Synapse 1.33.0 is out! Three main items of note:
We plan to release
220.127.116.11.2 with a low severity security fix on Tuesday next week, and we're interested in your thoughts on decoupling routine security fixes from normal releases. Please weigh in on this discussion.
Note: We shipped 1.33.1 with a small dependency fix when installing Synapse via
pip. A security release is still planned for Tuesday, which will now be 1.33.2.
If you use Synapse's optional account revalidation feature (see
account_validityin config.yaml), you'll want to review the upgrading instructions as we've made a few small changes to the email templates it uses.
Synapse now has very experimental support for moving presence off of the main process. This has not yet been extensively validated, so please proceed with caution. We expect to get this to a point where we can confidently recommend it in the coming weeks.
Otherwise, this is another release focused on internals. We're driving toward a goal of reducing excess memory consumption when joining large or complex rooms, and most of our effort (aside from the presence work) has been focused on measurement, instrumentation, and experimentation for that.
We did manage to slightly speed up room joins, improve the performance of the user directory, and refine our implementation of MSC3083. Additionally, thanks to work by ShadowJonathan, Synapse now passes all of
Synapse 1.32.2 is out! Synapse now requires Python 3.6 (or later) and we've made a few small changes which you should be aware of before upgrading. These are documented in the upgrade notes.
Note: We scrubbed the releases of Synapse 1.32.0 and 1.32.1 as we discovered a pair of regressions including a bug with Prometheus metrics after tagging the release. These have been resolved.
On Monday, humankind flew a helicopter on Mars. And while our pursuit of Space(s) is considerably more modest, it is nevertheless progressing apace: Synapse 1.32 includes an experimental implementation of MSC3083.
This release also includes a new Synapse module for routing of presence updates, which can allow devices to share presence information without requiring that they also share a room. Please note there are some nuances to worker configuration when using this module which we hope to iron out in a future release.
Otherwise, this is again a very internals-focused release: many additional type hints, improvements to structured logging, and small cleanups, especially those possible now that we've left Python 3.5 behind. We've made changes to how we check whether accounts are exempt from rate limits to avoid cases where we mistakenly applied limits to Application Services which should have been exempt, and we've fixed a bug with sharded federation senders which could occasionally pin the CPU.
We've released Synapse 1.31.0!
Mainly internal changes this time (type hints, code lints, etc.) but we've also landed some initial work on MSC2946: Spaces Summary. And speaking of MSCs, Synapse 1.31 has an experimental flag which can enable support for the draft MSC3026: "busy" presence state.
Synapse 1.31 can now restrict OpenID Connect logins based on userinfo attributes (Thanks, HubbeKing!).
This release fixes a rare infinite loop when fetching cross-signing keys or handling device list updates, and further improves the speed of federation catchup. It also makes Admin APIs around user reactivation behave correctly when account passwords are disabled.
See the Release Notes for further information.
The Final Python 3.5 Release
This is the last release of Synapse to support Python 3.5 or PostgreSQL 9.5, and the last release of official packages for Debian 9 (Stretch) and Ubuntu 16.04 LTS (Xenial).
Accordingly, we anticipate ending support for Python 3.6 and PostgreSQL 9.6 in December of this year. We will also cease producing packages for Ubuntu 18.04 LTS (Bionic) at that time.
Synapse is a Free and Open Source Software project, and we'd like to extend our thanks to everyone who contributed to this release, including ankitdobhal, blakehawkins, dklimpel, fuzzmz, HubbeKing, languitar, sandhose, and ShadowJonathan.
Synapse 1.30.1 is now available. This release is identical to Synapse 1.30.0, with the exception of explicitly setting a minimum version of the Python Cryptography library to ensure that users of Synapse are protected from yesterday's OpenSSL security advisories, especially CVE-2021-3449.
Note that Cryptography defaults to bundling its own statically linked copy of OpenSSL, which means that you may not be protected by your operating system's security updates.
It's also worth noting that Cryptography no longer supports Python 3.5, so admins deploying to older environments like Debian 9 (Stretch) or Ubuntu 16.04 (Xenial) may not be protected against this or future vulnerabilities.
The next release of Synapse will be the last to support Python 3.5.
We've released Synapse 1.30.0!
A key theme of this release was stability and resilience around federation. We've landed changes to be less eager about entering catch up mode and to retry on HTTP 500 errors, while also rejecting transactions which arrive before we've completed processing earlier transactions from that same server. We've significantly optimized how we handle missing events when receiving incoming federation traffic, and we've found a way to re-use the chain cover index (from Synapse 1.26) when responding to the
That last one turns out to be a pretty big deal: we've seen an order of magnitude improvement in both the CPU and DB cost of the
state_ids endpoint. For example, the average CPU usage by that endpoint on matrix.org dropped from few seconds to well under 100ms:
This release also includes further improves to our SSO support, including allowing spam checkers to distinguish between new registrations and first-time SSO users and fixing account reactivation when local passwords are disabled. Now that MSC2858: Multiple SSO Identity Providers has passed its Final Comment Period, we've also updated Synapse to respond to the stable versions of endpoints introduced by that MSC.
See the Release Notes for further information.
Python / Platform Deprecations
As a reminder, the next release of Synapse (1.31, scheduled for April 5th) will be the last to support Python 3.5 or PostgreSQL 9.5, both of which have reached their upstream end of life.
We will also cease building packages for Ubuntu 16.04 (Xenial) and Debian 9 (Stretch) at the same time.
Application Service Registration Changes
Note that Application Services must provide a
type parameter with the value
"m.login.application_service" when calling
POST /_matrix/client/r0/register. Synapse currently allows registration without an explicit
type, but this divergence from the spec will be resolved in a future release.
Synapse 1.29.0 is now available!
This release includes several useful new configuration options for administrators of federated home servers. In all cases, the defaults match Synapse's prior behavior.
- AndrewFerr implemented
allow_profile_lookup_over_federationwhich can limit disclosure of your users' profile information. These both default to True.
- We've also implemented
user_directory.prefer_local_userswhich weights users on the same homeserver higher in directory searches. This defaults to False.
Synapse is now easier to run in proxied environments, with tzyl implementing support for the
NO_PROXY environment variable, as well as recognizing lowercase variants of that and related proxy variables.
Under the hood, we've been steadily improving our type hints, especially in light of the recent release of Twisted 21.2.0 which includes its own type annotations. We've also landed some improvements which reduce the amount of work Synapse does when presence is enabled and you join a room for the first time. Oh, and the media repository now regenerates missing thumbnails on demand.
Lastly, if you deploy Synapse behind a reverse proxy, Synapse now expects to receive an
X-Forwarded-Proto header on incoming requests and will log a warning if it is missing. See the upgrade notes for more information. The full changelog has more information on what's in this release.
Synapse is a Free and Open Source Software project, and we'd like to extend our thanks to everyone who contributed to this release, including aaronraimist, AndrewFerr, dklimpel, ShadowJonathan, and tzyl.
Synapse 1.28.0 is now available!
This release comes with several further improvements to the user experience of single sign-on and numerous bugfixes and stability improvements.
For admins, Synapse 1.28 adds a new Admin API for retrieving event context and implements new spam checker hooks which enable checking file uploads and remote downloads. We've also improved memory usage of media repository workers.
Lastly, we have marked an undocumented Admin API for deprecation. If any of your tools use
/_synapse/admin/v1/users/<user_id> to get account information, please replace that with the V2 List Accounts API, which has been available since Synapse 1.7.0.
There are no special upgrade instructions for 1.28.0. See the full changelog for more details on what's in this release.
Synapse is a Free and Open Source Software project, and we'd like to extend our thanks to everyone who contributed to this release, including arya2331, auscompgeek, bubu, compu42, dklimpel, dykstranet, and shadowjonathan.
Synapse 1.27.0 is now available!
We're especially proud of this release, as this is the version of Synapse that powered FOSDEM 2021 on Matrix. As such, our main focus was on stability, performance, and long-awaited support for social login.
To our surprise, nearly half of all people who created accounts on the FOSDEM homeserver did so via a social login method. Full support for those methods is included in Synapse 1.27.0, and already available for all users on the matrix.org homeserver.
We've also changed how we use Redis in larger deployments, making Synapse more resilient to lost connections and eliminating delays when restarting with multiple federation senders.
See the full changelog for more.
Breaking Changes for SSO
If you use Single Sign-On (SSO) via SAML, OAuth2, or OpenID Connect you must adjust your provider's configuration before upgrading to Synapse 1.27.0, as some endpoint URLs have changed. See the upgrading notes for more information.
Dropping ARMv7 Docker Images
We were unable to produce ARM-based Docker images for this release due to problems with cross-compilation. As a result, we have made the difficult decision to cease building 32-bit ARMv7 Docker images as part of our release process. We will resume publishing ARM64 images with the next Synapse release.
Users on ARMv7 platforms (most notably Raspberry Pis) should consider building images locally using Synapse's Dockerfile or switching to installing Synapse directly as a Python module. Users with Raspberry Pi 3's or newer also have the option of installing a 64-bit Linux distribution and using an ARM64 Docker image.
Thank you to our contributors
Synapse is a Free and Open Source Software project, and we'd like to extend our thanks to everyone who contributed to this release, including dklimpel, intelfx, jcgruenhage, Oliver-Hanikel, rht, and y-pankaj.
Synapse 1.26.0 is now available!
Note: This release includes a new database schema version. If you need to roll back to Synapse 1.25.0, you will also need to follow the associated database downgrade instructions.
In addition to a truckload of refactoring and general improvements, Synapse 1.26.0 includes three major new features:
- A brand new algorithm for calculating the auth chain difference, which should dramatically improve worst case performance during state resolution (#8622).
- Initial support for enabling multiple OpenID Connect providers, paving the way for proper multi-provider social login workflows.
- A significant speed-up to redaction performance in large rooms.
It also brings several improvements to Admin APIs:
- Specific media items can be protected from quarantine.
joined_roomsAPI now works for remote users.
- Deactivating a user can now optionally remove their avatar URL and display name.
We've also made it possible to offload several additional APIs to worker processes, including read receipts and account data persistence, further improving Synapse's scalability.
See the full changelog for more.
Lastly, a reminder: we have deprecated Python 3.5 and PostgreSQL 9.5 and will cease support at the end of March. Due to deprecations in our Python tooling, we were unable to produce a binary package for Ubuntu 16.04 LTS (Xenial) in time for this release. We have resolved this for 1.27.
Synapse is a Free and Open Source Software project, and we'd like to extend our thanks to everyone who contributed to this release, including 0xflotus, chris-ruecker, dklimpel, emelie-qis, jerinjtitus, and tzyl.