* develop: (45 commits)
URL preview blacklisting fixes (#5155)
Revert 085ae346ac
Add a DUMMY stage to captcha-only registration flow
Make Prometheus snippet less confusing on the metrics collection doc (#4288)
Set syslog identifiers in systemd units (#5023)
Run Black on the tests again (#5170)
Add AllowEncodedSlashes to apache (#5068)
remove instructions for jessie installation (#5164)
Run `black` on per_destination_queue
Limit the number of EDUs in transactions to 100 as expected by receiver (#5138)
Fix bogus imports in tests (#5154)
add options to require an access_token to GET /profile and /publicRooms on CS API (#5083)
Do checks on aliases for incoming m.room.aliases events (#5128)
Remove the requirement to authenticate for /admin/server_version. (#5122)
Fix spelling in server notices admin API docs (#5142)
Fix sample config
0.99.3.2
include disco in deb build target list
changelog
Debian: we now need libpq-dev.
...
Prevents a SynapseError being raised inside of a IResolutionReceiver and instead opts to just return 0 results. This thus means that we have to lump a failed lookup and a blacklisted lookup together with the same error message, but the substitute should be generic enough to cover both cases.
This commit adds two config options:
* `restrict_public_rooms_to_local_users`
Requires auth to fetch the public rooms directory through the CS API and disables fetching it through the federation API.
* `require_auth_for_profile_requests`
When set to `true`, requires that requests to `/profile` over the CS API are authenticated, and only returns the user's profile if the requester shares a room with the profile's owner, as per MSC1301.
MSC1301 also specifies a behaviour for federation (only returning the profile if the server asking for it shares a room with the profile's owner), but that's currently really non-trivial to do in a not too expensive way. Next step is writing down a MSC that allows a HS to specify which user sent the profile query. In this implementation, Synapse won't send a profile query over federation if it doesn't believe it already shares a room with the profile's owner, though.
Groups have been intentionally omitted from this commit.
This endpoint isn't much use for its intended purpose if you first need to get
yourself an admin's auth token.
I've restricted it to the `/_synapse/admin` path to make it a bit easier to
lock down for those concerned about exposing this information. I don't imagine
anyone is using it in anger currently.
* develop: (34 commits)
Add a default .m.rule.tombstone push rule (#4867)
Fix infinite loop in presence handler
changelog
more logging improvements
remove extraneous exception logging
Clarify logging when PDU signature checking fails
Changelog
Add --no-pep-517 to README instructions
set PIP_USE_PEP517 = False for tests
Fix handling of SYNAPSE_NO_TLS in docker image (#5005)
Config option for verifying federation certificates (MSC 1711) (#4967)
Remove log error for .well-known/matrix/client (#4972)
Prevent "producer not unregistered" message (#5009)
add gpg key fingerprint
Don't crash on lack of expiry templates
Update debian install docs for new key and repo (#5074)
Add management endpoints for account validity
Send out emails with links to extend an account's validity period
Make sure we're not registering the same 3pid twice
Newsfile
...
Hopefully this time we really will fix#4422.
We need to make sure that the cache on
`get_rooms_for_user_with_stream_ordering` is invalidated *before* the
SyncHandler is notified for the new events, and we can now do so reliably via
the `events` stream.
