github element-hq/synapse v1.120.0

8 hours ago

Synapse 1.120.0 (2024-11-26)

This release enables the enforcement of authenticated media by default, with exemptions for media that is already present in the
homeserver's media store.

Most homeservers operating in the public federation will not be impacted by this change, given that
the large homeserver matrix.org enabled this in September 2024 and therefore most clients and servers
will already have updated as a result.

Some server administrators may still wish to disable this enforcement for the time being, in the interest of compatibility with older clients
and older federated homeservers.
See the upgrade notes for more information.

Bugfixes

  • Fix a bug introduced in Synapse v1.120rc1 which would cause the newly-introduced delete_old_otks job to fail in worker-mode deployments. (#17960)

Synapse 1.120.0rc1 (2024-11-20)

Features

  • Enforce authenticated media by default. Administrators can revert this by configuring enable_authenticated_media to false. In a future release of Synapse, this option will be removed and become always-on. (#17889)
  • Add a one-off task to delete old One-Time Keys, to guard against us having old OTKs in the database that the client has long forgotten about. (#17934)

Improved Documentation

  • Clarify the semantics of the enable_authenticated_media configuration option. (#17913)
  • Add documentation about backing up Synapse. (#17931)

Deprecations and Removals

Internal Changes

  • Addressed some typos in docs and returned error message for unknown MXC ID. (#17865)
  • Unpin the upload release GHA action. (#17923)
  • Bump macOS version used to build wheels during release, as current version used is end-of-life. (#17924)
  • Move server event filtering logic to Rust. (#17928)
  • Support new package name of PyPI package python-multipart 0.0.13 so that distro packagers do not need to work around name conflict with PyPI package multipart. (#17932)
  • Speed up slow initial sliding syncs on large servers. (#17946)

Updates to locked dependencies

  • Bump anyhow from 1.0.92 to 1.0.93. (#17920)
  • Bump bleach from 6.1.0 to 6.2.0. (#17918)
  • Bump immutabledict from 4.2.0 to 4.2.1. (#17941)
  • Bump packaging from 24.1 to 24.2. (#17940)
  • Bump phonenumbers from 8.13.49 to 8.13.50. (#17942)
  • Bump pygithub from 2.4.0 to 2.5.0. (#17917)
  • Bump ruff from 0.7.2 to 0.7.3. (#17919)
  • Bump serde from 1.0.214 to 1.0.215. (#17938)

Don't miss a new synapse release

NewReleases is sending notifications on new releases.