Synapse 0.17.0 released!
2016-08-08 — General — Erik JohnstonSynapse v0.17.0 is finally here, which includes a couple of security fixes so please upgrade. Other notable new things are:
- A bunch of new admin APIs, including purging locally cached data (which has been long requested to help free up disk space). See the docs folder for more details.
- Device management APIs in preparation for end to end encryption.
- Better support for LDAP authentication, thanks to Martin Weinelt! (This may break existing LDAP configuration, see PR #843 for more details.)
- Lots and lots of bug fixes and various bits of performance work.
I'd also like to thank Will Hunt, Martin Weinelt and Kent Shikama for their contributions!
🔗Changes in synapse v0.17.0 (2016-08-08)
This release contains significant security bug fixes regarding authenticating events received over federation. PLEASE UPGRADE.
This release changes the LDAP configuration format in a backwards incompatible way, see PR #843 for details.
Changes:
Bug fixes:- Fix URL preview API to exclude HTML comments in description (PR #988)
- Fix error handling of remote joins (PR #991)
🔗Changes in synapse v0.17.0-rc4 (2016-08-05)
Changes:
- Change the way we summarize URLs when previewing (PR #973)
- Add new
/state_ids/
federation API (PR #979) - Speed up processing of
/state/
response (PR #986)
- Fix event persistence when event has already been partially persisted (PR #975, #983, #985)
- Fix port script to also copy across backfilled events (PR #982)
🔗Changes in synapse v0.17.0-rc3 (2016-08-02)
Changes:
- Forbid non-ASes from registering users whose names begin with '_' (PR #958)
- Add some basic admin API docs (PR #963)
- Send the correct host header when fetching keys (PR #941)
- Fix joining a room that has missing auth events (PR #964)
- Fix various push bugs (PR #966, #970)
- Fix adding emails on registration (PR #968)
🔗Changes in synapse v0.17.0-rc1 (2016-07-28)
This release changes the LDAP configuration format in a backwards incompatible way, see PR #843 for details.
Features:
- Add purge_media_cache admin API (PR #902)
- Add deactivate account admin API (PR #903)
- Add optional pepper to password hashing (PR #907, #910 by @KentShikama)
- Add an admin option to shared secret registration (breaks backwards compat) (PR #909)
- Add purge local room history API (PR #911, #923, #924)
- Add requestToken endpoints (PR #915)
- Add an /account/deactivate endpoint (PR #921)
- Add filter param to /messages. Add 'contains_url' to filter. (PR #922)
- Add device_id support to /login (PR #929)
- Add device_id support to /v2/register flow. (PR #937, #942)
- Add GET /devices endpoint (PR #939, #944)
- Add GET /device/{'{'}deviceId{'{'} (PR #943)
- Add update and delete APIs for devices (PR #949)
- Rewrite LDAP Authentication against ldap3 (PR #843 by @mweinelt)
- Linearize some federation endpoints based on (origin, room_id) (PR #879)
- Remove the legacy v0 content upload API. (PR #888)
- Use similar naming we use in email notifs for push (PR #894)
- Optionally include password hash in createUser endpoint (PR #905 by @KentShikama)
- Use a query that postgresql optimises better for get_events_around (PR #906)
- Fall back to 'username' if 'user' is not given for appservice registration. (PR #927 by @Half-Shot)
- Add metrics for psutil derived memory usage (PR #936)
- Record device_id in client_ips (PR #938)
- Send the correct host header when fetching keys (PR #941)
- Log the hostname the reCAPTCHA was completed on (PR #946)
- Make the device id on e2e key upload optional (PR #956)
- Add r0.2.0 to the "supported versions" list (PR #960)
- Don't include name of room for invites in push (PR #961)
- Fix substitution failure in mail template (PR #887)
- Put most recent 20 messages in email notif (PR #892)
- Ensure that the guest user is in the database when upgrading accounts (PR #914)
- Fix various edge cases in auth handling (PR #919)
- Fix 500 ISE when sending alias event without a state_key (PR #925)
- Fix bug where we stored rejections in the state_group, persist all rejections (PR #948)
- Fix lack of check of if the user is banned when handling 3pid invites (PR #952)
- Fix a couple of bugs in the transaction and keyring code (PR #954, #955)