691))
- Use `auto_attribs` and native type hints for attrs classes. ([\matrix-org#11692](matrix-org#11692), [\matrix-org#11768](matrix-org#11768))
- Remove debug logging for matrix-org#4422, which has been closed since Synapse 0.99. ([\matrix-org#11693](matrix-org#11693))
- Remove fallback code for Python 2. ([\matrix-org#11699](matrix-org#11699))
- Add a test for [an edge case](matrix-org#11532 (comment)) in the `/sync` logic. ([\matrix-org#11701](matrix-org#11701))
- Add the option to write SQLite test dbs to disk when running tests. ([\matrix-org#11702](matrix-org#11702))
- Improve Complement test output for Gitub Actions. ([\matrix-org#11707](matrix-org#11707))
- Fix docstring on `add_account_data_for_user`. ([\matrix-org#11716](matrix-org#11716))
- Complement environment variable name change and update `.gitignore`. ([\matrix-org#11718](matrix-org#11718))
- Simplify calculation of Prometheus metrics for garbage collection. ([\matrix-org#11723](matrix-org#11723))
- Improve accuracy of `python_twisted_reactor_tick_time` Prometheus metric. ([\matrix-org#11724](matrix-org#11724), [\matrix-org#11771](matrix-org#11771))
- Minor efficiency improvements when inserting many values into the database. ([\matrix-org#11742](matrix-org#11742))
- Invite PR authors to give themselves credit in the changelog. ([\matrix-org#11744](matrix-org#11744))
- Add optional debugging to investigate [issue 8631](matrix-org#8631). ([\matrix-org#11760](matrix-org#11760))
- Remove `log_function` utility function and its uses. ([\matrix-org#11761](matrix-org#11761))
- Add a unit test that checks both `client` and `webclient` resources will function when simultaneously enabled. ([\matrix-org#11765](matrix-org#11765))
- Allow overriding complement commit using `COMPLEMENT_REF`. ([\matrix-org#11766](matrix-org#11766))
- Add some comments and type annotations for `_update_outliers_txn`. ([\matrix-org#11776](matrix-org#11776))
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Synapse is overly accepting of content in the unsigned object in events received over federation
4 participants