Version 1.89.0

CHANGELOG.md

@@ -1123,3 +1123,69 @@
 * Fix a long-standing bug where Synapse would not unbind third-party identifiers for Application Service users when deactivated and would not emit a compliant response. (#16617)
 * Fix sending out of order POSITION over replication, causing additional database load. (#16639)
 
+[1.84.0]
+* Update Synapse to 1.98.0
+* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.98.0)
+* Synapse now declares support for Matrix v1.7, v1.8, and v1.9. (#16707)
+* Add `on_user_login` module API callback for when a user logs in. (#15207)
+* Support MSC4069: Inhibit profile propagation. (#16636)
+* Restore tracking of requests and monthly active users when delegating authentication via MSC3861 to an OIDC provider. (#16672)
+* Add an autojoin setting for server notices rooms, so users may be joined directly instead of receiving an invite. (#16699)
+* Follow redirects when downloading media over federation (per MSC3860). (#16701)
+
+[1.85.0]
+* Update public suffix list as part of the base image to get the latest domains
+
+[1.86.0]
+* Update Synapse to 1.99.0
+* [Full changelog](https://github.com/element-hq/synapse/releases/tag/v1.99.0)
+* Add config options to set the avatar and the topic of the server notices room, as well as the avatar of the server notices user. (\https://github.com/element-hq/synapse/issues/16679)
+* Add config option email.notif_delay_before_mail to tweak the delay before an email is sent following a notification. (\https://github.com/element-hq/synapse/issues/16696)
+* Add new configuration option sentry.environment for improved system monitoring. Contributed by @zeeshanrafiqrana. (\https://github.com/element-hq/synapse/issues/16738)
+* Filter out rooms from the room directory being served to other homeservers when those rooms block that homeserver by their Access Control Lists. (\https://github.com/element-hq/synapse/pull/16759)
+* Fix a long-standing bug where the signing keys generated by Synapse were world-readable. Contributed by Fabian Klemp. (\https://github.com/element-hq/synapse/issues/16740)
+* Fix email verification redirection. Contributed by Fadhlan Ridhwanallah. (\https://github.com/element-hq/synapse/pull/16761)
+* Fixed a bug that prevented users from being queried by display name if it contains non-ASCII characters. (\https://github.com/element-hq/synapse/pull/16767)
+* Allow reactivate user without password with Admin API in some edge cases. (\https://github.com/element-hq/synapse/pull/16770)
+* Adds the recursion_depth parameter to the response of the /relations endpoint if MSC3981 recursion is being performed. (\https://github.com/element-hq/synapse/pull/16775)
+* Added version picker for Synapse documentation. Contributed by @Dmytro27Ind. (\https://github.com/element-hq/synapse/issues/16533)
+* Clarify that password_config.enabled: "only_for_reauth" does not allow new logins to be created using password auth. (\https://github.com/element-hq/synapse/issues/16737)
+* Remove value from header in configuration documentation for refresh_token_lifetime. (\https://github.com/element-hq/synapse/pull/16763)
+* Add another custom statistics collection server to the documentation. Contributed by @loelkes. (\https://github.com/element-hq/synapse/pull/16769)
+* Remove run-once workflow after adding the version picker to the documentation. (\https://github.com/element-hq/synapse/pull/9453)
+* Update the implementation of [MSC2965](matrix-org/matrix-spec-proposals#2965) (OIDC Provider discovery). (\https://github.com/element-hq/synapse/issues/16726)
+* Move the rust stubs inline for better IDE integration. (\https://github.com/element-hq/synapse/pull/16757)
+* Fix sample config doc CI. (\https://github.com/element-hq/synapse/pull/16758)
+* Simplify event internal metadata class. (\https://github.com/element-hq/synapse/pull/16762, \https://github.com/element-hq/synapse/pull/16780)
+* Sign the published docker image using cosign. (\https://github.com/element-hq/synapse/pull/16774)
+* Port EventInternalMetadata class to Rust. (\https://github.com/element-hq/synapse/pull/16782)
+* Bump actions/setup-go from 4 to 5. (\https://github.com/element-hq/synapse/issues/16749)
+* Bump actions/setup-python from 4 to 5. (\https://github.com/element-hq/synapse/issues/16748)
+* Bump immutabledict from 3.0.0 to 4.0.0. (\https://github.com/element-hq/synapse/issues/16743)
+* Bump isort from 5.12.0 to 5.13.0. (\https://github.com/element-hq/synapse/issues/16745)
+* Bump isort from 5.13.0 to 5.13.1. (\https://github.com/element-hq/synapse/issues/16752)
+* Bump pydantic from 2.5.1 to 2.5.2. (\https://github.com/element-hq/synapse/issues/16747)
+* Bump ruff from 0.1.6 to 0.1.7. (\https://github.com/element-hq/synapse/issues/16746)
+* Bump types-setuptools from 68.2.0.2 to 69.0.0.0. (\https://github.com/element-hq/synapse/issues/16744)
+
+[1.87.0]
+* Update Synapse to 1.100.0
+* [Full changelog](https://github.com/element-hq/synapse/releases/tag/v1.100.0)
+* Fix database performance regression due to changing Postgres table statistics. Introduced in v1.100.0rc1. (#16849)
+* Advertise experimental support for MSC4028 through /matrix/clients/versions if enabled. Contributed by @hanadi92. (#16787)
+* Handle wildcard type filters properly for room messages endpoint. Contributed by Mo Balaa. (#14984)
+
+[1.88.0]
+* Update Synapse to 1.101.0
+* [Full changelog](https://github.com/element-hq/synapse/releases/tag/v1.101.0)
+* Add support for stabilised MSC3981 that adds a recurse parameter on the /relations API. (#16842)
+* Fix performance regression when fetching auth chains from the DB. Introduced in v1.100.0. (#16893)
+
+[1.89.0]
+* Update Synapse to 1.102.0
+* [Full changelog](https://github.com/element-hq/synapse/releases/tag/v1.102.0)
+* A metric was added for emails sent by Synapse, broken down by type: `synapse_emails_sent_total`. Contributed by Remi Rampin. (#16881)
+* Do not send multiple concurrent requests for keys for the same server. (#16894)
+* Fix performance issue when joining very large rooms that can cause the server to lock up. Introduced in v1.100.0. (#16903)
+* Always prefer unthreaded receipt when >1 exist (MSC4102). (#16927)
+

CloudronManifest.json

@@ -5,8 +5,8 @@
   "description": "file://DESCRIPTION.md",
   "changelog": "file://CHANGELOG.md",
   "tagline": "Secure & decentralized communication",
-  "version": "1.83.0",
-  "upstreamVersion": "1.97.0",
+  "version": "1.89.0",
+  "upstreamVersion": "1.102.0",
   "healthCheckPath": "/",
   "httpPort": 8008,
   "memoryLimit": 536870912,

Dockerfile

@@ -9,7 +9,7 @@ RUN virtualenv -p python3 /app/code/env
 ENV VIRTUAL_ENV=/app/code/env
 ENV PATH="$VIRTUAL_ENV/bin:$PATH"
 
-ARG VERSION=1.97.0
+ARG VERSION=1.102.0
 
 # https://github.com/matrix-org/synapse-s3-storage-provider
 ARG STORAGE_PROVIDER_VERSION=1beb6af95e1f5caedb8e6e7e1cc176cdb2106d37
@@ -20,8 +20,8 @@ RUN pip install --upgrade pip && \
     pip install --upgrade setuptools && \
     pip install matrix-synapse==v${VERSION} psycopg2-binary python-ldap matrix-synapse-ldap3 lxml publicsuffix2 git+https://github.com/matrix-org/synapse-s3-storage-provider.git@${STORAGE_PROVIDER_VERSION} matrix-synapse[oidc]
 
-# workaround (https://github.com/matrix-org/synapse/issues/15873) . remove after 1.87.0
-RUN sed -e "s/Image.ANTIALIAS/Image.LANCZOS/" -i /app/code/env/lib/python3.10/site-packages/synapse/media/thumbnailer.py
+# Updated suffix list
+RUN curl -L https://publicsuffix.org/list/public_suffix_list.dat -o /app/code/env/lib/python3.10/site-packages/publicsuffix2/public_suffix_list.dat
 
 RUN ln -sf /app/data/index.html /app/code/env/lib/python3.10/site-packages/synapse/static/index.html
 

start.sh

@@ -37,10 +37,10 @@ if [[ ! -f /app/data/configs/homeserver.yaml ]]; then
 
     if [[ -z "${CLOUDRON_OIDC_ISSUER:-}" ]]; then
         yq eval -i ".enable_registration=true" /app/data/configs/homeserver.yaml
-        yq eval -i ".password_config.pepper=\"$(pwgen -1s 12)\"" /app/data/configs/homeserver.yaml
         # just setting enabled to false is not enough. see https://github.com/matrix-org/matrix-synapse-ldap3/issues/123
         yq eval -i "del(.password_providers)" /app/data/configs/homeserver.yaml
     fi
+    yq eval -i ".password_config.pepper=\"$(pwgen -1s 12)\"" /app/data/configs/homeserver.yaml # always set this so that users can enable password login if needed
 fi
 
 echo "==> Ensure we log to console"

test/package.json

@@ -9,10 +9,9 @@
   "author": "",
   "license": "ISC",
   "dependencies": {
-    "chromedriver": "^119.0.1",
+    "chromedriver": "^122.0.4",
     "expect.js": "^0.3.1",
-    "mocha": "^10.2.0",
-    "selenium-webdriver": "^4.15.0",
-    "superagent": "^8.1.2"
+    "mocha": "^10.3.0",
+    "selenium-webdriver": "^4.18.1"
   }
 }

test/test.js

@@ -120,7 +120,7 @@ describe('Application life cycle test', function () {
             await browser.findElement(By.xpath('//input[@name="username"]')).sendKeys(username);
             await browser.findElement(By.xpath('//input[@name="password"]')).sendKeys(password);
             await browser.sleep(2000);
-            await browser.findElement(By.xpath('//button[@type="submit" and contains(text(), "Sign in")]')).click();
+            await browser.findElement(By.id('loginSubmitButton')).click();
             await browser.sleep(2000);
 
             athenticated_by_oidc = true;