Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
148 commits
Select commit Hold shift + click to select a range
3779c59
move postgres 13 deprecation note to top of changelog
anoadragon453 Nov 19, 2025
ea3e08c
Bump attrs from 25.3.0 to 25.4.0 (#19215)
dependabot[bot] Nov 24, 2025
a5d946b
Bump types-bleach from 6.2.0.20250809 to 6.3.0.20251115 (#19217)
dependabot[bot] Nov 24, 2025
1b78f03
Bump rpds-py from 0.28.0 to 0.29.0 (#19216)
dependabot[bot] Nov 24, 2025
f3975ce
Bump actions/setup-go from 6.0.0 to 6.1.0 (#19214)
dependabot[bot] Nov 24, 2025
9fb2b17
Bump actions/checkout from 5.0.0 to 6.0.0 (#19213)
dependabot[bot] Nov 24, 2025
8b79583
Bump sentry-sdk from 2.44.0 to 2.46.0 (#19218)
dependabot[bot] Nov 24, 2025
db975ea
Expire sliding sync connections (#19211)
erikjohnston Nov 25, 2025
b7e592a
Allow `ruff` to auto-fix trailing spaces in multi-line comments (#19221)
anoadragon453 Nov 25, 2025
2eb76b4
1.143.0
devonh Nov 25, 2025
87d6e27
Capitalize Synapse in changelog
devonh Nov 25, 2025
ae98771
Merge branch 'master' into develop
devonh Nov 25, 2025
ba65d8c
Put MSC2666 endpoint behind an experimental flag (#19219)
anoadragon453 Nov 25, 2025
2741ead
Stop building wheels for MacOS (#19225)
anoadragon453 Nov 26, 2025
b74c29f
Move towards a dedicated `Duration` class (#19223)
erikjohnston Nov 26, 2025
c928347
Implement MSC4380: Invite blocking (#19203)
richvdh Nov 26, 2025
703464c
Fix case where `get_partial_current_state_deltas` could return >100 r…
anoadragon453 Nov 26, 2025
52089f1
Prevent `lint-newsfile` job activating when fixing dependabot PR bran…
anoadragon453 Nov 27, 2025
566670c
Move `RestartDelayedEventServlet` to workers (#19207)
anoadragon453 Nov 27, 2025
78ec304
Use sqlglot to properly check SQL delta files (#19224)
erikjohnston Nov 28, 2025
778897a
Add a unit test that ensures that deleting a device purges the associ…
anoadragon453 Nov 28, 2025
034c5e6
Move call invite filtering logic to `filter_events_for_client` (#17782)
anoadragon453 Nov 28, 2025
d143276
Fix rust source check when using .egg-info (#19251)
erikjohnston Dec 1, 2025
1bddd25
Port `Clock` functions to use `Duration` class (#19229)
erikjohnston Dec 1, 2025
119f02e
Return 400 when canonical_alias content invalid (#19240)
devonh Dec 1, 2025
b4ee0bf
Bump actions/setup-python from 6.0.0 to 6.1.0 (#19245)
dependabot[bot] Dec 1, 2025
bf6163c
Bump docker/metadata-action from 5.9.0 to 5.10.0 (#19246)
dependabot[bot] Dec 1, 2025
58dd259
Bump http from 1.3.1 to 1.4.0 (#19249)
dependabot[bot] Dec 1, 2025
d435cfc
Add mention of future deprecations to release script (#19239)
devonh Dec 1, 2025
c20dd88
Document how merging config files works - see #11203 (#19243)
klaernie Dec 1, 2025
38588f9
Bump Swatinem/rust-cache from 2.8.1 to 2.8.2 (#19244)
dependabot[bot] Dec 1, 2025
c09298e
Bump pydantic from 2.12.4 to 2.12.5 (#19250)
dependabot[bot] Dec 1, 2025
e0e7a44
Bump pyopenssl from 25.1.0 to 25.3.0 (#19248)
dependabot[bot] Dec 1, 2025
3cf21bc
Bump rpds-py from 0.29.0 to 0.30.0 (#19247)
dependabot[bot] Dec 1, 2025
afdf9af
Bump types-jsonschema from 4.25.1.20250822 to 4.25.1.20251009 (#19252)
dependabot[bot] Dec 1, 2025
08e1b63
Fix v12 rooms when using frozen dicts (#19235)
devonh Dec 1, 2025
88310fe
Add log to determine whether clients are using `/messages` as expecte…
MadLittleMods Dec 1, 2025
a8e5c31
Simplify README and add ESS Getting started section (#19228)
pmaier1 Dec 2, 2025
022e56c
Move security note from README into the docs (#19259)
erikjohnston Dec 2, 2025
2862c77
Remove macos wheels from CI (#19263)
devonh Dec 2, 2025
5fe4b7e
1.144.0rc1
devonh Dec 2, 2025
ffd0b4c
Add a 14-day cooldown for dependency updates (#19258)
anoadragon453 Dec 2, 2025
0dfc21c
Remove "Updates to locked dependencies" section from changelog (#19254)
anoadragon453 Dec 2, 2025
3d28e22
Dependabot: allow 10 open PRs for general updates (#19253)
anoadragon453 Dec 2, 2025
f86918e
Remove the currently broken netlify GHA workflow (#19262)
anoadragon453 Dec 2, 2025
3931667
Be able to `shutdown` homeserver that hasn't `setup` (#19187)
MadLittleMods Dec 2, 2025
83023ce
Be able to `shutdown` homeserver that failed to `start` (#19232)
MadLittleMods Dec 2, 2025
aff90a5
Bump bleach from 6.2.0 to 6.3.0 (#19265)
dependabot[bot] Dec 2, 2025
d688daf
Fix bug where `Duration` was logged incorrectly (#19267)
devonh Dec 2, 2025
4cd05ba
Fix bug where `Duration` was logged incorrectly (#19267)
devonh Dec 2, 2025
989c4d2
Update changelog
devonh Dec 2, 2025
93e658b
Bump cryptography from 45.0.7 to 46.0.3 (#19266)
dependabot[bot] Dec 2, 2025
978ae0b
Merge branch 'release-v1.144' into develop
devonh Dec 2, 2025
e8710e7
Don't include debug logs in `Clock` unless explicitly enabled (#19278)
devonh Dec 4, 2025
a096fba
Group non-breaking dependabot PRs together to reduce review load (#18…
anoadragon453 Dec 5, 2025
891983f
Bump the minor-and-patches group with 3 updates (#19280)
dependabot[bot] Dec 5, 2025
09fd264
Bump urllib3 from 2.5.0 to 2.6.0 (#19282)
dependabot[bot] Dec 5, 2025
8b0083c
Respond with useful error codes when `Content-Length` header/s are in…
devonh Dec 8, 2025
1aeb34a
1.144.0
devonh Dec 9, 2025
1bfcc9a
Lift important notes to top of changelog
devonh Dec 9, 2025
acafac3
Merge branch 'master' into develop
devonh Dec 9, 2025
ba774e2
Bump ruff from 0.14.5 to 0.14.6 in the minor-and-patches group across…
dependabot[bot] Dec 9, 2025
3aaa2e8
Switch the build backend from `poetry-core` to `maturin` (#19234)
anoadragon453 Dec 10, 2025
cdf286d
Use `uv` to test full set of minimum deps in CI (#19289)
devonh Dec 11, 2025
dfd00a9
Fix sliding sync performance slow down for long lived connections. (#…
erikjohnston Dec 12, 2025
1f7f164
Unpin Rust from 1.82.0 (#19302)
anoadragon453 Dec 12, 2025
3f63638
Add an Admin API endpoint for listing quarantined media (#19268)
turt2live Dec 12, 2025
7347cc4
Add `memberships` admin API (#19260)
MatMaul Dec 12, 2025
048629d
minor grammar fix
anoadragon453 Dec 12, 2025
df24e0f
Fix support for older versions of zope-interface (#19274)
devonh Dec 12, 2025
4669947
Document importance of `public_baseurl` for delegation and OIDC (#19270)
klaernie Dec 13, 2025
0f2b295
Allow admins to bypass the quarantine check on media downloads (#19275)
turt2live Dec 15, 2025
29fd011
Improve proxy support for the federation_client.py dev script (#19300)
dkasak Dec 16, 2025
0395b71
Fix Mastodon URL previews not showing anything useful (#19231)
redstrate Dec 16, 2025
3989d22
Implement pagination for MSC2666 (#19279)
tulir Dec 16, 2025
f4320b5
Admin API: worker support for Query User Account (#19281)
AndrewFerr Dec 16, 2025
41938d6
Log the original bind exception when encountering `Failed to listen o…
MadLittleMods Dec 19, 2025
50fabc4
Bump actions/checkout from 6.0.0 to 6.0.1 in the minor-and-patches gr…
dependabot[bot] Dec 22, 2025
f79acff
Bump log from 0.4.28 to 0.4.29 in the patches group (#19318)
dependabot[bot] Dec 22, 2025
7a24faf
Auto-formatting `.github/workflows/tests.yml` from VSCode (#19327)
MadLittleMods Dec 29, 2025
bd94152
Stream Complement progress and format logs in a separate step after a…
MadLittleMods Dec 31, 2025
9dae6cc
Add a way to expose metrics from the Docker image (`SYNAPSE_ENABLE_ME…
MadLittleMods Jan 1, 2026
803e4b4
Make it more clear how `shared_extra_conf` is combined in our Docker …
MadLittleMods Jan 2, 2026
8f96a83
Bump actions/download-artifact from 6.0.0 to 7.0.0 (#19333)
dependabot[bot] Jan 5, 2026
691e43b
Bump actions/cache from 4.3.0 to 5.0.1 (#19332)
dependabot[bot] Jan 5, 2026
169d5b9
Bump reqwest from 0.12.24 to 0.12.25 in the patches group (#19331)
dependabot[bot] Jan 5, 2026
6b755f9
Bump actions/upload-artifact from 5.0.0 to 6.0.0 (#19334)
dependabot[bot] Jan 5, 2026
444bc56
Add rate limit conf to user directory endpoint (#19291)
MatMaul Jan 5, 2026
cd252db
Transform events with client metadata before serialising in /event re…
reivilibre Jan 6, 2026
39f8029
1.145.0rc1
devonh Jan 6, 2026
d6d1404
Add nifty titles to top level deprecations
devonh Jan 6, 2026
1500733
Replace usage of deprecated `assertEquals` with `assertEqual` (#19345)
anoadragon453 Jan 6, 2026
ac6463c
Fix media creation being ratelimited for appservices (#19335)
tulir Jan 6, 2026
18ef7f3
Bump pynacl from 1.5.0 to 1.6.2 (#19350)
dependabot[bot] Jan 6, 2026
987b61a
Revert "Add an Admin API endpoint for listing quarantined media (#192…
devonh Jan 6, 2026
6ac61e4
Revert "Add an Admin API endpoint for listing quarantined media (#192…
devonh Jan 6, 2026
16bc8c7
Update changelog after reverting PR
devonh Jan 6, 2026
a094d92
Implement synapse issue #16751: Treat local_media_directory as option…
drallgood Jan 6, 2026
4dcf113
Support for stable `m.oauth` UIA stage for MSC4312 (#19273)
hughns Jan 7, 2026
7ea7867
Drop support for Ubuntu 25.04 'Plucky Puffin', add support for Ubuntu…
velikopter Jan 7, 2026
13dff90
Fix sdist include formatting for maturin
devonh Jan 7, 2026
ecd67df
1.145.0rc2
devonh Jan 7, 2026
cbc5469
Merge branch 'release-v1.145' into develop
devonh Jan 7, 2026
8ff1960
Fix: use correct parameter when calling get_local_current_membership_…
lukastautz Jan 7, 2026
1db2302
Bump mdbook from 0.4.17 -> 0.5.2 and remove custom table-of-contents …
anoadragon453 Jan 7, 2026
66b1daa
Limit maturin includes to sdist packaging
devonh Jan 7, 2026
ade89c4
1.145.0rc3
devonh Jan 7, 2026
3f2887c
Merge branch 'release-v1.145' into develop
devonh Jan 7, 2026
da7b32e
Bump urllib3 from 2.6.0 to 2.6.3 (#19361)
dependabot[bot] Jan 8, 2026
ace2614
Remove docs on dead legacy metric names (#19341)
MadLittleMods Jan 8, 2026
d372ab3
Add cancel_task API to the task scheduler (#19310)
MatMaul Jan 8, 2026
15700e0
Only exclude .so files for sdist packaging
devonh Jan 8, 2026
438aa7c
1.145.0rc4
devonh Jan 8, 2026
ff0fa0f
Merge branch 'release-v1.145' into develop
devonh Jan 8, 2026
5a3362c
Bump authlib from 1.6.5 to 1.6.6 (#19363)
dependabot[bot] Jan 9, 2026
8f42f07
Remove MSC2697 (legacy dehydrated devices) (#19346)
Half-Shot Jan 12, 2026
6e80f2c
Fall back to checking power levels when sourcing local restricted joi…
timedoutuk Jan 12, 2026
daa4398
Update Element logo to be an absolute URL, so it will render on PyPI …
anoadragon453 Jan 13, 2026
164b980
Bump the minor-and-patches group with 2 updates (#19339)
dependabot[bot] Jan 13, 2026
8e2e814
Tweak docstrings and signatures of `auth_types_for_event` and `get_ca…
reivilibre Jan 13, 2026
27223a3
1.145.0
devonh Jan 13, 2026
9285cdf
Update usage of deprecated `release.title` in release script (#19358)
anoadragon453 Jan 13, 2026
8eb9d78
Merge branch 'master' into develop
devonh Jan 13, 2026
9b776c6
Minor changelog tweaks post-release (#19376)
devonh Jan 13, 2026
58f59ff
Refactor Grafana dashboard to use `server_name` label (#19337)
MadLittleMods Jan 14, 2026
a1e9abc
Add Prometheus HTTP service discovery endpoint for easy discovery of …
MadLittleMods Jan 15, 2026
079c52e
MSC4140: delayed event content as text, not bytes (#19360)
AndrewFerr Jan 15, 2026
6363d77
Warn about skipping reactor metrics when using unknown reactor type (…
MadLittleMods Jan 15, 2026
13c6476
Always rollback transaction when retrying (#19372)
MadLittleMods Jan 16, 2026
87d93b1
Latest changes from importing/exporting from Grafana 12.3.1 (#19381)
MadLittleMods Jan 16, 2026
cb376ee
Bump pyasn1 from 0.6.1 to 0.6.2 (#19387)
dependabot[bot] Jan 16, 2026
8b36740
Fix `InFlightGauge` typing to allow upgrading to `prometheus_client` …
devonh Jan 16, 2026
f54fd64
Add support for reactor metrics with the `ProxiedReactor` used in wor…
MadLittleMods Jan 19, 2026
8bdb72c
Give an estimate for room complexity values. (#19384)
lpaulino07 Jan 20, 2026
a0e6a05
1.146.0rc1
devonh Jan 20, 2026
064237a
Prune `sliding_sync_connection_required_state` table (#19306)
erikjohnston Jan 22, 2026
9a743a4
Don't retry joining partial state rooms all at once (#19402)
erikjohnston Jan 22, 2026
d6b45a7
Update and align Grafana dashboard to use regex matching for `job=~"$…
MadLittleMods Jan 22, 2026
826a7dd
Update "Event Send Time Quantiles" graph to only use dots for the eve…
MadLittleMods Jan 22, 2026
24df0ed
Limit health endpoint to `/health$` (#19405)
anoadragon453 Jan 26, 2026
e7dd5d3
Bump actions/checkout from 6.0.1 to 6.0.2 in the minor-and-patches gr…
dependabot[bot] Jan 26, 2026
53e8a3c
1.146.0
devonh Jan 27, 2026
9ad3f0c
Merge branch 'master' into develop
devonh Jan 27, 2026
ede0f4f
Bump python-multipart from 0.0.20 to 0.0.22 (#19411)
dependabot[bot] Jan 27, 2026
d02796f
Bump `pyo3` from 0.26.0 to 0.27.2 and `pythonize` from 0.26.0 to 0.27…
razvp Jan 28, 2026
0dfcffa
Fix looping calls not getting GCed. (#19416)
erikjohnston Jan 30, 2026
c195ee6
Merge branch 'develop' into jason/psycopg-merge-develop
jason-famedly Jan 30, 2026
99ff2ac
Adjust for execute_values() usage with fetch=False to only be appropr…
jason-famedly Jan 30, 2026
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .ci/before_build_wheel.sh
Original file line number Diff line number Diff line change
Expand Up @@ -7,4 +7,4 @@ if command -v yum &> /dev/null; then
fi

# Install a Rust toolchain
curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain 1.82.0 -y --profile minimal
curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain stable -y --profile minimal
146 changes: 0 additions & 146 deletions .ci/scripts/auditwheel_wrapper.py

This file was deleted.

39 changes: 0 additions & 39 deletions .ci/scripts/prepare_old_deps.sh

This file was deleted.

69 changes: 69 additions & 0 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
@@ -1,23 +1,92 @@
version: 2
# As dependabot is currently only run on a weekly basis, we raise the
# open-pull-requests-limit to 10 (from the default of 5) to better ensure we
# don't continuously grow a backlog of updates.
updates:
- # "pip" is the correct setting for poetry, per https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#package-ecosystem
package-ecosystem: "pip"
directory: "/"
open-pull-requests-limit: 10
schedule:
interval: "weekly"
# Group patch updates to packages together into a single PR, as they rarely
# if ever contain breaking changes that need to be reviewed separately.
#
# Less PRs means a streamlined review process.
#
# Python packages follow semantic versioning, and tend to only introduce
# breaking changes in major version bumps. Thus, we'll group minor and patch
# versions together.
groups:
minor-and-patches:
applies-to: version-updates
patterns:
- "*"
update-types:
- "minor"
- "patch"
# Prevent pulling packages that were recently updated to help mitigate
# supply chain attacks. 14 days was taken from the recommendation at
# https://blog.yossarian.net/2025/11/21/We-should-all-be-using-dependency-cooldowns
# where the author noted that 9/10 attacks would have been mitigated by a
# two week cooldown.
#
# The cooldown only applies to general updates; security updates will still
# be pulled in as soon as possible.
cooldown:
default-days: 14

- package-ecosystem: "docker"
directory: "/docker"
open-pull-requests-limit: 10
schedule:
interval: "weekly"
# For container versions, breaking changes are also typically only introduced in major
# package bumps.
groups:
minor-and-patches:
applies-to: version-updates
patterns:
- "*"
update-types:
- "minor"
- "patch"
cooldown:
default-days: 14

- package-ecosystem: "github-actions"
directory: "/"
open-pull-requests-limit: 10
schedule:
interval: "weekly"
# Similarly for GitHub Actions, breaking changes are typically only introduced in major
# package bumps.
groups:
minor-and-patches:
applies-to: version-updates
patterns:
- "*"
update-types:
- "minor"
- "patch"
cooldown:
default-days: 14

- package-ecosystem: "cargo"
directory: "/"
open-pull-requests-limit: 10
versioning-strategy: "lockfile-only"
schedule:
interval: "weekly"
# The Rust ecosystem is special in that breaking changes are often introduced
# in minor version bumps, as packages typically stay pre-1.0 for a long time.
# Thus we specifically keep minor version bumps separate in their own PRs.
groups:
patches:
applies-to: version-updates
patterns:
- "*"
update-types:
- "patch"
cooldown:
default-days: 14
12 changes: 6 additions & 6 deletions .github/workflows/docker.yml
Original file line number Diff line number Diff line change
Expand Up @@ -28,10 +28,10 @@ jobs:
steps:
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0

- name: Checkout repository
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

- name: Extract version from pyproject.toml
# Note: explicitly requesting bash will mean bash is invoked with `-eo pipefail`, see
Expand Down Expand Up @@ -75,7 +75,7 @@ jobs:
touch "${{ runner.temp }}/digests/${digest#sha256:}"

- name: Upload digest
uses: actions/upload-artifact@v5
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
with:
name: digests-${{ matrix.suffix }}
path: ${{ runner.temp }}/digests/*
Expand All @@ -95,7 +95,7 @@ jobs:
- build
steps:
- name: Download digests
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
with:
path: ${{ runner.temp }}/digests
pattern: digests-*
Expand All @@ -117,13 +117,13 @@ jobs:
password: ${{ secrets.GITHUB_TOKEN }}

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0

- name: Install Cosign
uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0

- name: Calculate docker image tag
uses: docker/metadata-action@318604b99e75e41977312d83839a89be02ca4893 # v5.9.0
uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0
with:
images: ${{ matrix.repository }}
flavor: |
Expand Down
34 changes: 0 additions & 34 deletions .github/workflows/docs-pr-netlify.yaml

This file was deleted.

Loading
Loading