It's that time again: there's a new Synapse release, fresh out of the oven! Let's take a look at what's inside Synapse 1.64.
Delegating email verification is now deprecated
introduced a configuration option (
account_threepid_delegates.email) to allow
homeservers to delegate validating the ownership of email addresses to an
external identity server. This validation is used by Synapse when adding an
email address to a Matrix account, or before performing a password reset.
As of Synapse 1.64, this option is deprecated, and Synapse will print a warning if it is used. This is because this option relies on old API endpoints that have since been removed from the Matrix specification.
Synapse can do this validation internally provided it is configured with details
of an SMTP server. Administrators currently relying on
account_threepid_delegates.email should therefore ensure that an SMTP server
is correctly configured, and remove the
option. See the configuration
for more information.
We plan to fully remove this configuration option in Synapse 1.66, which is expected to be released on August 30th.
Note that the equivalent option to validate the ownership of phone numbers
account_threepid_delegates.msisdn) can still be used, though we expect to
deprecate it in a future release of Synapse.
Improved TLS support for sending emails
When configuring an SMTP server to use to send out emails to users, server administrators can configure Synapse to use TLS to communicate to that server. Until now, only STARTTLS was supported in this case.
Synapse 1.64 introduces a new
force_tls configuration option in the
will use TLS for the initial connection rather than upgrading via STARTTLS.
See the configuration guide for more information.
Memory leak in
A couple of weeks ago, we
memory leak within frozendict, which is
a library that Synapse relies on. This would in turn cause Synapse instances to
slowly leak memory when processing
We highly encourage server administrators who installed Synapse via
upgrade their local version of
frozendict to version 2.3.3 or later, which
includes a fix to this issue. The Docker image
matrixdotorg/synapse and the
Debian packages from
packages.matrix.org already include the updated library.
This version of Synapse introduces support for room version 10! This new room
version enables support for the new
knock_restricted join rule, to allow
knocking into rooms which are otherwise restricted to members of a specific room
(or space). See the Matrix specification about room version
10 for more information.
Additionally, Synapse 1.64 features a new rate limiter to limit the rate of joins to the same room. It is intended as a mitigation against abuse scenarios involving joining a lot of users from different homeservers to a room to then send spam across it. See the configuration guide for more information.
Synapse is a Free and Open Source Software project, and we'd like to extend our thanks to everyone who contributed to this release, including (in no particular order) Beeper, andrewdoh, Thomas Weston, jejo86, villepeh, Jörg Behrmann and Jacek Kuśnierz, as well as anyone helping us make Synapse better by sharing their feedback and reporting issues.