The whole Matrix project is racing towards enabling e2ee by default. Synapse is no different and v1.10.0 contains multiple e2ee UX improvements, as well as a bug fix that prevented cross signing requests over federation to work reliably.
If any of your users are on the bleeding edge and have already started using cross signing (by enabling labs flags in Riot), then it will be necessary for them to force Synapse to re-send device updates by renaming all of their devices.
We've also included a temporary fix to address alias abuse. The idea is that until #6898 lands, servers will refrain from sharing events of type m.room.aliases with clients. Most admins will not be affected, but if you are present in rooms subject to alias abuse, then upgrading provides a pragmatic short term solution.
Finally, as of this release Synapse validates client_secret parameters in the Client-Server API as per the spec. See #6766 for details.
WARNING to client developers: As of this release Synapse validates client_secret parameters in the Client-Server API as per the spec. See #6766 for details.
Updates to the Docker image
Update the docker images to Alpine Linux 3.11. (#6897)
Synapse 1.10.0rc5 (2020-02-11)
Bugfixes
Fix the filtering introduced in 1.10.0rc3 to also apply to the state blocks returned by /sync. (#6884)
Synapse 1.10.0rc4 (2020-02-11)
This release candidate was built incorrectly and is superseded by 1.10.0rc5.
Synapse 1.10.0rc3 (2020-02-10)
Features
Filter out m.room.aliases from the CS API to mitigate abuse while a better solution is specced. (#6878)
Internal Changes
Fix continuous integration failures with old versions of pip, which were introduced by a release of the zipp library. (#6880)
Synapse 1.10.0rc2 (2020-02-06)
Bugfixes
Fix an issue with cross-signing where device signatures were not sent to remote servers. (#6844)
Fix to the unknown remote device detection which was introduced in 1.10.rc1. (#6848)
Internal Changes
Detect unexpected sender keys on remote encrypted events and resync device lists. (#6850)
Synapse 1.10.0rc1 (2020-01-31)
Features
Add experimental support for updated authorization rules for aliases events, from MSC2260. (#6787, #6790, #6794)
Bugfixes
Warn if postgres database has a non-C locale, as that can cause issues when upgrading locales (e.g. due to upgrading OS). (#6734)
Minor fixes to PUT /_synapse/admin/v2/users admin api. (#6761)
Validate client_secret parameter using the regex provided by the Client-Server API, temporarily allowing : characters for older clients. The : character will be removed in a future release. (#6767)
Fix persisting redaction events that have been redacted (or otherwise don't have a redacts key). (#6771)