Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

MSC3244: Room version capabilities #3244

Closed
wants to merge 8 commits into from
Closed

MSC3244: Room version capabilities #3244

wants to merge 8 commits into from

Conversation

BillCarsonFr
Copy link
Member

@BillCarsonFr BillCarsonFr commented Jun 15, 2021
edited by anoadragon453
Loading

@BillCarsonFr BillCarsonFr mentioned this pull request Jun 15, 2021
Closed
@turt2live turt2live changed the title Room version capabilities MSC3244: Room version capabilities Jun 15, 2021
@turt2live turt2live added client-server Client-Server API kind:maintenance MSC which clarifies/updates existing spec proposal A matrix spec change proposal labels Jun 15, 2021
tulir
tulir reviewed Jun 15, 2021
View reviewed changes
proposals/3244-room-version-capabilities.md
@@ -0,0 +1,145 @@
# MSC3244: Room version capabilities
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I might be missing something, but I don't see why this data needs to come from the server. Standard room version capabilities don't vary across servers, so the supported features can just be hardcoded into clients. Only the list of supported room versions will vary, but that data is already available from the endpoint.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yea... I'm not seeing what this is trying to accomplish. Room versions are meant to be frozen sets of functionality, particularly at the spec level, and not mutated over time. If someone were to create a com.example.my_room_version they'd almost certainly have to figure out a nested versioning scheme because once used the room version can't change behaviour.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Currently cients never require a specific room version, and created room are using the default version at the time of creation.

If clients start hard coding room version, they will need to be continuously updated to be up to date. E.g if the default room version is updated (for security reason), the clients will force lower room version

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the idea isn't whether or not the client specifies the room version, but that the clients would encode the information in them for what features a room version supports.

The argument against this is that the servers have to know this already (e.g. Synapse's implementation), so instead of hard-coding it into each client the server could pass the information to the client.

Maybe that's over-designed though and the proper thing is to codify a similar list in the clients?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The issue with having a list in the clients is that it can get outdated. If I'm running an old client, and the server says that the default room version is "10", but the client doesn't know what room version "10" is, then it doesn't know if a room created with the default version will support knocking, or if it should specify that it wants room version "7".

Arguably, clients shouldn't be doing anything with room versions that they don't understand, but since most of the room version changes are server-side things, clients have been mostly fine just assuming that everything is (almost) the same.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The server can't really be sure it's suggesting the right values though? If a client is developed with v8 in mind, it's not going to really know if v10 will also serve its purpose, and the server definitely won't know how the client expects to function.

Room versions are non-linear, so in a hypothetical (and possibly likely down the line) scenario we could have v8 for knocking, v9 for enforced encryption, v10 for newfangled knocking+restricted cooperation, and v11 which mixes it all together. In this case, the client will want a feature called "knocking" but doesn't know that v10/11 are actually some completely new approach it has never heard of. It'd be irresponsible of the server to suggest this as a preferred version, but also it's not immediately clear what we'd do given it's keyed by feature name. Further, the server suggesting v11 could impact the user experience of the client even if the client did know about v10 (but not 11): it may very well not want to have encryption baked into the room, but the server will have suggested an unknown room version for new-knocking.

Overall, I do seriously wonder if this can be solved with process rather than tech. If we sped up the room version cutting process, would it alleviate the concerns of this MSC? Can we find a non-technical answer to communicating what is in a given room version and drive uptake?

uhoreg
uhoreg reviewed Jun 15, 2021
View reviewed changes
proposals/3244-room-version-capabilities.md Outdated Show resolved Hide resolved
proposals/3244-room-version-capabilities.md Outdated Show resolved Hide resolved
proposals/3244-room-version-capabilities.md Outdated Show resolved Hide resolved
proposals/3244-room-version-capabilities.md Outdated Show resolved Hide resolved
clokep
clokep reviewed Jun 16, 2021
View reviewed changes
proposals/3244-room-version-capabilities.md Outdated
Comment on lines 110 to 111
If multiple capabilities are needed (e.g mscXX1 and mscXX2), and they have different `preferred` versions, clients can
then pick one of the stable version that appears in both `support` arrays.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A downside of this is that you can end up on an older room version since there's no ordering, e.g.

  • knocking: preferred: 7, supports: 7, 8, 9
  • restricted: preferred 9, supports: 8, 9

From here you could choose 8 or 9, but which to use? Maybe it doesn't really matter. 🤷

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can we say that support is ordered?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure where that information would come from though. The server doesn't really have an ordered list of room versions it prefers.

This was referenced Jun 18, 2021
Closed
Merged
ara4n
ara4n reviewed Jun 18, 2021
View reviewed changes
proposals/3244-room-version-capabilities.md Outdated
"9": "stable"
},
"room_capabilities": {
"knocking" : {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should we not namespace these to m.knocking or whatever? if only for symmetry with all our other identifiers?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

will check and use same name

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

updaded to knock as per MSC

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I also agree that these attributes should be namespaced as m.*, otherwise it gets inconsistent with the rest of the spec.

Copy link
Member Author

@BillCarsonFr BillCarsonFr Jul 19, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the top level att are namespaced (m.room_versions, m.change_password) but not the content attributes (default/available/room_capabilities)

ara4n
ara4n reviewed Jun 18, 2021
View reviewed changes
proposals/3244-room-version-capabilities.md
"4": "stable",
"5": "stable",
"6": "stable",,
"org.matrix.msc2176": "unstable",
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is it deliberate that these unstable room versions are removed in the below example?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

kind of, the below example is the future compared to that one, but it was also to reduce noise

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

okay, then need to add a line to make it clear that between the two examples, the unstable versions were stabilised.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

added some context

@BillCarsonFr @clokep
Update proposals/3244-room-version-capabilities.md
bdd164c 
Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>
clokep
clokep reviewed Jun 29, 2021
View reviewed changes
proposals/3244-room-version-capabilities.md
Comment on lines +108 to +109
If the feature is supported but by a stable room version that is not the default one, the client should
then request to use the preferred version (`preferred`) that supports the feature, in the create room call:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This seems to imply that unstable room versions can be included in the response. This isn't 100% clear from the examples.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

IMO preferred should always be stable, support should include all known room versions, inc unstable, as that field is what drives the UI of whether to show a particular setting

clokep
clokep reviewed Jun 29, 2021
View reviewed changes
proposals/3244-room-version-capabilities.md
}
````

In the hypothetical scenario where multiple capabilities would be needed (e.g mscXX1 and mscXX2), and have different `preferred` versions, clients can then pick one of the stable version that appears in both `support` arrays.
Copy link
Contributor

@clokep clokep Jun 29, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there a benefit to having preferred and support separate as opposed to just an ordered array for support?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We might want to be able to say "preferred": null whilst only unstable room versions support this, e.g right now for restricted, but still giving the clients the list of supporting room versions to know what UI to show for an experimental room version without needing to hardcode it.

t3chguy
t3chguy reviewed Jul 1, 2021
View reviewed changes
proposals/3244-room-version-capabilities.md

Proposed final identifier | Purpose | Development identifier
------------------------------- | ------- | ----
`room_capabilities` | event type | `org.matrix.msc3244.room_capabilities`
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PoC implementations:

Uses "preferred": null for restricted to never have preferred be an unstable version

@BillCarsonFr BillCarsonFr mentioned this pull request Jul 12, 2021
Merged
@BillCarsonFr BillCarsonFr marked this pull request as ready for review July 12, 2021 12:45
@dklimpel dklimpel mentioned this pull request Jul 13, 2021
Closed
@richvdh richvdh mentioned this pull request Jul 20, 2021
Merged
4 tasks
turt2live
turt2live requested changes Aug 10, 2021
View reviewed changes
proposals/3244-room-version-capabilities.md

When a new room version is introduced there is a delay before it becames the default
version. This delay is related to support of this new room version across the federation.
If a Home Server were to switch the new version as default to early, it will lock out all other users
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
If a Home Server were to switch the new version as default to early, it will lock out all other users
If a homeserver were to switch the new version as default to early, it will lock out all other users

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

applies throughout

proposals/3244-room-version-capabilities.md
@@ -0,0 +1,145 @@
# MSC3244: Room version capabilities
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The server can't really be sure it's suggesting the right values though? If a client is developed with v8 in mind, it's not going to really know if v10 will also serve its purpose, and the server definitely won't know how the client expects to function.

Room versions are non-linear, so in a hypothetical (and possibly likely down the line) scenario we could have v8 for knocking, v9 for enforced encryption, v10 for newfangled knocking+restricted cooperation, and v11 which mixes it all together. In this case, the client will want a feature called "knocking" but doesn't know that v10/11 are actually some completely new approach it has never heard of. It'd be irresponsible of the server to suggest this as a preferred version, but also it's not immediately clear what we'd do given it's keyed by feature name. Further, the server suggesting v11 could impact the user experience of the client even if the client did know about v10 (but not 11): it may very well not want to have encryption baked into the room, but the server will have suggested an unknown room version for new-knocking.

Overall, I do seriously wonder if this can be solved with process rather than tech. If we sped up the room version cutting process, would it alleviate the concerns of this MSC? Can we find a non-technical answer to communicating what is in a given room version and drive uptake?

MadLittleMods
MadLittleMods reviewed Apr 21, 2022
View reviewed changes
proposals/3244-room-version-capabilities.md

As part of this MSC, two capabilities are defined:
- `knock` for knocking join rule support [MSC2403](https://github.com/matrix-org/matrix-doc/pull/2403)
- `restricted` for restricted join rule support [MSC3083](https://github.com/matrix-org/matrix-doc/pull/3083)
Copy link
Contributor

@MadLittleMods MadLittleMods Apr 21, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are we allowing unstable capabilities to be added here? I've wanted to use this to advertise MSC2716 support, matrix-org/synapse#12516

It would be good to add a note that unstable capabilities are allowed with prefixes.

@MadLittleMods MadLittleMods mentioned this pull request Apr 22, 2022
Merged
3 tasks
@turt2live
Copy link
Member

This has failed to get positive review and doesn't appear to be on a track for acceptance. To encourage people to raise their thoughts and fix the problems:

@mscbot fcp reject

@mscbot
Copy link
Collaborator

mscbot commented Apr 26, 2022

Unknown disposition 'reject'.

@turt2live
Copy link
Member

fine then

@mscbot fcp close

@mscbot
Copy link
Collaborator

mscbot commented Apr 26, 2022
edited by ara4n
Loading

Team member @turt2live has proposed to close this. The next step is review by the rest of the tagged people:

Once at least 75% of reviewers approve (and there are no outstanding concerns), this will enter its final comment period. If you spot a major issue that hasn't been raised at any point in this process, please speak up!

See this document for information about what commands tagged team members can give me.

@mscbot mscbot added disposition-close proposed-final-comment-period Currently awaiting signoff of a majority of team members in order to enter the final comment period. labels Apr 26, 2022
@turt2live turt2live added this to Needs idea feedback / initial review in Spec Core Team Backlog via automation Apr 26, 2022
@turt2live turt2live moved this from Needs idea feedback / initial review to Ready for FCP ticks in Spec Core Team Backlog Apr 26, 2022
@turt2live turt2live moved this from Ready for FCP ticks to TMP01 in Spec Core Team Backlog Jul 4, 2022
@turt2live turt2live moved this from TMP01 to Ready for FCP ticks in Spec Core Team Backlog Jul 4, 2022
@mscbot
Copy link
Collaborator

mscbot commented Jul 7, 2022

🔔 This is now entering its final comment period, as per the review above. 🔔

@mscbot mscbot added final-comment-period This MSC has entered a final comment period in interest to approval, postpone, or delete in 5 days. and removed proposed-final-comment-period Currently awaiting signoff of a majority of team members in order to enter the final comment period. labels Jul 7, 2022
This was referenced Jul 7, 2022
Merged
Merged
Closed
@turt2live turt2live moved this from Ready for FCP ticks to In FCP in Spec Core Team Backlog Jul 7, 2022
@mscbot
Copy link
Collaborator

mscbot commented Jul 12, 2022

The final comment period, with a disposition to close, as per the review above, is now complete.

@mscbot mscbot closed this Jul 12, 2022
@mscbot mscbot added finished-final-comment-period and removed disposition-close final-comment-period This MSC has entered a final comment period in interest to approval, postpone, or delete in 5 days. labels Jul 12, 2022
@turt2live turt2live added rejected A proposal which has been rejected for inclusion in the spec and removed finished-final-comment-period labels Jul 12, 2022
@turt2live turt2live moved this from In FCP to Done to some definition in Spec Core Team Backlog Jul 12, 2022
@mjarr mjarr mentioned this pull request Oct 2, 2022
Merged
9 tasks
netbsd-srcmastr pushed a commit to NetBSD/pkgsrc that referenced this pull request Jan 18, 2023
@spzeidler
Pullup ticket #6538 - requested by gdt
607be90 
chat/matrix-synapse: security update

Revisions pulled up:
- chat/matrix-synapse/Makefile                                  1.34-1.36
- chat/matrix-synapse/PLIST                                     1.18-1.19
- chat/matrix-synapse/distinfo                                  1.24,1.27-1.28

-------------------------------------------------------------------
   Module Name:    pkgsrc
   Committed By:   js
   Date:           Sat Oct  2 12:23:13 UTC 2021

   Modified Files:
           pkgsrc/chat/matrix-synapse: Makefile PLIST distinfo

   Log Message:
   Update chat/matrix-synapse to 1.43.0

   Synapse 1.43.0 (2021-09-21)
   =============
   This release drops support for the deprecated, unstable API for [MSC2858 (Multiple SSO Identity
   Providers)](https://github.com/matrix-org/matrix-doc/blob/master/proposals/2858-Multiple-SSO-Identity-Providers.md#unstable-prefix), as well as the undocumented `experimental.msc2858_enabled` config
   option. Client authors should update their clients to use the stable API, available since Synapse 1.30.

   The documentation has been updated with configuration for routing `/spaces`, `/hierarchy` and `/summary` to workers. See [the upgrade
   notes](https://github.com/matrix-org/synapse/blob/release-v1.43/docs/upgrade.md#upgrading-to-v1430) for more details.

   No significant changes since 1.43.0rc2.

   Synapse 1.43.0rc2 (2021-09-17)
   ===============

   Bugfixes
   --------

   - Added opentracing logging to help debug [\#9424](https://github.com/matrix-org/synapse/issues/9424). ([\#10828](https://github.com/matrix-org/synapse/issues/10828))

   Synapse 1.43.0rc1 (2021-09-14)
   ===============

   Features
   --------

   - Allow room creators to send historical events specified by [MSC2716](https://github.com/matrix-org/matrix-doc/pull/2716) in existing room versions.
   ([\#10566](https://github.com/matrix-org/synapse/issues/10566))
   - Add config option to use non-default manhole password and keys. ([\#10643](https://github.com/matrix-org/synapse/issues/10643))
   - Skip final GC at shutdown to improve restart performance. ([\#10712](https://github.com/matrix-org/synapse/issues/10712))
   - Allow configuration of the oEmbed URLs used for URL previews. ([\#10714](https://github.com/matrix-org/synapse/issues/10714), [\#10759](https://github.com/matrix-org/synapse/issues/10759))
   - Prefer [room version 9](https://github.com/matrix-org/matrix-doc/pull/3375) for restricted rooms per the [room version capabilities](https://github.com/matrix-org/matrix-doc/pull/3244) API.
   ([\#10772](https://github.com/matrix-org/synapse/issues/10772))

   Bugfixes
   --------

   - Fix a long-standing bug where room avatars were not included in email notifications. ([\#10658](https://github.com/matrix-org/synapse/issues/10658))
   - Fix a bug where the ordering algorithm was skipping the `origin_server_ts` step in the spaces summary resulting in unstable room orderings.
   ([\#10730](https://github.com/matrix-org/synapse/issues/10730))
   - Fix edge case when persisting events into a room where there are multiple events we previously hadn't calculated auth chains for (and hadn't marked as needing to be calculated).
   ([\#10743](https://github.com/matrix-org/synapse/issues/10743))
   - Fix a bug which prevented calls to `/createRoom` that included the `room_alias_name` parameter from being handled by worker processes. ([\#10757](https://github.com/matrix-org/synapse/issues/10757))
   - Fix a bug which prevented user registration via SSO to require consent tracking for SSO mapping providers that don't prompt for Matrix ID selection. Contributed by @AndrewFerr.
   ([\#10733](https://github.com/matrix-org/synapse/issues/10733))
   - Only return the stripped state events for the `m.space.child` events in a room for the spaces summary from [MSC2946](https://github.com/matrix-org/matrix-doc/pull/2946).
   ([\#10760](https://github.com/matrix-org/synapse/issues/10760))
   - Properly handle room upgrades of spaces. ([\#10774](https://github.com/matrix-org/synapse/issues/10774))
   - Fix a bug which generated invalid homeserver config when the `frontend_proxy` worker type was passed to the Synapse Worker-based Complement image.
   ([\#10783](https://github.com/matrix-org/synapse/issues/10783))

   Improved Documentation
   ----------------------

   - Minor fix to the `media_repository` developer documentation. Contributed by @cuttingedge1109. ([\#10556](https://github.com/matrix-org/synapse/issues/10556))
   - Update the documentation to note that the `/spaces` and `/hierarchy` endpoints can be routed to workers. ([\#10648](https://github.com/matrix-org/synapse/issues/10648))
   - Clarify admin API documentation on undoing room deletions. ([\#10735](https://github.com/matrix-org/synapse/issues/10735))
   - Split up the modules documentation and add examples for module developers. ([\#10758](https://github.com/matrix-org/synapse/issues/10758))
   - Correct 2 typographical errors in the [Log Contexts documentation](https://matrix-org.github.io/synapse/latest/log_contexts.html). ([\#10795](https://github.com/matrix-org/synapse/issues/10795))
   - Fix a wording mistake in the sample configuration. Contributed by @bramvdnheuvel:nltrix.net. ([\#10804](https://github.com/matrix-org/synapse/issues/10804))

   Deprecations and Removals
   -------------------------

   - Remove the [unstable MSC2858 API](https://github.com/matrix-org/matrix-doc/blob/master/proposals/2858-Multiple-SSO-Identity-Providers.md#unstable-prefix), including the undocumented
   `experimental.msc2858_enabled` config option. The unstable API has been deprecated since Synapse 1.35. Client authors should update their clients to use the stable API introduced in Synapse 1.30 if
   they have not already done so. ([\#10693](https://github.com/matrix-org/synapse/issues/10693))

   Internal Changes
   ----------------

   - Add OpenTracing logging to help debug stuck messages (as described by issue [#9424](https://github.com/matrix-org/synapse/issues/9424)).
   ([\#10704](https://github.com/matrix-org/synapse/issues/10704))
   - Add type annotations to the `synapse.util` package. ([\#10601](https://github.com/matrix-org/synapse/issues/10601))
   - Ensure `rooms.creator` field is always populated for easy lookup in [MSC2716](https://github.com/matrix-org/matrix-doc/pull/2716) usage later.
   ([\#10697](https://github.com/matrix-org/synapse/issues/10697))
   - Add missing type hints to REST servlets. ([\#10707](https://github.com/matrix-org/synapse/issues/10707), [\#10728](https://github.com/matrix-org/synapse/issues/10728),
   [\#10736](https://github.com/matrix-org/synapse/issues/10736))
   - Do not include rooms with unknown room versions in the spaces summary results. ([\#10727](https://github.com/matrix-org/synapse/issues/10727))
   - Additional error checking for the `preset` field when creating a room. ([\#10738](https://github.com/matrix-org/synapse/issues/10738))
   - Clean up some of the federation event authentication code for clarity. ([\#10744](https://github.com/matrix-org/synapse/issues/10744), [\#10745](https://github.com/matrix-org/synapse/issues/10745),
   [\#10746](https://github.com/matrix-org/synapse/issues/10746), [\#10771](https://github.com/matrix-org/synapse/issues/10771), [\#10773](https://github.com/matrix-org/synapse/issues/10773),
   [\#10781](https://github.com/matrix-org/synapse/issues/10781))
   - Add an index to `presence_stream` to hopefully speed up startups a little. ([\#10748](https://github.com/matrix-org/synapse/issues/10748))
   - Refactor event size checking code to simplify searching the codebase for the origins of certain error strings that are occasionally emitted.
   ([\#10750](https://github.com/matrix-org/synapse/issues/10750))
   - Move tests relating to rooms having encryption out of the user directory tests. ([\#10752](https://github.com/matrix-org/synapse/issues/10752))
   - Use `attrs` internally for the URL preview code & update documentation. ([\#10753](https://github.com/matrix-org/synapse/issues/10753))
   - Minor speed ups when joining large rooms over federation. ([\#10754](https://github.com/matrix-org/synapse/issues/10754), [\#10755](https://github.com/matrix-org/synapse/issues/10755),
   [\#10756](https://github.com/matrix-org/synapse/issues/10756), [\#10780](https://github.com/matrix-org/synapse/issues/10780), [\#10784](https://github.com/matrix-org/synapse/issues/10784))
   - Add a constant for `m.federate`. ([\#10775](https://github.com/matrix-org/synapse/issues/10775))
   - Add a script to update the Debian changelog in a Docker container for systems that are not Debian-based. ([\#10778](https://github.com/matrix-org/synapse/issues/10778))
   - Change the format of authenticated users in logs when a user is being puppeted by and admin user. ([\#10779](https://github.com/matrix-org/synapse/issues/10779))
   - Remove fixed and flakey tests from the Sytest blacklist. ([\#10788](https://github.com/matrix-org/synapse/issues/10788))
   - Improve internal details of the user directory code. ([\#10789](https://github.com/matrix-org/synapse/issues/10789))
   - Use direct references to config flags. ([\#10798](https://github.com/matrix-org/synapse/issues/10798))
   - Ensure the Rust reporter passes type checking with jaeger-client 4.7's type annotations. ([\#10799](https://github.com/matrix-org/synapse/issues/10799))

   Synapse 1.42.0 (2021-09-07)
   =============
   This version of Synapse removes deprecated room-management admin APIs, removes out-of-date email pushers, and improves error handling for fallback templates for user-interactive authentication. For
   more information on these points, server administrators are encouraged to read [the upgrade notes](docs/upgrade.md#upgrading-to-v1420).

   No significant changes since 1.42.0rc2.

   Synapse 1.42.0rc2 (2021-09-06)
   ===============

   Features
   --------

   - Support room version 9 from [MSC3375](https://github.com/matrix-org/matrix-doc/pull/3375). ([\#10747](https://github.com/matrix-org/synapse/issues/10747))

   Internal Changes
   ----------------

   - Print a warning when using one of the deprecated `template_dir` settings. ([\#10768](https://github.com/matrix-org/synapse/issues/10768))

   Synapse 1.42.0rc1 (2021-09-01)
   ===============

   Features
   --------

   - Add support for [MSC3231](https://github.com/matrix-org/matrix-doc/pull/3231): Token authenticated registration. Users can be required to submit a token during registration to authenticate
   themselves. Contributed by Callum Brown. ([\#10142](https://github.com/matrix-org/synapse/issues/10142))
   - Add support for [MSC3283](https://github.com/matrix-org/matrix-doc/pull/3283): Expose `enable_set_displayname` in capabilities. ([\#10452](https://github.com/matrix-org/synapse/issues/10452))
   - Port the `PresenceRouter` module interface to the new generic interface. ([\#10524](https://github.com/matrix-org/synapse/issues/10524))
   - Add pagination to the spaces summary based on updates to [MSC2946](https://github.com/matrix-org/matrix-doc/pull/2946). ([\#10613](https://github.com/matrix-org/synapse/issues/10613),
   [\#10725](https://github.com/matrix-org/synapse/issues/10725))

   Bugfixes
   --------

   - Validate new `m.room.power_levels` events. Contributed by @aaronraimist. ([\#10232](https://github.com/matrix-org/synapse/issues/10232))
   - Display an error on User-Interactive Authentication fallback pages when authentication fails. Contributed by Callum Brown. ([\#10561](https://github.com/matrix-org/synapse/issues/10561))
   - Remove pushers when deleting an e-mail address from an account. Pushers for old unlinked emails will also be deleted. ([\#10581](https://github.com/matrix-org/synapse/issues/10581),
   [\#10734](https://github.com/matrix-org/synapse/issues/10734))
   - Reject Client-Server `/keys/query` requests which provide `device_ids` incorrectly. ([\#10593](https://github.com/matrix-org/synapse/issues/10593))
   - Rooms with unsupported room versions are no longer returned via `/sync`. ([\#10644](https://github.com/matrix-org/synapse/issues/10644))
   - Enforce the maximum length for per-room display names and avatar URLs. ([\#10654](https://github.com/matrix-org/synapse/issues/10654))
   - Fix a bug which caused the `synapse_user_logins_total` Prometheus metric not to be correctly initialised on restart. ([\#10677](https://github.com/matrix-org/synapse/issues/10677))
   - Improve `ServerNoticeServlet` to avoid duplicate requests and add unit tests. ([\#10679](https://github.com/matrix-org/synapse/issues/10679))
   - Fix long-standing issue which caused an error when a thumbnail is requested and there are multiple thumbnails with the same quality rating.
   ([\#10684](https://github.com/matrix-org/synapse/issues/10684))
   - Fix a regression introduced in v1.41.0 which affected the performance of concurrent fetches of large sets of events, in extreme cases causing the process to hang.
   ([\#10703](https://github.com/matrix-org/synapse/issues/10703))
   - Fix a regression introduced in Synapse 1.41 which broke email transmission on Systems using older versions of the Twisted library. ([\#10713](https://github.com/matrix-org/synapse/issues/10713))

   Improved Documentation
   ----------------------

   - Add documentation on how to connect Django with Synapse using OpenID Connect and django-oauth-toolkit. Contributed by @HugoDelval. ([\#10192](https://github.com/matrix-org/synapse/issues/10192))
   - Advertise https://matrix-org.github.io/synapse documentation in the `README` and `CONTRIBUTING` files. ([\#10595](https://github.com/matrix-org/synapse/issues/10595))
   - Fix some of the titles not rendering in the OpenID Connect documentation. ([\#10639](https://github.com/matrix-org/synapse/issues/10639))
   - Minor clarifications to the documentation for reverse proxies. ([\#10708](https://github.com/matrix-org/synapse/issues/10708))
   - Remove table of contents from the top of installation and contributing documentation pages. ([\#10711](https://github.com/matrix-org/synapse/issues/10711))

   Deprecations and Removals
   -------------------------

   - Remove deprecated Shutdown Room and Purge Room Admin API. ([\#8830](https://github.com/matrix-org/synapse/issues/8830))

   Internal Changes
   ----------------

   - Improve type hints for the proxy agent and SRV resolver modules. Contributed by @dklimpel. ([\#10608](https://github.com/matrix-org/synapse/issues/10608))
   - Clean up some of the federation event authentication code for clarity. ([\#10614](https://github.com/matrix-org/synapse/issues/10614), [\#10615](https://github.com/matrix-org/synapse/issues/10615),
   [\#10624](https://github.com/matrix-org/synapse/issues/10624), [\#10640](https://github.com/matrix-org/synapse/issues/10640))
   - Add a comment asking developers to leave a reason when bumping the database schema version. ([\#10621](https://github.com/matrix-org/synapse/issues/10621))
   - Remove not needed database updates in modify user admin API. ([\#10627](https://github.com/matrix-org/synapse/issues/10627))
   - Convert room member storage tuples to `attrs` classes. ([\#10629](https://github.com/matrix-org/synapse/issues/10629), [\#10642](https://github.com/matrix-org/synapse/issues/10642))
   - Use auto-attribs for the attrs classes used in sync. ([\#10630](https://github.com/matrix-org/synapse/issues/10630))
   - Make `backfill` and `get_missing_events` use the same codepath. ([\#10645](https://github.com/matrix-org/synapse/issues/10645))
   - Improve the performance of the `/hierarchy` API (from [MSC2946](https://github.com/matrix-org/matrix-doc/pull/2946)) by caching responses received over federation.
   ([\#10647](https://github.com/matrix-org/synapse/issues/10647))
   - Run a nightly CI build against Twisted trunk. ([\#10651](https://github.com/matrix-org/synapse/issues/10651), [\#10672](https://github.com/matrix-org/synapse/issues/10672))
   - Do not print out stack traces for network errors when fetching data over federation. ([\#10662](https://github.com/matrix-org/synapse/issues/10662))
   - Simplify tests for device admin rest API. ([\#10664](https://github.com/matrix-org/synapse/issues/10664))
   - Add missing type hints to REST servlets. ([\#10665](https://github.com/matrix-org/synapse/issues/10665), [\#10666](https://github.com/matrix-org/synapse/issues/10666),
   [\#10674](https://github.com/matrix-org/synapse/issues/10674))
   - Flatten the `tests.synapse.rests` package by moving the contents of `v1` and `v2_alpha` into the parent. ([\#10667](https://github.com/matrix-org/synapse/issues/10667))
   - Update `complement.sh` to rebuild the base Docker image when run with workers. ([\#10686](https://github.com/matrix-org/synapse/issues/10686))
   - Split the event-processing methods in `FederationHandler` into a separate `FederationEventHandler`. ([\#10692](https://github.com/matrix-org/synapse/issues/10692))
   - Remove unused `compare_digest` function. ([\#10706](https://github.com/matrix-org/synapse/issues/10706))


   To generate a diff of this commit:
   cvs rdiff -u -r1.33 -r1.34 pkgsrc/chat/matrix-synapse/Makefile
   cvs rdiff -u -r1.17 -r1.18 pkgsrc/chat/matrix-synapse/PLIST
   cvs rdiff -u -r1.23 -r1.24 pkgsrc/chat/matrix-synapse/distinfo

-------------------------------------------------------------------
   Module Name:    pkgsrc
   Committed By:   js
   Date:           Fri Nov 19 14:06:08 UTC 2021

   Modified Files:
           pkgsrc/chat/matrix-synapse: Makefile PLIST distinfo

   Log Message:
   Update chat/matrix-synapse to 1.47.0

   Synapse 1.47.0 (2021-11-17)
   =============
   No significant changes since 1.47.0rc3.

   Synapse 1.47.0rc3 (2021-11-16)
   ===============

   Bugfixes
   --------

   - Fix a bug introduced in 1.47.0rc1 which caused worker processes to not halt startup in the presence of outstanding database migrations.
   ([\#11346](https://github.com/matrix-org/synapse/issues/11346))
   - Fix a bug introduced in 1.47.0rc1 which prevented the 'remove deleted devices from `device_inbox` column' background process from running when updating from a recent Synapse version.
   ([\#11303](https://github.com/matrix-org/synapse/issues/11303), [\#11353](https://github.com/matrix-org/synapse/issues/11353))

   Synapse 1.47.0rc2 (2021-11-10)
   ===============

   This fixes an issue with publishing the Debian packages for 1.47.0rc1.
   It is otherwise identical to 1.47.0rc1.

   Synapse 1.47.0rc1 (2021-11-09)
   ===============

   Deprecations and Removals
   -------------------------

   - The `user_may_create_room_with_invites` module callback is now deprecated. Please refer to the [upgrade notes](https://matrix-org.github.io/synapse/develop/upgrade#upgrading-to-v1470) for more
   information. ([\#11206](https://github.com/matrix-org/synapse/issues/11206))
   - Remove deprecated admin API to delete rooms (`POST /_synapse/admin/v1/rooms/<room_id>/delete`). ([\#11213](https://github.com/matrix-org/synapse/issues/11213))

   Features
   --------

   - Advertise support for Client-Server API r0.6.1. ([\#11097](https://github.com/matrix-org/synapse/issues/11097))
   - Add search by room ID and room alias to the List Room admin API. ([\#11099](https://github.com/matrix-org/synapse/issues/11099))
   - Add an `on_new_event` third-party rules callback to allow Synapse modules to act after an event has been sent into a room. ([\#11126](https://github.com/matrix-org/synapse/issues/11126))
   - Add a module API method to update a user's membership in a room. ([\#11147](https://github.com/matrix-org/synapse/issues/11147))
   - Add metrics for thread pool usage. ([\#11178](https://github.com/matrix-org/synapse/issues/11178))
   - Support the stable room type field for [MSC3288](https://github.com/matrix-org/matrix-doc/pull/3288). ([\#11187](https://github.com/matrix-org/synapse/issues/11187))
   - Add a module API method to retrieve the current state of a room. ([\#11204](https://github.com/matrix-org/synapse/issues/11204))
   - Calculate a default value for `public_baseurl` based on `server_name`. ([\#11210](https://github.com/matrix-org/synapse/issues/11210))
   - Add support for serving `/.well-known/matrix/server` files, to redirect federation traffic to port 443. ([\#11211](https://github.com/matrix-org/synapse/issues/11211))
   - Add admin APIs to pause, start and check the status of background updates. ([\#11263](https://github.com/matrix-org/synapse/issues/11263))

   Bugfixes
   --------

   - Fix a long-standing bug which allowed hidden devices to receive to-device messages, resulting in unnecessary database bloat. ([\#10097](https://github.com/matrix-org/synapse/issues/10097))
   - Fix a long-standing bug where messages in the `device_inbox` table for deleted devices would persist indefinitely. Contributed by @dklimpel and @JohannesKleine.
   ([\#10969](https://github.com/matrix-org/synapse/issues/10969), [\#11212](https://github.com/matrix-org/synapse/issues/11212))
   - Do not accept events if a third-party rule `check_event_allowed` callback raises an exception. ([\#11033](https://github.com/matrix-org/synapse/issues/11033))
   - Fix long-standing bug where verification requests could fail in certain cases if a federation whitelist was in place but did not include your own homeserver.
   ([\#11129](https://github.com/matrix-org/synapse/issues/11129))
   - Allow an empty list of `state_events_at_start` to be sent when using the [MSC2716](https://github.com/matrix-org/matrix-doc/pull/2716) `/batch_send` endpoint and the author of the historical
   messages is already part of the current room state at the given `?prev_event_id`. ([\#11188](https://github.com/matrix-org/synapse/issues/11188))
   - Fix a bug introduced in Synapse 1.45.0 which prevented the `synapse_review_recent_signups` script from running. Contributed by @samuel-p.
   ([\#11191](https://github.com/matrix-org/synapse/issues/11191))
   - Delete `to_device` messages for hidden devices that will never be read, reducing database size. ([\#11199](https://github.com/matrix-org/synapse/issues/11199))
   - Fix a long-standing bug wherein a missing `Content-Type` header when downloading remote media would cause Synapse to throw an error. ([\#11200](https://github.com/matrix-org/synapse/issues/11200))
   - Fix a long-standing bug which could result in serialization errors and potentially duplicate transaction data when sending ephemeral events to application services. Contributed by @Fizzadar at
   Beeper. ([\#11207](https://github.com/matrix-org/synapse/issues/11207))
   - Fix a bug introduced in Synapse 1.35.0 which made it impossible to join rooms that return a `send_join` response containing floats. ([\#11217](https://github.com/matrix-org/synapse/issues/11217))
   - Fix long-standing bug where cross signing keys were not included in the response to `/r0/keys/query` the first time a remote user was queried.
   ([\#11234](https://github.com/matrix-org/synapse/issues/11234))
   - Fix a long-standing bug where all requests that read events from the database could get stuck as a result of losing the database connection.
   ([\#11240](https://github.com/matrix-org/synapse/issues/11240))
   - Fix a bug preventing Synapse from being rolled back to an earlier version when using workers. ([\#11255](https://github.com/matrix-org/synapse/issues/11255),
   [\#11276](https://github.com/matrix-org/synapse/issues/11276))
   - Fix a bug introduced in Synapse 1.37.1 which caused a remote event being processed by a worker to not get processed on restart if the worker was killed.
   ([\#11262](https://github.com/matrix-org/synapse/issues/11262))
   - Only allow old Element/Riot Android clients to send read receipts without a request body. All other clients must include a request body as required by the specification. Contributed by @rogersheu.
   ([\#11157](https://github.com/matrix-org/synapse/issues/11157))

   Updates to the Docker image
   ---------------------------

   - Avoid changing user ID when started as a non-root user, and no explicit `UID` is set. ([\#11209](https://github.com/matrix-org/synapse/issues/11209))

   Improved Documentation
   ----------------------

   - Improve example HAProxy config in the docs to properly handle HTTP `Host` headers with port information. This is required for federation over port 443 to work correctly.
   ([\#11128](https://github.com/matrix-org/synapse/issues/11128))
   - Add documentation for using Authentik as an OpenID Connect Identity Provider. Contributed by @samip5. ([\#11151](https://github.com/matrix-org/synapse/issues/11151))
   - Clarify lack of support for Windows. ([\#11198](https://github.com/matrix-org/synapse/issues/11198))
   - Improve code formatting and fix a few typos in docs. Contributed by @sumnerevans at Beeper. ([\#11221](https://github.com/matrix-org/synapse/issues/11221))
   - Add documentation for using LemonLDAP as an OpenID Connect Identity Provider. Contributed by @l00ptr. ([\#11257](https://github.com/matrix-org/synapse/issues/11257))

   Internal Changes
   ----------------

   - Add type annotations for the `log_function` decorator. ([\#10943](https://github.com/matrix-org/synapse/issues/10943))
   - Add type hints to `synapse.events`. ([\#11098](https://github.com/matrix-org/synapse/issues/11098))
   - Remove and document unnecessary `RoomStreamToken` checks in application service ephemeral event code. ([\#11137](https://github.com/matrix-org/synapse/issues/11137))
   - Add type hints so that `synapse.http` passes `mypy` checks. ([\#11164](https://github.com/matrix-org/synapse/issues/11164))
   - Update scripts to pass Shellcheck lints. ([\#11166](https://github.com/matrix-org/synapse/issues/11166))
   - Add knock information in admin export. Contributed by Rafael Gonçalves. ([\#11171](https://github.com/matrix-org/synapse/issues/11171))
   - Add tests to check that `ClientIpStore.get_last_client_ip_by_device` and `get_user_ip_and_agents` combine database and in-memory data correctly.
   ([\#11179](https://github.com/matrix-org/synapse/issues/11179))
   - Refactor `Filter` to check different fields depending on the data type. ([\#11194](https://github.com/matrix-org/synapse/issues/11194))
   - Improve type hints for the relations datastore. ([\#11205](https://github.com/matrix-org/synapse/issues/11205))
   - Replace outdated links in the pull request checklist with links to the rendered documentation. ([\#11225](https://github.com/matrix-org/synapse/issues/11225))
   - Fix a bug in unit test `test_block_room_and_not_purge`. ([\#11226](https://github.com/matrix-org/synapse/issues/11226))
   - In `ObservableDeferred`, run observers in the order they were registered. ([\#11229](https://github.com/matrix-org/synapse/issues/11229))
   - Minor speed up to start up times and getting updates for groups by adding missing index to `local_group_updates.stream_id`. ([\#11231](https://github.com/matrix-org/synapse/issues/11231))
   - Add `twine` and `towncrier` as dev dependencies, as they're used by the release script. ([\#11233](https://github.com/matrix-org/synapse/issues/11233))
   - Allow `stream_writers.typing` config to be a list of one worker. ([\#11237](https://github.com/matrix-org/synapse/issues/11237))
   - Remove debugging statement in tests. ([\#11239](https://github.com/matrix-org/synapse/issues/11239))
   - Fix [MSC2716](https://github.com/matrix-org/matrix-doc/pull/2716) historical messages backfilling in random order on remote homeservers.
   ([\#11244](https://github.com/matrix-org/synapse/issues/11244))
   - Add an additional test for the `cachedList` method decorator. ([\#11246](https://github.com/matrix-org/synapse/issues/11246))
   - Make minor correction to the type of `auth_checkers` callbacks. ([\#11253](https://github.com/matrix-org/synapse/issues/11253))
   - Clean up trivial aspects of the Debian package build tooling. ([\#11269](https://github.com/matrix-org/synapse/issues/11269), [\#11273](https://github.com/matrix-org/synapse/issues/11273))
   - Blacklist new SyTest that checks that key uploads are valid pending the validation being implemented in Synapse. ([\#11270](https://github.com/matrix-org/synapse/issues/11270))

   Synapse 1.46.0 (2021-11-02)
   =============
   The cause of the [performance regression affecting Synapse 1.44](https://github.com/matrix-org/synapse/issues/11049) has been identified and fixed.
   ([\#11177](https://github.com/matrix-org/synapse/issues/11177))

   Bugfixes
   --------

   - Fix a bug introduced in v1.46.0rc1 where URL previews of some XML documents would fail. ([\#11196](https://github.com/matrix-org/synapse/issues/11196))

   Synapse 1.46.0rc1 (2021-10-27)
   ===============

   Features
   --------

   - Add support for Ubuntu 21.10 "Impish Indri". ([\#11024](https://github.com/matrix-org/synapse/issues/11024))
   - Port the Password Auth Providers module interface to the new generic interface. ([\#10548](https://github.com/matrix-org/synapse/issues/10548),
   [\#11180](https://github.com/matrix-org/synapse/issues/11180))
   - Experimental support for the thread relation defined in [MSC3440](https://github.com/matrix-org/matrix-doc/pull/3440). ([\#11088](https://github.com/matrix-org/synapse/issues/11088),
   [\#11181](https://github.com/matrix-org/synapse/issues/11181), [\#11192](https://github.com/matrix-org/synapse/issues/11192))
   - Users admin API can now also modify user type in addition to allowing it to be set on user creation. ([\#11174](https://github.com/matrix-org/synapse/issues/11174))

   Bugfixes
   --------

   - Newly-created public rooms are now only assigned an alias if the room's creation has not been blocked by permission settings. Contributed by @AndrewFerr.
   ([\#10930](https://github.com/matrix-org/synapse/issues/10930))
   - Fix a long-standing bug which meant that events received over federation were sometimes incorrectly accepted into the room state. ([\#11001](https://github.com/matrix-org/synapse/issues/11001),
   [\#11009](https://github.com/matrix-org/synapse/issues/11009), [\#11012](https://github.com/matrix-org/synapse/issues/11012))
   - Fix 500 error on `/messages` when the server accumulates more than 5 backwards extremities at a given depth for a room. ([\#11027](https://github.com/matrix-org/synapse/issues/11027))
   - Fix a bug where setting a user's `external_id` via the admin API returns 500 and deletes user's existing external mappings if that external ID is already mapped.
   ([\#11051](https://github.com/matrix-org/synapse/issues/11051))
   - Fix a long-standing bug where users excluded from the user directory were added into the directory if they belonged to a room which became public or private.
   ([\#11075](https://github.com/matrix-org/synapse/issues/11075))
   - Fix a long-standing bug when attempting to preview URLs which are in the `windows-1252` character encoding. ([\#11077](https://github.com/matrix-org/synapse/issues/11077),
   [\#11089](https://github.com/matrix-org/synapse/issues/11089))
   - Fix broken export-data admin command and add test script checking the command to CI. ([\#11078](https://github.com/matrix-org/synapse/issues/11078))
   - Show an error when timestamp in seconds is provided to the `/purge_media_cache` Admin API. ([\#11101](https://github.com/matrix-org/synapse/issues/11101))
   - Fix local users who left all their rooms being removed from the user directory, even if the `search_all_users` config option was enabled.
   ([\#11103](https://github.com/matrix-org/synapse/issues/11103))
   - Fix a bug which caused the module API's `get_user_ip_and_agents` function to always fail on workers. `get_user_ip_and_agents` was introduced in 1.44.0 and did not function correctly on worker
   processes at the time. ([\#11112](https://github.com/matrix-org/synapse/issues/11112))
   - Identity server connection is no longer ignoring `ip_range_whitelist`. ([\#11120](https://github.com/matrix-org/synapse/issues/11120))
   - Fix a bug introduced in Synapse 1.45.0 breaking the configuration file parsing script. ([\#11145](https://github.com/matrix-org/synapse/issues/11145))
   - Fix a performance regression introduced in 1.44.0 which could cause client requests to time out when making large numbers of outbound requests.
   ([\#11177](https://github.com/matrix-org/synapse/issues/11177), [\#11190](https://github.com/matrix-org/synapse/issues/11190))
   - Resolve and share `state_groups` for all [MSC2716](https://github.com/matrix-org/matrix-doc/pull/2716) historical events in batch. ([\#10975](https://github.com/matrix-org/synapse/issues/10975))

   Improved Documentation
   ----------------------

   - Fix broken links relating to module API deprecation in the upgrade notes. ([\#11069](https://github.com/matrix-org/synapse/issues/11069))
   - Add more information about what happens when a user is deactivated. ([\#11083](https://github.com/matrix-org/synapse/issues/11083))
   - Clarify the the sample log config can be copied from the documentation without issue. ([\#11092](https://github.com/matrix-org/synapse/issues/11092))
   - Update the admin API documentation with an updated list of the characters allowed in registration tokens. ([\#11093](https://github.com/matrix-org/synapse/issues/11093))
   - Document Synapse's behaviour when dealing with multiple modules registering the same callbacks and/or handlers for the same HTTP endpoints.
   ([\#11096](https://github.com/matrix-org/synapse/issues/11096))
   - Fix instances of `[example]{.title-ref}` in the upgrade documentation as a result of prior RST to Markdown conversion. ([\#11118](https://github.com/matrix-org/synapse/issues/11118))
   - Document the version of Synapse each module callback was introduced in. ([\#11132](https://github.com/matrix-org/synapse/issues/11132))
   - Document the version of Synapse that introduced each module API method. ([\#11183](https://github.com/matrix-org/synapse/issues/11183))

   Internal Changes
   ----------------
   - Fix spurious warnings about losing the logging context on the `ReplicationCommandHandler` when losing the replication connection. ([\#10984](https://github.com/matrix-org/synapse/issues/10984))
   - Include rejected status when we log events. ([\#11008](https://github.com/matrix-org/synapse/issues/11008))
   - Add some extra logging to the event persistence code. ([\#11014](https://github.com/matrix-org/synapse/issues/11014))
   - Rearrange the internal workings of the incremental user directory updates. ([\#11035](https://github.com/matrix-org/synapse/issues/11035))
   - Fix a long-standing bug where users excluded from the directory could still be added to the `users_who_share_private_rooms` table after a regular user joins a private room.
   ([\#11143](https://github.com/matrix-org/synapse/issues/11143))
   - Add and improve type hints. ([\#10972](https://github.com/matrix-org/synapse/issues/10972), [\#11055](https://github.com/matrix-org/synapse/issues/11055),
   [\#11066](https://github.com/matrix-org/synapse/issues/11066), [\#11076](https://github.com/matrix-org/synapse/issues/11076), [\#11095](https://github.com/matrix-org/synapse/issues/11095),
   [\#11109](https://github.com/matrix-org/synapse/issues/11109), [\#11121](https://github.com/matrix-org/synapse/issues/11121), [\#11146](https://github.com/matrix-org/synapse/issues/11146))
   - Mark the Synapse package as containing type annotations and fix export declarations so that Synapse pluggable modules may be type checked against Synapse.
   ([\#11054](https://github.com/matrix-org/synapse/issues/11054))
   - Remove dead code from `MediaFilePaths`. ([\#11056](https://github.com/matrix-org/synapse/issues/11056))
   - Be more lenient when parsing oEmbed response versions. ([\#11065](https://github.com/matrix-org/synapse/issues/11065))
   - Create a separate module for the retention configuration. ([\#11070](https://github.com/matrix-org/synapse/issues/11070))
   - Clean up some of the federation event authentication code for clarity. ([\#11115](https://github.com/matrix-org/synapse/issues/11115), [\#11116](https://github.com/matrix-org/synapse/issues/11116),
   [\#11122](https://github.com/matrix-org/synapse/issues/11122))
   - Add docstrings and comments to the application service ephemeral event sending code. ([\#11138](https://github.com/matrix-org/synapse/issues/11138))
   - Update the `sign_json` script to support inline configuration of the signing key. ([\#11139](https://github.com/matrix-org/synapse/issues/11139))
   - Fix broken link in the docker image README. ([\#11144](https://github.com/matrix-org/synapse/issues/11144))
   - Always dump logs from unit tests during CI runs. ([\#11068](https://github.com/matrix-org/synapse/issues/11068))
   - Add tests for `MediaFilePaths` class. ([\#11057](https://github.com/matrix-org/synapse/issues/11057))
   - Simplify the user admin API tests. ([\#11048](https://github.com/matrix-org/synapse/issues/11048))
   - Add a test for the workaround introduced in [\#11042](https://github.com/matrix-org/synapse/pull/11042) concerning the behaviour of third-party rule modules and `SynapseError`s.
   ([\#11071](https://github.com/matrix-org/synapse/issues/11071))

   Synapse 1.45.1 (2021-10-20)
   =============
   Bugfixes
   --------

   - Revert change to counting of deactivated users towards the monthly active users limit, introduced in 1.45.0rc1. ([\#11127](https://github.com/matrix-org/synapse/issues/11127))

   Synapse 1.45.0 (2021-10-19)
   =============
   No functional changes since Synapse 1.45.0rc2.

   Known Issues
   ------------

   - A suspected [performance regression](https://github.com/matrix-org/synapse/issues/11049) which was first reported after the release of 1.44.0 remains unresolved.

     We have not been able to identify a probable cause. Affected users report that setting up a federation sender worker appears to alleviate symptoms of the regression.

   Improved Documentation
   ----------------------

   - Reword changelog to clarify concerns about a suspected performance regression in 1.44.0. ([\#11117](https://github.com/matrix-org/synapse/issues/11117))

   Synapse 1.45.0rc2 (2021-10-14)
   ===============

   This release candidate [fixes](https://github.com/matrix-org/synapse/issues/11053) a user directory [bug](https://github.com/matrix-org/synapse/issues/11025) present in 1.45.0rc1.

   Known Issues
   ------------

   - A suspected [performance regression](https://github.com/matrix-org/synapse/issues/11049) which was first reported after the release of 1.44.0 remains unresolved.

     We have not been able to identify a probable cause. Affected users report that setting up a federation sender worker appears to alleviate symptoms of the regression.

   Bugfixes
   --------

   - Fix a long-standing bug when using multiple event persister workers where events were not correctly sent down `/sync` due to a race. ([\#11045](https://github.com/matrix-org/synapse/issues/11045))
   - Fix a bug introduced in Synapse 1.45.0rc1 where the user directory would stop updating if it processed an event from a
     user not in the `users` table. ([\#11053](https://github.com/matrix-org/synapse/issues/11053))
   - Fix a bug introduced in Synapse 1.44.0 when logging errors during oEmbed processing. ([\#11061](https://github.com/matrix-org/synapse/issues/11061))

   Internal Changes
   ----------------

   - Add an 'approximate difference' method to `StateFilter`. ([\#10825](https://github.com/matrix-org/synapse/issues/10825))
   - Fix inconsistent behavior of `get_last_client_by_ip` when reporting data that has not been stored in the database yet. ([\#10970](https://github.com/matrix-org/synapse/issues/10970))
   - Fix a bug introduced in Synapse 1.21.0 that causes opentracing and Prometheus metrics for replication requests to be measured incorrectly.
   ([\#10996](https://github.com/matrix-org/synapse/issues/10996))
   - Ensure that cache config tests do not share state. ([\#11036](https://github.com/matrix-org/synapse/issues/11036))

   Synapse 1.45.0rc1 (2021-10-12)
   ===============

   **Note:** Media storage providers module that read from Synapse's configuration need changes as of this version, see the [upgrade
   notes](https://matrix-org.github.io/synapse/develop/upgrade#upgrading-to-v1450) for more information.

   Known Issues
   ------------

   - We are investigating [a performance issue](https://github.com/matrix-org/synapse/issues/11049) which was reported after the release of 1.44.0.
   - We are aware of [a bug](https://github.com/matrix-org/synapse/issues/11025) with the user directory when using application services. A second release candidate is expected which will resolve this.

   Features
   --------

   - Add [MSC3069](https://github.com/matrix-org/matrix-doc/pull/3069) support to `/account/whoami`. ([\#9655](https://github.com/matrix-org/synapse/issues/9655))
   - Support autodiscovery of oEmbed previews. ([\#10822](https://github.com/matrix-org/synapse/issues/10822))
   - Add a `user_may_send_3pid_invite` spam checker callback for modules to allow or deny 3PID invites. ([\#10894](https://github.com/matrix-org/synapse/issues/10894))
   - Add a spam checker callback to allow or deny room joins. ([\#10910](https://github.com/matrix-org/synapse/issues/10910))
   - Include an `update_synapse_database` script in the distribution. Contributed by @Fizzadar at Beeper. ([\#10954](https://github.com/matrix-org/synapse/issues/10954))
   - Include exception information in JSON logging output. Contributed by @Fizzadar at Beeper. ([\#11028](https://github.com/matrix-org/synapse/issues/11028))

   Bugfixes
   --------

   - Fix a minor bug in the response to `/_matrix/client/r0/voip/turnServer`. Contributed by @lukaslihotzki. ([\#10922](https://github.com/matrix-org/synapse/issues/10922))
   - Fix a bug where empty `yyyy-mm-dd/` directories would be left behind in the media store's `url_cache_thumbnails/` directory. ([\#10924](https://github.com/matrix-org/synapse/issues/10924))
   - Fix a bug introduced in Synapse v1.40.0 where the signature checks for room version 8 and 9 could be applied to earlier room versions in some situations.
   ([\#10927](https://github.com/matrix-org/synapse/issues/10927))
   - Fix a long-standing bug wherein deactivated users still count towards the monthly active users limit. ([\#10947](https://github.com/matrix-org/synapse/issues/10947))
   - Fix a long-standing bug which meant that events received over federation were sometimes incorrectly accepted into the room state. ([\#10956](https://github.com/matrix-org/synapse/issues/10956))
   - Fix a long-standing bug where rebuilding the user directory wouldn't exclude support and deactivated users. ([\#10960](https://github.com/matrix-org/synapse/issues/10960))
   - Fix [MSC2716](https://github.com/matrix-org/matrix-doc/pull/2716) `/batch_send` endpoint rejecting subsequent batches with unknown batch ID error in existing room versions from the room creator.
   ([\#10962](https://github.com/matrix-org/synapse/issues/10962))
   - Fix a bug that could leak local users' per-room nicknames and avatars when the user directory is rebuilt. ([\#10981](https://github.com/matrix-org/synapse/issues/10981))
   - Fix a long-standing bug where the remainder of a batch of user directory changes would be silently dropped if the server left a room early in the batch.
   ([\#10982](https://github.com/matrix-org/synapse/issues/10982))
   - Correct a bugfix introduced in Synapse v1.44.0 that would catch the wrong error if a connection is lost before a response could be written to it.
   ([\#10995](https://github.com/matrix-org/synapse/issues/10995))
   - Fix a long-standing bug where local users' per-room nicknames/avatars were visible to anyone who could see you in the user directory. ([\#11002](https://github.com/matrix-org/synapse/issues/11002))
   - Fix a long-standing bug where a user's per-room nickname/avatar would overwrite their profile in the user directory when a room was made public.
   ([\#11003](https://github.com/matrix-org/synapse/issues/11003))
   - Work around a regression, introduced in Synapse v1.39.0, that caused `SynapseError`s raised by the experimental third-party rules module callback `check_event_allowed` to be ignored.
   ([\#11042](https://github.com/matrix-org/synapse/issues/11042))
   - Fix a bug in [MSC2716](https://github.com/matrix-org/matrix-doc/pull/2716) insertion events in rooms that could cause cross-talk/conflicts between batches.
   ([\#10877](https://github.com/matrix-org/synapse/issues/10877))

   Improved Documentation
   ----------------------

   - Change wording ("reference homeserver") in Synapse repository documentation. Contributed by @maxkratz. ([\#10971](https://github.com/matrix-org/synapse/issues/10971))
   - Fix a dead URL in development documentation (SAML) and change wording from "Riot" to "Element". Contributed by @maxkratz. ([\#10973](https://github.com/matrix-org/synapse/issues/10973))
   - Add additional content to the Welcome and Overview page of the documentation. ([\#10990](https://github.com/matrix-org/synapse/issues/10990))
   - Update links to MSCs in documentation. Contributed by @dklimpel. ([\#10991](https://github.com/matrix-org/synapse/issues/10991))

   Internal Changes
   ----------------

   - Improve type hinting in `synapse.util`. ([\#10888](https://github.com/matrix-org/synapse/issues/10888))
   - Add further type hints to `synapse.storage.util`. ([\#10892](https://github.com/matrix-org/synapse/issues/10892))
   - Fix type hints to be compatible with an upcoming change to Twisted. ([\#10895](https://github.com/matrix-org/synapse/issues/10895))
   - Update utility code to handle C implementations of frozendict. ([\#10902](https://github.com/matrix-org/synapse/issues/10902))
   - Drop old functionality which maintained database compatibility with Synapse versions before v1.31. ([\#10903](https://github.com/matrix-org/synapse/issues/10903))
   - Clean-up configuration helper classes for the `ServerConfig` class. ([\#10915](https://github.com/matrix-org/synapse/issues/10915))
   - Use direct references to config flags. ([\#10916](https://github.com/matrix-org/synapse/issues/10916), [\#10959](https://github.com/matrix-org/synapse/issues/10959),
   [\#10985](https://github.com/matrix-org/synapse/issues/10985))
   - Clean up some of the federation event authentication code for clarity. ([\#10926](https://github.com/matrix-org/synapse/issues/10926), [\#10940](https://github.com/matrix-org/synapse/issues/10940),
   [\#10986](https://github.com/matrix-org/synapse/issues/10986), [\#10987](https://github.com/matrix-org/synapse/issues/10987), [\#10988](https://github.com/matrix-org/synapse/issues/10988),
   [\#11010](https://github.com/matrix-org/synapse/issues/11010), [\#11011](https://github.com/matrix-org/synapse/issues/11011))
   - Refactor various parts of the codebase to use `RoomVersion` objects instead of room version identifier strings. ([\#10934](https://github.com/matrix-org/synapse/issues/10934))
   - Refactor user directory tests in preparation for upcoming changes. ([\#10935](https://github.com/matrix-org/synapse/issues/10935))
   - Include the event id in the logcontext when handling PDUs received over federation. ([\#10936](https://github.com/matrix-org/synapse/issues/10936))
   - Fix logged errors in unit tests. ([\#10939](https://github.com/matrix-org/synapse/issues/10939))
   - Fix a broken test to ensure that consent configuration works during registration. ([\#10945](https://github.com/matrix-org/synapse/issues/10945))
   - Add type hints to filtering classes. ([\#10958](https://github.com/matrix-org/synapse/issues/10958))
   - Add type-hint to `HomeserverTestcase.setup_test_homeserver`. ([\#10961](https://github.com/matrix-org/synapse/issues/10961))
   - Fix the test utility function `create_room_as` so that `is_public=True` will explicitly set the `visibility` parameter of room creation requests to `public`. Contributed by @AndrewFerr.
   ([\#10963](https://github.com/matrix-org/synapse/issues/10963))
   - Make the release script more robust and transparent. ([\#10966](https://github.com/matrix-org/synapse/issues/10966))
   - Refactor [MSC2716](https://github.com/matrix-org/matrix-doc/pull/2716) `/batch_send` mega function into smaller handler functions. ([\#10974](https://github.com/matrix-org/synapse/issues/10974))
   - Log stack traces when a missing opentracing span is detected. ([\#10983](https://github.com/matrix-org/synapse/issues/10983))
   - Update GHA config to run tests against Python 3.10 and PostgreSQL 14. ([\#10992](https://github.com/matrix-org/synapse/issues/10992))
   - Fix a long-standing bug where `ReadWriteLock`s could drop logging contexts on exit. ([\#10993](https://github.com/matrix-org/synapse/issues/10993))
   - Add a `CODEOWNERS` file to automatically request reviews from the `@matrix-org/synapse-core` team on new pull requests. ([\#10994](https://github.com/matrix-org/synapse/issues/10994))
   - Add further type hints to `synapse.state`. ([\#11004](https://github.com/matrix-org/synapse/issues/11004))
   - Remove the deprecated `BaseHandler` object. ([\#11005](https://github.com/matrix-org/synapse/issues/11005))
   - Bump mypy version for CI to 0.910, and pull in new type stubs for dependencies. ([\#11006](https://github.com/matrix-org/synapse/issues/11006))
   - Fix CI to run the unit tests without optional deps. ([\#11017](https://github.com/matrix-org/synapse/issues/11017))
   - Ensure that cache config tests do not share state. ([\#11019](https://github.com/matrix-org/synapse/issues/11019))
   - Add additional type hints to `synapse.server_notices`. ([\#11021](https://github.com/matrix-org/synapse/issues/11021))
   - Add additional type hints for `synapse.push`. ([\#11023](https://github.com/matrix-org/synapse/issues/11023))
   - When installing the optional developer dependencies, also include the dependencies needed for type-checking and unit testing. ([\#11034](https://github.com/matrix-org/synapse/issues/11034))
   - Remove unnecessary list comprehension from `synapse_port_db` to satisfy code style requirements. ([\#11043](https://github.com/matrix-org/synapse/issues/11043))

   Synapse 1.44.0 (2021-10-05)
   =============
   No significant changes since 1.44.0rc3.

   Synapse 1.44.0rc3 (2021-10-04)
   ===============

   Bugfixes
   --------

   - Fix a bug introduced in Synapse v1.40.0 where changing a user's display name or avatar in a restricted room would cause an authentication error.
   ([\#10933](https://github.com/matrix-org/synapse/issues/10933))
   - Fix `/admin/whois/{user_id}` endpoint, which was broken in v1.44.0rc1. ([\#10968](https://github.com/matrix-org/synapse/issues/10968))

   Synapse 1.44.0rc2 (2021-09-30)
   ===============

   Bugfixes
   --------

   - Fix a bug introduced in v1.44.0rc1 which caused the experimental [MSC2716](https://github.com/matrix-org/matrix-doc/pull/2716) `/batch_send` endpoint to return a 500 error.
   ([\#10938](https://github.com/matrix-org/synapse/issues/10938))
   - Fix a bug introduced in v1.44.0rc1 which prevented sending presence events to application services. ([\#10944](https://github.com/matrix-org/synapse/issues/10944))

   Improved Documentation
   ----------------------

   - Minor updates to the installation instructions. ([\#10919](https://github.com/matrix-org/synapse/issues/10919))

   Synapse 1.44.0rc1 (2021-09-29)
   ===============

   Features
   --------

   - Only allow the [MSC2716](https://github.com/matrix-org/matrix-doc/pull/2716) `/batch_send?chunk_id=xxx` endpoint to connect to an already existing insertion event.
   ([\#10776](https://github.com/matrix-org/synapse/issues/10776))
   - Improve oEmbed URL previews by processing the author name, photo, and video information. ([\#10814](https://github.com/matrix-org/synapse/issues/10814),
   [\#10819](https://github.com/matrix-org/synapse/issues/10819))
   - Speed up responding with large JSON objects to requests. ([\#10868](https://github.com/matrix-org/synapse/issues/10868), [\#10905](https://github.com/matrix-org/synapse/issues/10905))
   - Add a `user_may_create_room_with_invites` spam checker callback to allow modules to allow or deny a room creation request based on the invites and/or 3PID invites it includes.
   ([\#10898](https://github.com/matrix-org/synapse/issues/10898))

   Bugfixes
   --------

   - Fix a long-standing bug that caused an `AssertionError` when purging history in certain rooms. Contributed by @Kokokokoka. ([\#10690](https://github.com/matrix-org/synapse/issues/10690))
   - Fix a long-standing bug which caused deactivated users that were later reactivated to be missing from the user directory. ([\#10782](https://github.com/matrix-org/synapse/issues/10782))
   - Fix a long-standing bug that caused unbanning a user by sending a membership event to fail. Contributed by @aaronraimist. ([\#10807](https://github.com/matrix-org/synapse/issues/10807))
   - Fix a long-standing bug where logging contexts would go missing when federation requests time out. ([\#10810](https://github.com/matrix-org/synapse/issues/10810))
   - Fix a long-standing bug causing an error in the deprecated `/initialSync` endpoint when using the undocumented `from` and `to` parameters.
   ([\#10827](https://github.com/matrix-org/synapse/issues/10827))
   - Fix a bug causing the `remove_stale_pushers` background job to repeatedly fail and log errors. This bug affected Synapse servers that had been upgraded from version 1.28 or older and are using
   SQLite. ([\#10843](https://github.com/matrix-org/synapse/issues/10843))
   - Fix a long-standing bug in Unicode support of the room search admin API breaking search for rooms with non-ASCII characters. ([\#10859](https://github.com/matrix-org/synapse/issues/10859))
   - Fix a bug introduced in Synapse 1.37.0 which caused `knock` membership events which we sent to remote servers to be incorrectly stored in the local database.
   ([\#10873](https://github.com/matrix-org/synapse/issues/10873))
   - Fix invalidating one-time key count cache after claiming keys. The bug was introduced in Synapse v1.41.0. Contributed by Tulir at Beeper.
   ([\#10875](https://github.com/matrix-org/synapse/issues/10875))
   - Fix a long-standing bug causing application service users to be subject to MAU blocking if the MAU limit had been reached, even if configured not to be blocked.
   ([\#10881](https://github.com/matrix-org/synapse/issues/10881))
   - Fix a long-standing bug which could cause events pulled over federation to be incorrectly rejected. ([\#10907](https://github.com/matrix-org/synapse/issues/10907))
   - Fix a long-standing bug causing URL cache files to be stored in storage providers. Server admins may safely delete the `url_cache/` and `url_cache_thumbnails/` directories from any configured
   storage providers to reclaim space. ([\#10911](https://github.com/matrix-org/synapse/issues/10911))
   - Fix a long-standing bug leading to race conditions when creating media store and config directories. ([\#10913](https://github.com/matrix-org/synapse/issues/10913))

   Improved Documentation
   ----------------------

   - Fix some crashes in the Module API example code, by adding JSON encoding/decoding. ([\#10845](https://github.com/matrix-org/synapse/issues/10845))
   - Add developer documentation about experimental configuration flags. ([\#10865](https://github.com/matrix-org/synapse/issues/10865))
   - Properly remove deleted files from GitHub pages when generating the documentation. ([\#10869](https://github.com/matrix-org/synapse/issues/10869))

   Internal Changes
   ----------------

   - Fix GitHub Actions config so we can run sytest on synapse from parallel branches. ([\#10659](https://github.com/matrix-org/synapse/issues/10659))
   - Split out [MSC2716](https://github.com/matrix-org/matrix-doc/pull/2716) meta events to their own fields in the `/batch_send` response. ([\#10777](https://github.com/matrix-org/synapse/issues/10777))
   - Add missing type hints to REST servlets. ([\#10785](https://github.com/matrix-org/synapse/issues/10785), [\#10817](https://github.com/matrix-org/synapse/issues/10817))
   - Simplify the internal logic which maintains the user directory database tables. ([\#10796](https://github.com/matrix-org/synapse/issues/10796))
   - Use direct references to config flags. ([\#10812](https://github.com/matrix-org/synapse/issues/10812), [\#10885](https://github.com/matrix-org/synapse/issues/10885),
   [\#10893](https://github.com/matrix-org/synapse/issues/10893), [\#10897](https://github.com/matrix-org/synapse/issues/10897))
   - Specify the type of token in generic "Invalid token" error messages. ([\#10815](https://github.com/matrix-org/synapse/issues/10815))
   - Make `StateFilter` frozen so it is hashable. ([\#10816](https://github.com/matrix-org/synapse/issues/10816))
   - Fix a long-standing bug where an `m.room.message` event containing a null byte would cause an internal server error. ([\#10820](https://github.com/matrix-org/synapse/issues/10820))
   - Add type hints to the state database. ([\#10823](https://github.com/matrix-org/synapse/issues/10823))
   - Opt out of cache expiry for `get_users_who_share_room_with_user`, to hopefully improve `/sync` performance when you
     haven't synced recently. ([\#10826](https://github.com/matrix-org/synapse/issues/10826))
   - Track cache eviction rates more finely in Prometheus's monitoring. ([\#10829](https://github.com/matrix-org/synapse/issues/10829))
   - Add missing type hints to `synapse.handlers`. ([\#10831](https://github.com/matrix-org/synapse/issues/10831), [\#10856](https://github.com/matrix-org/synapse/issues/10856))
   - Extend the Module API to let plug-ins check whether an ID is local and to access IP + User Agent data. ([\#10833](https://github.com/matrix-org/synapse/issues/10833))
   - Factor out PNG image data to a constant to be used in several tests. ([\#10834](https://github.com/matrix-org/synapse/issues/10834))
   - Add a test to ensure state events sent by modules get persisted correctly. ([\#10835](https://github.com/matrix-org/synapse/issues/10835))
   - Rename [MSC2716](https://github.com/matrix-org/matrix-doc/pull/2716) fields and event types from `chunk` to `batch` to match the `/batch_send` endpoint.
   ([\#10838](https://github.com/matrix-org/synapse/issues/10838))
   - Rename [MSC2716](https://github.com/matrix-org/matrix-doc/pull/2716) `/batch_send` query parameter from `?prev_event` to more obvious usage with `?prev_event_id`.
   ([\#10839](https://github.com/matrix-org/synapse/issues/10839))
   - Add type hints to `synapse.http.site`. ([\#10867](https://github.com/matrix-org/synapse/issues/10867))
   - Include outlier status when we log V2 or V3 events. ([\#10879](https://github.com/matrix-org/synapse/issues/10879))
   - Break down Grafana's cache expiry time series based on reason for eviction, c.f. [\#10829](https://github.com/matrix-org/synapse/issues/10829).
   ([\#10880](https://github.com/matrix-org/synapse/issues/10880))
   - Clean up some of the federation event authentication code for clarity. ([\#10883](https://github.com/matrix-org/synapse/issues/10883), [\#10884](https://github.com/matrix-org/synapse/issues/10884),
   [\#10896](https://github.com/matrix-org/synapse/issues/10896), [\#10901](https://github.com/matrix-org/synapse/issues/10901))
   - Allow the `.` and `~` characters when creating registration tokens as per the change to [MSC3231](https://github.com/matrix-org/matrix-doc/pull/3231).
   ([\#10887](https://github.com/matrix-org/synapse/issues/10887))
   - Clean up some unnecessary parentheses in places around the codebase. ([\#10889](https://github.com/matrix-org/synapse/issues/10889))
   - Improve type hinting in the user directory code. ([\#10891](https://github.com/matrix-org/synapse/issues/10891))
   - Update development testing script `test_postgresql.sh` to use a supported Python version and make re-runs quicker. ([\#10906](https://github.com/matrix-org/synapse/issues/10906))
   - Document and summarize changes in schema version `61` – `64`. ([\#10917](https://github.com/matrix-org/synapse/issues/10917))
   - Update release script to sign the newly created git tags. ([\#10925](https://github.com/matrix-org/synapse/issues/10925))
   - Fix Debian builds due to `dh-virtualenv` no longer being able to build their docs. ([\#10931](https://github.com/matrix-org/synapse/issues/10931))


   To generate a diff of this commit:
   cvs rdiff -u -r1.34 -r1.35 pkgsrc/chat/matrix-synapse/Makefile
   cvs rdiff -u -r1.18 -r1.19 pkgsrc/chat/matrix-synapse/PLIST
   cvs rdiff -u -r1.26 -r1.27 pkgsrc/chat/matrix-synapse/distinfo

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	gdt
   Date:		Tue Nov 23 12:47:51 UTC 2021

   Modified Files:
   	pkgsrc/chat/matrix-synapse: Makefile distinfo

   Log Message:
   chat/matrix-synapse: Update to 1.47.1 (security)

   Synapse 1.47.1 (2021-11-23)
   ======This release fixes a security issue in the media store, affecting all prior releases of Synapse. Server administrators are encouraged to update Synapse as soon as possible. We are not aware of these vulnerabilities being exploited in the wild.

   Server administrators who are unable to update Synapse may use the workarounds described in the linked GitHub Security Advisory below.

   Security advisory
   -----------------

   The following issue is fixed in 1.47.1.

   - **[GHSA-3hfw-x7gx-437c](https://github.com/matrix-org/synapse/security/advisories/GHSA-3hfw-x7gx-437c) / [CVE-2021-41281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41281): Path traversal when downloading remote media.**

     Synapse instances with the media repository enabled can be tricked into downloading a file from a remote server into an arbitrary directory, potentially outside the media store directory.

     The last two directories and file name of the path are chosen randomly by Synapse and cannot be controlled by an attacker, which limits the impact.

     Homeservers with the media repository disabled are unaffected. Homeservers configured with a federation whitelist are also unaffected.

     Fixed by [91f2bd090](https://github.com/matrix-org/synapse/commit/91f2bd090).


   To generate a diff of this commit:
   cvs rdiff -u -r1.35 -r1.36 pkgsrc/chat/matrix-synapse/Makefile
   cvs rdiff -u -r1.27 -r1.28 pkgsrc/chat/matrix-synapse/distinfo
@t3chguy t3chguy mentioned this pull request Nov 15, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@clokep clokep clokep left review comments

@MadLittleMods MadLittleMods MadLittleMods left review comments

@uhoreg uhoreg uhoreg left review comments

@ara4n ara4n ara4n left review comments

@richvdh richvdh richvdh left review comments

@t3chguy t3chguy t3chguy left review comments

@tulir tulir tulir left review comments

@babolivier babolivier babolivier left review comments

@erkinalp erkinalp erkinalp left review comments

@KitsuneRal KitsuneRal KitsuneRal left review comments

@turt2live turt2live turt2live requested changes

Assignees
No one assigned
Labels
client-server Client-Server API kind:maintenance MSC which clarifies/updates existing spec proposal A matrix spec change proposal rejected A proposal which has been rejected for inclusion in the spec
Projects
Spec Core Team Backlog
Archived in project
Spec Core Team Backlog
  
Done to some definition
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet