Version 1.70.1

CHANGELOG.md

@@ -868,7 +868,7 @@
 [1.63.0]
 * Update Synapse to 1.80.0
 * [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.80.0)
-* Fix a bug in which the POST /_matrix/client/v3/rooms/{roomId}/report/{eventId} endpoint would return the wrong error if the user did not have permission to view the event. This aligns Synapse's implementation with MSC2249. (#15298, #15300)
+* Fix a bug in which the POST `/_matrix/client/v3/rooms/{roomId}/report/{eventId}` endpoint would return the wrong error if the user did not have permission to view the event. This aligns Synapse's implementation with MSC2249. (#15298, #15300)
 * Fix a bug introduced in Synapse 1.75.0rc1 where the SQLite port_db script
 * would fail to open the SQLite database. (#15301)
 * Stabilise support for MSC3966: event_property_contains push condition. (#15187)
@@ -895,7 +895,7 @@
 * Fix a bug introduced in Synapse v1.55.0 which could delay remote homeservers being able to decrypt encrypted messages sent by local users. (#15297)
 * Add a check to SQLite port_db script
 * to ensure that the sqlite database passed to the script exists before trying to port from it. (#15306)
-* Fix a bug introduced in Synapse 1.76.0 where responses from worker deployments could include an internal _INT_STREAM_POS key. (#15309)
+* Fix a bug introduced in Synapse 1.76.0 where responses from worker deployments could include an internal `_INT_STREAM_POS` key. (#15309)
 * Fix a long-standing bug that Synpase only used the legacy appservice routes. (#15317)
 * Fix a long-standing bug preventing users from rejoining rooms after being banned and unbanned over federation. Contributed by Nico. (#15323)
 * Fix bug in worker mode where on a rolling restart of workers the "typing" worker would consume 100% CPU until it got restarted. (#15332)
@@ -916,3 +916,85 @@
 * Synapse now correctly fails to start if the config option `app_service_config_files` is not a list. ([\#15425](https://github.com/matrix-org/synapse/issues/15425))
 * Disable loading `RefreshTokenServlet` (`/_matrix/client/(r0|v3|unstable)/refresh`) on workers. ([\#15428](https://github.com/matrix-org/synapse/issues/15428))
 
+[1.66.0]
+* Update Synapse to 1.83.0
+* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.83.0)
+* Experimental support to recursively provide relations per [MSC3981](https://github.com/matrix-org/matrix-spec-proposals/pull/3981). ([\#15315](https://github.com/matrix-org/synapse/issues/15315))
+* Experimental support for [MSC3970](https://github.com/matrix-org/matrix-spec-proposals/pull/3970): Scope transaction IDs to devices. ([\#15318](https://github.com/matrix-org/synapse/issues/15318))
+* Add an [admin API endpoint](https://matrix-org.github.io/synapse/v1.83/admin_api/experimental_features.html) to support per-user feature flags. ([\#15344](https://github.com/matrix-org/synapse/issues/15344))
+* Add a module API to send an HTTP push notification. ([\#15387](https://github.com/matrix-org/synapse/issues/15387))
+* Add an [admin API endpoint](https://matrix-org.github.io/synapse/v1.83/admin_api/statistics.html#get-largest-rooms-by-size-in-database) to query the largest rooms by disk space used in the database. ([\#15482](https://github.com/matrix-org/synapse/issues/15482))
+* Disable push rule evaluation for rooms excluded from sync. ([\#15361](https://github.com/matrix-org/synapse/issues/15361))
+* Fix a long-standing bug where cached server key results which were directly fetched would not be properly re-used. ([\#15417](https://github.com/matrix-org/synapse/issues/15417))
+* Fix a bug introduced in Synapse 1.73.0 where some experimental push rules were returned by default. ([\#15494](https://github.com/matrix-org/synapse/issues/15494))
+
+[1.67.0]
+* Update Synapse to 1.84.0
+* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.84.0)
+* Fix a bug introduced in Synapse 1.84.0rc1 where errors during startup were not reported correctly on Python < 3.10. ([\#15599](https://github.com/matrix-org/synapse/issues/15599))
+* Add an option to prevent media downloads from configured domains. ([\#15197](https://github.com/matrix-org/synapse/issues/15197))
+* Add `forget_rooms_on_leave` config option to automatically forget rooms when users leave them or are removed from them. ([\#15224](https://github.com/matrix-org/synapse/issues/15224))
+* Add redis TLS configuration options. ([\#15312](https://github.com/matrix-org/synapse/issues/15312))
+* Add a config option to delay push notifications by a random amount, to discourage time-based profiling. ([\#15516](https://github.com/matrix-org/synapse/issues/15516))
+* Stabilize support for [MSC2659](https://github.com/matrix-org/matrix-spec-proposals/pull/2659): application service ping endpoint. Contributed by Tulir @ Beeper. ([\#15528](https://github.com/matrix-org/synapse/issues/15528))
+* Implement [MSC4009](https://github.com/matrix-org/matrix-spec-proposals/pull/4009) to expand the supported characters in Matrix IDs. ([\#15536](https://github.com/matrix-org/synapse/issues/15536))
+* Advertise support for Matrix 1.6 on `/_matrix/client/versions`. ([\#15559](https://github.com/matrix-org/synapse/issues/15559))
+* Print full error and stack-trace of any exception that occurs during startup/initialization. ([\#15569](https://github.com/matrix-org/synapse/issues/15569))
+* Don't fail on federation over TOR where SRV queries are not supported. Contributed by Zdzichu. ([\#15523](https://github.com/matrix-org/synapse/issues/15523))
+* Experimental support for [MSC4010](https://github.com/matrix-org/matrix-spec-proposals/pull/4010) which rejects setting the `"m.push_rules"` via account data. ([\#15554](https://github.com/matrix-org/synapse/issues/15554), [\#15555](https://github.com/matrix-org/synapse/issues/15555))
+* Fix a long-standing bug where an invalid membership event could cause an internal server error. ([\#15564](https://github.com/matrix-org/synapse/issues/15564))
+* Require at least poetry-core v1.1.0. ([\#15566](https://github.com/matrix-org/synapse/issues/15566), [\#15571](https://github.com/matrix-org/synapse/issues/15571))
+
+[1.67.1]
+* Update Synapse to 1.84.1
+* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.84.1)
+* Fix a bug introduced in Synapse v1.84.0 where workers do not start up when no `instance_map` was provided
+
+[1.68.0]
+* Update Synapse to 1.85.0
+* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.85.0)
+* GHSA-26c5-ppr8-f33p / CVE-2023-32682 — Low Severity
+* GHSA-98px-6486-j7qc / CVE-2023-32683 — Low Severity
+* Fix a performance issue introduced in Synapse v1.83.0 which meant that purging rooms was very slow and database-intensive. (#15693)
+* Improve performance of backfill requests by performing backfill of previously failed requests in the background. (#15585)
+* Add a new admin API to create a new device for a user. (#15611)
+
+[1.68.1]
+* Update Synapse to 1.85.1
+* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.85.1)
+* Fix bug in schema delta that broke upgrades for some deployments. Introduced in v1.85.0. (#15738, #15739)
+
+[1.68.2]
+* Update Synapse to 1.85.2
+* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.85.2)
+* Fix regression where using TLS for HTTP replication between workers did not work. Introduced in v1.85.0. (#15746)
+
+[1.69.0]
+* Update Synapse to 1.86.0
+* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.86.0)
+* Fix an error when having workers of different versions running. (#15774)
+* Stable support for MSC3882 to allow an existing device/session to generate a login token for use on a new device/session. (#15388)
+* Support resolving a room's canonical alias via the module API. (#15450)
+* Enable support for MSC3952: intentional mentions. (#15520)
+* Experimental MSC3861 support: delegate auth to an OIDC provider. (#15582)
+* Add Synapse version deploy annotations to Grafana dashboard which enables easy correlation between behavior changes witnessed in a graph to a certain Synapse version and nail down regressions. (#15674)
+* Add a catch-all * to the supported relation types when redacting an event and its related events. This is an update to MSC3912 implementation. (#15705)
+* Speed up /messages by backfilling in the background when there are no backward extremities where we are directly paginating. (#15710)
+* Expose a metric reporting the database background update status. (#15740)
+* Correctly clear caches when we delete a room. (#15609)
+* Check permissions for enabling encryption earlier during room creation to avoid creating broken rooms. (#15695)
+
+[1.70.0]
+* Update Synapse to 1.87.0
+* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.87.0)
+* Improve /messages response time by avoiding backfill when we already have messages to return. (#15737)
+* Add spam checker module API for logins. (#15838)
+* Fix a long-standing bug where media files were served in an unsafe manner. Contributed by @joshqou. (#15680)
+* Avoid invalidating a cache that was just prefilled. (#15758)
+* Fix requesting multiple keys at once over federation, related to MSC3983. (#15770)
+* Fix joining rooms through aliases where the alias server isn't a real homeserver. Contributed by @tulir @ Beeper. (#15776)
+
+[1.70.1]
+* Add workaround for broken thumbnailing
+* Update s3 storage provider
+

CloudronManifest.json

@@ -5,8 +5,8 @@
   "description": "file://DESCRIPTION.md",
   "changelog": "file://CHANGELOG.md",
   "tagline": "Secure & decentralized communication",
-  "version": "1.65.0",
-  "upstreamVersion": "1.82.0",
+  "version": "1.70.1",
+  "upstreamVersion": "1.87.0",
   "healthCheckPath": "/",
   "httpPort": 8008,
   "memoryLimit": 536870912,

Dockerfile

@@ -9,16 +9,19 @@ RUN virtualenv -p python3 /app/code/env
 ENV VIRTUAL_ENV=/app/code/env
 ENV PATH="$VIRTUAL_ENV/bin:$PATH"
 
-ARG VERSION=v1.82.0
+ARG VERSION=1.87.0
 
 # https://github.com/matrix-org/synapse-s3-storage-provider
-ARG STORAGE_PROVIDER_VERSION=fa27fa1a92bcbeb42b10399641348bee0ddf2c72
+ARG STORAGE_PROVIDER_VERSION=1beb6af95e1f5caedb8e6e7e1cc176cdb2106d37
 
 # Synapse (https://github.com/matrix-org/synapse/blob/master/INSTALL.md)
 # lxml - required for previews
 RUN pip install --upgrade pip && \
     pip install --upgrade setuptools && \
-    pip install matrix-synapse==${VERSION} psycopg2-binary python-ldap matrix-synapse-ldap3 lxml publicsuffix2 git+https://github.com/matrix-org/synapse-s3-storage-provider.git@${STORAGE_PROVIDER_VERSION} matrix-synapse[oidc]
+    pip install matrix-synapse==v${VERSION} psycopg2-binary python-ldap matrix-synapse-ldap3 lxml publicsuffix2 git+https://github.com/matrix-org/synapse-s3-storage-provider.git@${STORAGE_PROVIDER_VERSION} matrix-synapse[oidc]
+
+# workaround (https://github.com/matrix-org/synapse/issues/15873) . remove after 1.87.0
+RUN sed -e "s/Image.ANTIALIAS/Image.LANCZOS/" -i /app/code/env/lib/python3.10/site-packages/synapse/media/thumbnailer.py
 
 RUN ln -sf /app/data/index.html /app/code/env/lib/python3.10/site-packages/synapse/static/index.html
 

test/package-lock.json

@@ -9,10 +9,10 @@
       "version": "1.0.0",
       "license": "ISC",
       "dependencies": {
-        "chromedriver": "^112.0.0",
+        "chromedriver": "^114.0.2",
         "expect.js": "^0.3.1",
         "mocha": "^10.2.0",
-        "selenium-webdriver": "^4.9.0",
+        "selenium-webdriver": "^4.10.0",
         "superagent": "^8.0.9"
       }
     },
@@ -105,9 +105,9 @@
       "integrity": "sha1-x57Zf380y48robyXkLzDZkdLS3k="
     },
     "node_modules/axios": {
-      "version": "1.2.2",
-      "resolved": "https://registry.npmjs.org/axios/-/axios-1.2.2.tgz",
-      "integrity": "sha512-bz/J4gS2S3I7mpN/YZfGFTqhXTYzRho8Ay38w2otuuDR322KzFIWm/4W2K6gIwvWaws5n+mnb7D1lN9uD+QH6Q==",
+      "version": "1.4.0",
+      "resolved": "https://registry.npmjs.org/axios/-/axios-1.4.0.tgz",
+      "integrity": "sha512-S4XCWMEmzvo64T9GfvQDOXgYRDJ/wsSZc7Jvdgx5u1sd0JwsuPLqb3SYmusag+edF6ziyMensPVqLTSc1PiSEA==",
       "dependencies": {
         "follow-redirects": "^1.15.0",
         "form-data": "^4.0.0",
@@ -236,14 +236,14 @@
       }
     },
     "node_modules/chromedriver": {
-      "version": "112.0.0",
-      "resolved": "https://registry.npmjs.org/chromedriver/-/chromedriver-112.0.0.tgz",
-      "integrity": "sha512-fEw1tI05dmK1KK8MGh99LAppP7zCOPEXUxxbYX5wpIBCCmKasyrwZhk/qsdnxJYKd/h0TfiHvGEj7ReDQXW1AA==",
+      "version": "114.0.2",
+      "resolved": "https://registry.npmjs.org/chromedriver/-/chromedriver-114.0.2.tgz",
+      "integrity": "sha512-v0qrXRBknbxqmtklG7RWOe3TJ/dLaHhtB0jVxE7BAdYERxUjEaNRyqBwoGgVfQDibHCB0swzvzsj158nnfPgZw==",
       "hasInstallScript": true,
       "dependencies": {
         "@testim/chrome-version": "^1.1.3",
-        "axios": "^1.2.1",
-        "compare-versions": "^5.0.1",
+        "axios": "^1.4.0",
+        "compare-versions": "^5.0.3",
         "extract-zip": "^2.0.1",
         "https-proxy-agent": "^5.0.1",
         "proxy-from-env": "^1.1.0",
@@ -253,7 +253,7 @@
         "chromedriver": "bin/chromedriver"
       },
       "engines": {
-        "node": ">=14"
+        "node": ">=16"
       }
     },
     "node_modules/cliui": {
@@ -294,9 +294,9 @@
       }
     },
     "node_modules/compare-versions": {
-      "version": "5.0.1",
-      "resolved": "https://registry.npmjs.org/compare-versions/-/compare-versions-5.0.1.tgz",
-      "integrity": "sha512-v8Au3l0b+Nwkp4G142JcgJFh1/TUhdxut7wzD1Nq1dyp5oa3tXaqb03EXOAB6jS4gMlalkjAUPZBMiAfKUixHQ=="
+      "version": "5.0.3",
+      "resolved": "https://registry.npmjs.org/compare-versions/-/compare-versions-5.0.3.tgz",
+      "integrity": "sha512-4UZlZP8Z99MGEY+Ovg/uJxJuvoXuN4M6B3hKaiackiHrgzQFEe3diJi1mf1PNHbFujM7FvLrK2bpgIaImbtZ1A=="
     },
     "node_modules/component-emitter": {
       "version": "1.3.0",
@@ -1166,9 +1166,9 @@
       "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g=="
     },
     "node_modules/selenium-webdriver": {
-      "version": "4.9.0",
-      "resolved": "https://registry.npmjs.org/selenium-webdriver/-/selenium-webdriver-4.9.0.tgz",
-      "integrity": "sha512-QGaPoREo7sgOVhTiAvCasoi1f4ruTaJDtp0RKNFIbfyns5smK5+iCwnRTIPXb0R3CAYdaqUXd6BHduh37DorzQ==",
+      "version": "4.10.0",
+      "resolved": "https://registry.npmjs.org/selenium-webdriver/-/selenium-webdriver-4.10.0.tgz",
+      "integrity": "sha512-hSQPw6jgc+ej/UEcdQPG/iBwwMeCEgZr9HByY/J8ToyXztEqXzU9aLsIyrlj1BywBcStO4JQK/zMUWWrV8+riA==",
       "dependencies": {
         "jszip": "^3.10.1",
         "tmp": "^0.2.1",
@@ -1538,9 +1538,9 @@
       "integrity": "sha1-x57Zf380y48robyXkLzDZkdLS3k="
     },
     "axios": {
-      "version": "1.2.2",
-      "resolved": "https://registry.npmjs.org/axios/-/axios-1.2.2.tgz",
-      "integrity": "sha512-bz/J4gS2S3I7mpN/YZfGFTqhXTYzRho8Ay38w2otuuDR322KzFIWm/4W2K6gIwvWaws5n+mnb7D1lN9uD+QH6Q==",
+      "version": "1.4.0",
+      "resolved": "https://registry.npmjs.org/axios/-/axios-1.4.0.tgz",
+      "integrity": "sha512-S4XCWMEmzvo64T9GfvQDOXgYRDJ/wsSZc7Jvdgx5u1sd0JwsuPLqb3SYmusag+edF6ziyMensPVqLTSc1PiSEA==",
       "requires": {
         "follow-redirects": "^1.15.0",
         "form-data": "^4.0.0",
@@ -1633,13 +1633,13 @@
       }
     },
     "chromedriver": {
-      "version": "112.0.0",
-      "resolved": "https://registry.npmjs.org/chromedriver/-/chromedriver-112.0.0.tgz",
-      "integrity": "sha512-fEw1tI05dmK1KK8MGh99LAppP7zCOPEXUxxbYX5wpIBCCmKasyrwZhk/qsdnxJYKd/h0TfiHvGEj7ReDQXW1AA==",
+      "version": "114.0.2",
+      "resolved": "https://registry.npmjs.org/chromedriver/-/chromedriver-114.0.2.tgz",
+      "integrity": "sha512-v0qrXRBknbxqmtklG7RWOe3TJ/dLaHhtB0jVxE7BAdYERxUjEaNRyqBwoGgVfQDibHCB0swzvzsj158nnfPgZw==",
       "requires": {
         "@testim/chrome-version": "^1.1.3",
-        "axios": "^1.2.1",
-        "compare-versions": "^5.0.1",
+        "axios": "^1.4.0",
+        "compare-versions": "^5.0.3",
         "extract-zip": "^2.0.1",
         "https-proxy-agent": "^5.0.1",
         "proxy-from-env": "^1.1.0",
@@ -1678,9 +1678,9 @@
       }
     },
     "compare-versions": {
-      "version": "5.0.1",
-      "resolved": "https://registry.npmjs.org/compare-versions/-/compare-versions-5.0.1.tgz",
-      "integrity": "sha512-v8Au3l0b+Nwkp4G142JcgJFh1/TUhdxut7wzD1Nq1dyp5oa3tXaqb03EXOAB6jS4gMlalkjAUPZBMiAfKUixHQ=="
+      "version": "5.0.3",
+      "resolved": "https://registry.npmjs.org/compare-versions/-/compare-versions-5.0.3.tgz",
+      "integrity": "sha512-4UZlZP8Z99MGEY+Ovg/uJxJuvoXuN4M6B3hKaiackiHrgzQFEe3diJi1mf1PNHbFujM7FvLrK2bpgIaImbtZ1A=="
     },
     "component-emitter": {
       "version": "1.3.0",
@@ -2300,9 +2300,9 @@
       "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g=="
     },
     "selenium-webdriver": {
-      "version": "4.9.0",
-      "resolved": "https://registry.npmjs.org/selenium-webdriver/-/selenium-webdriver-4.9.0.tgz",
-      "integrity": "sha512-QGaPoREo7sgOVhTiAvCasoi1f4ruTaJDtp0RKNFIbfyns5smK5+iCwnRTIPXb0R3CAYdaqUXd6BHduh37DorzQ==",
+      "version": "4.10.0",
+      "resolved": "https://registry.npmjs.org/selenium-webdriver/-/selenium-webdriver-4.10.0.tgz",
+      "integrity": "sha512-hSQPw6jgc+ej/UEcdQPG/iBwwMeCEgZr9HByY/J8ToyXztEqXzU9aLsIyrlj1BywBcStO4JQK/zMUWWrV8+riA==",
       "requires": {
         "jszip": "^3.10.1",
         "tmp": "^0.2.1",

test/package.json

@@ -9,10 +9,10 @@
   "author": "",
   "license": "ISC",
   "dependencies": {
-    "chromedriver": "^112.0.0",
+    "chromedriver": "^114.0.2",
     "expect.js": "^0.3.1",
     "mocha": "^10.2.0",
-    "selenium-webdriver": "^4.9.0",
+    "selenium-webdriver": "^4.10.0",
     "superagent": "^8.0.9"
   }
 }