This repository has been archived by the owner on Apr 26, 2024. It is now read-only.
Implement a content type allow list for URL previews #11936
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
clokep
reviewed
Feb 8, 2022
Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>
clokep
reviewed
Feb 8, 2022
Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>
anarcat
reviewed
Feb 9, 2022
clokep
approved these changes
Feb 10, 2022
dkasak
force-pushed
the
dkasak/no-previews-for-audio-video
branch
from
bb28c26
to
1d03124
Compare
dkasak
changed the title
audio/* and video/* content types
|
Stupid question, but how does that prevents an attacker from simply serving a supported content-type for their 10TB stream from |
|
It doesn't, but the attacker will only be DoS-ing themselves in that case. How does that help them? Note that there are separate time and size limits too. |
there are two ends to a potential DoS attack... |
|
Sure, but that's another case which this PR isn't meant to handle. |
squahtx
pushed a commit
that referenced
this pull request
Feb 15, 2022
Synapse 1.53.0rc1 (2022-02-15) ============================== Features -------- - Add experimental support for sending to-device messages to application services, as specified by [MSC2409](matrix-org/matrix-spec-proposals#2409). ([\#11215](#11215), [\#11966](#11966)) - Remove account data (including client config, push rules and ignored users) upon user deactivation. ([\#11655](#11655)) - Experimental support for [MSC3666](matrix-org/matrix-spec-proposals#3666): including bundled aggregations in server side search results. ([\#11837](#11837)) - Enable cache time-based expiry by default. The `expiry_time` config flag has been superseded by `expire_caches` and `cache_entry_ttl`. ([\#11849](#11849)) - Add a callback to allow modules to allow or forbid a 3PID (email address, phone number) from being associated to a local account. ([\#11854](#11854)) - Stabilize support and remove unstable endpoints for [MSC3231](matrix-org/matrix-spec-proposals#3231). Clients must switch to the stable identifier and endpoint. See the [upgrade notes](https://matrix-org.github.io/synapse/develop/upgrade#stablisation-of-msc3231) for more information. ([\#11867](#11867)) - Allow modules to retrieve the current instance's server name and worker name. ([\#11868](#11868)) - Use a dedicated configurable rate limiter for 3PID invites. ([\#11892](#11892)) - Support the stable API endpoint for [MSC3283](matrix-org/matrix-spec-proposals#3283): new settings in `/capabilities` endpoint. ([\#11933](#11933), [\#11989](#11989)) - Support the `dir` parameter on the `/relations` endpoint, per [MSC3715](matrix-org/matrix-spec-proposals#3715). ([\#11941](#11941)) - Experimental implementation of [MSC3706](matrix-org/matrix-spec-proposals#3706): extensions to `/send_join` to support reduced response size. ([\#11967](#11967)) Bugfixes -------- - Fix [MSC2716](matrix-org/matrix-spec-proposals#2716) historical messages backfilling in random order on remote homeservers. ([\#11114](#11114)) - Fix a bug introduced in Synapse 1.51.0 where incoming federation transactions containing at least one EDU would be dropped if debug logging was enabled for `synapse.8631_debug`. ([\#11890](#11890)) - Fix a long-standing bug where some unknown endpoints would return HTML error pages instead of JSON `M_UNRECOGNIZED` errors. ([\#11930](#11930)) - Implement an allow list of content types for which we will attempt to preview a URL. This prevents Synapse from making useless longer-lived connections to streaming media servers. ([\#11936](#11936)) - Fix a long-standing bug where pagination tokens from `/sync` and `/messages` could not be provided to the `/relations` API. ([\#11952](#11952)) - Require that modules register their callbacks using keyword arguments. ([\#11975](#11975)) - Fix a long-standing bug where `M_WRONG_ROOM_KEYS_VERSION` errors would not include the specced `current_version` field. ([\#11988](#11988)) Improved Documentation ---------------------- - Fix typo in User Admin API: unpind -> unbind. ([\#11859](#11859)) - Document images returned by the User List Media Admin API can include those generated by URL previews. ([\#11862](#11862)) - Remove outdated MSC1711 FAQ document. ([\#11907](#11907)) - Correct the structured logging configuration example. Contributed by Brad Jones. ([\#11946](#11946)) - Add information on the Synapse release cycle. ([\#11954](#11954)) - Fix broken link in the README to the admin API for password reset. ([\#11955](#11955)) Deprecations and Removals ------------------------- - Drop support for `webclient` listeners and configuring `web_client_location` to a non-HTTP(S) URL. Deprecated configurations are a configuration error. ([\#11895](#11895)) - Remove deprecated `user_may_create_room_with_invites` spam checker callback. See the [upgrade notes](https://matrix-org.github.io/synapse/latest/upgrade.html#removal-of-user_may_create_room_with_invites) for more information. ([\#11950](#11950)) - No longer build `.deb` packages for Ubuntu 21.04 Hirsute Hippo, which has now EOLed. ([\#11961](#11961)) Internal Changes ---------------- - Enhance user registration test helpers to make them more useful for tests involving application services and devices. ([\#11615](#11615), [\#11616](#11616)) - Improve performance when fetching bundled aggregations for multiple events. ([\#11660](#11660), [\#11752](#11752)) - Fix type errors introduced by new annotations in the Prometheus Client library. ([\#11832](#11832)) - Add missing type hints to replication code. ([\#11856](#11856), [\#11938](#11938)) - Ensure that `opentracing` scopes are activated and closed at the right time. ([\#11869](#11869)) - Improve opentracing for incoming federation requests. ([\#11870](#11870)) - Improve internal docstrings in `synapse.util.caches`. ([\#11876](#11876)) - Do not needlessly clear the `get_users_in_room` and `get_users_in_room_with_profiles` caches when any room state changes. ([\#11878](#11878)) - Convert `ApplicationServiceTestCase` to use `simple_async_mock`. ([\#11880](#11880)) - Remove experimental changes to the default push rules which were introduced in Synapse 1.19.0 but never enabled. ([\#11884](#11884)) - Disable coverage calculation for olddeps build. ([\#11888](#11888)) - Preparation to support sending device list updates to application services. ([\#11905](#11905)) - Add a test that checks users receive their own device list updates down `/sync`. ([\#11909](#11909)) - Run Complement tests sequentially. ([\#11910](#11910)) - Various refactors to the application service notifier code. ([\#11911](#11911), [\#11912](#11912)) - Tests: replace mocked `Authenticator` with the real thing. ([\#11913](#11913)) - Various refactors to the typing notifications code. ([\#11914](#11914)) - Use the proper type for the `Content-Length` header in the `UploadResource`. ([\#11927](#11927)) - Remove an unnecessary ignoring of type hints due to fixes in upstream packages. ([\#11939](#11939)) - Add missing type hints. ([\#11953](#11953)) - Fix an import cycle in `synapse.event_auth`. ([\#11965](#11965)) - Unpin `frozendict` but exclude the known bad version 2.1.2. ([\#11969](#11969)) - Prepare for rename of default Complement branch. ([\#11971](#11971)) - Fetch Synapse's version using a helper from `matrix-common`. ([\#11979](#11979))
netbsd-srcmastr
pushed a commit
to NetBSD/pkgsrc
that referenced
this pull request
Feb 25, 2022
Synapse 1.53.0 (2022-02-22) =========================== No significant changes. Synapse 1.53.0rc1 (2022-02-15) ============================== Features -------- - Add experimental support for sending to-device messages to application services, as specified by [MSC2409](matrix-org/matrix-spec-proposals#2409). ([\#11215](matrix-org/synapse#11215), [\#11966](matrix-org/synapse#11966)) - Remove account data (including client config, push rules and ignored users) upon user deactivation. ([\#11655](matrix-org/synapse#11655)) - Experimental support for [MSC3666](matrix-org/matrix-spec-proposals#3666): including bundled aggregations in server side search results. ([\#11837](matrix-org/synapse#11837)) - Enable cache time-based expiry by default. The `expiry_time` config flag has been superseded by `expire_caches` and `cache_entry_ttl`. ([\#11849](matrix-org/synapse#11849)) - Add a callback to allow modules to allow or forbid a 3PID (email address, phone number) from being associated to a local account. ([\#11854](matrix-org/synapse#11854)) - Stabilize support and remove unstable endpoints for [MSC3231](matrix-org/matrix-spec-proposals#3231). Clients must switch to the stable identifier and endpoint. See the [upgrade notes](https://matrix-org.github.io/synapse/develop/upgrade#stablisation-of-msc3231) for more information. ([\#11867](matrix-org/synapse#11867)) - Allow modules to retrieve the current instance's server name and worker name. ([\#11868](matrix-org/synapse#11868)) - Use a dedicated configurable rate limiter for 3PID invites. ([\#11892](matrix-org/synapse#11892)) - Support the stable API endpoint for [MSC3283](matrix-org/matrix-spec-proposals#3283): new settings in `/capabilities` endpoint. ([\#11933](matrix-org/synapse#11933), [\#11989](matrix-org/synapse#11989)) - Support the `dir` parameter on the `/relations` endpoint, per [MSC3715](matrix-org/matrix-spec-proposals#3715). ([\#11941](matrix-org/synapse#11941)) - Experimental implementation of [MSC3706](matrix-org/matrix-spec-proposals#3706): extensions to `/send_join` to support reduced response size. ([\#11967](matrix-org/synapse#11967)) Bugfixes -------- - Fix [MSC2716](matrix-org/matrix-spec-proposals#2716) historical messages backfilling in random order on remote homeservers. ([\#11114](matrix-org/synapse#11114)) - Fix a bug introduced in Synapse 1.51.0 where incoming federation transactions containing at least one EDU would be dropped if debug logging was enabled for `synapse.8631_debug`. ([\#11890](matrix-org/synapse#11890)) - Fix a long-standing bug where some unknown endpoints would return HTML error pages instead of JSON `M_UNRECOGNIZED` errors. ([\#11930](matrix-org/synapse#11930)) - Implement an allow list of content types for which we will attempt to preview a URL. This prevents Synapse from making useless longer-lived connections to streaming media servers. ([\#11936](matrix-org/synapse#11936)) - Fix a long-standing bug where pagination tokens from `/sync` and `/messages` could not be provided to the `/relations` API. ([\#11952](matrix-org/synapse#11952)) - Require that modules register their callbacks using keyword arguments. ([\#11975](matrix-org/synapse#11975)) - Fix a long-standing bug where `M_WRONG_ROOM_KEYS_VERSION` errors would not include the specced `current_version` field. ([\#11988](matrix-org/synapse#11988)) Improved Documentation ---------------------- - Fix typo in User Admin API: unpind -> unbind. ([\#11859](matrix-org/synapse#11859)) - Document images returned by the User List Media Admin API can include those generated by URL previews. ([\#11862](matrix-org/synapse#11862)) - Remove outdated MSC1711 FAQ document. ([\#11907](matrix-org/synapse#11907)) - Correct the structured logging configuration example. Contributed by Brad Jones. ([\#11946](matrix-org/synapse#11946)) - Add information on the Synapse release cycle. ([\#11954](matrix-org/synapse#11954)) - Fix broken link in the README to the admin API for password reset. ([\#11955](matrix-org/synapse#11955)) Deprecations and Removals ------------------------- - Drop support for `webclient` listeners and configuring `web_client_location` to a non-HTTP(S) URL. Deprecated configurations are a configuration error. ([\#11895](matrix-org/synapse#11895)) - Remove deprecated `user_may_create_room_with_invites` spam checker callback. See the [upgrade notes](https://matrix-org.github.io/synapse/latest/upgrade.html#removal-of-user_may_create_room_with_invites) for more information. ([\#11950](matrix-org/synapse#11950)) - No longer build `.deb` packages for Ubuntu 21.04 Hirsute Hippo, which has now EOLed. ([\#11961](matrix-org/synapse#11961)) Internal Changes ---------------- - Enhance user registration test helpers to make them more useful for tests involving application services and devices. ([\#11615](matrix-org/synapse#11615), [\#11616](matrix-org/synapse#11616)) - Improve performance when fetching bundled aggregations for multiple events. ([\#11660](matrix-org/synapse#11660), [\#11752](matrix-org/synapse#11752)) - Fix type errors introduced by new annotations in the Prometheus Client library. ([\#11832](matrix-org/synapse#11832)) - Add missing type hints to replication code. ([\#11856](matrix-org/synapse#11856), [\#11938](matrix-org/synapse#11938)) - Ensure that `opentracing` scopes are activated and closed at the right time. ([\#11869](matrix-org/synapse#11869)) - Improve opentracing for incoming federation requests. ([\#11870](matrix-org/synapse#11870)) - Improve internal docstrings in `synapse.util.caches`. ([\#11876](matrix-org/synapse#11876)) - Do not needlessly clear the `get_users_in_room` and `get_users_in_room_with_profiles` caches when any room state changes. ([\#11878](matrix-org/synapse#11878)) - Convert `ApplicationServiceTestCase` to use `simple_async_mock`. ([\#11880](matrix-org/synapse#11880)) - Remove experimental changes to the default push rules which were introduced in Synapse 1.19.0 but never enabled. ([\#11884](matrix-org/synapse#11884)) - Disable coverage calculation for olddeps build. ([\#11888](matrix-org/synapse#11888)) - Preparation to support sending device list updates to application services. ([\#11905](matrix-org/synapse#11905)) - Add a test that checks users receive their own device list updates down `/sync`. ([\#11909](matrix-org/synapse#11909)) - Run Complement tests sequentially. ([\#11910](matrix-org/synapse#11910)) - Various refactors to the application service notifier code. ([\#11911](matrix-org/synapse#11911), [\#11912](matrix-org/synapse#11912)) - Tests: replace mocked `Authenticator` with the real thing. ([\#11913](matrix-org/synapse#11913)) - Various refactors to the typing notifications code. ([\#11914](matrix-org/synapse#11914)) - Use the proper type for the `Content-Length` header in the `UploadResource`. ([\#11927](matrix-org/synapse#11927)) - Remove an unnecessary ignoring of type hints due to fixes in upstream packages. ([\#11939](matrix-org/synapse#11939)) - Add missing type hints. ([\#11953](matrix-org/synapse#11953)) - Fix an import cycle in `synapse.event_auth`. ([\#11965](matrix-org/synapse#11965)) - Unpin `frozendict` but exclude the known bad version 2.1.2. ([\#11969](matrix-org/synapse#11969)) - Prepare for rename of default Complement branch. ([\#11971](matrix-org/synapse#11971)) - Fetch Synapse's version using a helper from `matrix-common`. ([\#11979](matrix-org/synapse#11979)) Synapse 1.52.0 (2022-02-08) =========================== No significant changes since 1.52.0rc1. Note that [Twisted 22.1.0](https://github.com/twisted/twisted/releases/tag/twisted-22.1.0) has recently been released, which fixes a [security issue](GHSA-92x2-jw7w-xvvx) within the Twisted library. We do not believe Synapse is affected by this vulnerability, though we advise server administrators who installed Synapse via pip to upgrade Twisted with `pip install --upgrade Twisted` as a matter of good practice. The Docker image `matrixdotorg/synapse` and the Debian packages from `packages.matrix.org` are using the updated library. Synapse 1.52.0rc1 (2022-02-01) ============================== Features -------- - Remove account data (including client config, push rules and ignored users) upon user deactivation. ([\#11621](matrix-org/synapse#11621), [\#11788](matrix-org/synapse#11788), [\#11789](matrix-org/synapse#11789)) - Add an admin API to reset connection timeouts for remote server. ([\#11639](matrix-org/synapse#11639)) - Add an admin API to get a list of rooms that federate with a given remote homeserver. ([\#11658](matrix-org/synapse#11658)) - Add a config flag to inhibit `M_USER_IN_USE` during registration. ([\#11743](matrix-org/synapse#11743)) - Add a module callback to set username at registration. ([\#11790](matrix-org/synapse#11790)) - Allow configuring a maximum file size as well as a list of allowed content types for avatars. ([\#11846](matrix-org/synapse#11846)) Bugfixes -------- - Include the bundled aggregations in the `/sync` response, per [MSC2675](matrix-org/matrix-spec-proposals#2675). ([\#11612](matrix-org/synapse#11612)) - Fix a long-standing bug when previewing Reddit URLs which do not contain an image. ([\#11767](matrix-org/synapse#11767)) - Fix a long-standing bug that media streams could cause long-lived connections when generating URL previews. ([\#11784](matrix-org/synapse#11784)) - Include a `prev_content` field in state events sent to Application Services. Contributed by @totallynotvaishnav. ([\#11798](matrix-org/synapse#11798)) - Fix a bug introduced in Synapse 0.33.3 causing requests to sometimes log strings such as `HTTPStatus.OK` instead of integer status codes. ([\#11827](matrix-org/synapse#11827)) Improved Documentation ---------------------- - Update pypi installation docs to indicate that we now support Python 3.10. ([\#11820](matrix-org/synapse#11820)) - Add missing steps to the contribution submission process in the documentation. Contributed by @sequentialread. ([\#11821](matrix-org/synapse#11821)) - Remove not needed old table of contents in documentation. ([\#11860](matrix-org/synapse#11860)) - Consolidate the `access_token` information at the top of each relevant page in the Admin API documentation. ([\#11861](matrix-org/synapse#11861)) Deprecations and Removals ------------------------- - Drop support for Python 3.6, which is EOL. ([\#11683](matrix-org/synapse#11683)) - Remove the `experimental_msc1849_support_enabled` flag as the features are now stable. ([\#11843](matrix-org/synapse#11843)) Internal Changes ---------------- - Preparation for database schema simplifications: add `state_key` and `rejection_reason` columns to `events` table. ([\#11792](matrix-org/synapse#11792)) - Add `FrozenEvent.get_state_key` and use it in a couple of places. ([\#11793](matrix-org/synapse#11793)) - Preparation for database schema simplifications: stop reading from `event_reference_hashes`. ([\#11794](matrix-org/synapse#11794)) - Drop unused table `public_room_list_stream`. ([\#11795](matrix-org/synapse#11795)) - Preparation for reducing Postgres serialization errors: allow setting transaction isolation level. Contributed by Nick @ Beeper. ([\#11799](matrix-org/synapse#11799), [\#11847](matrix-org/synapse#11847)) - Docker: skip the initial amd64-only build and go straight to multiarch. ([\#11810](matrix-org/synapse#11810)) - Run Complement on the Github Actions VM and not inside a Docker container. ([\#11811](matrix-org/synapse#11811)) - Log module names at startup. ([\#11813](matrix-org/synapse#11813)) - Improve type safety of bundled aggregations code. ([\#11815](matrix-org/synapse#11815)) - Correct a type annotation in the event validation logic. ([\#11817](matrix-org/synapse#11817), [\#11830](matrix-org/synapse#11830)) - Minor updates and documentation for database schema delta files. ([\#11823](matrix-org/synapse#11823)) - Workaround a type annotation problem in `prometheus_client` 0.13.0. ([\#11834](matrix-org/synapse#11834)) - Minor performance improvement in room state lookup. ([\#11836](matrix-org/synapse#11836)) - Fix some indentation inconsistencies in the sample config. ([\#11838](matrix-org/synapse#11838)) - Add type hints to `tests/rest/admin`. ([\#11851](matrix-org/synapse#11851))
Fizzadar
added a commit
to Fizzadar/synapse
that referenced
this pull request
Mar 7, 2022
Synapse 1.53.0 (2022-02-22) =========================== No significant changes. Synapse 1.53.0rc1 (2022-02-15) ============================== Features -------- - Add experimental support for sending to-device messages to application services, as specified by [MSC2409](matrix-org/matrix-spec-proposals#2409). ([\matrix-org#11215](matrix-org#11215), [\matrix-org#11966](matrix-org#11966)) - Remove account data (including client config, push rules and ignored users) upon user deactivation. ([\matrix-org#11655](matrix-org#11655)) - Experimental support for [MSC3666](matrix-org/matrix-spec-proposals#3666): including bundled aggregations in server side search results. ([\matrix-org#11837](matrix-org#11837)) - Enable cache time-based expiry by default. The `expiry_time` config flag has been superseded by `expire_caches` and `cache_entry_ttl`. ([\matrix-org#11849](matrix-org#11849)) - Add a callback to allow modules to allow or forbid a 3PID (email address, phone number) from being associated to a local account. ([\matrix-org#11854](matrix-org#11854)) - Stabilize support and remove unstable endpoints for [MSC3231](matrix-org/matrix-spec-proposals#3231). Clients must switch to the stable identifier and endpoint. See the [upgrade notes](https://matrix-org.github.io/synapse/develop/upgrade#stablisation-of-msc3231) for more information. ([\matrix-org#11867](matrix-org#11867)) - Allow modules to retrieve the current instance's server name and worker name. ([\matrix-org#11868](matrix-org#11868)) - Use a dedicated configurable rate limiter for 3PID invites. ([\matrix-org#11892](matrix-org#11892)) - Support the stable API endpoint for [MSC3283](matrix-org/matrix-spec-proposals#3283): new settings in `/capabilities` endpoint. ([\matrix-org#11933](matrix-org#11933), [\matrix-org#11989](matrix-org#11989)) - Support the `dir` parameter on the `/relations` endpoint, per [MSC3715](matrix-org/matrix-spec-proposals#3715). ([\matrix-org#11941](matrix-org#11941)) - Experimental implementation of [MSC3706](matrix-org/matrix-spec-proposals#3706): extensions to `/send_join` to support reduced response size. ([\matrix-org#11967](matrix-org#11967)) Bugfixes -------- - Fix [MSC2716](matrix-org/matrix-spec-proposals#2716) historical messages backfilling in random order on remote homeservers. ([\matrix-org#11114](matrix-org#11114)) - Fix a bug introduced in Synapse 1.51.0 where incoming federation transactions containing at least one EDU would be dropped if debug logging was enabled for `synapse.8631_debug`. ([\matrix-org#11890](matrix-org#11890)) - Fix a long-standing bug where some unknown endpoints would return HTML error pages instead of JSON `M_UNRECOGNIZED` errors. ([\matrix-org#11930](matrix-org#11930)) - Implement an allow list of content types for which we will attempt to preview a URL. This prevents Synapse from making useless longer-lived connections to streaming media servers. ([\matrix-org#11936](matrix-org#11936)) - Fix a long-standing bug where pagination tokens from `/sync` and `/messages` could not be provided to the `/relations` API. ([\matrix-org#11952](matrix-org#11952)) - Require that modules register their callbacks using keyword arguments. ([\matrix-org#11975](matrix-org#11975)) - Fix a long-standing bug where `M_WRONG_ROOM_KEYS_VERSION` errors would not include the specced `current_version` field. ([\matrix-org#11988](matrix-org#11988)) Improved Documentation ---------------------- - Fix typo in User Admin API: unpind -> unbind. ([\matrix-org#11859](matrix-org#11859)) - Document images returned by the User List Media Admin API can include those generated by URL previews. ([\matrix-org#11862](matrix-org#11862)) - Remove outdated MSC1711 FAQ document. ([\matrix-org#11907](matrix-org#11907)) - Correct the structured logging configuration example. Contributed by Brad Jones. ([\matrix-org#11946](matrix-org#11946)) - Add information on the Synapse release cycle. ([\matrix-org#11954](matrix-org#11954)) - Fix broken link in the README to the admin API for password reset. ([\matrix-org#11955](matrix-org#11955)) Deprecations and Removals ------------------------- - Drop support for `webclient` listeners and configuring `web_client_location` to a non-HTTP(S) URL. Deprecated configurations are a configuration error. ([\matrix-org#11895](matrix-org#11895)) - Remove deprecated `user_may_create_room_with_invites` spam checker callback. See the [upgrade notes](https://matrix-org.github.io/synapse/latest/upgrade.html#removal-of-user_may_create_room_with_invites) for more information. ([\matrix-org#11950](matrix-org#11950)) - No longer build `.deb` packages for Ubuntu 21.04 Hirsute Hippo, which has now EOLed. ([\matrix-org#11961](matrix-org#11961)) Internal Changes ---------------- - Enhance user registration test helpers to make them more useful for tests involving application services and devices. ([\matrix-org#11615](matrix-org#11615), [\matrix-org#11616](matrix-org#11616)) - Improve performance when fetching bundled aggregations for multiple events. ([\matrix-org#11660](matrix-org#11660), [\matrix-org#11752](matrix-org#11752)) - Fix type errors introduced by new annotations in the Prometheus Client library. ([\matrix-org#11832](matrix-org#11832)) - Add missing type hints to replication code. ([\matrix-org#11856](matrix-org#11856), [\matrix-org#11938](matrix-org#11938)) - Ensure that `opentracing` scopes are activated and closed at the right time. ([\matrix-org#11869](matrix-org#11869)) - Improve opentracing for incoming federation requests. ([\matrix-org#11870](matrix-org#11870)) - Improve internal docstrings in `synapse.util.caches`. ([\matrix-org#11876](matrix-org#11876)) - Do not needlessly clear the `get_users_in_room` and `get_users_in_room_with_profiles` caches when any room state changes. ([\matrix-org#11878](matrix-org#11878)) - Convert `ApplicationServiceTestCase` to use `simple_async_mock`. ([\matrix-org#11880](matrix-org#11880)) - Remove experimental changes to the default push rules which were introduced in Synapse 1.19.0 but never enabled. ([\matrix-org#11884](matrix-org#11884)) - Disable coverage calculation for olddeps build. ([\matrix-org#11888](matrix-org#11888)) - Preparation to support sending device list updates to application services. ([\matrix-org#11905](matrix-org#11905)) - Add a test that checks users receive their own device list updates down `/sync`. ([\matrix-org#11909](matrix-org#11909)) - Run Complement tests sequentially. ([\matrix-org#11910](matrix-org#11910)) - Various refactors to the application service notifier code. ([\matrix-org#11911](matrix-org#11911), [\matrix-org#11912](matrix-org#11912)) - Tests: replace mocked `Authenticator` with the real thing. ([\matrix-org#11913](matrix-org#11913)) - Various refactors to the typing notifications code. ([\matrix-org#11914](matrix-org#11914)) - Use the proper type for the `Content-Length` header in the `UploadResource`. ([\matrix-org#11927](matrix-org#11927)) - Remove an unnecessary ignoring of type hints due to fixes in upstream packages. ([\matrix-org#11939](matrix-org#11939)) - Add missing type hints. ([\matrix-org#11953](matrix-org#11953)) - Fix an import cycle in `synapse.event_auth`. ([\matrix-org#11965](matrix-org#11965)) - Unpin `frozendict` but exclude the known bad version 2.1.2. ([\matrix-org#11969](matrix-org#11969)) - Prepare for rename of default Complement branch. ([\matrix-org#11971](matrix-org#11971)) - Fetch Synapse's version using a helper from `matrix-common`. ([\matrix-org#11979](matrix-org#11979))
babolivier
added a commit
to matrix-org/synapse-dinsic
that referenced
this pull request
Apr 28, 2022
Synapse 1.53.0 (2022-02-22) =========================== No significant changes. Synapse 1.53.0rc1 (2022-02-15) ============================== Features -------- - Add experimental support for sending to-device messages to application services, as specified by [MSC2409](matrix-org/matrix-spec-proposals#2409). ([\#11215](matrix-org/synapse#11215), [\#11966](matrix-org/synapse#11966)) - Remove account data (including client config, push rules and ignored users) upon user deactivation. ([\#11655](matrix-org/synapse#11655)) - Experimental support for [MSC3666](matrix-org/matrix-spec-proposals#3666): including bundled aggregations in server side search results. ([\#11837](matrix-org/synapse#11837)) - Enable cache time-based expiry by default. The `expiry_time` config flag has been superseded by `expire_caches` and `cache_entry_ttl`. ([\#11849](matrix-org/synapse#11849)) - Add a callback to allow modules to allow or forbid a 3PID (email address, phone number) from being associated to a local account. ([\#11854](matrix-org/synapse#11854)) - Stabilize support and remove unstable endpoints for [MSC3231](matrix-org/matrix-spec-proposals#3231). Clients must switch to the stable identifier and endpoint. See the [upgrade notes](https://matrix-org.github.io/synapse/develop/upgrade#stablisation-of-msc3231) for more information. ([\#11867](matrix-org/synapse#11867)) - Allow modules to retrieve the current instance's server name and worker name. ([\#11868](matrix-org/synapse#11868)) - Use a dedicated configurable rate limiter for 3PID invites. ([\#11892](matrix-org/synapse#11892)) - Support the stable API endpoint for [MSC3283](matrix-org/matrix-spec-proposals#3283): new settings in `/capabilities` endpoint. ([\#11933](matrix-org/synapse#11933), [\#11989](matrix-org/synapse#11989)) - Support the `dir` parameter on the `/relations` endpoint, per [MSC3715](matrix-org/matrix-spec-proposals#3715). ([\#11941](matrix-org/synapse#11941)) - Experimental implementation of [MSC3706](matrix-org/matrix-spec-proposals#3706): extensions to `/send_join` to support reduced response size. ([\#11967](matrix-org/synapse#11967)) Bugfixes -------- - Fix [MSC2716](matrix-org/matrix-spec-proposals#2716) historical messages backfilling in random order on remote homeservers. ([\#11114](matrix-org/synapse#11114)) - Fix a bug introduced in Synapse 1.51.0 where incoming federation transactions containing at least one EDU would be dropped if debug logging was enabled for `synapse.8631_debug`. ([\#11890](matrix-org/synapse#11890)) - Fix a long-standing bug where some unknown endpoints would return HTML error pages instead of JSON `M_UNRECOGNIZED` errors. ([\#11930](matrix-org/synapse#11930)) - Implement an allow list of content types for which we will attempt to preview a URL. This prevents Synapse from making useless longer-lived connections to streaming media servers. ([\#11936](matrix-org/synapse#11936)) - Fix a long-standing bug where pagination tokens from `/sync` and `/messages` could not be provided to the `/relations` API. ([\#11952](matrix-org/synapse#11952)) - Require that modules register their callbacks using keyword arguments. ([\#11975](matrix-org/synapse#11975)) - Fix a long-standing bug where `M_WRONG_ROOM_KEYS_VERSION` errors would not include the specced `current_version` field. ([\#11988](matrix-org/synapse#11988)) Improved Documentation ---------------------- - Fix typo in User Admin API: unpind -> unbind. ([\#11859](matrix-org/synapse#11859)) - Document images returned by the User List Media Admin API can include those generated by URL previews. ([\#11862](matrix-org/synapse#11862)) - Remove outdated MSC1711 FAQ document. ([\#11907](matrix-org/synapse#11907)) - Correct the structured logging configuration example. Contributed by Brad Jones. ([\#11946](matrix-org/synapse#11946)) - Add information on the Synapse release cycle. ([\#11954](matrix-org/synapse#11954)) - Fix broken link in the README to the admin API for password reset. ([\#11955](matrix-org/synapse#11955)) Deprecations and Removals ------------------------- - Drop support for `webclient` listeners and configuring `web_client_location` to a non-HTTP(S) URL. Deprecated configurations are a configuration error. ([\#11895](matrix-org/synapse#11895)) - Remove deprecated `user_may_create_room_with_invites` spam checker callback. See the [upgrade notes](https://matrix-org.github.io/synapse/latest/upgrade.html#removal-of-user_may_create_room_with_invites) for more information. ([\#11950](matrix-org/synapse#11950)) - No longer build `.deb` packages for Ubuntu 21.04 Hirsute Hippo, which has now EOLed. ([\#11961](matrix-org/synapse#11961)) Internal Changes ---------------- - Enhance user registration test helpers to make them more useful for tests involving application services and devices. ([\#11615](matrix-org/synapse#11615), [\#11616](matrix-org/synapse#11616)) - Improve performance when fetching bundled aggregations for multiple events. ([\#11660](matrix-org/synapse#11660), [\#11752](matrix-org/synapse#11752)) - Fix type errors introduced by new annotations in the Prometheus Client library. ([\#11832](matrix-org/synapse#11832)) - Add missing type hints to replication code. ([\#11856](matrix-org/synapse#11856), [\#11938](matrix-org/synapse#11938)) - Ensure that `opentracing` scopes are activated and closed at the right time. ([\#11869](matrix-org/synapse#11869)) - Improve opentracing for incoming federation requests. ([\#11870](matrix-org/synapse#11870)) - Improve internal docstrings in `synapse.util.caches`. ([\#11876](matrix-org/synapse#11876)) - Do not needlessly clear the `get_users_in_room` and `get_users_in_room_with_profiles` caches when any room state changes. ([\#11878](matrix-org/synapse#11878)) - Convert `ApplicationServiceTestCase` to use `simple_async_mock`. ([\#11880](matrix-org/synapse#11880)) - Remove experimental changes to the default push rules which were introduced in Synapse 1.19.0 but never enabled. ([\#11884](matrix-org/synapse#11884)) - Disable coverage calculation for olddeps build. ([\#11888](matrix-org/synapse#11888)) - Preparation to support sending device list updates to application services. ([\#11905](matrix-org/synapse#11905)) - Add a test that checks users receive their own device list updates down `/sync`. ([\#11909](matrix-org/synapse#11909)) - Run Complement tests sequentially. ([\#11910](matrix-org/synapse#11910)) - Various refactors to the application service notifier code. ([\#11911](matrix-org/synapse#11911), [\#11912](matrix-org/synapse#11912)) - Tests: replace mocked `Authenticator` with the real thing. ([\#11913](matrix-org/synapse#11913)) - Various refactors to the typing notifications code. ([\#11914](matrix-org/synapse#11914)) - Use the proper type for the `Content-Length` header in the `UploadResource`. ([\#11927](matrix-org/synapse#11927)) - Remove an unnecessary ignoring of type hints due to fixes in upstream packages. ([\#11939](matrix-org/synapse#11939)) - Add missing type hints. ([\#11953](matrix-org/synapse#11953)) - Fix an import cycle in `synapse.event_auth`. ([\#11965](matrix-org/synapse#11965)) - Unpin `frozendict` but exclude the known bad version 2.1.2. ([\#11969](matrix-org/synapse#11969)) - Prepare for rename of default Complement branch. ([\#11971](matrix-org/synapse#11971)) - Fetch Synapse's version using a helper from `matrix-common`. ([\#11979](matrix-org/synapse#11979))
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This prevents Synapse from attempting to construct URL previews for URLs to resources with content types that aren't on an allow list. This makes sense given that Synapse will never generate a URL preview for such files in the first place, and will help prevent issues with streaming media servers, such as #8302.
Signed-off-by: Denis Kasak dkasak@termina.org.uk