Hey hey, Synapse 0.99.0 is here!

You may have heard that we recently published the first stable release of the Server to Server Spec (r0.1). The spec makes some changes which are not compatible with the protocol of the past - particularly, self-signed certificates are no longer valid for homeservers. Synapse 1.0.0 will be compliant with r0.1 and the goal of Synapse 0.99.0 is to act as a stepping stone to Synapse 1.0. Synapse 0.99.0 supports the r0.1 release of the server to server specification, but is compatible with both the legacy Matrix federation behaviour (pre-r0.1) as well as post-r0.1 behaviour, in order to allow for a smooth upgrade across the federation.

It is critical that all admins upgrade to 0.99.0 and configure a valid TLS certificate. Admins will have 1 month to do so, after which 1.0.0 will be released and those servers without a valid certificate will no longer be able to federate with >= 1.0.0 servers.

First of all, please don't panic :) We have taken steps to make this process as simple as possible - specifically implementing ACME support to allow servers to automatically generate free Let's Encrypt certificates if you choose to. What's more, it is not necessary to add the certificate right away, you have at least a month to get set up.

For more details on exactly what you need to do (and also why this change is essential), we have provided an extensive FAQ as well as the Upgrade notes for Synapse

As ever, you can get the new update here or any of the sources mentioned at https://github.com/matrix-org/synapse. Note, Synapse is now available from PyPI, pick it up here. Also, check out our new Synapse installation guide page.

This was a huge effort! Congratulations to all involved, especially those of you in the community who contributed to spec MSCs and tested our release candidates. Thank you for bearing with us as we move the whole public Matrix Federation onto r0.1 compliant servers.

Onwards!

🔗Changelog

Synapse v0.99.x is a precursor to the upcoming Synapse v1.0 release. It contains foundational changes to room architecture and the federation security model necessary to support the upcoming r0 release of the Server to Server API.

🔗Features

  • Synapse's cipher string has been updated to require ECDH key exchange. Configuring and generating dh_params is no longer required, and they will be ignored. (#4229)
  • Synapse can now automatically provision TLS certificates via ACME (the protocol used by CAs like Let's Encrypt). (#4384#4492#4525#4572#4564#4566#4547#4557)
  • Implement MSC1708 (.well-known routing for server-server federation) (#4408#4409#4426#4427#4428#4464#4468#4487#4488#4489#4497#4511#4516#4520#4521#4539#4542#4544)
  • Search now includes results from predecessor rooms after a room upgrade. (#4415)
  • Config option to disable requesting MSISDN on registration. (#4423)
  • Add a metric for tracking event stream position of the user directory. (#4445)
  • Support exposing server capabilities in CS API (MSC1753, MSC1804) (#447281b7e7eed))
  • Add support for room version 3 (#4483#4499#4515#4523#4535)
  • Synapse will now reload TLS certificates from disk upon SIGHUP. (#4495#4524)
  • The matrixdotorg/synapse Docker images now use Python 3 by default. (#4558)

🔗Bugfixes

  • Prevent users with access tokens predating the introduction of device IDs from creating spurious entries in the user_ips table. (#4369)
  • Fix typo in ALL_USER_TYPES definition to ensure type is a tuple (#4392)
  • Fix high CPU usage due to remote devicelist updates (#4397)
  • Fix potential bug where creating or joining a room could fail (#4404)
  • Fix bug when rejecting remote invites (#4405#4527)
  • Fix incorrect logcontexts after a Deferred was cancelled (#4407)
  • Ensure encrypted room state is persisted across room upgrades. (#4411)
  • Copy over whether a room is a direct message and any associated room tags on room upgrade. (#4412)
  • Fix None guard in calling config.server.is_threepid_reserved (#4435)
  • Don't send IP addresses as SNI (#4452)
  • Fix UnboundLocalError in post_urlencoded_get_json (#4460)
  • Add a timeout to filtered room directory queries. (#4461)
  • Workaround for login error when using both LDAP and internal authentication. (#4486)
  • Fix a bug where setting a relative consent directory path would cause a crash. (#4512)

🔗Deprecations and Removals

  • Synapse no longer generates self-signed TLS certificates when generating a configuration file. (#4509)

🔗Improved Documentation

  • Update debian installation instructions (#4526)

🔗Internal Changes

  • Synapse will now take advantage of native UPSERT functionality in PostgreSQL 9.5+ and SQLite 3.24+. (#4306#4459#4466#4471#4477#4505)
  • Update README to use the new virtualenv everywhere (#4342)
  • Add better logging for unexpected errors while sending transactions (#4368)
  • Apply a unique index to the user_ips table, preventing duplicates. (#4370#4432#4434)
  • Silence travis-ci build warnings by removing non-functional python3.6 (#4377)
  • Fix a comment in the generated config file (#4387)
  • Add ground work for implementing future federation API versions (#4390)
  • Update dependencies on msgpack and pymacaroons to use the up-to-date packages. (#4399)
  • Tweak codecov settings to make them less loud. (#4400)
  • Implement server support for MSC1794 - Federation v2 Invite API (#4402)
  • debian package: symlink to explicit python version (#4433)
  • Add infrastructure to support different event formats (#4437#4447#4448#4470#4481#4482#4493#4494#4496#4510#4514)
  • Generate the debian config during build (#4444)
  • Clarify documentation for the public_baseurl config param (#4458#4498)
  • Fix quoting for allowed_local_3pids example config (#4476)
  • Remove deprecated --process-dependency-links option from UPGRADE.rst (#4485)
  • Make it possible to set the log level for tests via an environment variable (#4506)
  • Reduce the log level of linearizer lock acquirement to DEBUG. (#4507)
  • Fix code to comply with linting in PyFlakes 3.7.1. (#4519)
  • Add some debug for membership syncing issues (#4538)
  • Docker: only copy what we need to the build image (#4562)

The Foundation needs you

The Matrix.org Foundation is a non-profit and only relies on donations to operate. Its core mission is to maintain the Matrix Specification, but it does much more than that.

It maintains the matrix.org homeserver and hosts several bridges for free. It fights for our collective rights to digital privacy and dignity.

Support us