Neil Johnson

67 posts tagged with "Neil Johnson" (See all Author)

Synapse 0.33.9 is here!

20.11.2018 00:00 — Releases Neil Johnson

Well here you are then, the 9th episode in the Synapse 0.33.x series.

Features wise, 0.33.9 contains a change to the way that GDPR consent works under the hood. It is now plumbed in to the login flow (rather than following immediately afterwards) such that it does not inadvertently break on-boarding. This is part of a broader set of changes that span Synapse and Riot to improve initial first impressions of using matrix.

Separately we now have support for room version upgrades which is pre-requisite for rolling out the new state resolution algorithm, come and join us in #teststateresv2:jki.re if you would like to help us test.

Finally we've spent a bunch of time further improving perf especially in and around reducing device ids federation traffic.

I know I say it every time, but full python 3 support is really really close now, matrix.org is now running entirely on py3 and seeing some amazing perf improvements - the remaining blocker is getting py3 deb packages ready and then we'll ship an official python 3 release. There will also be a blog post to explain what we've been up to and what to expect perf wise.

As ever, you can get the new update here or any of the sources mentioned at https://github.com/matrix-org/synapse. Note, Synapse is now available from PyPI, pick it up here. Also, check out our new Synapse installation guide page.

Synapse 0.33.9 changelog

Features

  • Include flags to optionally add m.login.terms to the registration flow when consent tracking is enabled. (#4004#4133#4142#4184)
  • Support for replacing rooms with new ones (#4091#4099#4100#4101)

Bugfixes

  • Fix exceptions when using the email mailer on Python 3. (#4095)
  • Fix e2e key backup with more than 9 backup versions (#4113)
  • Searches that request profile info now no longer fail with a 500. (#4122)
  • fix return code of empty key backups (#4123)
  • If the typing stream ID goes backwards (as on a worker when the master restarts), the worker's typing handler will no longer erroneously report rooms containing new typing events. (#4127)
  • Fix table lock of device_lists_remote_cache which could freeze the application (#4132)
  • Fix exception when using state res v2 algorithm (#4135)
  • Generating the user consent URI no longer fails on Python 3. (#4140#4163)
  • Loading URL previews from the DB cache on Postgres will no longer cause Unicode type errors when responding to the request, and URL previews will no longer fail if the remote server returns a Content-Type header with the chartype in quotes. (#4157)
  • The hash_password script now works on Python 3. (#4161)
  • Fix noop checks when updating device keys, reducing spurious device list update notifications. (#4164)

Deprecations and Removals

  • The disused and un-specced identicon generator has been removed. (#4106)
  • The obsolete and non-functional /pull federation endpoint has been removed. (#4118)
  • The deprecated v1 key exchange endpoints have been removed. (#4119)
  • Synapse will no longer fetch keys using the fallback deprecated v1 key exchange method and will now always use v2. (#4120)

Internal Changes

  • Fix build of Docker image with docker-compose (#3778)
  • Delete unreferenced state groups during history purge (#4006)
  • The "Received rdata" log messages on workers is now logged at DEBUG, not INFO. (#4108)
  • Reduce replication traffic for device lists (#4109)
  • Fix synapse_replication_tcp_protocol_*_commands metric label to be full command name, rather than just the first character (#4110)
  • Log some bits about room creation (#4121)
  • Fix tox failure on old systems (#4124)
  • Add STATE_V2_TEST room version (#4128)
  • Clean up event accesses and tests (#4137)
  • The default logging config will now set an explicit log file encoding of UTF-8. (#4138)
  • Add helpers functions for getting prev and auth events of an event (#4139)
  • Add some tests for the HTTP pusher. (#4149)
  • add purge_history.sh and purge_remote_media.sh scripts to contrib/ (#4155)
  • HTTP tests have been refactored to contain less boilerplate. (#4156)
  • Drop incoming events from federation for unknown rooms (#4165)

Synapse v0.33.8 is here!

01.11.2018 00:00 — Releases Neil Johnson

Wowzers - our 8th dot release for v0.33!

This time we have a bunch of bug fixes and db performance improvements as well as better support for auto-join rooms and the ability for admins to limit who can create rooms aliases.

v0.33.8 also contains more python 3 fixes: we are running most of matrix.org on python 3 as of right now and seeing some pretty impressive performance improvements. Look out for Hawkowl's write up coming soon.

For those interested in what we are working on right now, take a look at our task board.

As ever, you can get the new update here or any of the sources mentioned at https://github.com/matrix-org/synapse. Note, Synapse is now available from PyPI, pick it up here.

Synapse 0.33.8 changelog

Features

  • Servers with auto-join rooms will now automatically create those rooms when the first user registers (#3975)
  • Add config option to control alias creation (#4051)
  • The register_new_matrix_user script is now ported to Python 3. (#4085)
  • Configure Docker image to listen on both ipv4 and ipv6. (#4089)

Bugfixes

  • Fix HTTP error response codes for federated group requests. (#3969)
  • Fix issue where Python 3 users couldn't paginate /publicRooms (#4046)
  • Fix URL previewing to work in Python 3.7 (#4050)
  • synctl will use the right python executable to run worker processes (#4057)
  • Manhole now works again on Python 3, instead of failing with a "couldn't match all kex parts" when connecting. (#4060#4067)
  • Fix some metrics being racy and causing exceptions when polled by Prometheus. (#4061)
  • Fix bug which prevented email notifications from being sent unless an absolute path was given for email_templates. (#4068)
  • Correctly account for cpu usage by background threads (#4074)
  • Fix race condition where config defined reserved users were not being added to the monthly active user list prior to the homeserver reactor firing up (#4081)
  • Fix bug which prevented backslashes being used in event field filters (#4083)

Internal Changes

  • Add information about the matrix-docker-ansible-deploy playbook (#3698)
  • Add initial implementation of new state resolution algorithm (#3786)
  • Reduce database load when fetching state groups (#4011)
  • Various cleanups in the federation client code (#4031)
  • Run the CircleCI builds in docker containers (#4041)
  • Only colourise synctl output when attached to tty (#4049)
  • Refactor room alias creation code (#4063)
  • Make the Python scripts in the top-level scripts folders meet pep8 and pass flake8. (#4068)
  • The README now contains example for the Caddy web server. Contributed by steamp0rt. (#4072)
  • Add psutil as an explicit dependency (#4073)
  • Clean up threading and logcontexts in pushers (#4075)
  • Correctly manage logcontexts during startup to fix some "Unexpected logging context" warnings (#4076)
  • Give some more things logcontexts (#4077)
  • Clean up some bits of code which were flagged by the linter (#4082)

Synapse 0.33.7 released!

18.10.2018 00:00 — Releases Neil Johnson

Hey ho, let's go. Synapse 0.33.7 has arrived.

Regular readers will know how close we are to a full python 3 release. We are not quite there yet but 0.33.7 has support for Synapse under worker mode and we've running it on matrix.org this week. We need more time to conclusively gauge performance improvements but the Synchrotron workers are running with 33% less RAM. Thanks to everyone who has been running their servers under py3, if you do spot anything unusual just let us know. Once we've been running it a bit longer on matrix.org, we'll cut a 0.34.0 release with a recommendation that one and all upgrade to python 3.

Aside from that this release contains support for server side end to end key backups, paving the way for client side support in Riot and Rich continues his long running federation bug squash-a-thon which should help with a whole host of federation snafus.

Up next on the horizon is returning in earnest to getting the server to server r0 spec out starting with shipping our brand new super shiny state resolution algorithm.

As a final point, for those of you that deploy from git checkout or a snapshot url and have email notifications enabled please take a look warning in the change log.

As a final final point #synapse:matrix.org is now an officially supported room, aimed at Synapse admins. If you've not done so already please do drop by and say Hi.

As ever, you can get the new update here or any of the sources mentioned at https://github.com/matrix-org/synapse. Note, Synapse is now available from PyPI, pick it up here.

Onwards!

Synapse 0.33.7 Change Log

Warning: This release removes the example email notification templates from res/templates (they are now internal to the python package). This should only affect you if you (a) deploy your Synapse instance from a git checkout or a github snapshot URL, and (b) have email notifications enabled.

If you have email notifications enabled, you should ensure that email.template_dir is either configured to point at a directory where you have installed customised templates, or leave it unset to use the default templates.

The configuration parser will try to detect the situation where email.template_dir is incorrectly set to res/templates and do the right thing, but will warn about this.

Features

  • Ship the example email templates as part of the package (#4052)
  • Add support for end-to-end key backup (MSC1687) (#4019)

Bugfixes

  • Fix bug which made get_missing_events return too few events (#4045)
  • Fix bug in event persistence logic which caused 'NoneType is not iterable' (#3995)
  • Fix exception in background metrics collection (#3996)
  • Fix exception handling in fetching remote profiles (#3997)
  • Fix handling of rejected threepid invites (#3999)
  • Workers now start on Python 3. (#4027)
  • Synapse now starts on Python 3.7. (#4033)

Internal Changes

  • Log exceptions in looping calls (#4008)
  • Optimisation for serving federation requests (#4017)
  • Add metric to count number of non-empty sync responses (#4022)

Synapse 0.33.6 released!

04.10.2018 00:00 — Releases Neil Johnson

Right folks, time for Synapse 0.33.6.

These past few weeks we've been focusing on fixing a whole host of federation bugs to improve reliability and latency. Additionally we've squashed some py3 bugs, improved lazy loading and been working hard in the background to improve our CI infrastructure. Finally, we cleaned up the Docker file, the image is now half the size of 0.33.5.1's standing at 58 MB.

As ever, you can get the new update here or any of the sources mentioned at https://github.com/matrix-org/synapse. Note, Synapse is now available from PyPI, pick it up here.

Synapse 0.33.6

Features

  • Adding the ability to change MAX_UPLOAD_SIZE for the docker container variables. (#3883)
  • Report "python_version" in the phone home stats (#3894)
  • Always LL ourselves if we're in a room (#3916)
  • Include eventid in log lines when processing incoming federation transactions (#3959)
  • Remove spurious check which made 'localhost' servers not work (#3964)

Bugfixes

  • Fix problem when playing media from Chrome using direct URL (thanks @remjey!) (#3578)
  • support registering regular users non-interactively with register_new_matrix_user script (#3836)
  • Fix broken invite email links for self hosted riots (#3868)
  • Don't ratelimit autojoins (#3879)
  • Fix 500 error when deleting unknown room alias (#3889)
  • Fix some b'abcd' noise in logs and metrics (#3892#3895)
  • When we join a room, always try the server we used for the alias lookup first, to avoid unresponsive and out-of-date servers. (#3899)
  • Fix incorrect server-name indication for outgoing federation requests (#3907)
  • Fix adding client IPs to the database failing on Python 3. (#3908)
  • Fix bug where things occasionally were not being timed out correctly. (#3910)
  • Fix bug where outbound federation would stop talking to some servers when using workers (#3914)
  • Fix some instances of ExpiringCache not expiring cache items (#3932#3980)
  • Fix out-of-bounds error when LLing yourself (#3936)
  • Sending server notices regarding user consent now works on Python 3. (#3938)
  • Fix exceptions from metrics handler (#3956)
  • Fix error message for events with m.room.create missing from auth_events (#3960)
  • Fix errors due to concurrent monthly_active_user upserts (#3961)
  • Fix exceptions when processing incoming events over federation (#3968)
  • Replaced all occurrences of e.message with str(e). Contributed by Schnuffle (#3970)
  • Fix lazy loaded sync in the presence of rejected state events (#3986)
  • Fix error when logging incomplete HTTP requests (#3990)

Internal Changes

  • Unit tests can now be run under PostgreSQL in Docker using test_postgresql.sh. (#3699)
  • Speed up calculation of typing updates for replication (#3794)
  • Remove documentation regarding installation on Cygwin, the use of WSL is recommended instead. (#3873)
  • Fix typo in README, synaspse -> synapse (#3897)
  • Increase the timeout when filling missing events in federation requests (#3903)
  • Improve the logging when handling a federation transaction (#3904#3966)
  • Improve logging of outbound federation requests (#3906#3909)
  • Fix the docker image building on python 3 (#3911)
  • Add a regression test for logging failed HTTP requests on Python 3. (#3912)
  • Comments and interface cleanup for on_receive_pdu (#3924)
  • Fix spurious exceptions when remote http client closes connection (#3925)
  • Log exceptions thrown by background tasks (#3927)
  • Add a cache to get_destination_retry_timings (#3933#3991)
  • Automate pushes to docker hub (#3946)
  • Require attrs 16.0.0 or later (#3947)
  • Fix incompatibility with python3 on alpine (#3948)
  • Run the test suite on the oldest supported versions of our dependencies in CI. (#3952)
  • CircleCI now only runs merged jobs on PRs, and commit jobs on develop, master, and release branches. (#3957)
  • Fix docstrings and add tests for state store methods (#3958)
  • fix docstring for FederationClient.get_state_for_room (#3963)
  • Run notify_app_services as a bg process (#3965)
  • Clarifications in FederationHandler (#3967)
  • Further reduce the docker image size (#3972)
  • Build py3 docker images for docker hub too (#3976)
  • Updated the installation instructions to point to the matrix-synapse package on PyPI. (#3985)
  • Disable USE_FROZEN_DICTS for unittests by default. (#3987)
  • Remove unused Jenkins and development related files from the repo. (#3988)
  • Improve stacktraces in certain exceptions in the logs (#3989)
  • Pin to prometheus_client<0.4 to avoid renaming all of our metrics (#4002)

Synapse 0.33.5.1 released!

24.09.2018 00:00 — Releases Neil Johnson

Folks, Synapse 0.33.5.1 is here.

0.33.5.1 is an interesting release. On the one hand it contains the usual bug fixes and performance improvements of a point release, but it also our first versioned release where monolith installs can be run under Python 3.5 and 3.6! Python 3 support is very much in beta, so please be cautious but if you would like to try running under a py3 environment we'd love to get your feedback.

We've been running it ourselves for the past few weeks, and feel pretty good about it, not least the 2-3x improvement in RAM usage.

Currently the only way to run under python 3 is to download via github, there is no deb support as yet, though this will come as soon as we are confident to recommend python 3 as the default version.

We'll be blogging about our porting project in more detail in the future, so watch this space - exciting times!

As ever, you can get the new update here or any of the sources mentioned at https://github.com/matrix-org/synapse. Note, for the first time, Synapse is now available from PyPI, pick it up here.

Synapse 0.33.5.1

Internal Changes

  • Fix incompatibility with older Twisted version in tests. Thanks @OlegGirko! (#3940)

Synapse 0.33.5

Features

  • Python 3.5 and 3.6 support is now in beta. (#3576)
  • Implement event_format filter param in /sync (#3790)
  • Add synapse_admin_mau:registered_reserved_users metric to expose number of real reaserved users (#3846)

Bugfixes

  • Remove connection ID for replication prometheus metrics, as it creates a large number of new series. (#3788)
  • guest users should not be part of mau total (#3800)
  • Bump dependency on pyopenssl 16.x, to avoid incompatibility with recent Twisted. (#3804)
  • Fix existing room tags not coming down sync when joining a room (#3810)
  • Fix jwt import check (#3824)
  • fix VOIP crashes under Python 3 (#3821) (#3835)
  • Fix manhole so that it works with latest openssh clients (#3841)
  • Fix outbound requests occasionally wedging, which can result in federation breaking between servers. (#3845)
  • Show heroes if room name/canonical alias has been deleted (#3851)
  • Fix handling of redacted events from federation (#3859)
  • (#3874)
  • Mitigate outbound federation randomly becoming wedged (#3875)

Internal Changes

  • CircleCI tests now run on the potential merge of a PR. (#3704)
  • http/ is now ported to Python 3. (#3771)
  • Improve human readable error messages for threepid registration/account update (#3789)
  • Make /sync slightly faster by avoiding needless copies (#3795)
  • handlers/ is now ported to Python 3. (#3803)
  • Limit the number of PDUs/EDUs per federation transaction (#3805)
  • Only start postgres instance for postgres tests on Travis CI (#3806)
  • tests/ is now ported to Python 3. (#3808)
  • crypto/ is now ported to Python 3. (#3822)
  • rest/ is now ported to Python 3. (#3823)
  • add some logging for the keyring queue (#3826)
  • speed up lazy loading by 2-3x (#3827)
  • Improved Dockerfile to remove build requirements after building reducing the image size. (#3834)
  • Disable lazy loading for incremental syncs for now (#3840)
  • federation/ is now ported to Python 3. (#3847)
  • Log when we retry outbound requests (#3853)
  • Removed some excess logging messages. (#3855)
  • Speed up purge history for rooms that have been previously purged (#3856)
  • Refactor some HTTP timeout code. (#3857)
  • Fix running merged builds on CircleCI (#3858)
  • Fix typo in replication stream exception. (#3860)
  • Add in flight real time metrics for Measure blocks (#3871)
  • Disable buffering and automatic retrying in treq requests to prevent timeouts. (#3872)
  • mention jemalloc in the README (#3877)
  • Remove unmaintained "nuke-room-from-db.sh" script (#3888)

Synapse 0.33.4 released!

11.09.2018 00:00 — Releases Neil Johnson

Roll up, roll up, get it while it's hot, Synapse 0.33.4 is here.

This release brings together a whole host of bug fixes, some enhancements to resource usage management and a bunch of internal changes in readiness for room member state lazy loading and our ongoing port to Python 3 (we are hoping to ship a py3 test candidate rsn!).

As ever, you can get the new update from https://github.com/matrix-org/synapse/releases/tag/v0.33.4 or any of the sources mentioned at https://github.com/matrix-org/synapse.

Features

  • Support profile API endpoints on workers (#3659)
  • Server notices for resource limit blocking (#3680)
  • Allow guests to use /rooms/:roomId/event/:eventId (#3724)
  • Add mau_trial_days config param, so that users only get counted as MAU after N days. (#3749)
  • Require twisted 17.1 or later (fixes #3741). (#3751)

Bugfixes

  • Fix error collecting prometheus metrics when run on dedicated thread due to threading concurrency issues (#3722)
  • Fix bug where we resent "limit exceeded" server notices repeatedly (#3747)
  • Fix bug where we broke sync when using limit_usage_by_mau but hadn't configured server notices (#3753)
  • Fix 'federation_domain_whitelist' such that an empty list correctly blocks all outbound federation traffic (#3754)
  • Fix tagging of server notice rooms (#3755#3756)
  • Fix 'admin_uri' config variable and error parameter to be 'admin_contact' to match the spec. (#3758)
  • Don't return non-LL-member state in incremental sync state blocks (#3760)
  • Fix bug in sending presence over federation (#3768)
  • Fix bug where preserved threepid user comes to sign up and server is mau blocked (#3777)

Internal Changes

  • Removed the link to the unmaintained matrix-synapse-auto-deploy project from the readme. (#3378)
  • Refactor state module to support multiple room versions (#3673)
  • The synapse.storage module has been ported to Python 3. (#3725)
  • Split the state_group_cache into member and non-member state events (and so speed up LL /sync) (#3726)
  • Log failure to authenticate remote servers as warnings (without stack traces) (#3727)
  • The CONTRIBUTING guidelines have been updated to mention our use of Markdown and that .misc files have content. (#3730)
  • Reference the need for an HTTP replication port when using the federation_reader worker (#3734)
  • Fix minor spelling error in federation client documentation. (#3735)
  • Remove redundant state resolution function (#3737)
  • The test suite now passes on PostgreSQL. (#3740)
  • Fix MAU cache invalidation due to missing yield (#3746)
  • Make sure that we close db connections opened during init (#3764)
  • Unignore synctl in .dockerignore to fix docker builds (#3802)

Critical Security Update: Synapse 0.33.3.1

06.09.2018 00:00 — Releases Neil Johnson

Hi All,

As referenced in yesterday's pre-disclosure, today we are releasing Synapse 0.33.3.1 as a critical security update.

We have patched two security vulnerabilities we identified whilst working on the upcoming r0 spec release for the Server-Server API (see details below). We do not believe either have been exploited in the wild, but strongly recommend everybody running a federated Synapse upgrades immediately.

As always you can get the new update here or from any of the sources mentioned at https://github.com/matrix-org/synapse/

Many thanks for your patience and understanding; with fixes like this we are moving ever closer to Synapse reaching a 1.0 Thanks also to the package maintainers who have coordinated with us to ensure distro packages are available for a speedy upgrade!

Note, for anyone running Debian Jessie, we have prepared a 0.33.2.1 deb (as 0.33.3 dropped support for Jessie).

Synapse 0.33.3.1 (2018-09-06)

SECURITY FIXES

  • Fix an issue where event signatures were not always correctly validated (#3796)
  • Fix an issue where server_acls could be circumvented for incoming events (#3796)

Internal Changes

  • Unignore synctl in .dockerignore to fix docker builds (#3802)

Synapse 0.33.2 is here!

09.08.2018 00:00 — Releases Neil Johnson

Folks, it's release time, Synapse 0.33.2 has landed.

The release focuses on performance, notable highlights include reducing CPU consumption through speeding up state delta calculations (#3592) and reducing I/O through lazily loading state on the master process (#3579#3581#3582#3584)

Separately work continues on our python 3 port and we hope to have something concrete to trial very soon - we're really excited about this and expect step change improvements in CPU and memory use.

Finally we have some ground work for upcoming room membership lazy loading, there is nothing to see here as yet, but rest assured we will make a lot of noise as soon as it is ready. Stay tuned.

 or any of the sources mentioned at https://github.com/matrix-org/synapse.

Synapse 0.33.2 (2018-08-09)

No significant changes.

Synapse 0.33.2rc1 (2018-08-07)

Features

  • add support for the lazy_loaded_members filter as per MSC1227 (#2970)
  • add support for the include_redundant_members filter param as per MSC1227 (#3331)
  • Add metrics to track resource usage by background processes (#3553#3556#3604#3610)
  • Add code label to synapse_http_server_response_time_seconds prometheus metric (#3554)
  • Add support for client_reader to handle more APIs (#3555#3597)
  • make the /context API filter & lazy-load aware as per MSC1227 (#3567)
  • Add ability to limit number of monthly active users on the server (#3630)
  • When we fail to join a room over federation, pass the error code back to the client. (#3639)
  • Add a new /admin/register API for non-interactively creating users. (#3415)

Bugfixes

  • Make /directory/list API return 404 for room not found instead of 400 (#2952)
  • Default inviter_display_name to mxid for email invites (#3391)
  • Don't generate TURN credentials if no TURN config options are set (#3514)
  • Correctly announce deleted devices over federation (#3520)
  • Catch failures saving metrics captured by Measure, and instead log the faulty metrics information for further analysis. (#3548)
  • Unicode passwords are now normalised before hashing, preventing the instance where two different devices or browsers might send a different UTF-8 sequence for the password. (#3569)
  • Fix potential stack overflow and deadlock under heavy load (#3570)
  • Respond with M_NOT_FOUND when profiles are not found locally or over federation. Fixes #3585 (#3585)
  • Fix failure to persist events over federation under load (#3601)
  • Fix updating of cached remote profiles (#3605)
  • Fix 'tuple index out of range' error (#3607)
  • Only import secrets when available (fix for py < 3.6) (#3626)

Internal Changes

  • Remove redundant checks on who_forgot_in_room (#3350)
  • Remove unnecessary event re-signing hacks (#3367)
  • Rewrite cache list decorator (#3384)
  • Move v1-only REST APIs into their own module. (#3460)
  • Replace more instances of Python 2-only iteritems and itervalues uses. (#3562)
  • Refactor EventContext to accept state during init (#3577)
  • Improve Dockerfile and docker-compose instructions (#3543)
  • Release notes are now in the Markdown format. (#3552)
  • add config for pep8 (#3559)
  • Merge Linearizer and Limiter (#3571#3572)
  • Lazily load state on master process when using workers to reduce DB consumption (#3579#3581#3582#3584)
  • Fixes and optimisations for resolve_state_groups (#3586)
  • Improve logging for exceptions when handling PDUs (#3587)
  • Add some measure blocks to persist_events (#3590)
  • Fix some random logcontext leaks. (#3591#3606)
  • Speed up calculating state deltas in persist_event loop (#3592)
  • Attempt to reduce amount of state pulled out of DB during persist_events (#3595)
  • Fix a documentation typo in on_make_leave_request (#3609)
  • Make EventStore inherit from EventFederationStore (#3612)
  • Remove some redundant joins on event_edges.room_id (#3613)
  • Stop populating events.content (#3614)
  • Update the /send_leave path registration to use event_id rather than a transaction ID. (#3616)
  • Refactor FederationHandler to move DB writes into separate functions (#3621)
  • Remove unused field "pdu_failures" from transactions. (#3628)
  • rename replication_layer to federation_client (#3634)
  • Factor out exception handling in federation_client (#3638)
  • Refactor location of docker build script. (#3644)
  • Update CONTRIBUTING to mention newsfragments. (#3645)

Security update: Synapse 0.33.1

02.08.2018 00:00 — Releases Neil Johnson

Hi All,

We have patched two securities vulnerabilities (details follow), we do not believe either have been exploited in the wild, but recommend upgrading asap.

As always you can get the new update from https://github.com/matrix-org/synapse/releases/tag/v0.33.1 or from any of the sources mentioned at https://github.com/matrix-org/synapse/

Thanks

Changes in Synapse v0.33.1 (2018-08-2)

  • Fix a potential issue where servers could request events for rooms they have not joined. (#3641)
  • Fix a potential issue where users could see events in private rooms before they joined. (#3642)

Security update: Synapse 0.32.0

06.07.2018 00:00 — Releases Neil Johnson

Folks, Synapse 0.32.0 is an important security update: please upgrade as soon as you can.

The release focuses on security; fixing several federation bugs and adding new features for countering abuse. Notably it includes the ability to blacklist & whitelist servers allowed to send events to a room on a per-room basis via the new m.room.server_acl state event: see MSC1383 for details.  This also closes out https://github.com/matrix-org/matrix-doc/issues/709 - one of our oldest feature requests from users who wish to be able to limit the servers allowed to participate in a given room.

It's important to understand that server ACLs only work if all the servers participating in the room honour them.  In future this will be handled better (as part of ongoing work in making it easier to incrementally version and upgrade the federation protocol).  This means that for the ACLs to work, any servers which don't yet implement ACLs (e.g. older Synapses) have to be ACL'd from the room for the access control to work.   Therefore please upgrade as soon as possible to avoid this problem.

This ongoing flurry of security work is in general all part of moving towards the long-awaited stable release of the Server-Server API. In parallel we've been working on the other main outstanding point: State Resets (i.e. scenarios where you get unexpected results when resolving conflicts between different servers' copies of a room).  There will be a few more major changes and upgrades on the horizon as we fix these, but then we'll finally be able to cut an r0 release of the Server-Server API and Matrix will be one massive step closer to being out of beta!

As always, you can get the new update from https://github.com/matrix-org/synapse/releases/tag/v0.32.1  or any of the sources mentioned at https://github.com/matrix-org/synapse.

Changes in synapse v0.32.0 (2018-07-06)

No changes since 0.32.0rc1

Synapse 0.32.0rc1 (2018-07-05)

Features

  • Add blacklist & whitelist of servers allowed to send events to a room via m.room.server_acl event. (merge)
  • Cache factor override system for specific caches (#3334)
  • Add metrics to track appservice transactions (#3344)
  • Try to log more helpful info when a sig verification fails (#3372)
  • Synapse now uses the best performing JSON encoder/decoder according to your runtime (simplejson on CPython, stdlib json on PyPy). (#3462)
  • Add optional ip_range_whitelist param to AS registration files to lock AS IP access (#3465)
  • Reject invalid server names in federation requests (#3480)
  • Reject invalid server names in homeserver.yaml (#3483)

Bugfixes

  • Strip access_token from outgoing requests (#3327)
  • Redact AS tokens in logs (#3349)
  • Fix federation backfill from SQLite servers (#3355)
  • Fix event-purge-by-ts admin API (#3363)
  • Fix event filtering in get_missing_events handler (#3371)
  • Synapse is now stricter regarding accepting events which it cannot retrieve the prev_events for. (#3456)
  • Fix bug where synapse would explode when receiving unicode in HTTP User-Agent header (#3470)
  • Invalidate cache on correct thread to avoid race (#3473)

Improved Documentation

Deprecations and Removals

  • Remove was_forgotten_at (#3324)

Misc