Matrix (Synapse/Element) - Package Updates
Pinned
Matrix (Synapse/Element)
-
[1.5.0]
- Update Synapse to 1.15.2
- Full changelog
- A malicious homeserver could force Synapse to reset the state in a room to a small subset of the correct state. This affects all Synapse deployments which federate with untrusted servers. (96e9afe6)
- HTML pages served via Synapse were vulnerable to clickjacking attacks. This predominantly affects homeservers with single-sign-on enabled, but all server administrators are encouraged to upgrade. (ea26e9a9)
This contains important security fixes. Please update immediately
-
Synapse [1.6.0]
- Update Synapse to 1.16.0
- Full changelog
- Add an option to enable encryption by default for new rooms. (#7639)
- Add support for running multiple media repository workers. See docs/workers.md for instructions. (#7706)
- Media can now be marked as safe from quarantined. (#7718)
- Expand the configuration options for auto-join rooms. (#7763)
-
Synapse [1.7.0]
- Update Synapse to 1.17.0
- Full changelog
- Fix inconsistent handling of upper and lower case in email addresses when used as identifiers for login, etc. Contributed by @dklimpel. (#7021)
- Fix "Tried to close a non-active scope!" error messages when opentracing is enabled. (#7732)
- Fix incorrect error message when database CTYPE was set incorrectly. (#7760)
- Fix to not ignore set_tweak actions in Push Rules that have no value, as permitted by the specification. (#7766)
- Fix synctl to handle empty config files correctly. Contributed by @kotovalexarian. (#7779)
- Fixes a long standing bug in worker mode where worker information was saved in the devices table instead of the original IP address and user agent. (#7797)
- Fix 'stuck invites' which happen when we are unable to reject a room invite received over federation. (#7804, #7809, #7810)
-
Synapse [1.8.0]
- Update Synapse to 1.18.0
- Full changelog
- Include room states on invite events that are sent to application services. Contributed by @Sorunome. (#6455)
- Add delete room admin endpoint (POST /_synapse/admin/v1/rooms/<room_id>/delete). Contributed by @dklimpel. (#7613, #7953)
- Add experimental support for running multiple federation sender processes. (#7798)
- Add the option to validate the iss and aud claims for JWT logins. (#7827)
- Add support for handling registration requests across multiple client reader workers. (#7830)
- Add an admin API to list the users in a room. Contributed by Awesome Technologies Innovationslabor GmbH. (#7842)
- Allow email subjects to be customised through Synapse's configuration. (#7846)
- Add the ability to re-activate an account from the admin API. (#7847, #7908)
- Support oEmbed for media previews. (#7920)
-
Element [1.4.3]
- Update Element to 1.7.3
- Full changelog
- Element Web 1.7.3 fixes an issue where replying to a specially formatted message would make it seem like the replier said something they did not. Thanks to Sorunome for responsibly disclosing this via Matrix's Security Disclosure Policy.
Element Web 1.7.3 fixes an issue where an unexpected language ID in a code block could cause Element to crash. Thanks to SakiiR for responsibly disclosing this via Matrix's Security Disclosure Policy. - Upgrade to React SDK 3.1.0 and JS SDK 8.0.1
-
Synapse [1.9.0]
- Update Synapse to 1.19.0
- Full changelog
- Add option to allow server admins to join rooms which fail complexity checks. Contributed by @lugino-emeritus. (#7902)
- Add an option to purge room or not with delete room admin endpoint (POST /_synapse/admin/v1/rooms/<room_id>/delete). Contributed by @dklimpel. (#7964)
- Add rate limiting to users joining rooms. (#8008)
- Add a /health endpoint to every configured HTTP listener that can be used as a health check endpoint by load balancers. (#8048)
- Allow login to be blocked based on the values of SAML attributes. (#8052)
- Allow guest access to the GET /_matrix/client/r0/rooms/{room_id}/members endpoint, according to MSC2689. Contributed by Awesome Technologies Innovationslabor GmbH. (#7314)
-
Synapse [1.9.1]
- Update Synapse to 1.19.1
- Full changelog
- Fix a bug introduced in v1.19.0 where appservices with ratelimiting disabled would still be ratelimited when joining rooms. (#8139)
- Fix a bug introduced in v1.19.0 that would cause e.g. profile updates to fail due to incorrect application of rate limits on join requests. (#8153)
-
[1.11.0]
- Update Synapse to 1.20.1
- Full changelog
- Add an endpoint to query your shared rooms with another user as an implementation of MSC2666. (#7785)
- Iteratively encode JSON to avoid blocking the reactor. (#8013, #8116)
- Add support for shadow-banning users (ignoring any message send requests). (#8034, #8092, #8095, #8142, #8152, #8157, #8158, #8176)
- Use the default template file when its equivalent is not found in a custom template directory. (#8037, #8107, #8252)
- Add unread messages count to sync responses, as specified in MSC2654. (#8059, #8254, #8270, #8274)
- Optimise /federation/v1/user/devices/ API by only returning devices with encryption keys. (#8198)
-
[1.12.0]
- Update Synapse to 1.21.0
- Full changelog
- Require the user to confirm that their password should be reset after clicking the email confirmation link. (#8004)
- Add an admin API GET /_synapse/admin/v1/event_reports to read entries of table event_reports. Contributed by @dklimpel. (#8217)
- Consolidate the SSO error template across all configuration. (#8248, #8405)
- Add a configuration option to specify a whitelist of domains that a user can be redirected to after validating their email or phone number. (#8275, #8417)
- Add experimental support for sharding event persister. (#8294, #8387, #8396, #8419)
- Add the room topic and avatar to the room details admin API. (#8305)
- Add an admin API for querying rooms where a user is a member. Contributed by @dklimpel. (#8306)