Commit Graph
55 Commits
Author SHA1 Message Date
0bd28389b1 Improve caching for presence (#19939)
This does two things, first it adds a config flag to ignore rooms for
the purposes of presence routing.

Secondly, it changes the caching behaviour to try and improve the cache
hit ratio. Previously, the size of the `do_users_share_a_room` cache
(which stores pairs of users) needs to `O(n²)` for the number of online
users, which is infeasible for large servers.

Instead, we call `get_users_in_room` for both the syncing and updated
users. This sounds more expensive, but a) we will already have cached
the syncing user's rooms, and b) we will only calculate the updated
user's rooms once (rather than once per syncing user).

---------

Co-authored-by: Claude Fable 5 <noreply@anthropic.com>
2026-07-13 09:34:07 +01:00
3f3edaf029 Make the presence state-machine timers configurable (#19942)
Adds `last_active_granularity`, `sync_online_timeout` and `idle_timeout`
options to the `presence` config section, controlling the previously
hard-coded `LAST_ACTIVE_GRANULARITY`, `SYNC_ONLINE_TIMEOUT` and
`IDLE_TIMER` constants (which remain as the defaults).

This is mainly useful on deployments that ratelimit how often syncs can
affect presence (`rc_presence`): the sync timeout must exceed the
ratelimit interval or users flap offline between syncs, so tuning down
presence traffic currently requires squeezing under the fixed 30s limit.

---------

Co-authored-by: Claude Fable 5 <noreply@anthropic.com>
2026-07-09 17:21:50 +01:00
Olivier 'reivilibre a247001400 1.156.0rc1 2026-06-30 14:41:26 +01:00
Maximilian BoschandGitHub 1f0c2bc3e4 docs/config: make it explicit that auto_join_rooms can be used for invite-only rooms (#19660) 2026-06-22 08:57:10 +00:00
2487b31422 MSC4140: allow auth on management endpoints for delayed events (#19794)
Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
2026-06-18 13:27:37 +00:00
Olivier 'reivilibre f53f104449 1.155.0rc1 2026-06-09 14:59:48 +01:00
Olivier 'reivilibre 82d66fa0f1 1.154.0rc1 2026-05-27 12:27:43 +01:00
0c6e0f79e5 doc: Enhance update_profile_information documentation with picture claim (#19508)
Added details how synapse syncs the picture claim when
update_profile_information setting is true. Addresses #17836

---------

Co-authored-by: Michael Hlas <3398654+mhlas7@users.noreply.github.com>
2026-05-15 15:29:53 +00:00
Olivier 'reivilibre 0e508ba80f 1.153.0rc1 2026-05-08 13:22:15 +01:00
Eric EastwoodandGitHub 22e1643359 Add warning about known problems when configuring use_frozen_dicts (#19711)
Known problems: https://github.com/element-hq/synapse/issues/18117

As a follow-up, we should consider removing this config option
altogether. It's "expensive" and claims to "prevent bugs" but actually
introduces a whole new class of bugs. It could be re-introduced with a
more holistic solution to the typing. Or a completely new approach (safe
mode that blows up when someone mutates the event content, always make
deep clones when handing out references, etc)

The `use_frozen_dict` config option was there [since
inception](https://github.com/element-hq/synapse/commit/a7b65bdedf512f646a3ca2478fb96a914856de35)
but was only recently
[documented](https://github.com/element-hq/synapse/pull/18122) for
completeness sake.
2026-04-24 12:00:13 -05:00
Olivier 'reivilibre d4034c0cf8 1.152.0rc1 2026-04-14 13:16:25 +01:00
Quentin Gliech 72711a3329 1.151.0rc1 2026-03-31 14:24:05 +02:00
Quentin GliechandGitHub edf5ce277a Allow using HTTP/2 over plaintext when introspecting tokens with MAS (#19586) 2026-03-18 19:47:17 +01:00
Quentin Gliech 7d8e8747ea 1.150.0rc1 2026-03-17 15:56:55 +01:00
Quentin Gliech fd61b8eeb0 Merge branch 'release-v1.149' into develop 2026-03-03 17:24:12 +01:00
Eric EastwoodandGitHub 51048b8e36 Update docs to clarify outbound_federation_restricted_to can also be used with the SBG (#19517)
[Secure Border Gateway (SBG)](https://element.io/en/server-suite/secure-border-gateways)

Spawning from [internal
discussion](https://matrix.to/#/!mNoPShRlwEeyHAEJOe:element.io/$6eGip85OUKOmyK1VzqrFMc7eF7dON7Vs76O40kVbRRY?via=banzan.uk&via=element.io&via=jki.re)
around integrating [Synapse Pro for small
hosts](https://docs.element.io/latest/element-server-suite-pro/synapse-pro-for-small-hosts/overview)
in the [Element Server Suite (ESS)](https://element.io/en/server-suite)
stack and wanting it be compatible with the SBG.

We know that the SBG works with monolith Synapse because that's what we
have configured with the [Complement tests in the SBG
repo](https://github.com/element-hq/sbg/blob/b76b05b53e40bf6890e51dd1b83cec3460274eb2/complement/configure_synapse_for_sbg.sh#L8-L10).
2026-03-03 10:04:37 -06:00
Quentin Gliech 639922e835 1.149.0rc1 2026-03-03 15:38:17 +01:00
Quentin Gliech 40171d036a 1.148.0rc1 2026-02-17 17:44:37 +01:00
Devon Hudson 3048ff8b26 1.147.0rc1 2026-02-03 08:56:37 -07:00
Devon Hudson a0e6a0595f 1.146.0rc1 2026-01-20 08:53:34 -07:00
Luis PaulinoandGitHub 8bdb72c93b Give an estimate for room complexity values. (#19384) 2026-01-20 14:39:59 +00:00
Devon Hudson cbc5469113 Merge branch 'release-v1.145' into develop 2026-01-07 10:34:01 -07:00
Patrice Brend'amourandGitHub a094d922c9 Implement synapse issue #16751: Treat local_media_directory as optional storage provider (#19204) 2026-01-06 23:29:58 +00:00
Devon Hudson 39f80296c5 1.145.0rc1 2026-01-06 09:38:44 -07:00
Mathieu VeltenandGitHub 444bc56cda Add rate limit conf to user directory endpoint (#19291)
The goal is to avoid that an user could scrape the user directory too
quickly.
2026-01-05 13:35:11 -06:00
Devon Hudson 5fe4b7ed60 1.144.0rc1 2025-12-02 09:21:08 -07:00
Devon Hudson f5bf02eff6 1.143.0rc1 2025-11-18 13:20:59 -07:00
Andrew Morgan 2760d15348 1.142.0rc1 2025-11-04 13:34:46 +00:00
Andrew MorganandGitHub db9a61c30f Fix bcrypt errors preventing users from being able to log in (#19101) 2025-10-28 10:16:02 +00:00
Andrew Morgan 1271e896b5 1.141.0rc1 2025-10-21 11:12:59 +01:00
Andrew Morgan c0d6998dea 1.140.0rc1 2025-10-10 11:24:27 +01:00
18f07fdc4c Add MatrixRTC backend/services discovery endpoint (#18967)
Co-authored-by: Andrew Morgan <andrew@amorgan.xyz>
2025-10-09 17:15:47 +01:00
Sebastian SpaethandGitHub d1c96ee0f2 Fix rc_room_creation and rc_reports docs - remove per_user typo (#18998) 2025-09-30 15:17:11 -05:00
Andrew Morgan daf33e4954 1.139.0rc1 2025-09-23 13:28:34 +01:00
e1036ffa48 Add get_media_upload_limits_for_user and on_media_upload_limit_exceeded callbacks to module API (#18848)
Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
2025-09-12 12:26:19 +01:00
Quentin Gliech 09a489e198 1.138.0rc1 2025-09-02 14:16:55 +02:00
Andrew Morgan c51da9bac0 1.137.0rc1 2025-08-19 10:55:42 +01:00
Kegan DougalandAndrew Morgan 0eb7252a23 Support for room version 12 2025-08-11 16:43:45 +01:00
Devon Hudson 43f0c6fd62 1.136.0rc1 2025-08-05 08:16:26 -06:00
7ed55666b5 Stabilise MAS integration (#18759)
This can be reviewed commit by commit

There are a few improvements over the experimental support:

- authorisation of Synapse <-> MAS requests is simplified, with a single
shared secret, removing the need for provisioning a client on the MAS
side
- the tests actually spawn a real server, allowing us to test the rust
introspection layer
- we now check that the device advertised in introspection actually
exist, making it so that when a user logs out, the tokens are
immediately invalidated, even if the cache doesn't expire
- it doesn't rely on discovery anymore, rather on a static endpoint
base. This means users don't have to override the introspection endpoint
to avoid internet roundtrips
- it doesn't depend on `authlib` anymore, as we simplified a lot the
calls done from Synapse to MAS

We still have to update the MAS documentation about the Synapse setup,
but that can be done later.

---------

Co-authored-by: reivilibre <oliverw@element.io>
2025-08-04 15:48:45 +02:00
reivilibreandGitHub 8344c944b1 Add configurable rate limiting for the creation of rooms. (#18514)
Default values will be 1 room per minute, with a burst count of 10.

It's hard to imagine most users will be affected by this default rate,
but it's intentionally non-invasive in case of bots or other users that
need to create rooms at a large rate.
Server admins might want to down-tune this on their deployments.

---------

Signed-off-by: Olivier 'reivilibre <oliverw@matrix.org>
2025-07-24 14:08:02 +00:00
Eric EastwoodandGitHub 98f84256e9 Configure HTTP proxy in file config (#18686)
This PR makes it possible to configure the HTTP proxy on a per-homeserver-tenant basis.

`http_proxy`, `https_proxy`, `no_proxy_hosts`
2025-07-22 10:33:00 -05:00
Olivier 'reivilibre cedb8cd045 1.135.0rc1 2025-07-22 12:10:57 +01:00
5ea2cf2484 Move device changes off the main process (#18581)
The main goal of this PR is to handle device list changes onto multiple
writers, off the main process, so that we can have logins happening
whilst Synapse is rolling-restarting.

This is quite an intrusive change, so I would advise to review this
commit by commit; I tried to keep the history as clean as possible.

There are a few things to consider:

- the `device_list_key` in stream tokens becomes a
`MultiWriterStreamToken`, which has a few implications in sync and on
the storage layer
- we had a split between `DeviceHandler` and `DeviceWorkerHandler` for
master vs. worker process. I've kept this split, but making it rather
writer vs. non-writer worker, using method overrides for doing
replication calls when needed
- there are a few operations that need to happen on a single worker at a
time. Instead of using cross-worker locks, for now I made them run on
the first writer on the list

---------

Co-authored-by: Eric Eastwood <erice@element.io>
2025-07-18 09:06:14 +02:00
Kim BroseandGitHub a0d6469069 fix schema and docs of rc_delayed_event_mgmt (#18692)
Signed-off-by: Kim Brose <kim.brose@nordeck.net>
2025-07-17 15:54:33 +01:00
Johannes MarbachandGitHub b274d6561c Document that some config options for the user directory are in violation of the Matrix spec (#18548)
Fix #17534

Signed-off-by: Johannes Marbach <n0-0ne+github@mailbox.org>
2025-07-15 13:25:25 -05:00
Eric EastwoodandGitHub 88f38ea149 Correct version that recaptcha_{private,public}_key_path config options were introduced (#18684)
Introduced in https://github.com/element-hq/synapse/pull/17984

I already see a
[`v1.134.0rc1`](https://github.com/element-hq/synapse/releases/tag/v1.134.0rc1)
tag from 5 days ago so I assume
https://github.com/element-hq/synapse/pull/17984 will actually ship in
the next release (which will be `v1.135.0`)
2025-07-15 09:05:45 -05:00
V02460andGitHub 481c4e2b55 Add recaptcha_{private,public}_key_path config option (#17984)
Another config option on my quest to a `*_path` variant for every
secret. Adds the config options `recaptcha_private_key_path` and
`recaptcha_public_key_path`. Tests and docs are included.

A public key is of course no secret, but it is closely related to the
private key, so it’s still useful to have a `*_path` variant for it.
2025-07-14 11:37:36 -05:00
Erik JohnstonandGitHub 66daf0bfae Add ability to limit amount uploaded by a user (#18527)
You can now configure how much media can be uploaded by a user in a
given time period.

Note the first commit here is a refactor of create/upload content
function
2025-07-10 13:39:09 +01:00
Andrew Morgan 5c2765bd7a 1.134.0rc1 2025-07-09 11:31:01 +01:00