144 posts tagged with "Releases" (See all Category)

Atom Feed

Synapse 1.7.3 released

31.12.2019 00:00 — Releases Matthew Hodgson

Hi all,

We've just released Synapse 1.7.3 - an important bug fix to address a class of failures due to malformed events. We've seen this in the wild over the last few days, so we'd recommend updating as soon as possible, especially if you are having problems federating.

Get the new release from github or any of the sources mentioned at

The changelog since 1.7.2 is:

Synapse 1.7.3 (2019-12-31)

This release fixes a long-standing bug in the state resolution algorithm.


  • Fix exceptions caused by state resolution choking on malformed events. (#6608)

Synapse 1.7.2 released

20.12.2019 00:00 — Releases Matthew Hodgson

Hi all,

We've just released Synapse 1.7.2 - a minor point release to address two regressions which snuck into 1.7.0 and 1.7.1. Sorry for the upgrade faff; hopefully we will be back to a saner release cadence shortly. Reminder that if you are on 1.7.0 or earlier you should upgrade asap as 1.7.1 contained security fixes.

Get the new release from github or any of the sources mentioned at

The changelog since 1.7.1 is:

Synapse 1.7.2 (2019-12-20)

This release fixes some regressions introduced in Synapse 1.7.0 and 1.7.1.


  • Fix a regression introduced in Synapse 1.7.1 which caused errors when attempting to backfill rooms over federation. (#6576)
  • Fix a bug introduced in Synapse 1.7.0 which caused an error on startup when upgrading from versions before 1.3.0. (#6578)

Synapse 1.7.1 released

18.12.2019 00:00 — Releases Richard van der Hoff

Hi folks; today we are releasing Synapse 1.7.1.

This is a security release which fixes some problems which affected all previous versions of Synapse. We advise all admins whose servers are open to public federation to upgrade as soon as possible.

Full details follow, but the most important change improves event authorization, thereby preventing the ability to add certain events to a given room erroneously.

You can get the new release from github or any of the sources mentioned at

The changelog since 1.7.0 follows:

Security updates

  • Fix a bug which could cause room events to be incorrectly authorized using events from a different room. (#6501, #6503, #6521, #6524, #6530, #6531)
  • Fix a bug causing responses to the /context client endpoint to not use the pruned version of the event. (#6553)
  • Fix a cause of state resets in room versions 2 onwards. (#6556, #6560)


  • Fix a bug which could cause the federation server to incorrectly return errors when handling certain obscure event graphs. (#6526, #6527)

Synapse 1.7.0 released

13.12.2019 00:00 — Releases Neil Johnson

Hello people, it’s Synapse 1.7.0 time.

This release includes some long requested features, most notably the ability to automatically delete message data after a predefined period. For more details take a look at the config here ─ it should be pretty self explanatory.

Another significant change this release is to explicitly set room directories to be private by default. Previously it was possible to inadvertently configure the directory to be visible to arbitrary Matrix servers and the internet in general.

This means that for those admins who want their room directories to be publicly searchable ( for instance) they need to explicitly say so in the config. For more details see the upgrade notes and our blog post explaining the situation in greater detail.

We also have early support for ephemeral messages, as well as the ability to specify a reason when rejecting an invite (amongst other actions).

Aside from all of that, we want to let you know about some changes on the horizon. Currently Synapse runs Sqlite by default. This is great in that it gets new admins going quickly without needing to install and configure Postgres. The downside of using Sqlite is that it offers very poor performance, especially once a server tries to join the federation. In truth Sqlite is only really there to demonstrate the service, but for anything other than the most trivial cases it is essential to migrate to Postgres.

Over the past few months we’ve been working to improve the migration path to Postgres such that finally we feel confident to actively encourage admins to migrate. What’s more, in a future release we will forcibly prevent SQLite-backed servers federating unless the admin explicitly sets a config flag to show that they understand the trade-off they are making.

Overall we see these changes as something that will improve everyone’s experience of the matrix federation. We’ll talk more about this closer to the time, but please expect a change in the coming months and if you are running SQLite, consider this a nudge to get yourself migrated.

As ever, you can get the new update here or any of the sources mentioned at Also, check out our Synapse installation guide page.

The changelog since 1.6.1 follows:

Synapse 1.7.0 (2019-12-13)

This release changes the default settings so that only local authenticated users can query the server's room directory. See the upgrade notes for details.

Support for SQLite versions before 3.11 is now deprecated. A future release will refuse to start if used with an SQLite version before 3.11.

Administrators are reminded that SQLite should not be used for production instances. Instructions for migrating to Postgres are available here. A future release of synapse will, by default, disable federation for servers using SQLite.

No significant changes since 1.7.0rc2.

Synapse 1.7.0rc2 (2019-12-11)


  • Fix incorrect error message for invalid requests when setting user's avatar URL. (#6497)
  • Fix support for SQLite 3.7. (#6499)
  • Fix regression where sending email push would not work when using a pusher worker. (#6507, #6509)

Synapse 1.7.0rc1 (2019-12-09)


  • Implement per-room message retention policies. (#5815, #6436)
  • Add etag and count fields to key backup endpoints to help clients guess if there are new keys. (#5858)
  • Add /admin/v2/users endpoint with pagination. Contributed by Awesome Technologies Innovationslabor GmbH. (#5925)
  • Require User-Interactive Authentication for /account/3pid/add, meaning the user's password will be required to add a third-party ID to their account. (#6119)
  • Implement the /_matrix/federation/unstable/net.atleastfornow/state/<context> API as drafted in MSC2314. (#6176)
  • Configure privacy-preserving settings by default for the room directory. (#6355)
  • Add ephemeral messages support by partially implementing MSC2228. (#6409)
  • Add support for MSC 2367, which allows specifying a reason on all membership events. (#6434)


  • Transfer non-standard power levels on room upgrade. (#6237)
  • Fix error from the Pillow library when uploading RGBA images. (#6241)
  • Correctly apply the event filter to the state, events_before and events_after fields in the response to /context requests. (#6329)
  • Fix caching devices for remote users when using workers, so that we don't attempt to refetch (and potentially fail) each time a user requests devices. (#6332)
  • Prevent account data syncs getting lost across TCP replication. (#6333)
  • Fix bug: TypeError in register_user() while using LDAP auth module. (#6406)
  • Fix an intermittent exception when handling read-receipts. (#6408)
  • Fix broken guest registration when there are existing blocks of numeric user IDs. (#6420)
  • Fix startup error when http proxy is defined. (#6421)
  • Fix error when using synapse_port_db on a vanilla synapse db. (#6449)
  • Fix uploading multiple cross signing signatures for the same user. (#6451)
  • Fix bug which lead to exceptions being thrown in a loop when a cross-signed device is deleted. (#6462)
  • Fix synapse_port_db not exiting with a 0 code if something went wrong during the port process. (#6470)
  • Improve sanity-checking when receiving events over federation. (#6472)
  • Fix inaccurate per-block Prometheus metrics. (#6491)
  • Fix small performance regression for sending invites. (#6493)
  • Back out cross-signing code added in Synapse 1.5.0, which caused a performance regression. (#6494)

Improved Documentation

  • Update documentation and variables in user contributed systemd reference file. (#6369, #6490)
  • Fix link in the user directory documentation. (#6388)
  • Add build instructions to the docker readme. (#6390)
  • Switch Ubuntu package install recommendation to use python3 packages in (#6443)
  • Write some docs for the quarantine_media api. (#6458)
  • Convert CONTRIBUTING.rst to markdown (among other small fixes). (#6461)

Deprecations and Removals

  • Remove admin/v1/users_paginate endpoint. Contributed by Awesome Technologies Innovationslabor GmbH. (#5925)
  • Remove fallback for federation with old servers which lack the /federation/v1/state_ids API. (#6488)

Internal Changes

  • Add benchmarks for structured logging and improve output performance. (#6266)
  • Improve the performance of outputting structured logging. (#6322)
  • Refactor some code in the event authentication path for clarity. (#6343, #6468, #6480)
  • Clean up some unnecessary quotation marks around the codebase. (#6362)
  • Complain on startup instead of 500'ing during runtime when public_baseurl isn't set when necessary. (#6379)
  • Add a test scenario to make sure room history purges don't break /messages in the future. (#6392)
  • Clarifications for the email configuration settings. (#6423)
  • Add more tests to the blacklist when running in worker mode. (#6429)
  • Refactor data store layer to support multiple databases in the future. (#6454, #6464, #6469, #6487)
  • Port to async/await. (#6482)
  • Port to async/await. (#6483)
  • Port SyncHandler to async/await. (#6484)

Synapse 1.6.0 released

26.11.2019 00:00 — Releases Neil Johnson

Synapse 1.6.0 has landed and is here to brighten your day!

1.6.0's most notable feature is that of label based filtering. It allows for messages to be tagged with a given label so that clients can filter on the label, this means that clients can subscribe to specific topics in a room, such as #lunch.

Completely separately, from here on in new rooms will be version 5 by default, all this means in practice is that servers will respect server signing key validity periods. This won't make a lot of difference in day to day operation, but it is an important security consideration and we now have sufficient penetration across the federation to make version 5 the default.

Aside from that there are a bunch of bug fixes and improvements, including fixing a bug that in some cases prevented messages being decrypted shortly after a restart (#6363) and generally improving the room upgrade experience (#6232, #6235).

As ever, you can get the new update here or any of the sources mentioned at Also, check out our Synapse installation guide page

The changelog since 1.5.1 follows:

Synapse 1.6.0 (2019-11-26)


  • Fix phone home stats reporting. (#6418)

Synapse 1.6.0rc2 (2019-11-25)


  • Fix a bug which could cause the background database update handler for event labels to get stuck in a loop raising exceptions. (#6407)

Synapse 1.6.0rc1 (2019-11-20)


  • Add federation support for cross-signing. (#5727)
  • Increase default room version from 4 to 5, thereby enforcing server key validity period checks. (#6220)
  • Add support for outbound http proxying via http_proxy/HTTPS_PROXY env vars. (#6238)
  • Implement label-based filtering on /sync and /messages (MSC2326). (#6301, #6310, #6340)


  • Fix LruCache callback deduplication for Python 3.8. Contributed by @V02460. (#6213)
  • Remove a room from a server's public rooms list on room upgrade. (#6232, #6235)
  • Delete keys from key backup when deleting backup versions. (#6253)
  • Make notification of cross-signing signatures work with workers. (#6254)
  • Fix exception when remote servers attempt to join a room that they're not allowed to join. (#6278)
  • Prevent errors from appearing on Synapse startup if git is not installed. (#6284)
  • Appservice requests will no longer contain a double slash prefix when the appservice url provided ends in a slash. (#6306)
  • Fix /purge_room admin API. (#6307)
  • Fix the hidden field in the devices table for SQLite versions prior to 3.23.0. (#6313)
  • Fix bug which caused rejected events to be persisted with the wrong room state. (#6320)
  • Fix bug where rc_login ratelimiting would prematurely kick in. (#6335)
  • Prevent the server taking a long time to start up when guest registration is enabled. (#6338)
  • Fix bug where upgrading a guest account to a full user would fail when account validity is enabled. (#6359)
  • Fix to_device stream ID getting reset every time Synapse restarts, which had the potential to cause unable to decrypt errors. (#6363)
  • Fix permission denied error when trying to generate a config file with the docker image. (#6389)

Improved Documentation

  • Contributor documentation now mentions script to run linters. (#6164)
  • Modify to update the terms private key and public key to secret key and site key respectively. Contributed by Yash Jipkate. (#6257)
  • Update Email section to talk about account_threepid_delegates. (#6272)
  • Fix a small typo in account_threepid_delegates configuration option. (#6273)

Internal Changes

  • Add a CI job to test the synapse_port_db script. (#6140, #6276)
  • Convert EventContext to an attrs. (#6218)
  • Move persist_events out from main data store. (#6240, #6300)
  • Reduce verbosity of user/room stats. (#6250)
  • Reduce impact of debug logging. (#6251)
  • Expose some homeserver functionality to spam checkers. (#6259)
  • Change cache descriptors to always return deferreds. (#6263, #6291)
  • Fix incorrect comment regarding the functionality of an if statement. (#6269)
  • Update CI to run isort over the scripts and scripts-dev directories. (#6270)
  • Replace every instance of logger.warn method with logger.warning as the former is deprecated. (#6271, #6314)
  • Port replication http server endpoints to async/await. (#6274)
  • Port room rest handlers to async/await. (#6275)
  • Remove redundant CLI parameters on CI's flake8 step. (#6277)
  • Port to async/await. (#6279)
  • Port receipt and read markers to async/wait. (#6280)
  • Split out state storage into separate data store. (#6294, #6295)
  • Refactor EventContext for clarity. (#6298)
  • Update the version of black used to 19.10b0. (#6304)
  • Add some documentation about worker replication. (#6305)
  • Move admin endpoints into separate files. Contributed by Awesome Technologies Innovationslabor GmbH. (#6308)
  • Document the use of for code style enforcement & extend it to run on specified paths only. (#6312)
  • Add optional python dependencies and dependant binary libraries to snapcraft packaging. (#6317)
  • Remove the dependency on psutil and replace functionality with the stdlib resource module. (#6318, #6336)
  • Improve documentation for EventContext fields. (#6319)
  • Add some checks that we aren't using state from rejected events. (#6330)
  • Add continuous integration for python 3.8. (#6341)
  • Correct spacing/case of various instances of the word "homeserver". (#6357)
  • Temporarily blacklist the failing unit test PurgeRoomTestCase.test_purge_room. (#6361)

Client-server r0.6.0 and Identity Service r0.3.0 releases

08.11.2019 00:00 — Releases Travis Ralston

Hey all,

For the last several months the team has been working on tightening up privacy in Matrix, and with the 1.4 release of Synapse and Riot quite a lot has been done in the area. One of the remaining pieces was to release all the specification changes to help other client/server implementations achieve the same goals, and now we've done that.

The Client-Server r0.6.0 and Identity Service r0.3.0 spec releases both cover the privacy improvements added through a number of MSCs in the last few months. Of particular note is that identity servers are now expected to support terms of service endpoints, which requires authentication that clients might need to worry about - check the spec changelogs for details.

The full changelog for the Client-Server r0.6.0 release is:

  • Breaking Changes

    • Add id_access_token as a required request parameter to a few endpoints which require an id_server parameter as part of MSC2140. (#2255)
  • New Endpoints

    • Add POST /account/3pid/unbind for removing a 3PID from an identity server. (#2282)
  • Backwards Compatible Changes

    • Add M_USER_DEACTIVATED error code. (#2234)
    • Remove bind_msisdn and bind_email from /register now that the identity server's bind endpoint requires authentication. (#2279)
    • Add m.identity_server account data for tracking the user's preferred identity server. (#2281)
    • Deprecate id_server and make it optional in several places. (#2310)
  • Spec Clarifications

    • Add missing format fields to$m.notice schema. (#2125)
    • Remove "required" designation from the url field of certain msgtypes. (#2129)
    • Fix various typos throughout the specification. (#2131, #2136, #2148, #2215)
    • Clarify the distinction between m.key.verification.start and its variant. (#2132)
    • Fix link to Olm signing specification. (#2133)
    • Clarify the conditions for the .m.rule.room_one_to_one push rule. (#2152)
    • Clarify the encryption algorithms supported by the device of the device keys example. (#2157)
    • Clarify that /rooms/:roomId/event/:eventId returns a Matrix error. (#2204)
    • Add a missing state_key check on .m.rule.tombstone. (#2223)
    • Fix the m.room_key_request action value, setting it from cancel_request to request_cancellation. (#2247)
    • Clarify that the submit_url field is without authentication. (#2341)
    • Clarify the expected phone number format. (#2342)
    • Clarify that clients should consider not requesting URL previews in encrypted rooms. (#2343)
    • Add missing information on how filters are meant to work with /context. (#2344)
    • Clarify what the keys are for rooms in /sync. (#2345)

The full changelog for the Identity Service r0.3.0 release is:

  • New Endpoints

    • Add /account, /account/register, and /account/logout to authenticate with the identity server. (#2255)
    • Add endpoints for accepting and handling terms of service. (#2258)
    • Add /hash_details and a new /lookup endpoint for performing hashed association lookups. (#2287)
  • Backwards Compatible Changes

    • Deprecate the v1 API in favour of an authenticated v2 API. (#2254)

Synapse 1.5.0 released

29.10.2019 00:00 — Releases Neil Johnson

That's right folks Synapse 1.5.0 is here and ready to make your life just a little bit better.

First things first, this release includes a security fix (#6262, below). Administrators are encouraged to upgrade as soon as possible.

Aside from that, the main thing you'll notice in 1.5.0 is a massive performance improvement to the room directory, which means that servers with large directories to scan will return much more quickly. This is especially true for but all servers will benefit.

Another key win is finally fixing some bugs in the sqlite -> postgres migrator script. Sqlite mode is there strictly for testing purposes and should never be used in a production setting let alone a federating homeserver. So if you are currently using Sqlite now is the time to migrate. What's more the script is now in CI so it can't easily break in the future (with apologies to anyone bitten by the old script...).

A final final point, we have some preparatory work for e2ee cross signing, the overall feature is not ready for release just yet but we are getting really close. Watch this space.

As ever, you can get the new update here or any of the sources mentioned at Also, check out our Synapse installation guide page

The changelog since 1.4.1 follows:

Synapse 1.5.0 (2019-10-29)

Security updates

This release includes a security fix (#6262, below). Administrators are encouraged to upgrade as soon as possible.


  • Fix bug where room directory search was case sensitive. (#6268)

Synapse 1.5.0rc2 (2019-10-28)


  • Update list of boolean columns in synapse_port_db. (#6247)
  • Fix /keys/query API on workers. (#6256)
  • Improve signature checking on some federation APIs. (#6262)

Internal Changes

  • Move schema delta files to the correct data store. (#6248)
  • Small performance improvement by removing repeated config lookups in room stats calculation. (#6255)

Synapse 1.5.0rc1 (2019-10-24)


  • Improve quality of thumbnails for 1-bit/8-bit color palette images. (#2142)
  • Add ability to upload cross-signing signatures. (#5726)
  • Allow uploading of cross-signing keys. (#5769)
  • CAS login now provides a default display name for users if a displayname_attribute is set in the configuration file. (#6114)
  • Reject all pending invites for a user during deactivation. (#6125)
  • Add config option to suppress client side resource limit alerting. (#6173)


  • Return an HTTP 404 instead of 400 when requesting a filter by ID that is unknown to the server. Thanks to @krombel for contributing this! (#2380)
  • Fix a bug where users could be invited twice to the same group. (#3436)
  • Fix /createRoom failing with badly-formatted MXIDs in the invitee list. Thanks to @wener291! (#4088)
  • Make the synapse_port_db script create the right indexes on a new PostgreSQL database. (#6102, #6178, #6243)
  • Fix bug when uploading a large file: Synapse responds with M_UNKNOWN while it should be M_TOO_LARGE according to spec. Contributed by Anshul Angaria. (#6109)
  • Fix user push rules being deleted from a room when it is upgraded. (#6144)
  • Don't 500 when trying to exchange a revoked 3PID invite. (#6147)
  • Fix transferring notifications and tags when joining an upgraded room that is new to your server. (#6155)
  • Fix bug where guest account registration can wedge after restart. (#6161)
  • Fix monthly active user reaping when reserved users are specified. (#6168)
  • Fix /federation/v1/state endpoint not supporting newer room versions. (#6170)
  • Fix bug where we were updating censored events as bytes rather than text, occasionally causing invalid JSON being inserted breaking APIs that attempted to fetch such events. (#6186)
  • Fix occasional missed updates in the room and user directories. (#6187)
  • Fix tracing of non-JSON APIs, /media, /key etc. (#6195)
  • Fix bug where presence would not get timed out correctly if a synchrotron worker is used and restarted. (#6212)
  • synapse_port_db: Add 2 additional BOOLEAN_COLUMNS to be able to convert from database schema v56. (#6216)
  • Fix a bug where the Synapse demo script blacklisted ::1 (ipv6 localhost) from receiving federation traffic. (#6229)

Updates to the Docker image

  • Fix logging getting lost for the docker image. (#6197)

Internal Changes

  • Update user_filters table to have a unique index, and non-null columns. Thanks to @pik for contributing this. (#1172, #6175, #6184)
  • Allow devices to be marked as hidden, for use by features such as cross-signing. This adds a new field with a default value to the devices field in the database, and so the database upgrade may take a long time depending on how many devices are in the database. (#5759)
  • Move lookup-related functions from RoomMemberHandler to IdentityHandler. (#5978)
  • Improve performance of the public room list directory. (#6019, #6152, #6153, #6154)
  • Edit header dicts docstrings in SimpleHttpClient to note that str or bytes can be passed as header keys. (#6077)
  • Add snapcraft packaging information. Contributed by @devec0. (#6084, #6191)
  • Kill off half-implemented password-reset via sms. (#6101)
  • Remove get_user_by_req opentracing span and add some tags. (#6108)
  • Drop some unused database tables. (#6115)
  • Add env var to turn on tracking of log context changes. (#6127)
  • Refactor configuration loading to allow better typechecking. (#6137)
  • Log responder when responding to media request. (#6139)
  • Improve performance of find_next_generated_user_id DB query. (#6148)
  • Expand type-checking on modules imported by synapse.config. (#6150)
  • Use Postgres ANY for selecting many values. (#6156)
  • Add more caching to _get_joined_users_from_context DB query. (#6159)
  • Add some metrics on the federation sender. (#6160)
  • Add some logging to the rooms stats updates, to try to track down a flaky test. (#6167)
  • Remove unused timeout parameter from _get_public_room_list. (#6179)
  • Reject (accidental) attempts to insert bytes into postgres tables. (#6186)
  • Make version optional in body of PUT /room_keys/version/{version}, since it's redundant. (#6189)
  • Make storage layer responsible for adding device names to key, rather than the handler. (#6193)
  • Port module to use async/await. (#6196)
  • Enforce that all boolean configuration values are lowercase in CI. (#6203)
  • Remove some unused event-auth code. (#6214)
  • Remove Auth.check method. (#6217)
  • Remove script in favour of a perl reimplementation in Sytest's repo. (#6219)
  • Refactor storage layer in preparation to support having multiple databases. (#6231)
  • Remove some extra quotation marks across the codebase. (#6236)

Synapse 1.4.1 released

18.10.2019 00:00 — Releases Matthew Hodgson

Hi all,

We've released Synapse 1.4.1 as a small but important bugfix to 1.4.0.

This fixes a regression which crept in with our newly implemented "erase redacted data after N days" feature where some APIs would fail when hitting erased redactions - anyone on Synapse 1.4.0 will want to upgrade asap.

As always, you can get the new update here or any of the sources mentioned at Also, check out our Synapse installation guide page

The changelog since 1.4.0 follows:

Synapse 1.4.1 (2019-10-18)

No changes since 1.4.1rc1.

Synapse 1.4.1rc1 (2019-10-17)


  • Fix bug where redacted events were sometimes incorrectly censored in the database, breaking APIs that attempted to fetch such events. (#6185, 5b0e9948)

matrix-appservice-slack bridge 1.0 is here!

03.10.2019 00:00 — General Half-Shot

Hello Matrix enthusiasts! Yesterday we released matrix-appservice-slack 1.0. This marks a major milestone in bridge development for the team, being our first bridge to ever reach 1.0. The decision to release this version came after we decided that the bridge had gained enough features and reached a point of stability where it could be deployed in the wild with minimal risk.

For those not in the know, the Slack bridge is Node.JS based, and bridges slack channels & users into Matrix seamlessly. And for those wondering, yes it works with Mattermost too (since their API is compatible with Slack)! In previous versions only a limited subset of features were supported, making heavy usage of Slack’s webhook API. As of 1.0, the bridge now makes use of the newer Slack Events/RTM API which gives us all we need for a richer bridging experience. Everything from edits and reactions to typing notifications is supported in the 1.0 release.

Finally for those who are self hosting, we are pleased to offer the ability to "puppet" your Slack account using the bridge. Puppeting is the process in which the bridge will send messages as if you were sending them from the Slack client directly, when you talk using your Matrix account. This opens the door to seamless bridging and direct messaging support.

For those wishing to bridge their whole workspace across, picard exists as a tool to manage large scale Slack bridge deployments. This tool is provided by Cadair and SolarDrew

Slack Screenshot Threading & Reactions!

The bridge has undergone some pretty serious code surgery as well. The whole codebase has been rewritten in TypeScript to take advantage of type checking and generic types. The bridge is currently based upon the matrix-appservice-bridge library. The datastore interface now supports PostgreSQL, which allows for administrators to inspect and edit the database while the bridge is running, as well as offering helpful performance boost over the NeDB datastore format that was used previously. Finally, the codebase has proper Unit and Integration Tests to ensure new changes will not cause any regressions in behaviour. In short, now is an excellent time to get involved and hack on the bridge. There is already a crafted list of easy issues for new and experienced bridge devs.

Grafana memory usage graph Memory usage of the bridge comparison

Grafana CPU usage graph CPU usage of the bridge comparison

In terms of how many users is currently serving at the moment, we present to you some figures:

  • 2562 bridged rooms
  • 764 teams connected to the bridge
  • 103711 events have passed through the bridge since the launch of 0.3.2

Of course, our work doesn’t stop at 1.0. The plan for the immediate future of the bridge is to continue adding support for other event types coming from Matrix and Slack to create an ever richer experience. Obvious features are things like topic changes, and syncing membership across the bridge. In the long term future we would also like to add community support to the bridge, so whole Slack workspaces can be bridged across with a single click.

That’s all from me, and I would like to say a massive thank you to Cadair and Ben for both their code and review work on the project and as always, thank you to the community for using the bridge and reporting issues. 🙂

Useful links:

Synapse 1.4.0 released

03.10.2019 00:00 — Releases Neil Johnson

Wheyhey as I live and breathe 1.4.0 is here!

1.4.0 should be considered ‘The Privacy Release’ and is the cumulation of a huge body of work spanning multiple projects to improve data privacy in the matrix ecosystem. You can read more about the full project here.

While we consider 1.4.0 to be a huge leap forward in terms of data privacy, it is really important to note that it contains breaking changes.

  • If you currently rely on email or SMS delivery via an identity server you must modify your Synapse configuration.
  • If you have configured custom templates, then eight new templates must be added to your templates directory.

If either apply to you failure to act will break your installation. Full details can be found in the upgrade notes.

So what has changed?

It is possible for a user to associate an email address or phone number with their account, for a number of reasons:

  • For use when logging in, as an alternative to the user id.
  • In the case of email, as an alternative contact to help with account recovery.
  • In the case of email, to receive notifications of missed messages.

Before an email address or phone number can be added to a user's account, or before such an address is used to carry out a password-reset, Synapse must confirm the operation with the owner of the email address or phone number. It does this by sending an email or text giving the user a link or token to confirm receipt. This process is known as '3pid verification'. ('3pid', or 'threepid', stands for third-party identifier, and we use it to refer to external identifiers such as email addresses and phone numbers.)

Previous versions of Synapse delegated the task of 3pid verification to an identity server by default. In most cases this server is or

In Synapse 1.4.0, for security and privacy reasons, the homeserver will no longer delegate this task to an identity server by default. Instead, the server administrator will need to explicitly decide how they would like the verification messages to be sent.

In the medium term, the and identity servers will disable support for delegated 3pid verification entirely. However, in order to ease the transition, they will retain the capability for a limited period. Delegated email verification will be disabled on Monday 2nd December 2019 (giving roughly 2 months notice). Disabling delegated SMS verification will follow some time after that once SMS verification support lands in Synapse.

Once delegated 3pid verification support has been disabled in the and identity servers, all Synapse versions that depend on those instances will be unable to verify email and phone numbers through them. There are no imminent plans to remove delegated 3pid verification from Sydent generally. (Sydent is the identity server project that backs the and instances).

Why is this necessary?

Prior to 1.4.0, the identity server was providing two related-but-separate functions:

a directory for users to publish their contact details and to look up their contacts by their email addresses and phone numbers. a "trusted third party communications network delegate", providing SMS- and email-sending functionality to all homeservers for registration and password reset.

The intention behind the identity server's providing 2. was one of convenience: to save homeserver admins the burden of configuring their homeservers to send email, as well as sparing us the effort of writing generic SMS-gateway integration that would allow any homeserver admin to configure their homeserver to send SMS via their chosen SMS aggregator.

By exposing this 'trusted email/sms delegate' functionality, however, and by including references to the New Vector identity servers in the default configuration for both Synapse and Riot, we created a situation in which users on non-New Vector run homeservers (who had never seen our privacy notice) could easily end up sharing their email addresses and phone numbers with a New Vector identity server.

Using identity servers for registration and password reset introduced yet further complexity - since password reset is a sensitive operation, it was important that the homeserver only use 'trusted' identity servers for this purpose (with the trust being configured by the homeserver admin in the homeserver config). But this created ambiguity over who was ultimately responsible for the choice of identity server and when they could make that choice - the client could present a default identity server at login/registration/password reset time, which the user could choose to override before logging in, but unless the identity server ultimately selected were on the homeserver admin's 'trusted identity servers' list, any identity server operations that were proxied via the homeserver would have been blocked by the homeserver. However, not all identity server operations initiated by the client were proxied via the homeserver - some were sent directly from the client to the identity server, and would not have been filtered.

The best way to solve this problem is to have individual homeservers take ownership for their own email and SMS needs. In the case of email this means configuring details of an appropriate SMTP server or continuing to delegate through an identity server that will allow it to do so. If a homeserver admin makes the active choice to use New Vector's identity servers for delegation (up until 1st December), they should make their own users aware through their privacy notice.

This delegation is entirely separate from the user's choice of identity server for user directory services. As of right now the user is free to choose and trust whichever identity server they wish, or to choose not to use an identity server at all.

Are there any other data privacy features?

Yes, 1.4.0 now automatically garbage collects redacted messages (defaults to 7 days) and removes unused IP and user agent information stored in the user_ips table (defaults to 30 days). Finally, Synapse now warns in its logs if you are using as a trusted key server, in case you wish to use a different server to help discover other servers’ keys.

Anything else?

Aside from privacy, we’ve expanded our OpenTracing support and fixed a host of bugs. However the thing that is most exciting is switching on our solution for mitigating forward extremities build up’ by default.

In some cases rooms can accumulate ‘forward extremities’, which are simply an artefact of attempting to resolve the room state over multiple servers. Forward extremities are necessary to ensure that each server can independently arrive at the same view of the room eventually, however processing these extremities can be computationally expensive and degrade server performance overall.

Originally it was an experimental config option but we now feel confident to turn it on by default for all instances - it should make a big difference for the CPU of servers in fragmented rooms.

So that’s it folks, thanks for making it this far. As ever, you can get the new update here or any of the sources mentioned at Also, check out our Synapse installation guide page

The changelog since 1.3.1 follows:

Synapse 1.4.0 (2019-10-03)


  • Redact client_secret in server logs. (#6158)

Synapse 1.4.0rc2 (2019-10-02)


  • Fix bug in background update that adds last seen information to the devices table, and improve its performance on Postgres. (#6135)
  • Fix bad performance of censoring redactions background task. (#6141)
  • Fix fetching censored redactions from DB, which caused APIs like initial sync to fail if it tried to include the censored redaction. (#6145)
  • Fix exceptions when storing large retry intervals for down remote servers. (#6146)

Internal Changes

  • Fix up sample config entry for redaction_retention_period option. (#6117)

Synapse 1.4.0rc1 (2019-09-26)

Note that this release includes significant changes around 3pid verification. Administrators are reminded to review the upgrade notes.


  • Changes to 3pid verification:
    • Add the ability to send registration emails from the homeserver rather than delegating to an identity server. (#5835, #5940, #5993, #5994, #5868)
    • Replace trust_identity_server_for_password_resets config option with account_threepid_delegates, and make the id_server parameteter optional on */requestToken endpoints, as per MSC2263. (#5876, #5969, #6028)
    • Switch to using the v2 Identity Service /lookup API where available, with fallback to v1. (Implements MSC2134 plus id_access_token authentication for v2 Identity Service APIs from MSC2140). (#5897)
    • Remove bind_email and bind_msisdn parameters from /register ala MSC2140. (#5964)
    • Add m.id_access_token to unstable_features in /versions as per MSC2264. (#5974)
    • Use the v2 Identity Service API for 3PID invites. (#5979)
    • Add POST /_matrix/client/unstable/account/3pid/unbind endpoint from MSC2140 for unbinding a 3PID from an identity server without removing it from the homeserver user account. (#5980, #6062)
    • Use and account_threepid_delegate.msisdn for validating threepid sessions. (#6011)
    • Allow homeserver to handle or delegate email validation when adding an email to a user's account. (#6042)
    • Implement new Client Server API endpoints /account/3pid/add and /account/3pid/bind as per MSC2290. (#6043)
    • Add an unstable feature flag for separate add/bind 3pid APIs. (#6044)
    • Remove bind parameter from Client Server POST /account endpoint as per MSC2290. (#6067)
    • Add POST /add_threepid/msisdn/submit_token endpoint for proxying submitToken on an account_threepid_handler. (#6078)
    • Add submit_url response parameter to */msisdn/requestToken endpoints. (#6079)
    • Add m.require_identity_server flag to /version's unstable_features. (#5972)
  • Enhancements to OpenTracing support:
    • Make OpenTracing work in worker mode. (#5771)
    • Pass OpenTracing contexts between servers when transmitting EDUs. (#5852)
    • OpenTracing for device list updates. (#5853)
    • Add a tag recording a request's authenticated entity and corresponding servlet in OpenTracing. (#5856)
    • Add minimum OpenTracing for client servlets. (#5983)
    • Check at setup that OpenTracing is installed if it's enabled in the config. (#5985)
    • Trace replication send times. (#5986)
    • Include missing OpenTracing contexts in outbout replication requests. (#5982)
    • Fix sending of EDUs when OpenTracing is enabled with an empty whitelist. (#5984)
    • Fix invalid references to None while OpenTracing if the log context slips. (#5988, #5991)
    • OpenTracing for room and e2e keys. (#5855)
    • Add OpenTracing span over HTTP push processing. (#6003)
  • Add an admin API to purge old rooms from the database. (#5845)
  • Retry well-known lookups if we have recently seen a valid well-known record for the server. (#5850)
  • Add support for filtered room-directory search requests over federation (MSC2197, in order to allow upcoming room directory query performance improvements. (#5859)
  • Correctly retry all hosts returned from SRV when we fail to connect. (#5864)
  • Add admin API endpoint for setting whether or not a user is a server administrator. (#5878)
  • Enable cleaning up extremities with dummy events by default to prevent undue build up of forward extremities. (#5884)
  • Add config option to sign remote key query responses with a separate key. (#5895)
  • Add support for config templating. (#5900)
  • Users with the type of "support" or "bot" are no longer required to consent. (#5902)
  • Let synctl accept a directory of config files. (#5904)
  • Increase max display name size to 256. (#5906)
  • Add admin API endpoint for getting whether or not a user is a server administrator. (#5914)
  • Redact events in the database that have been redacted for a week. (#5934)
  • New prometheus metrics:
    • synapse_federation_known_servers: represents the total number of servers your server knows about (i.e. is in rooms with), including itself. Enable by setting metrics_flags.known_servers to True in the configuration.(#5981)
    • synapse_build_info: exposes the Python version, OS version, and Synapse version of the running server. (#6005)
  • Give appropriate exit codes when synctl fails. (#5992)
  • Apply the federation blacklist to requests to identity servers. (#6000)
  • Add report_stats_endpoint option to configure where stats are reported to, if enabled. Contributed by @Sorunome. (#6012)
  • Add config option to increase ratelimits for room admins redacting messages. (#6015)
  • Stop sending federation transactions to servers which have been down for a long time. (#6026)
  • Make the process for mapping SAML2 users to matrix IDs more flexible. (#6037)
  • Return a clearer error message when a timeout occurs when attempting to contact an identity server. (#6073)
  • Prevent password reset's submit_token endpoint from accepting trailing slashes. (#6074)
  • Return 403 on /register/available if registration has been disabled. (#6082)
  • Explicitly log when a homeserver does not have the trusted_key_servers config field configured. (#6090)
  • Add support for pruning old rows in user_ips table. (#6098)


  • Don't create broken room when power_level_content_override.users does not contain creator_id. (#5633)
  • Fix database index so that different backup versions can have the same sessions. (#5857)
  • Fix Synapse looking for config options password_reset_failure_template and password_reset_success_template, when they are actually password_reset_template_failure_html, password_reset_template_success_html. (#5863)
  • Fix stack overflow when recovering an appservice which had an outage. (#5885)
  • Fix error message which referred to public_base_url instead of public_baseurl. Thanks to @aaronraimist for the fix! (#5909)
  • Fix 404 for thumbnail download when dynamic_thumbnails is false and the thumbnail was dynamically generated. Fix reported by rkfg. (#5915)
  • Fix a cache-invalidation bug for worker-based deployments. (#5920)
  • Fix admin API for listing media in a room not being available with an external media repo. (#5966)
  • Fix list media admin API always returning an error. (#5967)
  • Fix room and user stats tracking. (#5971, #5998, #6029)
  • Return a M_MISSING_PARAM if sid is not provided to /account/3pid. (#5995)
  • federation_certificate_verification_whitelist now will not cause TypeErrors to be raised (a regression in 1.3). Additionally, it now supports internationalised domain names in their non-canonical representation. (#5996)
  • Only count real users when checking for auto-creation of auto-join room. (#6004)
  • Ensure support users can be registered even if MAU limit is reached. (#6020)
  • Fix bug where login error was shown incorrectly on SSO fallback login. (#6024)
  • Fix bug in calculating the federation retry backoff period. (#6025)
  • Prevent exceptions being logged when extremity-cleanup events fail due to lack of user consent to the terms of service. (#6053)
  • Remove POST method from password-reset submit_token endpoint until we implement submit_url functionality. (#6056)
  • Fix logcontext spam on non-Linux platforms. (#6059)
  • Ensure query parameters in email validation links are URL-encoded. (#6063)
  • Fix a bug which caused SAML attribute maps to be overridden by defaults. (#6069)
  • Fix the logged number of updated items for the users_set_deactivated_flag background update. (#6092)
  • Add sid to next_link for email validation. (#6097)
  • Threepid validity checks on msisdns should not be dependent on threepid_behaviour_email. (#6104)
  • Ensure that servers which are not configured to support email address verification do not offer it in the registration flows. (#6107)

Updates to the Docker image

  • Avoid changing UID/GID if they are already correct. (#5970)
  • Provide SYNAPSE_WORKER envvar to specify python module. (#6058)

Improved Documentation

  • Convert documentation to markdown (from rst) (#5849)
  • Update to say that Python 2 is no longer supported. (#5953)
  • Add developer documentation for using SAML2. (#6032)
  • Add some notes on rolling back to v1.3.1. (#6049)
  • Update the upgrade notes. (#6050)

Deprecations and Removals

  • Remove shared-secret registration from /_matrix/client/r0/register endpoint. Contributed by Awesome Technologies Innovationslabor GmbH. (#5877)
  • Deprecate the trusted_third_party_id_servers option. (#5875)

Internal Changes

  • Lay the groundwork for structured logging output. (#5680)
  • Retry well-known lookup before the cache expires, giving a grace period where the remote well-known can be down but we still use the old result. (#5844)
  • Remove log line for debugging issue #5407. (#5860)
  • Refactor the Appservice scheduler code. (#5886)
  • Compatibility with v2 Identity Service APIs other than /lookup. (#5892, #6013)
  • Stop populating some unused tables. (#5893, #6047)
  • Add missing index on users_in_public_rooms to improve the performance of directory queries. (#5894)
  • Improve the logging when we have an error when fetching signing keys. (#5896)
  • Add support for database engine-specific schema deltas, based on file extension. (#5911)
  • Update Buildkite pipeline to use plugins instead of buildkite-agent commands. (#5922)
  • Add link in sample config to the logging config schema. (#5926)
  • Remove unnecessary parentheses in return statements. (#5931)
  • Remove unused jenkins/ file. (#5938)
  • Move Buildkite pipeline config to the pipelines repo. (#5943)
  • Remove unnecessary return statements in the codebase which were the result of a regex run. (#5962)
  • Remove left-over methods from v1 registration API. (#5963)
  • Cleanup event auth type initialisation. (#5975)
  • Clean up dependency checking at setup. (#5989)
  • Update OpenTracing docs to use the unified trace method. (#5776)
  • Small refactor of function arguments and docstrings in RoomMemberHandler. (#6009)
  • Remove unused origin argument on FederationHandler.add_display_name_to_third_party_invite. (#6010)
  • Add a failure_ts column to the destinations database table. (#6016, #6072)
  • Clean up some code in the retry logic. (#6017)
  • Fix the structured logging tests stomping on the global log configuration for subsequent tests. (#6023)
  • Clean up the sample config for SAML authentication. (#6064)
  • Change mailer logging to reflect Synapse doesn't just do chat notifications by email now. (#6075)
  • Move last-seen info into devices table. (#6089)
  • Remove unused parameter to get_user_id_by_threepid. (#6099)
  • Refactor the user-interactive auth handling. (#6105)
  • Refactor code for calculating registration flows. (#6106)