Neil Johnson

Right folks, time for Synapse 0.33.6.

These past few weeks we've been focusing on fixing a whole host of federation bugs to improve reliability and latency. Additionally we've squashed some py3 bugs, improved lazy loading and been working hard in the background to improve our CI infrastructure. Finally, we cleaned up the Docker file, the image is now half the size of 0.33.5.1's standing at 58 MB.

As ever, you can get the new update here or any of the sources mentioned at https://github.com/matrix-org/synapse. Note, Synapse is now available from PyPI, pick it up here.

Synapse 0.33.6

Features

• Adding the ability to change MAX_UPLOAD_SIZE for the docker container variables. (#3883)
• Report "python_version" in the phone home stats (#3894)
• Always LL ourselves if we're in a room (#3916)
• Include eventid in log lines when processing incoming federation transactions (#3959)
• Remove spurious check which made 'localhost' servers not work (#3964)

Bugfixes

• Fix problem when playing media from Chrome using direct URL (thanks @remjey!) (#3578)
• support registering regular users non-interactively with register_new_matrix_user script (#3836)
• Fix broken invite email links for self hosted riots (#3868)
• Don't ratelimit autojoins (#3879)
• Fix 500 error when deleting unknown room alias (#3889)
• Fix some b'abcd' noise in logs and metrics (#3892, #3895)
• When we join a room, always try the server we used for the alias lookup first, to avoid unresponsive and out-of-date servers. (#3899)
• Fix incorrect server-name indication for outgoing federation requests (#3907)
• Fix adding client IPs to the database failing on Python 3. (#3908)
• Fix bug where things occasionally were not being timed out correctly. (#3910)
• Fix bug where outbound federation would stop talking to some servers when using workers (#3914)
• Fix some instances of ExpiringCache not expiring cache items (#3932, #3980)
• Fix out-of-bounds error when LLing yourself (#3936)
• Sending server notices regarding user consent now works on Python 3. (#3938)
• Fix exceptions from metrics handler (#3956)
• Fix error message for events with m.room.create missing from auth_events (#3960)
• Fix errors due to concurrent monthly_active_user upserts (#3961)
• Fix exceptions when processing incoming events over federation (#3968)
• Replaced all occurrences of e.message with str(e). Contributed by Schnuffle (#3970)
• Fix lazy loaded sync in the presence of rejected state events (#3986)
• Fix error when logging incomplete HTTP requests (#3990)

Internal Changes

• Unit tests can now be run under PostgreSQL in Docker using test_postgresql.sh. (#3699)
• Speed up calculation of typing updates for replication (#3794)
• Remove documentation regarding installation on Cygwin, the use of WSL is recommended instead. (#3873)
• Fix typo in README, synaspse -> synapse (#3897)
• Increase the timeout when filling missing events in federation requests (#3903)
• Improve the logging when handling a federation transaction (#3904, #3966)
• Improve logging of outbound federation requests (#3906, #3909)
• Fix the docker image building on python 3 (#3911)
• Add a regression test for logging failed HTTP requests on Python 3. (#3912)
• Comments and interface cleanup for on_receive_pdu (#3924)
• Fix spurious exceptions when remote http client closes connection (#3925)
• Log exceptions thrown by background tasks (#3927)
• Add a cache to get_destination_retry_timings (#3933, #3991)
• Automate pushes to docker hub (#3946)
• Require attrs 16.0.0 or later (#3947)
• Fix incompatibility with python3 on alpine (#3948)
• Run the test suite on the oldest supported versions of our dependencies in CI. (#3952)
• CircleCI now only runs merged jobs on PRs, and commit jobs on develop, master, and release branches. (#3957)
• Fix docstrings and add tests for state store methods (#3958)
• fix docstring for FederationClient.get_state_for_room (#3963)
• Run notify_app_services as a bg process (#3965)
• Clarifications in FederationHandler (#3967)
• Further reduce the docker image size (#3972)
• Build py3 docker images for docker hub too (#3976)
• Updated the installation instructions to point to the matrix-synapse package on PyPI. (#3985)
• Disable USE_FROZEN_DICTS for unittests by default. (#3987)
• Remove unused Jenkins and development related files from the repo. (#3988)
• Improve stacktraces in certain exceptions in the logs (#3989)
• Pin to prometheus_client<0.4 to avoid renaming all of our metrics (#4002)

Folks, Synapse 0.33.5.1 is here.

0.33.5.1 is an interesting release. On the one hand it contains the usual bug fixes and performance improvements of a point release, but it also our first versioned release where monolith installs can be run under Python 3.5 and 3.6! Python 3 support is very much in beta, so please be cautious but if you would like to try running under a py3 environment we'd love to get your feedback.

We've been running it ourselves for the past few weeks, and feel pretty good about it, not least the 2-3x improvement in RAM usage.

Currently the only way to run under python 3 is to download via github, there is no deb support as yet, though this will come as soon as we are confident to recommend python 3 as the default version.

We'll be blogging about our porting project in more detail in the future, so watch this space - exciting times!

As ever, you can get the new update here or any of the sources mentioned at https://github.com/matrix-org/synapse. Note, for the first time, Synapse is now available from PyPI, pick it up here.

Synapse 0.33.5.1

Internal Changes

• Fix incompatibility with older Twisted version in tests. Thanks @OlegGirko! (#3940)

Synapse 0.33.5

Features

• Python 3.5 and 3.6 support is now in beta. (#3576)
• Implement event_format filter param in /sync (#3790)
• Add synapse_admin_mau:registered_reserved_users metric to expose number of real reaserved users (#3846)

Bugfixes

• Remove connection ID for replication prometheus metrics, as it creates a large number of new series. (#3788)
• guest users should not be part of mau total (#3800)
• Bump dependency on pyopenssl 16.x, to avoid incompatibility with recent Twisted. (#3804)
• Fix existing room tags not coming down sync when joining a room (#3810)
• Fix jwt import check (#3824)
• fix VOIP crashes under Python 3 (#3821) (#3835)
• Fix manhole so that it works with latest openssh clients (#3841)
• Fix outbound requests occasionally wedging, which can result in federation breaking between servers. (#3845)
• Show heroes if room name/canonical alias has been deleted (#3851)
• Fix handling of redacted events from federation (#3859)
• (#3874)
• Mitigate outbound federation randomly becoming wedged (#3875)

Internal Changes

• CircleCI tests now run on the potential merge of a PR. (#3704)
• http/ is now ported to Python 3. (#3771)
• Improve human readable error messages for threepid registration/account update (#3789)
• Make /sync slightly faster by avoiding needless copies (#3795)
• handlers/ is now ported to Python 3. (#3803)
• Limit the number of PDUs/EDUs per federation transaction (#3805)
• Only start postgres instance for postgres tests on Travis CI (#3806)
• tests/ is now ported to Python 3. (#3808)
• crypto/ is now ported to Python 3. (#3822)
• rest/ is now ported to Python 3. (#3823)
• add some logging for the keyring queue (#3826)
• speed up lazy loading by 2-3x (#3827)
• Improved Dockerfile to remove build requirements after building reducing the image size. (#3834)
• Disable lazy loading for incremental syncs for now (#3840)
• federation/ is now ported to Python 3. (#3847)
• Log when we retry outbound requests (#3853)
• Removed some excess logging messages. (#3855)
• Speed up purge history for rooms that have been previously purged (#3856)
• Refactor some HTTP timeout code. (#3857)
• Fix running merged builds on CircleCI (#3858)
• Fix typo in replication stream exception. (#3860)
• Add in flight real time metrics for Measure blocks (#3871)
• Disable buffering and automatic retrying in treq requests to prevent timeouts. (#3872)
• mention jemalloc in the README (#3877)
• Remove unmaintained "nuke-room-from-db.sh" script (#3888)

Roll up, roll up, get it while it's hot, Synapse 0.33.4 is here.

This release brings together a whole host of bug fixes, some enhancements to resource usage management and a bunch of internal changes in readiness for room member state lazy loading and our ongoing port to Python 3 (we are hoping to ship a py3 test candidate rsn!).

As ever, you can get the new update from https://github.com/matrix-org/synapse/releases/tag/v0.33.4 or any of the sources mentioned at https://github.com/matrix-org/synapse.

Features

• Support profile API endpoints on workers (#3659)
• Server notices for resource limit blocking (#3680)
• Allow guests to use /rooms/:roomId/event/:eventId (#3724)
• Add mau_trial_days config param, so that users only get counted as MAU after N days. (#3749)
• Require twisted 17.1 or later (fixes #3741). (#3751)

Bugfixes

• Fix error collecting prometheus metrics when run on dedicated thread due to threading concurrency issues (#3722)
• Fix bug where we resent "limit exceeded" server notices repeatedly (#3747)
• Fix bug where we broke sync when using limit_usage_by_mau but hadn't configured server notices (#3753)
• Fix 'federation_domain_whitelist' such that an empty list correctly blocks all outbound federation traffic (#3754)
• Fix tagging of server notice rooms (#3755, #3756)
• Fix 'admin_uri' config variable and error parameter to be 'admin_contact' to match the spec. (#3758)
• Don't return non-LL-member state in incremental sync state blocks (#3760)
• Fix bug in sending presence over federation (#3768)
• Fix bug where preserved threepid user comes to sign up and server is mau blocked (#3777)

Internal Changes

• Removed the link to the unmaintained matrix-synapse-auto-deploy project from the readme. (#3378)
• Refactor state module to support multiple room versions (#3673)
• The synapse.storage module has been ported to Python 3. (#3725)
• Split the state_group_cache into member and non-member state events (and so speed up LL /sync) (#3726)
• Log failure to authenticate remote servers as warnings (without stack traces) (#3727)
• The CONTRIBUTING guidelines have been updated to mention our use of Markdown and that .misc files have content. (#3730)
• Reference the need for an HTTP replication port when using the federation_reader worker (#3734)
• Fix minor spelling error in federation client documentation. (#3735)
• Remove redundant state resolution function (#3737)
• The test suite now passes on PostgreSQL. (#3740)
• Fix MAU cache invalidation due to missing yield (#3746)
• Make sure that we close db connections opened during init (#3764)
• Unignore synctl in .dockerignore to fix docker builds (#3802)

Hi All,

As referenced in yesterday's pre-disclosure, today we are releasing Synapse 0.33.3.1 as a critical security update.

We have patched two security vulnerabilities we identified whilst working on the upcoming r0 spec release for the Server-Server API (see details below). We do not believe either have been exploited in the wild, but strongly recommend everybody running a federated Synapse upgrades immediately.

As always you can get the new update here or from any of the sources mentioned at https://github.com/matrix-org/synapse/

Many thanks for your patience and understanding; with fixes like this we are moving ever closer to Synapse reaching a 1.0 Thanks also to the package maintainers who have coordinated with us to ensure distro packages are available for a speedy upgrade!

Note, for anyone running Debian Jessie, we have prepared a 0.33.2.1 deb (as 0.33.3 dropped support for Jessie).

Synapse 0.33.3.1 (2018-09-06)

SECURITY FIXES

• Fix an issue where event signatures were not always correctly validated (#3796)
• Fix an issue where server_acls could be circumvented for incoming events (#3796)

Internal Changes

• Unignore synctl in .dockerignore to fix docker builds (#3802)

Folks, it's release time, Synapse 0.33.2 has landed.

The release focuses on performance, notable highlights include reducing CPU consumption through speeding up state delta calculations (#3592) and reducing I/O through lazily loading state on the master process (#3579, #3581, #3582, #3584)

Separately work continues on our python 3 port and we hope to have something concrete to trial very soon - we're really excited about this and expect step change improvements in CPU and memory use.

Finally we have some ground work for upcoming room membership lazy loading, there is nothing to see here as yet, but rest assured we will make a lot of noise as soon as it is ready. Stay tuned.

 or any of the sources mentioned at https://github.com/matrix-org/synapse.

Synapse 0.33.2 (2018-08-09)

No significant changes.

Synapse 0.33.2rc1 (2018-08-07)

Features

• add support for the lazy_loaded_members filter as per MSC1227 (#2970)
• add support for the include_redundant_members filter param as per MSC1227 (#3331)
• Add metrics to track resource usage by background processes (#3553, #3556, #3604, #3610)
• Add code label to synapse_http_server_response_time_seconds prometheus metric (#3554)
• Add support for client_reader to handle more APIs (#3555, #3597)
• make the /context API filter & lazy-load aware as per MSC1227 (#3567)
• Add ability to limit number of monthly active users on the server (#3630)
• When we fail to join a room over federation, pass the error code back to the client. (#3639)
• Add a new /admin/register API for non-interactively creating users. (#3415)

Bugfixes

• Make /directory/list API return 404 for room not found instead of 400 (#2952)
• Default inviter_display_name to mxid for email invites (#3391)
• Don't generate TURN credentials if no TURN config options are set (#3514)
• Correctly announce deleted devices over federation (#3520)
• Catch failures saving metrics captured by Measure, and instead log the faulty metrics information for further analysis. (#3548)
• Unicode passwords are now normalised before hashing, preventing the instance where two different devices or browsers might send a different UTF-8 sequence for the password. (#3569)
• Fix potential stack overflow and deadlock under heavy load (#3570)
• Respond with M_NOT_FOUND when profiles are not found locally or over federation. Fixes #3585 (#3585)
• Fix failure to persist events over federation under load (#3601)
• Fix updating of cached remote profiles (#3605)
• Fix 'tuple index out of range' error (#3607)
• Only import secrets when available (fix for py < 3.6) (#3626)

Internal Changes

• Remove redundant checks on who_forgot_in_room (#3350)
• Remove unnecessary event re-signing hacks (#3367)
• Rewrite cache list decorator (#3384)
• Move v1-only REST APIs into their own module. (#3460)
• Replace more instances of Python 2-only iteritems and itervalues uses. (#3562)
• Refactor EventContext to accept state during init (#3577)
• Improve Dockerfile and docker-compose instructions (#3543)
• Release notes are now in the Markdown format. (#3552)
• add config for pep8 (#3559)
• Merge Linearizer and Limiter (#3571, #3572)
• Lazily load state on master process when using workers to reduce DB consumption (#3579, #3581, #3582, #3584)
• Fixes and optimisations for resolve_state_groups (#3586)
• Improve logging for exceptions when handling PDUs (#3587)
• Add some measure blocks to persist_events (#3590)
• Fix some random logcontext leaks. (#3591, #3606)
• Speed up calculating state deltas in persist_event loop (#3592)
• Attempt to reduce amount of state pulled out of DB during persist_events (#3595)
• Fix a documentation typo in on_make_leave_request (#3609)
• Make EventStore inherit from EventFederationStore (#3612)
• Remove some redundant joins on event_edges.room_id (#3613)
• Stop populating events.content (#3614)
• Update the /send_leave path registration to use event_id rather than a transaction ID. (#3616)
• Refactor FederationHandler to move DB writes into separate functions (#3621)
• Remove unused field "pdu_failures" from transactions. (#3628)
• rename replication_layer to federation_client (#3634)
• Factor out exception handling in federation_client (#3638)
• Refactor location of docker build script. (#3644)
• Update CONTRIBUTING to mention newsfragments. (#3645)

Hi All,

We have patched two securities vulnerabilities (details follow), we do not believe either have been exploited in the wild, but recommend upgrading asap.

As always you can get the new update from https://github.com/matrix-org/synapse/releases/tag/v0.33.1 or from any of the sources mentioned at https://github.com/matrix-org/synapse/

Thanks

Changes in Synapse v0.33.1 (2018-08-2)

• Fix a potential issue where servers could request events for rooms they have not joined. (#3641)
• Fix a potential issue where users could see events in private rooms before they joined. (#3642)

Folks, Synapse 0.32.0 is an important security update: please upgrade as soon as you can.

The release focuses on security; fixing several federation bugs and adding new features for countering abuse. Notably it includes the ability to blacklist & whitelist servers allowed to send events to a room on a per-room basis via the new m.room.server_acl state event: see MSC1383 for details.  This also closes out https://github.com/matrix-org/matrix-doc/issues/709 - one of our oldest feature requests from users who wish to be able to limit the servers allowed to participate in a given room.

It's important to understand that server ACLs only work if all the servers participating in the room honour them.  In future this will be handled better (as part of ongoing work in making it easier to incrementally version and upgrade the federation protocol).  This means that for the ACLs to work, any servers which don't yet implement ACLs (e.g. older Synapses) have to be ACL'd from the room for the access control to work.   Therefore please upgrade as soon as possible to avoid this problem.

This ongoing flurry of security work is in general all part of moving towards the long-awaited stable release of the Server-Server API. In parallel we've been working on the other main outstanding point: State Resets (i.e. scenarios where you get unexpected results when resolving conflicts between different servers' copies of a room).  There will be a few more major changes and upgrades on the horizon as we fix these, but then we'll finally be able to cut an r0 release of the Server-Server API and Matrix will be one massive step closer to being out of beta!

As always, you can get the new update from https://github.com/matrix-org/synapse/releases/tag/v0.32.1  or any of the sources mentioned at https://github.com/matrix-org/synapse.

Changes in synapse v0.32.0 (2018-07-06)

No changes since 0.32.0rc1

Synapse 0.32.0rc1 (2018-07-05)

Features

• Add blacklist & whitelist of servers allowed to send events to a room via m.room.server_acl event. (merge)
• Cache factor override system for specific caches (#3334)
• Add metrics to track appservice transactions (#3344)
• Try to log more helpful info when a sig verification fails (#3372)
• Synapse now uses the best performing JSON encoder/decoder according to your runtime (simplejson on CPython, stdlib json on PyPy). (#3462)
• Add optional ip_range_whitelist param to AS registration files to lock AS IP access (#3465)
• Reject invalid server names in federation requests (#3480)
• Reject invalid server names in homeserver.yaml (#3483)

Bugfixes

• Strip access_token from outgoing requests (#3327)
• Redact AS tokens in logs (#3349)
• Fix federation backfill from SQLite servers (#3355)
• Fix event-purge-by-ts admin API (#3363)
• Fix event filtering in get_missing_events handler (#3371)
• Synapse is now stricter regarding accepting events which it cannot retrieve the prev_events for. (#3456)
• Fix bug where synapse would explode when receiving unicode in HTTP User-Agent header (#3470)
• Invalidate cache on correct thread to avoid race (#3473)

Improved Documentation

• doc/postgres.rst: fix display of the last command block. Thanks to @ArchangeGabriel! (#3340)

Deprecations and Removals

• Remove was_forgotten_at (#3324)

Misc

• #3332 #3341 #3347 #3348 #3356 #3385 #3446 #3447 #3467 #3474

Folks,

v0.31.1 fixes a security bug in the get_missing_events federation API where event visibility rules were not applied correctly.

We are not aware of it being actively exploited but please upgrade asap.

Sorry for the inconvenience, Synapse and the Matrix spec are still in beta and we still ironing out gaps such as this one.

You can get the release here.

Changes in synapse v0.31.1 (2018-06-08)

v0.31.1 fixes a security bug in the get_missing_events federation API where event visibility rules were not applied correctly.

We are not aware of it being actively exploited but please upgrade asap.

Bug Fixes:

• Fix event filtering in get_missing_events handler (PR #3371)

Good people, it's release time.

With the core team focusing on upcoming performance work and GDPR management tooling, v0.31.0 is most notable for improvements to system stats. Additionally, work continues on our py3 port and a host of small bug fixes and perf improvements.

Get it now from https://github.com/matrix-org/synapse/releases/tag/v0.31.0

Changes in synapse v0.31.0 (2018-06-06)

Most notable change from v0.30.0 is to switch to python prometheus library to improve system stats reporting. WARNING this changes a number of prometheus metrics in a backwards-incompatible manner. For more details, seedocs/metrics-howto.rst

Bug Fixes:

• Fix metric documentation tables (PR #3341)
• Fix LaterGauge error handling (694968f)
• Fix replication metrics (b7e7fd2)

Changes in synapse v0.31.0-rc1 (2018-06-04)

Features:

• Switch to the Python Prometheus library (PR #3256, #3274)
• Let users leave the server notice room after joining (PR #3287)

• daily user type phone home stats (PR #3264)
• Use iter* methods for _filter_events_for_server (PR #3267)
• Docs on consent bits (PR #3268)
• Remove users from user directory on deactivate (PR #3277)
• Avoid sending consent notice to guest users (PR #3288)
• disable CPUMetrics if no /proc/self/stat (PR #3299)
• Add local and loopback IPv6 addresses to url_preview_ip_range_blacklist (PR #3312) Thanks to @thegcat!
• Consistently use six's iteritems and wrap lazy keys/values in list() if they're not meant to be lazy (PR #3307)
• Add private IPv6 addresses to example config for url preview blacklist (PR #3317) Thanks to @thegcat!
• Reduce stuck read-receipts: ignore depth when updating (PR #3318)
• Put python's logs into Trial when running unit tests (PR #3319)

• Replace some more comparisons with six (PR #3243) Thanks to @NotAFile!
• replace some iteritems with six (PR #3244) Thanks to @NotAFile!
• Add batch_iter to utils (PR #3245) Thanks to @NotAFile!
• use repr, not str (PR #3246) Thanks to @NotAFile!
• Misc Python3 fixes (PR #3247) Thanks to @NotAFile!
• Py3 storage/_base.py (PR #3278) Thanks to @NotAFile!
• more six iteritems (PR #3279) Thanks to @NotAFile!
• More Misc. py3 fixes (PR #3280) Thanks to @NotAFile!
• remaining isintance fixes (PR #3281) Thanks to @NotAFile!
• py3-ize state.py (PR #3283) Thanks to @NotAFile!
• extend tox testing for py3 to avoid regressions (PR #3302) Thanks to @krombel!
• use memoryview in py3 (PR #3303) Thanks to @NotAFile!

• Fix federation backfill bugs (PR #3261)
• federation: fix LaterGauge usage (PR #3328) Thanks to @intelfx!

It's release o'clock - GDPR time!!!!

v0.30.0 sees the introduction of Server Notices, which provides a channel whereby server administrators can send messages to users on the server, as well as Consent Management for tracking whether users have agreed to the terms and conditions set by the administrator of a server - and blocking access to the server until they have.

In conjunction these features support GDPR compliance in the form of providing a client agnostic means to contact users and ask for consent/agreement to a Privacy Notice.

For more information about our approach to GDPR compliance take a look here (although be aware that our position has evolved a bit; see the upcoming new privacy policy for the Matrix.org homeserver for details).

Additionally there are a host of bug fixes and refactors as well as an enhancement to our Dockerfile.

Get it now from https://github.com/matrix-org/synapse/releases/tag/v0.30.0

Changes in synapse v0.30.0 (2018-05-24)

'Server Notices' are a new feature introduced in Synapse 0.30. They provide a channel whereby server administrators can send messages to users on the server.

They are used as part of communication of the server policies (see Consent Tracking), however the intention is that they may also find a use for features such as "Message of the day".

This feature is specific to Synapse, but uses standard Matrix communication mechanisms, so should work with any Matrix client. For more details see here. 

Further Server Notices/Consent Tracking Support:

• Allow overriding the server_notices user's avatar (PR #3273)
• Use the localpart in the consent uri (PR #3272)
• Support for putting %(consent_uri)s in messages (PR #3271)
• Block attempts to send server notices to remote users (PR #3270)
• Docs on consent bits (PR #3268)

Changes in synapse v0.30.0-rc1 (2018-05-23)

GDPR Support:

• ConsentResource to gather policy consent from users (PR #3213)
• Move RoomCreationHandler out of synapse.handlers.Handlers (PR #3225)
• Infrastructure for a server notices room (PR #3232)
• Send users a server notice about consent (PR #3236)
• Reject attempts to send event before privacy consent is given (PR #3257)
• Add a 'has_consented' template var to consent forms (PR #3262)
• Fix dependency on jinja2 (PR #3263)

• Cohort analytics (PR #3163, #3241, #3251)
• Add lxml to docker image for web previews (PR #3239) Thanks to @ptman!
• Add in flight request metrics (PR #3252)

• Remove unused update_external_syncs (PR #3233)
• Use stream rather depth ordering for push actions (PR #3212)
• Make purge_history operate on tokens (PR #3221)
• Don't support limitless pagination (PR #3265)

• Fix logcontext resource usage tracking (PR #3258)
• Fix error in handling receipts (PR #3235)
• Stop the transaction cache caching failures (PR #3255)