From 3cd303cdf96061a6ce9147ec6eb3f47da17693eb Mon Sep 17 00:00:00 2001 From: reivilibre Date: Wed, 20 Nov 2024 14:50:01 +0000 Subject: [PATCH] deploy: d0a474d312443a0ef6ebdbd9c6d3b3fd24a3500c --- develop/print.html | 20 ++++++++++++++++--- develop/searchindex.js | 2 +- develop/searchindex.json | 2 +- develop/upgrade.html | 14 +++++++++++++ .../configuration/config_documentation.html | 6 +++--- 5 files changed, 36 insertions(+), 8 deletions(-) diff --git a/develop/print.html b/develop/print.html index 645179cb53..365ae47510 100644 --- a/develop/print.html +++ b/develop/print.html @@ -1902,6 +1902,20 @@ has been closed (and will not enter the Matrix spec). As such, we are removing the experimental support for it in this release.

The experimental_features.msc3886_endpoint configuration option has been removed.

+

Authenticated media is now enforced by default

+

The enable_authenticated_media configuration option now defaults to true.

+

This means that clients and remote (federated) homeservers now need to use +the authenticated media endpoints in order to download media from your +homeserver.

+

As an exception, existing media that was stored on the server prior to +this option changing to true will still be accessible over the +unauthenticated endpoints.

+

The matrix.org homeserver has already been running with this option enabled +since September 2024, so most common clients and homeservers should already +be compatible.

+

With that said, administrators who wish to disable this feature for broader +compatibility can still do so by manually configuring +enable_authenticated_media: False.

Upgrading to v1.119.0

Minimum supported Python version

The minimum supported Python version has been increased from v3.8 to v3.9. @@ -5454,8 +5468,7 @@ into fewer transactions. Defaults to 50.

enable_authenticated_media

When set to true, all subsequent media uploads will be marked as authenticated, and will not be available over legacy unauthenticated media endpoints (/_matrix/media/(r0|v3|v1)/download and /_matrix/media/(r0|v3|v1)/thumbnail) - requests for authenticated media over these endpoints will result in a 404. All media, including authenticated media, will be available over the authenticated media endpoints _matrix/client/v1/media/download and _matrix/client/v1/media/thumbnail. Media uploaded prior to setting this option to true will still be available over the legacy endpoints. Note if the setting is switched to false -after enabling, media marked as authenticated will be available over legacy endpoints. Defaults to false, but -this will change to true in a future Synapse release.

+after enabling, media marked as authenticated will be available over legacy endpoints. Defaults to true (previously false). In a future release of Synapse, this option will be removed and become always-on.

In all cases, authenticated requests to download media will succeed, but for unauthenticated requests, this case-by-case breakdown describes whether media downloads are permitted: