Matrix (Synapse/Element) - Package Updates
Pinned
Matrix (Synapse/Element)
-
This topic is to track Synapse/Element package updates.
Please open issues in a separate topic instead of replying here.
-
Riot has been updated to 1.6.0. Big news: Cross-signing and E2EE by default for DMs and private rooms enabled.
-
Synapse [1.1.0]
- Update Synapse to 1.13.0
- Full changelog
- Set Referrer-Policy header to no-referrer on media downloads. (#7009)
- Admin API POST /_synapse/admin/v1/join/<roomIdOrAlias> to join users to a room like auto_join_rooms for creation of users. (#7051)
- Add options to prevent users from changing their profile or associated 3PIDs. (#7096)
- Allow server admins to define and enforce a password policy (MSC2000). (#7118)
- Improve the support for SSO authentication on the login fallback page. (#7152, #7235)
- Always whitelist the login fallback in the SSO configuration if public_baseurl is set. (#7153)
- Admin users are no longer required to be in a room to create an alias for it. (#7191)
- Require admin privileges to enable room encryption by default. This does not affect existing rooms. (#7230)
-
Riot [1.1.1]
- Update riot to 1.6.1
- Full changelog
- Upgrade to React SDK 2.6.0 and JS SDK 6.1.0
-
Synapse [1.2.0]
- Update Synapse to 1.14.0
- Full changelog
-
Riot [1.1.3]
- Update riot to 1.6.3
- Full changelog
- Fixes a vulnerability in single sign-on (SSO) deployments
-
Riot [1.1.4]
- Update riot to 1.6.4
- Full changelog
-
Riot [1.2.0]
- Remove matrix.org welcome bot - https://github.com/vector-im/riot-web/pull/12894
-
Matrix [1.3.0]
- Add optional sso support
-
Update to 1.15.0 results in a crash in LDAP. I have reported this upstream https://github.com/matrix-org/matrix-synapse-ldap3/issues/92
-
Upstream has made a fix for 1.15.0 - https://github.com/matrix-org/synapse/pull/7684
-
Riot [1.2.1]
- Update riot to 1.6.5
- Full changelog
- Upgrade to JS SDK 6.2.2 and React SDK 2.7.2
-
Synapse [1.4.0]
- Update Synapse to 1.15.1
- Full changelog
- Advertise support for Client-Server API r0.6.0 and remove related unstable feature flags. (#6585)
- Add an option to disable autojoining rooms for guest accounts. (#6637)
- Add admin APIs to allow server admins to manage users' devices. Contributed by @dklimpel. (#7481)
- Add support for generating thumbnails for WebP images. Previously, users would see an empty box instead of preview image. Contributed by @WGH-. (#7586)
- Support the standardized m.login.sso user-interactive authentication flow. (#7630)
-
Riot [1.2.2]
- Update riot to 1.6.6
- Full changelog
- Upgrade to JS SDK 7.0.0 and React SDK 2.8.0
-
[1.3.0]
- Update riot to 1.6.7
- Full changelog
- Upgrade to React SDK 2.8.1
-
[1.5.0]
- Update Synapse to 1.15.2
- Full changelog
- A malicious homeserver could force Synapse to reset the state in a room to a small subset of the correct state. This affects all Synapse deployments which federate with untrusted servers. (96e9afe6)
- HTML pages served via Synapse were vulnerable to clickjacking attacks. This predominantly affects homeservers with single-sign-on enabled, but all server administrators are encouraged to upgrade. (ea26e9a9)
This contains important security fixes. Please update immediately
-
Riot [1.3.1]
- Update riot to 1.6.8
- Full changelog
- Upgrade to JS SDK 7.1.0 and React SDK 2.9.0
-
Synapse [1.6.0]
- Update Synapse to 1.16.0
- Full changelog
- Add an option to enable encryption by default for new rooms. (#7639)
- Add support for running multiple media repository workers. See docs/workers.md for instructions. (#7706)
- Media can now be marked as safe from quarantined. (#7718)
- Expand the configuration options for auto-join rooms. (#7763)
-
Synapse [1.6.1]
- Update Synapse to 1.16.1
- Full changelog
- Drop table local_rejections_stream which was incorrectly added in Synapse 1.16.0. (#7816, b1beb3ff5)
-
Synapse [1.7.0]
- Update Synapse to 1.17.0
- Full changelog
- Fix inconsistent handling of upper and lower case in email addresses when used as identifiers for login, etc. Contributed by @dklimpel. (#7021)
- Fix "Tried to close a non-active scope!" error messages when opentracing is enabled. (#7732)
- Fix incorrect error message when database CTYPE was set incorrectly. (#7760)
- Fix to not ignore set_tweak actions in Push Rules that have no value, as permitted by the specification. (#7766)
- Fix synctl to handle empty config files correctly. Contributed by @kotovalexarian. (#7779)
- Fixes a long standing bug in worker mode where worker information was saved in the devices table instead of the original IP address and user agent. (#7797)
- Fix 'stuck invites' which happen when we are unable to reject a room invite received over federation. (#7804, #7809, #7810)