Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Drop support for delegating email validation #13192

Merged
merged 10 commits into from
Jul 12, 2022

Conversation

richvdh
Copy link
Member

@richvdh richvdh commented Jul 5, 2022

Delegating email validation to an IS is insecure (since it allows the owner of the IS to do a password reset on your HS), and has long been discouraged. It will now cause a config error at startup.

Part of #5881. Reviewable commit-by-commit.

@richvdh richvdh force-pushed the rav/drop_email_validation_delegation branch from d375408 to 61df162 Compare July 6, 2022 12:25
richvdh added 6 commits July 6, 2022 15:46
Delegating email validation to an IS is insecure (since it allows the owner of
the IS to do a password reset on your HS), and has long been deprecated. It
will now cause a config error at startup.
Give it an `email` config instead of a threepid delegate
Rather than an enum and a boolean, all we need here is a single bool, which
says whether we are or are not doing email verification.
@richvdh richvdh force-pushed the rav/drop_email_validation_delegation branch from 61df162 to 8c2936d Compare July 6, 2022 14:46
@richvdh richvdh marked this pull request as ready for review July 6, 2022 16:07
@richvdh richvdh requested a review from a team as a code owner July 6, 2022 16:07
Copy link
Contributor

@reivilibre reivilibre left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM — thanks :-).

docs/upgrade.md Outdated Show resolved Hide resolved
this will be in 1.64, not 1.63
@DMRobertson
Copy link
Contributor

Complement failure is a known flake. Merging manually.

@DMRobertson DMRobertson disabled auto-merge July 12, 2022 18:18
@DMRobertson DMRobertson merged commit fa71bb1 into develop Jul 12, 2022
@DMRobertson DMRobertson deleted the rav/drop_email_validation_delegation branch July 12, 2022 18:18
@3nprob
Copy link
Contributor

3nprob commented Jul 26, 2022

@richvdh @DMRobertson Think it would be possible to either reconsider or delay the full deprecation of this and make enabling the setting a warning only for now? Installations currently depending on this for example those (still) on ma1sd or custom identity servers may need to figure out migration strategies.

has long been discouraged

where has this been communicated?

Consider cases where IS and HS are administered by the same entity - delegating account security to the IS is a feature, not a bug, and not a reduction in security, in some scenarios.

In any case, I know of multiple HSes that will need to either fork synapse or stay at 1.63.x if this is pursued like planned in 1.64. Some heads-up before breakages like this would be expected.

@theAeon
Copy link

theAeon commented Jul 27, 2022

Currently use ma1sd to restrict email verification by domain-would greatly appreciate at least a release cycle to figure out how the heck I'm migrating.

@richvdh
Copy link
Member Author

richvdh commented Jul 27, 2022

Hrm, we've been talking about this for so long within the team that I assumed everyone knew about it, but now that I come to have a look it does indeed look like we've done a poor job of communicating it, so my apologies for landing it without fair warning.

The problem with this feature is that it relies on unspecified Identity Service APIs (POST /_matrix/identity/api/v1/validate/email/requestToken, GET /_matrix/identity/api/v1/3pid/getValidated3pid), both of which were removed from the spec two years ago, so it's not appropriate for mainline Synapse to continue using them.

I've not used ma1sd, but I'm afraid I don't entirely understand the usecase: why is it preferable to delegate email-sending to it rather than have synapse send email directly?

Currently use ma1sd to restrict email verification by domain

I think you may be able to achieve this result via allowed_local_3pids (possibly in conjunction with registrations_require_3pid).

Rather than continue to discuss on a closed PR, please could you open a new issue describing your usecase and explaining why it's not met by having synapse send verification emails directly?

@theAeon
Copy link

theAeon commented Jul 27, 2022 via email

@richvdh
Copy link
Member Author

richvdh commented Jul 27, 2022

I'm happy to drop it, I'd just appreciate an extra release cycle.

Well, you've got another week before this is released 😇. And even after that, I don't think there's any harm in remaining on 1.63 for a couple of weeks.

We'll try to do better on this in future, but I'm not sure there's much to be gained by backing it out now that it's landed.

@3nprob
Copy link
Contributor

3nprob commented Jul 27, 2022

I'm really sorry for being grumpy here but ~1 month notice for a

  • breaking account security change
  • requiring infrastructure changes to resolve, which
  • can result in users losing access to their accounts
  • doesn't seem pressingly urgent (a recently discovered or actively exploited vulnerability would be another story), and
  • the only publicly discoverable prior communication is this (maybe there's more but I generally try to keep updated and the rc release notes was the first time learning of this).

really needs some more planning and communication to roll out than <1month from proposal to merge and completed in the next release.

Like @theAeon , my bigger issue is not the change itself but the process around how a change of this nature and impact is made and rolled out.

What I'd really would have liked to see (and I'llopen a new issue for this, just getting this down here for now):

  • Amend the change in this PR to still allow old behavior with existing configuration, but
    • Log a deprecation warning when doing so, indicating that it will be rmoved in a future point

Given way that MSC changes have been governed, made and communicated (which I up until now have not experienced as problematic, and is not my point of critique here), future changes like this really need to be handled differently to this.

To be clear how unfortunate this is, the current release 1.63.1 that has the even older unsupported configuration trust_identity_server_for_password_resets will still log an error saying:

The config option "trust_identity_server_for_password_resets has been replaced by "account_threepid_delegate".
Please consult the configuration manual at docs/usage/configuration/config_documentation.md for details and update your config file.

The linked section still instructs users that what is currently broken is the way to go:

Handle threepid (email/phone etc) registration and password resets through a set of trusted identity servers. Note that this allows the configured identity server to reset passwords for accounts!

, with an example of how to delegate e-mail sending.

So a hypothetical new synapse user who followed the develop version docs of 2022-07-11, and deployed the latest release on a fresh homeserver delegating e-mail accordingly, could get hit by this in their very first minor version upgrade.

For an example of how I think this should be handled, the previous deprecation of trust_identity_server_for_password_resets had similar (but smaller) impact. #5876 followed by #11333 shows how this can be a made in a non-disruptive way.

@3nprob
Copy link
Contributor

3nprob commented Jul 27, 2022

It's worse than what I wrote above apparently. Latest official docs still encourages users delegating email validation using the feature being dropped here:

https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#account_threepid_delegates

@theAeon
Copy link

theAeon commented Jul 27, 2022

With all due respect, this level of breaking change notice is something you'd expect in a beta release.

@3nprob

This comment was marked as off-topic.

@theAeon
Copy link

theAeon commented Jul 27, 2022

Sure - the rant above is in context of the planned upcoming v1.64.0 including this as-is.

oh that was directed at op

3nprob pushed a commit to 3nprob/synapse that referenced this pull request Jul 28, 2022
3nprob pushed a commit to 3nprob/synapse that referenced this pull request Jul 28, 2022
3nprob pushed a commit to 3nprob/synapse that referenced this pull request Jul 28, 2022
@3nprob
Copy link
Contributor

3nprob commented Jul 28, 2022

There is now a draft PR for changing this from an error to a warning (so keeping the functionality for now but deprecating it and reflecting that in docs) in #13406.

3nprob pushed a commit to 3nprob/synapse that referenced this pull request Jul 29, 2022
richvdh pushed a commit that referenced this pull request Jul 29, 2022
Reverts commit fa71bb1, and tweaks documentation.

Signed-off-by: 3nprob <[email protected]>
Alladin9393 added a commit to BitorbitLabs/synapse that referenced this pull request Aug 12, 2022
Synapse 1.64.0 (2022-08-02)
===========================

No significant changes since 1.64.0rc2.

Deprecation Warning
-------------------

Synapse v1.66.0 will remove the ability to delegate the tasks of verifying email address ownership, and password reset confirmation, to an identity server.

If you require your homeserver to verify e-mail addresses or to support password resets via e-mail, please configure your homeserver with SMTP access so that it can send e-mails on its own behalf.
[Consult the configuration documentation for more information.](https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#email)

Synapse 1.64.0rc2 (2022-07-29)
==============================

This RC reintroduces support for `account_threepid_delegates.email`, which was removed in 1.64.0rc1. It remains deprecated and will be removed altogether in Synapse v1.66.0. ([\matrix-org#13406](matrix-org#13406))

Synapse 1.64.0rc1 (2022-07-26)
==============================

This RC removed the ability to delegate the tasks of verifying email address ownership, and password reset confirmation, to an identity server.

We have also stopped building `.deb` packages for Ubuntu 21.10 as it is no longer an active version of Ubuntu.

Features
--------

- Improve error messages when media thumbnails cannot be served. ([\matrix-org#13038](matrix-org#13038))
- Allow pagination from remote event after discovering it from [MSC3030](matrix-org/matrix-spec-proposals#3030) `/timestamp_to_event`. ([\matrix-org#13205](matrix-org#13205))
- Add a `room_type` field in the responses for the list room and room details admin APIs. Contributed by @andrewdoh. ([\matrix-org#13208](matrix-org#13208))
- Add support for room version 10. ([\matrix-org#13220](matrix-org#13220))
- Add per-room rate limiting for room joins. For each room, Synapse now monitors the rate of join events in that room, and throttles additional joins if that rate grows too large. ([\matrix-org#13253](matrix-org#13253), [\matrix-org#13254](matrix-org#13254), [\matrix-org#13255](matrix-org#13255), [\matrix-org#13276](matrix-org#13276))
- Support Implicit TLS (TLS without using a STARTTLS upgrade, typically on port 465) for sending emails, enabled by the new option `force_tls`. Contributed by Jan Schär. ([\matrix-org#13317](matrix-org#13317))

Bugfixes
--------

- Fix a bug introduced in Synapse 1.15.0 where adding a user through the Synapse Admin API with a phone number would fail if the `enable_email_notifs` and `email_notifs_for_new_users` options were enabled. Contributed by @thomasweston12. ([\matrix-org#13263](matrix-org#13263))
- Fix a bug introduced in Synapse 1.40.0 where a user invited to a restricted room would be briefly unable to join. ([\matrix-org#13270](matrix-org#13270))
- Fix a long-standing bug where, in rare instances, Synapse could store the incorrect state for a room after a state resolution. ([\matrix-org#13278](matrix-org#13278))
- Fix a bug introduced in v1.18.0 where the `synapse_pushers` metric would overcount pushers when they are replaced. ([\matrix-org#13296](matrix-org#13296))
- Disable autocorrection and autocapitalisation on the username text field shown during registration when using SSO. ([\matrix-org#13350](matrix-org#13350))
- Update locked version of `frozendict` to 2.3.3, which has fixes for memory leaks affecting `/sync`. ([\matrix-org#13284](matrix-org#13284), [\matrix-org#13352](matrix-org#13352))

Improved Documentation
----------------------

- Provide an example of using the Admin API. Contributed by @jejo86. ([\matrix-org#13231](matrix-org#13231))
- Move the documentation for how URL previews work to the URL preview module. ([\matrix-org#13233](matrix-org#13233), [\matrix-org#13261](matrix-org#13261))
- Add another `contrib` script to help set up worker processes. Contributed by @villepeh. ([\matrix-org#13271](matrix-org#13271))
- Document that certain config options were added or changed in Synapse 1.62. Contributed by @behrmann. ([\matrix-org#13314](matrix-org#13314))
- Document the new `rc_invites.per_issuer` throttling option added in Synapse 1.63. ([\matrix-org#13333](matrix-org#13333))
- Mention that BuildKit is needed when building Docker images for tests. ([\matrix-org#13338](matrix-org#13338))
- Improve Caddy reverse proxy documentation. ([\matrix-org#13344](matrix-org#13344))

Deprecations and Removals
-------------------------

- Drop tables that were formerly used for groups/communities. ([\matrix-org#12967](matrix-org#12967))
- Drop support for delegating email verification to an external server. ([\matrix-org#13192](matrix-org#13192))
- Drop support for calling `/_matrix/client/v3/account/3pid/bind` without an `id_access_token`, which was not permitted by the spec. Contributed by @Vetchu. ([\matrix-org#13239](matrix-org#13239))
- Stop building `.deb` packages for Ubuntu 21.10 (Impish Indri), which has reached end of life. ([\matrix-org#13326](matrix-org#13326))

Internal Changes
----------------

- Use lower transaction isolation level when purging rooms to avoid serialization errors. Contributed by Nick @ Beeper. ([\matrix-org#12942](matrix-org#12942))
- Remove code which incorrectly attempted to reconcile state with remote servers when processing incoming events. ([\matrix-org#12943](matrix-org#12943))
- Make the AS login method call `Auth.get_user_by_req` for checking the AS token. ([\matrix-org#13094](matrix-org#13094))
- Always use a version of canonicaljson that supports the C implementation of frozendict. ([\matrix-org#13172](matrix-org#13172))
- Add prometheus counters for ephemeral events and to device messages pushed to app services. Contributed by Brad @ Beeper. ([\matrix-org#13175](matrix-org#13175))
- Refactor receipts servlet logic to avoid duplicated code. ([\matrix-org#13198](matrix-org#13198))
- Preparation for database schema simplifications: populate `state_key` and `rejection_reason` for existing rows in the `events` table. ([\matrix-org#13215](matrix-org#13215))
- Remove unused database table `event_reference_hashes`. ([\matrix-org#13218](matrix-org#13218))
- Further reduce queries used sending events when creating new rooms. Contributed by Nick @ Beeper (@Fizzadar). ([\matrix-org#13224](matrix-org#13224))
- Call the v2 identity service `/3pid/unbind` endpoint, rather than v1. Contributed by @Vetchu. ([\matrix-org#13240](matrix-org#13240))
- Use an asynchronous cache wrapper for the get event cache. Contributed by Nick @ Beeper (@Fizzadar). ([\matrix-org#13242](matrix-org#13242), [\matrix-org#13308](matrix-org#13308))
- Optimise federation sender and appservice pusher event stream processing queries. Contributed by Nick @ Beeper (@Fizzadar). ([\matrix-org#13251](matrix-org#13251))
- Log the stack when waiting for an entire room to be un-partial stated. ([\matrix-org#13257](matrix-org#13257))
- Fix spurious warning when fetching state after a missing prev event. ([\matrix-org#13258](matrix-org#13258))
- Clean-up tests for notifications. ([\matrix-org#13260](matrix-org#13260))
- Do not fail build if complement with workers fails. ([\matrix-org#13266](matrix-org#13266))
- Don't pull out state in `compute_event_context` for unconflicted state. ([\matrix-org#13267](matrix-org#13267), [\matrix-org#13274](matrix-org#13274))
- Reduce the rebuild time for the complement-synapse docker image. ([\matrix-org#13279](matrix-org#13279))
- Don't pull out the full state when creating an event. ([\matrix-org#13281](matrix-org#13281), [\matrix-org#13307](matrix-org#13307))
- Upgrade from Poetry 1.1.12 to 1.1.14, to fix bugs when locking packages. ([\matrix-org#13285](matrix-org#13285))
- Make `DictionaryCache` expire full entries if they haven't been queried in a while, even if specific keys have been queried recently. ([\matrix-org#13292](matrix-org#13292))
- Use `HTTPStatus` constants in place of literals in tests. ([\matrix-org#13297](matrix-org#13297))
- Improve performance of query  `_get_subset_users_in_room_with_profiles`. ([\matrix-org#13299](matrix-org#13299))
- Up batch size of `bulk_get_push_rules` and `_get_joined_profiles_from_event_ids`. ([\matrix-org#13300](matrix-org#13300))
- Remove unnecessary `json.dumps` from tests. ([\matrix-org#13303](matrix-org#13303))
- Reduce memory usage of sending dummy events. ([\matrix-org#13310](matrix-org#13310))
- Prevent formatting changes of [matrix-org#3679](matrix-org#3679) from appearing in `git blame`. ([\matrix-org#13311](matrix-org#13311))
- Change `get_users_in_room` and `get_rooms_for_user` caches to enable pruning of old entries. ([\matrix-org#13313](matrix-org#13313))
- Validate federation destinations and log an error if a destination is invalid. ([\matrix-org#13318](matrix-org#13318))
- Fix `FederationClient.get_pdu()` returning events from the cache as `outliers` instead of original events we saw over federation. ([\matrix-org#13320](matrix-org#13320))
- Reduce memory usage of state caches. ([\matrix-org#13323](matrix-org#13323))
- Reduce the amount of state we store in the `state_cache`. ([\matrix-org#13324](matrix-org#13324))
- Add missing type hints to open tracing module. ([\matrix-org#13328](matrix-org#13328), [\matrix-org#13345](matrix-org#13345), [\matrix-org#13362](matrix-org#13362))
- Remove old base slaved store and de-duplicate cache ID generators. Contributed by Nick @ Beeper (@Fizzadar). ([\matrix-org#13329](matrix-org#13329), [\matrix-org#13349](matrix-org#13349))
- When reporting metrics is enabled, use ~8x less data to describe DB transaction metrics. ([\matrix-org#13342](matrix-org#13342))
- Faster room joins: skip soft fail checks while Synapse only has partial room state, since the current membership of event senders may not be accurately known. ([\matrix-org#13354](matrix-org#13354))
DMRobertson pushed a commit that referenced this pull request Aug 23, 2022
Fizzadar added a commit to beeper/synapse-legacy-fork that referenced this pull request Aug 23, 2022
Synapse 1.64.0 (2022-08-02)
===========================

No significant changes since 1.64.0rc2.

Deprecation Warning
-------------------

Synapse v1.66.0 will remove the ability to delegate the tasks of verifying email address ownership, and password reset confirmation, to an identity server.

If you require your homeserver to verify e-mail addresses or to support password resets via e-mail, please configure your homeserver with SMTP access so that it can send e-mails on its own behalf.
[Consult the configuration documentation for more information.](https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#email)

Synapse 1.64.0rc2 (2022-07-29)
==============================

This RC reintroduces support for `account_threepid_delegates.email`, which was removed in 1.64.0rc1. It remains deprecated and will be removed altogether in Synapse v1.66.0. ([\matrix-org#13406](matrix-org#13406))

Synapse 1.64.0rc1 (2022-07-26)
==============================

This RC removed the ability to delegate the tasks of verifying email address ownership, and password reset confirmation, to an identity server.

We have also stopped building `.deb` packages for Ubuntu 21.10 as it is no longer an active version of Ubuntu.

Features
--------

- Improve error messages when media thumbnails cannot be served. ([\matrix-org#13038](matrix-org#13038))
- Allow pagination from remote event after discovering it from [MSC3030](matrix-org/matrix-spec-proposals#3030) `/timestamp_to_event`. ([\matrix-org#13205](matrix-org#13205))
- Add a `room_type` field in the responses for the list room and room details admin APIs. Contributed by @andrewdoh. ([\matrix-org#13208](matrix-org#13208))
- Add support for room version 10. ([\matrix-org#13220](matrix-org#13220))
- Add per-room rate limiting for room joins. For each room, Synapse now monitors the rate of join events in that room, and throttles additional joins if that rate grows too large. ([\matrix-org#13253](matrix-org#13253), [\matrix-org#13254](matrix-org#13254), [\matrix-org#13255](matrix-org#13255), [\matrix-org#13276](matrix-org#13276))
- Support Implicit TLS (TLS without using a STARTTLS upgrade, typically on port 465) for sending emails, enabled by the new option `force_tls`. Contributed by Jan Schär. ([\matrix-org#13317](matrix-org#13317))

Bugfixes
--------

- Fix a bug introduced in Synapse 1.15.0 where adding a user through the Synapse Admin API with a phone number would fail if the `enable_email_notifs` and `email_notifs_for_new_users` options were enabled. Contributed by @thomasweston12. ([\matrix-org#13263](matrix-org#13263))
- Fix a bug introduced in Synapse 1.40.0 where a user invited to a restricted room would be briefly unable to join. ([\matrix-org#13270](matrix-org#13270))
- Fix a long-standing bug where, in rare instances, Synapse could store the incorrect state for a room after a state resolution. ([\matrix-org#13278](matrix-org#13278))
- Fix a bug introduced in v1.18.0 where the `synapse_pushers` metric would overcount pushers when they are replaced. ([\matrix-org#13296](matrix-org#13296))
- Disable autocorrection and autocapitalisation on the username text field shown during registration when using SSO. ([\matrix-org#13350](matrix-org#13350))
- Update locked version of `frozendict` to 2.3.3, which has fixes for memory leaks affecting `/sync`. ([\matrix-org#13284](matrix-org#13284), [\matrix-org#13352](matrix-org#13352))

Improved Documentation
----------------------

- Provide an example of using the Admin API. Contributed by @jejo86. ([\matrix-org#13231](matrix-org#13231))
- Move the documentation for how URL previews work to the URL preview module. ([\matrix-org#13233](matrix-org#13233), [\matrix-org#13261](matrix-org#13261))
- Add another `contrib` script to help set up worker processes. Contributed by @villepeh. ([\matrix-org#13271](matrix-org#13271))
- Document that certain config options were added or changed in Synapse 1.62. Contributed by @behrmann. ([\matrix-org#13314](matrix-org#13314))
- Document the new `rc_invites.per_issuer` throttling option added in Synapse 1.63. ([\matrix-org#13333](matrix-org#13333))
- Mention that BuildKit is needed when building Docker images for tests. ([\matrix-org#13338](matrix-org#13338))
- Improve Caddy reverse proxy documentation. ([\matrix-org#13344](matrix-org#13344))

Deprecations and Removals
-------------------------

- Drop tables that were formerly used for groups/communities. ([\matrix-org#12967](matrix-org#12967))
- Drop support for delegating email verification to an external server. ([\matrix-org#13192](matrix-org#13192))
- Drop support for calling `/_matrix/client/v3/account/3pid/bind` without an `id_access_token`, which was not permitted by the spec. Contributed by @Vetchu. ([\matrix-org#13239](matrix-org#13239))
- Stop building `.deb` packages for Ubuntu 21.10 (Impish Indri), which has reached end of life. ([\matrix-org#13326](matrix-org#13326))

Internal Changes
----------------

- Use lower transaction isolation level when purging rooms to avoid serialization errors. Contributed by Nick @ Beeper. ([\matrix-org#12942](matrix-org#12942))
- Remove code which incorrectly attempted to reconcile state with remote servers when processing incoming events. ([\matrix-org#12943](matrix-org#12943))
- Make the AS login method call `Auth.get_user_by_req` for checking the AS token. ([\matrix-org#13094](matrix-org#13094))
- Always use a version of canonicaljson that supports the C implementation of frozendict. ([\matrix-org#13172](matrix-org#13172))
- Add prometheus counters for ephemeral events and to device messages pushed to app services. Contributed by Brad @ Beeper. ([\matrix-org#13175](matrix-org#13175))
- Refactor receipts servlet logic to avoid duplicated code. ([\matrix-org#13198](matrix-org#13198))
- Preparation for database schema simplifications: populate `state_key` and `rejection_reason` for existing rows in the `events` table. ([\matrix-org#13215](matrix-org#13215))
- Remove unused database table `event_reference_hashes`. ([\matrix-org#13218](matrix-org#13218))
- Further reduce queries used sending events when creating new rooms. Contributed by Nick @ Beeper (@Fizzadar). ([\matrix-org#13224](matrix-org#13224))
- Call the v2 identity service `/3pid/unbind` endpoint, rather than v1. Contributed by @Vetchu. ([\matrix-org#13240](matrix-org#13240))
- Use an asynchronous cache wrapper for the get event cache. Contributed by Nick @ Beeper (@Fizzadar). ([\matrix-org#13242](matrix-org#13242), [\matrix-org#13308](matrix-org#13308))
- Optimise federation sender and appservice pusher event stream processing queries. Contributed by Nick @ Beeper (@Fizzadar). ([\matrix-org#13251](matrix-org#13251))
- Log the stack when waiting for an entire room to be un-partial stated. ([\matrix-org#13257](matrix-org#13257))
- Fix spurious warning when fetching state after a missing prev event. ([\matrix-org#13258](matrix-org#13258))
- Clean-up tests for notifications. ([\matrix-org#13260](matrix-org#13260))
- Do not fail build if complement with workers fails. ([\matrix-org#13266](matrix-org#13266))
- Don't pull out state in `compute_event_context` for unconflicted state. ([\matrix-org#13267](matrix-org#13267), [\matrix-org#13274](matrix-org#13274))
- Reduce the rebuild time for the complement-synapse docker image. ([\matrix-org#13279](matrix-org#13279))
- Don't pull out the full state when creating an event. ([\matrix-org#13281](matrix-org#13281), [\matrix-org#13307](matrix-org#13307))
- Upgrade from Poetry 1.1.12 to 1.1.14, to fix bugs when locking packages. ([\matrix-org#13285](matrix-org#13285))
- Make `DictionaryCache` expire full entries if they haven't been queried in a while, even if specific keys have been queried recently. ([\matrix-org#13292](matrix-org#13292))
- Use `HTTPStatus` constants in place of literals in tests. ([\matrix-org#13297](matrix-org#13297))
- Improve performance of query  `_get_subset_users_in_room_with_profiles`. ([\matrix-org#13299](matrix-org#13299))
- Up batch size of `bulk_get_push_rules` and `_get_joined_profiles_from_event_ids`. ([\matrix-org#13300](matrix-org#13300))
- Remove unnecessary `json.dumps` from tests. ([\matrix-org#13303](matrix-org#13303))
- Reduce memory usage of sending dummy events. ([\matrix-org#13310](matrix-org#13310))
- Prevent formatting changes of [matrix-org#3679](matrix-org#3679) from appearing in `git blame`. ([\matrix-org#13311](matrix-org#13311))
- Change `get_users_in_room` and `get_rooms_for_user` caches to enable pruning of old entries. ([\matrix-org#13313](matrix-org#13313))
- Validate federation destinations and log an error if a destination is invalid. ([\matrix-org#13318](matrix-org#13318))
- Fix `FederationClient.get_pdu()` returning events from the cache as `outliers` instead of original events we saw over federation. ([\matrix-org#13320](matrix-org#13320))
- Reduce memory usage of state caches. ([\matrix-org#13323](matrix-org#13323))
- Reduce the amount of state we store in the `state_cache`. ([\matrix-org#13324](matrix-org#13324))
- Add missing type hints to open tracing module. ([\matrix-org#13328](matrix-org#13328), [\matrix-org#13345](matrix-org#13345), [\matrix-org#13362](matrix-org#13362))
- Remove old base slaved store and de-duplicate cache ID generators. Contributed by Nick @ Beeper (@Fizzadar). ([\matrix-org#13329](matrix-org#13329), [\matrix-org#13349](matrix-org#13349))
- When reporting metrics is enabled, use ~8x less data to describe DB transaction metrics. ([\matrix-org#13342](matrix-org#13342))
- Faster room joins: skip soft fail checks while Synapse only has partial room state, since the current membership of event senders may not be accurately known. ([\matrix-org#13354](matrix-org#13354))

# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCgAdFiEE8SRSDO7gYkSP4chELS76LzL74EcFAmLo+zIACgkQLS76LzL7
# 4EehbRAAronXZtWM+ViMxPsiDj70KXYOKK117pGXK5XGf3Tyqb/vExA7c7bfimyW
# d3FW855fe27AMsSfcMGDpxhggVa8sZDSdvQumt5jqDXrzC348mW/FYtgcYOxkoIa
# Hh2/7V26CxWFsv8eVF3hwpualelT9lp2sedWXCQtdAkcQoWs2JwBsnoxSDliDZHg
# jc4mBFBAkah5CJ3bcZuZXRsr9doKxDOAXUv19RXhdwEGO82mpSbwQ8P0mcw2S8zr
# aAVza7jkVAza6ahg9qE0lMpi8uYE9/mt5JBnfrv/JxC7ZZfBg9jyHKaxFrzpjFsj
# 3g0jhqzcNxRskD1sk1GKGVy7D9oTg1WVpii5l3M93KguSDLKxomouhgekWOxMPBe
# 43xVdDI13ohsex+1QBnGnTSP7jZcfODnfvzSdyHQv6ef4k+OplRdfMA0QjkUcI5j
# ocJlkm2D02vw1mnU3hHNdw9ri3vkaS1Qwfsz3ZEYgn6OcZOeKAWn351WMXF/F1fm
# HYeQ5uMud+i+EekBtR8Op9ZICHt9Ogp49172enlSGzeyeD3yUk5HMAMrzJfmsp3W
# /LCCONkRrV+R8TRByUQE9YtqxUgn+eSgB5Ew/2C/WB54pZHtco+rPqkY1Bhan4QJ
# LeZTuzDKeXzgho1D5b4quEC2AWAqz3GeIvEVuOZCt8rJoMMRslg=
# =RRRX
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue Aug  2 11:23:46 2022 BST
# gpg:                using RSA key F124520CEEE062448FE1C8442D2EFA2F32FBE047
# gpg: Can't check signature: No public key

# Conflicts:
#	synapse/rest/client/read_marker.py
#	synapse/rest/client/receipts.py
#	synapse/storage/databases/main/events_worker.py
#	synapse/storage/databases/main/purge_events.py
#	tests/rest/client/test_rooms.py
#	tests/storage/test_event_push_actions.py
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants