Update ghcr.io/element-hq/synapse Docker tag to v1.136.0 #536

Merged
AverageMarcus merged 1 commits from renovate/ghcr.io-element-hq-synapse-1.x into master 2025-08-13 05:54:44 +00:00
Collaborator

This PR contains the following updates:

Package Update Change
ghcr.io/element-hq/synapse (source) minor v1.135.2 -> v1.136.0

Release Notes

element-hq/synapse (ghcr.io/element-hq/synapse)

v1.136.0

Compare Source

Synapse 1.136.0 (2025-08-12)

Note: This release includes the security fixes from 1.135.2 and 1.136.0rc2, detailed below.

Please also check the relevant section in the upgrade notes for the changes to MAS support, metrics labels and the module API which may require your attention when upgrading.

Bugfixes
  • Fix bug introduced in 1.135.2 and 1.136.0rc2 where the Make Room Admin API would not treat a room v12's creator power level as the highest in room. (#​18805)
Synapse 1.136.0rc2 (2025-08-11)

This is the Synapse portion of the Matrix coordinated security release. This release includes support for room version 12 which fixes a number of security vulnerabilities, including CVE-2025-49090.

The default room version is not changed. Not all clients will support room version 12 immediately, and not all users will be using the latest version of their clients. Large, public rooms are advised to wait a few weeks before upgrading to room version 12 to allow users throughout the Matrix ecosystem to update their clients.

Note: release 1.135.1 was skipped due to issues discovered during the release process.

Two patched Synapse releases are now available:

  • 1.135.2: stable release comprised of 1.135.0 + security patches
    • Upgrade to this release if you are currently running 1.135.0 or below.
  • 1.136.0rc2: unstable release candidate comprised of 1.136.0rc1 + security patches.
    • Upgrade to this release only if you are on 1.136.0rc1.
Bugfixes
  • Update MSC4293 redaction logic for room v12. (#​80)
Internal Changes
  • Add a parameter to upgrade_rooms(..) to allow auto join local users. (#​83)
Synapse 1.136.0rc1 (2025-08-05)
Features
  • Add configurable rate limiting for the creation of rooms. (#​18514)
  • Add support for MSC4293 - Redact on Kick/Ban. (#​18540)
  • When admins enable themselves to see soft-failed events, they will also see if the cause is due to the policy server flagging them as spam via unsigned. (#​18585)
  • Add ability to configure forward/outbound proxy via homeserver config instead of environment variables. See http_proxy, https_proxy, no_proxy_hosts. (#​18686)
  • Advertise experimental support for MSC4306 (Thread Subscriptions) through /_matrix/clients/versions if enabled. (#​18722)
  • Stabilise support for delegating authentication to Matrix Authentication Service. (#​18759)
  • Implement the push rules for experimental MSC4306: Thread Subscriptions. (#​18762)
Bugfixes
  • Allow return code 403 (allowed by C2S Spec since v1.2) when fetching profiles via federation. (#​18696)
  • Register the MSC4306 (Thread Subscriptions) endpoints in the CS API when the experimental feature is enabled. (#​18726)
  • Fix a long-standing bug where suspended users could not have server notices sent to them (a 403 was returned to the admin). (#​18750)
  • Fix an issue that could cause logcontexts to be lost on rate-limited requests. Found by @​realtyem. (#​18763)
  • Fix invalidation of storage cache that was broken in 1.135.0. (#​18786)
Improved Documentation
  • Minor improvements to README. (#​18700)
  • Document that there can be multiple workers handling the receipts stream. (#​18760)
  • Improve worker documentation for some device paths. (#​18761)
Deprecations and Removals
Internal Changes
  • Add debug logging for HMAC digest verification failures when using the admin API to register users. (#​18474)
  • Speed up upgrading a room with large numbers of banned users. (#​18574)
  • Fix config documentation generation script on Windows by enforcing UTF-8. (#​18580)
  • Refactor cache, background process, Counter, LaterGauge, GaugeBucketCollector, Histogram, and Gauge metrics to be homeserver-scoped. (#​18656, #​18714, #​18715, #​18724, #​18753, #​18725, #​18670, #​18748, #​18751)
  • Reduce database usage in Sliding Sync by not querying for background update completion after the update is known to be complete. (#​18718)
  • Improve order of validation and ratelimiting in room creation. (#​18723)
  • Bump minimum version bound on Twisted to 21.2.0. (#​18727, #​18729)
  • Use twisted.internet.testing module in tests instead of deprecated twisted.test.proto_helpers. (#​18728)
  • Remove obsolete /send_event replication endpoint. (#​18730)
  • Update metrics linting to be able to handle custom metrics. (#​18733)
  • Work around twisted.protocols.amp.TooLong error by reducing logging in some tests. (#​18736)
  • Prevent "Move labelled issues to correct projects" GitHub Actions workflow from failing when an issue is already on the project board. (#​18755)
  • Bump minimum supported Rust version (MSRV) to 1.82.0. Missed in #​18553 (released in Synapse 1.134.0). (#​18757)
  • Make Clock.sleep(...) return a coroutine, so that mypy can catch places where we don't await on it. (#​18772)
  • Update implementation of MSC4306: Thread Subscriptions to include automatic subscription conflict prevention as introduced in later drafts. (#​18756)
Updates to locked dependencies
  • Bump gitpython from 3.1.44 to 3.1.45. (#​18743)
  • Bump mypy-zope from 1.0.12 to 1.0.13. (#​18744)
  • Bump phonenumbers from 9.0.9 to 9.0.10. (#​18741)
  • Bump ruff from 0.12.4 to 0.12.5. (#​18742)
  • Bump sentry-sdk from 2.32.0 to 2.33.2. (#​18745)
  • Bump tokio from 1.46.1 to 1.47.0. (#​18740)
  • Bump types-jsonschema from 4.24.0.20250708 to 4.25.0.20250720. (#​18703)
  • Bump types-psycopg2 from 2.9.21.20250516 to 2.9.21.20250718. (#​18706)

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Update | Change | |---|---|---| | [ghcr.io/element-hq/synapse](https://matrix.org/docs/projects/server/synapse) ([source](https://github.com/element-hq/synapse)) | minor | `v1.135.2` -> `v1.136.0` | --- ### Release Notes <details> <summary>element-hq/synapse (ghcr.io/element-hq/synapse)</summary> ### [`v1.136.0`](https://github.com/element-hq/synapse/releases/tag/v1.136.0) [Compare Source](https://github.com/element-hq/synapse/compare/v1.135.2...v1.136.0) ##### Synapse 1.136.0 (2025-08-12) Note: This release includes the security fixes from `1.135.2` and `1.136.0rc2`, detailed below. Please also check [the relevant section in the upgrade notes](https://github.com/element-hq/synapse/blob/develop/docs/upgrade.md#upgrading-to-v11360) for the changes to MAS support, metrics labels and the module API which may require your attention when upgrading. ##### Bugfixes - Fix bug introduced in 1.135.2 and 1.136.0rc2 where the [Make Room Admin API](https://element-hq.github.io/synapse/latest/admin_api/rooms.html#make-room-admin-api) would not treat a room v12's creator power level as the highest in room. ([#&#8203;18805](https://github.com/element-hq/synapse/issues/18805)) ##### Synapse 1.136.0rc2 (2025-08-11) This is the Synapse portion of the [Matrix coordinated security release](https://matrix.org/blog/2025/07/security-predisclosure/). This release includes support for [room version](https://spec.matrix.org/v1.15/rooms/) 12 which fixes a number of security vulnerabilities, including [CVE-2025-49090](https://www.cve.org/CVERecord?id=CVE-2025-49090). The default room version is not changed. Not all clients will support room version 12 immediately, and not all users will be using the latest version of their clients. Large, public rooms are advised to wait a few weeks before upgrading to room version 12 to allow users throughout the Matrix ecosystem to update their clients. Note: release 1.135.1 was skipped due to issues discovered during the release process. Two patched Synapse releases are now available: - `1.135.2`: stable release comprised of `1.135.0` + security patches - Upgrade to this release **if you are currently running 1.135.0 or below**. - `1.136.0rc2`: unstable release candidate comprised of `1.136.0rc1` + security patches. - Upgrade to this release **only if you are on 1.136.0rc1**. ##### Bugfixes - Update MSC4293 redaction logic for room v12. ([#&#8203;80](https://github.com/element-hq/synapse/issues/80)) ##### Internal Changes - Add a parameter to `upgrade_rooms(..)` to allow auto join local users. ([#&#8203;83](https://github.com/element-hq/synapse/issues/83)) ##### Synapse 1.136.0rc1 (2025-08-05) ##### Features - Add configurable rate limiting for the creation of rooms. ([#&#8203;18514](https://github.com/element-hq/synapse/issues/18514)) - Add support for [MSC4293](https://github.com/matrix-org/matrix-spec-proposals/pull/4293) - Redact on Kick/Ban. ([#&#8203;18540](https://github.com/element-hq/synapse/issues/18540)) - When admins enable themselves to see soft-failed events, they will also see if the cause is due to the policy server flagging them as spam via `unsigned`. ([#&#8203;18585](https://github.com/element-hq/synapse/issues/18585)) - Add ability to configure forward/outbound proxy via homeserver config instead of environment variables. See `http_proxy`, `https_proxy`, `no_proxy_hosts`. ([#&#8203;18686](https://github.com/element-hq/synapse/issues/18686)) - Advertise experimental support for [MSC4306](https://github.com/matrix-org/matrix-spec-proposals/pull/4306) (Thread Subscriptions) through `/_matrix/clients/versions` if enabled. ([#&#8203;18722](https://github.com/element-hq/synapse/issues/18722)) - Stabilise support for delegating authentication to [Matrix Authentication Service](https://github.com/element-hq/matrix-authentication-service/). ([#&#8203;18759](https://github.com/element-hq/synapse/issues/18759)) - Implement the push rules for experimental [MSC4306: Thread Subscriptions](https://github.com/matrix-org/matrix-doc/issues/4306). ([#&#8203;18762](https://github.com/element-hq/synapse/issues/18762)) ##### Bugfixes - Allow return code 403 (allowed by C2S Spec since v1.2) when fetching profiles via federation. ([#&#8203;18696](https://github.com/element-hq/synapse/issues/18696)) - Register the MSC4306 (Thread Subscriptions) endpoints in the CS API when the experimental feature is enabled. ([#&#8203;18726](https://github.com/element-hq/synapse/issues/18726)) - Fix a long-standing bug where suspended users could not have server notices sent to them (a 403 was returned to the admin). ([#&#8203;18750](https://github.com/element-hq/synapse/issues/18750)) - Fix an issue that could cause logcontexts to be lost on rate-limited requests. Found by [@&#8203;realtyem](https://github.com/realtyem). ([#&#8203;18763](https://github.com/element-hq/synapse/issues/18763)) - Fix invalidation of storage cache that was broken in 1.135.0. ([#&#8203;18786](https://github.com/element-hq/synapse/issues/18786)) ##### Improved Documentation - Minor improvements to README. ([#&#8203;18700](https://github.com/element-hq/synapse/issues/18700)) - Document that there can be multiple workers handling the `receipts` stream. ([#&#8203;18760](https://github.com/element-hq/synapse/issues/18760)) - Improve worker documentation for some device paths. ([#&#8203;18761](https://github.com/element-hq/synapse/issues/18761)) ##### Deprecations and Removals - Deprecate `run_as_background_process` exported as part of the module API interface in favor of `ModuleApi.run_as_background_process`. See [the relevant section in the upgrade notes](https://github.com/element-hq/synapse/blob/develop/docs/upgrade.md#upgrading-to-v11360) for more information. ([#&#8203;18737](https://github.com/element-hq/synapse/issues/18737)) ##### Internal Changes - Add debug logging for HMAC digest verification failures when using the admin API to register users. ([#&#8203;18474](https://github.com/element-hq/synapse/issues/18474)) - Speed up upgrading a room with large numbers of banned users. ([#&#8203;18574](https://github.com/element-hq/synapse/issues/18574)) - Fix config documentation generation script on Windows by enforcing UTF-8. ([#&#8203;18580](https://github.com/element-hq/synapse/issues/18580)) - Refactor cache, background process, `Counter`, `LaterGauge`, `GaugeBucketCollector`, `Histogram`, and `Gauge` metrics to be homeserver-scoped. ([#&#8203;18656](https://github.com/element-hq/synapse/issues/18656), [#&#8203;18714](https://github.com/element-hq/synapse/issues/18714), [#&#8203;18715](https://github.com/element-hq/synapse/issues/18715), [#&#8203;18724](https://github.com/element-hq/synapse/issues/18724), [#&#8203;18753](https://github.com/element-hq/synapse/issues/18753), [#&#8203;18725](https://github.com/element-hq/synapse/issues/18725), [#&#8203;18670](https://github.com/element-hq/synapse/issues/18670), [#&#8203;18748](https://github.com/element-hq/synapse/issues/18748), [#&#8203;18751](https://github.com/element-hq/synapse/issues/18751)) - Reduce database usage in Sliding Sync by not querying for background update completion after the update is known to be complete. ([#&#8203;18718](https://github.com/element-hq/synapse/issues/18718)) - Improve order of validation and ratelimiting in room creation. ([#&#8203;18723](https://github.com/element-hq/synapse/issues/18723)) - Bump minimum version bound on Twisted to 21.2.0. ([#&#8203;18727](https://github.com/element-hq/synapse/issues/18727), [#&#8203;18729](https://github.com/element-hq/synapse/issues/18729)) - Use `twisted.internet.testing` module in tests instead of deprecated `twisted.test.proto_helpers`. ([#&#8203;18728](https://github.com/element-hq/synapse/issues/18728)) - Remove obsolete `/send_event` replication endpoint. ([#&#8203;18730](https://github.com/element-hq/synapse/issues/18730)) - Update metrics linting to be able to handle custom metrics. ([#&#8203;18733](https://github.com/element-hq/synapse/issues/18733)) - Work around `twisted.protocols.amp.TooLong` error by reducing logging in some tests. ([#&#8203;18736](https://github.com/element-hq/synapse/issues/18736)) - Prevent "Move labelled issues to correct projects" GitHub Actions workflow from failing when an issue is already on the project board. ([#&#8203;18755](https://github.com/element-hq/synapse/issues/18755)) - Bump minimum supported Rust version (MSRV) to 1.82.0. Missed in [#&#8203;18553](https://github.com/element-hq/synapse/pull/18553) (released in Synapse 1.134.0). ([#&#8203;18757](https://github.com/element-hq/synapse/issues/18757)) - Make `Clock.sleep(...)` return a coroutine, so that mypy can catch places where we don't await on it. ([#&#8203;18772](https://github.com/element-hq/synapse/issues/18772)) - Update implementation of [MSC4306: Thread Subscriptions](https://github.com/matrix-org/matrix-doc/issues/4306) to include automatic subscription conflict prevention as introduced in later drafts. ([#&#8203;18756](https://github.com/element-hq/synapse/issues/18756)) ##### Updates to locked dependencies - Bump gitpython from 3.1.44 to 3.1.45. ([#&#8203;18743](https://github.com/element-hq/synapse/issues/18743)) - Bump mypy-zope from 1.0.12 to 1.0.13. ([#&#8203;18744](https://github.com/element-hq/synapse/issues/18744)) - Bump phonenumbers from 9.0.9 to 9.0.10. ([#&#8203;18741](https://github.com/element-hq/synapse/issues/18741)) - Bump ruff from 0.12.4 to 0.12.5. ([#&#8203;18742](https://github.com/element-hq/synapse/issues/18742)) - Bump sentry-sdk from 2.32.0 to 2.33.2. ([#&#8203;18745](https://github.com/element-hq/synapse/issues/18745)) - Bump tokio from 1.46.1 to 1.47.0. ([#&#8203;18740](https://github.com/element-hq/synapse/issues/18740)) - Bump types-jsonschema from 4.24.0.20250708 to 4.25.0.20250720. ([#&#8203;18703](https://github.com/element-hq/synapse/issues/18703)) - Bump types-psycopg2 from 2.9.21.20250516 to 2.9.21.20250718. ([#&#8203;18706](https://github.com/element-hq/synapse/issues/18706)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS42Ni4xIiwidXBkYXRlZEluVmVyIjoiNDEuNjYuMSIsInRhcmdldEJyYW5jaCI6Im1hc3RlciIsImxhYmVscyI6W119-->
renovate added 1 commit 2025-08-13 03:09:13 +00:00
AverageMarcus merged commit 2ea10159d8 into master 2025-08-13 05:54:44 +00:00
AverageMarcus deleted branch renovate/ghcr.io-element-hq-synapse-1.x 2025-08-13 05:54:44 +00:00
Sign in to join this conversation.
No Reviewers
No Label
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: AverageMarcus/cluster.fun#536
No description provided.