Matrix (Synapse/Element) - Package Updates
-
Synapse [1.1.0]
- Update Synapse to 1.13.0
- Full changelog
- Set Referrer-Policy header to no-referrer on media downloads. (#7009)
- Admin API POST /_synapse/admin/v1/join/<roomIdOrAlias> to join users to a room like auto_join_rooms for creation of users. (#7051)
- Add options to prevent users from changing their profile or associated 3PIDs. (#7096)
- Allow server admins to define and enforce a password policy (MSC2000). (#7118)
- Improve the support for SSO authentication on the login fallback page. (#7152, #7235)
- Always whitelist the login fallback in the SSO configuration if public_baseurl is set. (#7153)
- Admin users are no longer required to be in a room to create an alias for it. (#7191)
- Require admin privileges to enable room encryption by default. This does not affect existing rooms. (#7230)
-
Riot [1.2.0]
- Remove matrix.org welcome bot - https://github.com/vector-im/riot-web/pull/12894
-
Synapse [1.4.0]
- Update Synapse to 1.15.1
- Full changelog
- Advertise support for Client-Server API r0.6.0 and remove related unstable feature flags. (#6585)
- Add an option to disable autojoining rooms for guest accounts. (#6637)
- Add admin APIs to allow server admins to manage users' devices. Contributed by @dklimpel. (#7481)
- Add support for generating thumbnails for WebP images. Previously, users would see an empty box instead of preview image. Contributed by @WGH-. (#7586)
- Support the standardized m.login.sso user-interactive authentication flow. (#7630)
-
[1.5.0]
- Update Synapse to 1.15.2
- Full changelog
- A malicious homeserver could force Synapse to reset the state in a room to a small subset of the correct state. This affects all Synapse deployments which federate with untrusted servers. (96e9afe6)
- HTML pages served via Synapse were vulnerable to clickjacking attacks. This predominantly affects homeservers with single-sign-on enabled, but all server administrators are encouraged to upgrade. (ea26e9a9)
This contains important security fixes. Please update immediately
-
Synapse [1.6.0]
- Update Synapse to 1.16.0
- Full changelog
- Add an option to enable encryption by default for new rooms. (#7639)
- Add support for running multiple media repository workers. See docs/workers.md for instructions. (#7706)
- Media can now be marked as safe from quarantined. (#7718)
- Expand the configuration options for auto-join rooms. (#7763)
-
Synapse [1.7.0]
- Update Synapse to 1.17.0
- Full changelog
- Fix inconsistent handling of upper and lower case in email addresses when used as identifiers for login, etc. Contributed by @dklimpel. (#7021)
- Fix "Tried to close a non-active scope!" error messages when opentracing is enabled. (#7732)
- Fix incorrect error message when database CTYPE was set incorrectly. (#7760)
- Fix to not ignore set_tweak actions in Push Rules that have no value, as permitted by the specification. (#7766)
- Fix synctl to handle empty config files correctly. Contributed by @kotovalexarian. (#7779)
- Fixes a long standing bug in worker mode where worker information was saved in the devices table instead of the original IP address and user agent. (#7797)
- Fix 'stuck invites' which happen when we are unable to reject a room invite received over federation. (#7804, #7809, #7810)
