Synapse: Matrix homeserver written in Python/Twisted.
Find a file
dependabot[bot] b715799bb5
Bump pyo3 from 0.20.0 to 0.20.2 (#16791)
Bumps [pyo3](https://github.com/pyo3/pyo3) from 0.20.0 to 0.20.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/pyo3/pyo3/releases">pyo3's
releases</a>.</em></p>
<blockquote>
<h2>PyO3 0.20.2</h2>
<p>This release corrects a failure to compile of the <code>either</code>
feature when the <code>experimental-inspect</code> feature is not
enabled.</p>
<p>It also adds backwards-compatibility for <code>pyo3</code> 0.20.0 to
build against <code>pyo3-build-config</code> 0.20.2, as
<code>pyo3</code> 0.20.0 was (unintentionally) not pinned against an
exact patch version <code>pyo3-build-config</code>, and
<code>pyo3</code> 0.20.0 could not build against
<code>pyo3-build-config</code> 0.20.1 due to an internal API
adjustment.</p>
<p>Thank you to the following users for the improvements:</p>
<p><a
href="https://github.com/adamreichold"><code>@​adamreichold</code></a>
<a
href="https://github.com/davidhewitt"><code>@​davidhewitt</code></a></p>
<h2>PyO3 0.20.1</h2>
<p>This release is a maintenance release to resolve <a
href="https://redirect.github.com/rust-lang/rust-clippy/issues/12039">a
clippy warning</a> which triggers on function arguments of
<code>Py&lt;Self&gt;</code>.</p>
<p>This release also contains a few minor API additions, including
optional support for the <code>either</code> and <code>smallvec</code>
crates.</p>
<p>Thank you to the following users for the improvements:</p>
<p><a
href="https://github.com/adamreichold"><code>@​adamreichold</code></a>
<a href="https://github.com/aldanor"><code>@​aldanor</code></a>
<a href="https://github.com/alex"><code>@​alex</code></a>
<a href="https://github.com/daemontus"><code>@​daemontus</code></a>
<a href="https://github.com/davidhewitt"><code>@​davidhewitt</code></a>
<a href="https://github.com/mejrs"><code>@​mejrs</code></a>
<a href="https://github.com/messense"><code>@​messense</code></a>
<a href="https://github.com/neachdainn"><code>@​neachdainn</code></a>
<a href="https://github.com/orhun"><code>@​orhun</code></a>
<a
href="https://github.com/suriya-ganesh"><code>@​suriya-ganesh</code></a>
<a href="https://github.com/wyfo"><code>@​wyfo</code></a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/PyO3/pyo3/blob/main/CHANGELOG.md">pyo3's
changelog</a>.</em></p>
<blockquote>
<h2>[0.20.2] - 2024-01-04</h2>
<h3>Packaging</h3>
<ul>
<li>Pin <code>pyo3</code> and <code>pyo3-ffi</code> dependencies on
<code>pyo3-build-config</code> to require the same patch version, i.e.
<code>pyo3</code> 0.20.2 requires <em>exactly</em>
<code>pyo3-build-config</code> 0.20.2. <a
href="https://redirect.github.com/PyO3/pyo3/pull/3721">#3721</a></li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Fix compile failure when building <code>pyo3</code> 0.20.0 with
latest <code>pyo3-build-config</code> 0.20.X. <a
href="https://redirect.github.com/PyO3/pyo3/pull/3724">#3724</a></li>
<li>Fix docs.rs build. <a
href="https://redirect.github.com/PyO3/pyo3/pull/3722">#3722</a></li>
</ul>
<h2>[0.20.1] - 2023-12-30</h2>
<h3>Added</h3>
<ul>
<li>Add optional <code>either</code> feature to add conversions for
<code>either::Either&lt;L, R&gt;</code> sum type. <a
href="https://redirect.github.com/PyO3/pyo3/pull/3456">#3456</a></li>
<li>Add optional <code>smallvec</code> feature to add conversions for
<code>smallvec::SmallVec</code>. <a
href="https://redirect.github.com/PyO3/pyo3/pull/3507">#3507</a></li>
<li>Add <code>take</code> and <code>into_inner</code> methods to
<code>GILOnceCell</code> <a
href="https://redirect.github.com/PyO3/pyo3/pull/3556">#3556</a></li>
<li><code>#[classmethod]</code> methods can now also receive
<code>Py&lt;PyType&gt;</code> as their first argument. <a
href="https://redirect.github.com/PyO3/pyo3/pull/3587">#3587</a></li>
<li><code>#[pyfunction(pass_module)]</code> can now also receive
<code>Py&lt;PyModule&gt;</code> as their first argument. <a
href="https://redirect.github.com/PyO3/pyo3/pull/3587">#3587</a></li>
<li>Add <code>traverse</code> method to <code>GILProtected</code>. <a
href="https://redirect.github.com/PyO3/pyo3/pull/3616">#3616</a></li>
<li>Added <code>abi3-py312</code> feature <a
href="https://redirect.github.com/PyO3/pyo3/pull/3687">#3687</a></li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Fix minimum version specification for optional <code>chrono</code>
dependency. <a
href="https://redirect.github.com/PyO3/pyo3/pull/3512">#3512</a></li>
<li>Silenced new <code>clippy::unnecessary_fallible_conversions</code>
warning when using a <code>Py&lt;Self&gt;</code> <code>self</code>
receiver. <a
href="https://redirect.github.com/PyO3/pyo3/pull/3564">#3564</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="bcef18b988"><code>bcef18b</code></a>
release: 0.20.2</li>
<li><a
href="fa6d60b77e"><code>fa6d60b</code></a>
Use a definite version specification when depending on
pyo3-build-config.</li>
<li><a
href="f9f0bdde70"><code>f9f0bdd</code></a>
Merge pull request <a
href="https://redirect.github.com/pyo3/pyo3/issues/3724">#3724</a> from
davidhewitt/fix-build-config-issue</li>
<li><a
href="cf213252fa"><code>cf21325</code></a>
re-add emit_pyo3_cfgs for pyo3 0.20.0 compatibility</li>
<li><a
href="f7893858d2"><code>f789385</code></a>
Merge pull request <a
href="https://redirect.github.com/pyo3/pyo3/issues/3722">#3722</a> from
PyO3/fix-doc-build</li>
<li><a
href="9120b35f35"><code>9120b35</code></a>
Include the experimental-inspect feature for the docs.rs build thereby
making...</li>
<li><a
href="2e79c557cc"><code>2e79c55</code></a>
Add CI job to test the equivalent of a docs.rs build.</li>
<li><a
href="2564ca4e75"><code>2564ca4</code></a>
Fix missing feature flags in implementation of Either conversion.</li>
<li><a
href="be4d5627a3"><code>be4d562</code></a>
Merge pull request <a
href="https://redirect.github.com/pyo3/pyo3/issues/3713">#3713</a> from
PyO3/release-0.20.1</li>
<li><a
href="d3f034a80f"><code>d3f034a</code></a>
release: 0.20.1</li>
<li>Additional commits viewable in <a
href="https://github.com/pyo3/pyo3/compare/v0.20.0...v0.20.2">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pyo3&package-manager=cargo&previous-version=0.20.0&new-version=0.20.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-10 15:06:18 +00:00
.ci Update book location 2023-12-13 16:15:22 +00:00
.github Fix auto-merge CI to correctly wait for linting. (#16781) 2024-01-10 13:53:44 +00:00
changelog.d Pull less state out if we fail to backfill (#16788) 2024-01-10 14:42:13 +00:00
contrib Update book location 2023-12-13 16:15:22 +00:00
debian 1.99.0rc1 2024-01-09 13:44:02 +00:00
demo Suppress the trusted key server warning for matrix.org in the demo scripts (#15527) 2023-05-03 12:07:49 +00:00
dev-docs Add developer documentation for the Federation Sender and add a documentation mechanism using Sphinx. (#15265) 2023-03-24 16:41:10 +00:00
docker Fix typo 2023-12-13 16:37:10 +00:00
docs Add a link to the Request log format page from Logging Sample Config (#16778) 2024-01-10 13:34:55 +00:00
rust Port EventInternalMetadata class to Rust (#16782) 2024-01-08 14:06:48 +00:00
scripts-dev Fix typo 2023-12-13 16:37:10 +00:00
stubs Move the rust stubs inline for better IDE integration (#16757) 2023-12-21 13:31:36 +00:00
synapse Pull less state out if we fail to backfill (#16788) 2024-01-10 14:42:13 +00:00
synmark Update license headers 2023-11-21 15:29:58 -05:00
tests Filter out rooms from the room directory being served to other homeservers when those rooms block that homeserver by their Access Control Lists. (#16759) 2024-01-08 17:24:20 +00:00
.codecov.yml Disable codecov reports to GH comments. 2019-07-31 10:56:02 +01:00
.coveragerc Fix coverage in sytest and use plugins for buildkite (#5922) 2019-08-29 22:19:57 +10:00
.dockerignore Fix pinning Rust deps in docker images (#14129) 2022-10-11 10:53:34 +00:00
.editorconfig Apply correct editorconfig to .pyi files (#14526) 2022-11-22 18:33:28 +00:00
.git-blame-ignore-revs Use full GitHub links instead of bare issue numbers. (#16637) 2023-11-15 08:02:11 -05:00
.gitignore Fix the devenv up configuration which was ignoring the config overrides. (#15854) 2023-07-03 11:39:52 +01:00
.rustfmt.toml Port the push rule classes to Rust. (#13768) 2022-09-20 12:10:31 +01:00
AUTHORS.rst Automatically delete empty groups/communities (#6453) 2019-12-16 12:12:40 +00:00
book.toml More renaming 2023-12-13 15:41:11 +00:00
build_rust.py Always build Rust extension in release mode (#14009) 2022-10-03 11:20:18 +01:00
Cargo.lock Bump pyo3 from 0.20.0 to 0.20.2 (#16791) 2024-01-10 15:06:18 +00:00
Cargo.toml Fix building rust with nightly (#15906) 2023-07-10 16:24:04 +01:00
CHANGES.md Fixup changelog links 2024-01-09 15:09:32 +00:00
CONTRIBUTING.md Update the contributing guide after reliecensing (#16772) 2024-01-03 11:31:03 +00:00
flake.lock Update rust in flake.nix: 1.70.0 -> 1.71.1 to address CVE-2023-38497 (#16260) 2023-09-06 14:34:01 +01:00
flake.nix Apply missed suggestions from the review of #16090. (#16263) 2023-09-06 16:15:56 +01:00
INSTALL.md Update book location 2023-12-13 16:15:22 +00:00
LICENSE Update the license from Apache License v2 to AGPL-3.0. 2023-11-21 15:29:55 -05:00
mypy.ini Support reactor timing metric on more reactors. (#16532) 2023-11-06 08:31:22 -05:00
poetry.lock Bump sentry-sdk from 1.35.0 to 1.39.1 (#16799) 2024-01-10 14:38:21 +00:00
pylint.cfg Added pylint config file: ignore missing-docstring messages. 2014-10-24 10:22:09 +01:00
pyproject.toml 1.99.0rc1 2024-01-09 13:44:02 +00:00
README.rst Update book location 2023-12-13 16:15:22 +00:00
sytest-blacklist Use full GitHub links instead of bare issue numbers. (#16637) 2023-11-15 08:02:11 -05:00
tox.ini Run lints under poetry in CI; remove lint tox jobs (#12434) 2022-04-12 17:35:48 +01:00
UPGRADE.rst Update book location 2023-12-13 16:15:22 +00:00

Synapse (get support on #synapse:matrix.org) (discuss development on #synapse-dev:matrix.org) (Rendered documentation on GitHub Pages) (check license in LICENSE file) (latest version released on PyPi) (supported python versions)

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. We began rapid development in 2014, reaching v1.0.0 in 2019. Development on Synapse and the Matrix protocol itself continues in earnest today.

Briefly, Matrix is an open standard for communications on the internet, supporting federation, encryption and VoIP. Matrix.org has more to say about the goals of the Matrix project, and the formal specification describes the technical details.

Installing and configuration

The Synapse documentation describes how to install Synapse. We recommend using Docker images or Debian packages from Matrix.org.

Synapse has a variety of config options which can be used to customise its behaviour after installation. There are additional details on how to configure Synapse for federation here.

Using a reverse proxy with Synapse

It is recommended to put a reverse proxy such as nginx, Apache, Caddy, HAProxy or relayd in front of Synapse. One advantage of doing so is that it means that you can expose the default https port (443) to Matrix clients without needing to run Synapse with root privileges. For information on configuring one, see the reverse proxy docs.

Upgrading an existing Synapse

The instructions for upgrading Synapse are in the upgrade notes. Please check these instructions as upgrading may require extra steps for some versions of Synapse.

Platform dependencies

Synapse uses a number of platform dependencies such as Python and PostgreSQL, and aims to follow supported upstream versions. See the deprecation policy for more details.

Security note

Matrix serves raw, user-supplied data in some APIs -- specifically the content repository endpoints.

Whilst we make a reasonable effort to mitigate against XSS attacks (for instance, by using CSP), a Matrix homeserver should not be hosted on a domain hosting other web applications. This especially applies to sharing the domain with Matrix web clients and other sensitive applications like webmail. See https://developer.github.com/changes/2014-04-25-user-content-security for more information.

Ideally, the homeserver should not simply be on a different subdomain, but on a completely different registered domain (also known as top-level site or eTLD+1). This is because some attacks are still possible as long as the two applications share the same registered domain.

To illustrate this with an example, if your Element Web or other sensitive web application is hosted on A.example1.com, you should ideally host Synapse on example2.com. Some amount of protection is offered by hosting on B.example1.com instead, so this is also acceptable in some scenarios. However, you should not host your Synapse on A.example1.com.

Note that all of the above refers exclusively to the domain used in Synapse's public_baseurl setting. In particular, it has no bearing on the domain mentioned in MXIDs hosted on that server.

Following this advice ensures that even if an XSS is found in Synapse, the impact to other applications will be minimal.

Testing a new installation

The easiest way to try out your new Synapse installation is by connecting to it from a web client.

Unless you are running a test instance of Synapse on your local machine, in general, you will need to enable TLS support before you can successfully connect from a client: see TLS certificates.

An easy way to get started is to login or register via Element at https://app.element.io/#/login or https://app.element.io/#/register respectively. You will need to change the server you are logging into from matrix.org and instead specify a Homeserver URL of https://<server_name>:8448 (or just https://<server_name> if you are using a reverse proxy). If you prefer to use another client, refer to our client breakdown.

If all goes well you should at least be able to log in, create a room, and start sending messages.

Registering a new user from a client

By default, registration of new users via Matrix clients is disabled. To enable it:

  1. In the registration config section set enable_registration: true in homeserver.yaml.
  2. Then either:
    1. set up a CAPTCHA, or
    2. set enable_registration_without_verification: true in homeserver.yaml.

We strongly recommend using a CAPTCHA, particularly if your homeserver is exposed to the public internet. Without it, anyone can freely register accounts on your homeserver. This can be exploited by attackers to create spambots targetting the rest of the Matrix federation.

Your new user name will be formed partly from the server_name, and partly from a localpart you specify when you create the account. Your name will take the form of:

@localpart:my.domain.name

(pronounced "at localpart on my dot domain dot name").

As when logging in, you will need to specify a "Custom server". Specify your desired localpart in the 'User name' box.

Troubleshooting and support

The Admin FAQ includes tips on dealing with some common problems. For more details, see Synapse's wider documentation.

For additional support installing or managing Synapse, please ask in the community support room #synapse:matrix.org_ (from a matrix.org account if necessary). We do not use GitHub issues for support requests, only for bug reports and feature requests.

Identity Servers

Identity servers have the job of mapping email addresses and other 3rd Party IDs (3PIDs) to Matrix user IDs, as well as verifying the ownership of 3PIDs before creating that mapping.

They are not where accounts or credentials are stored - these live on home servers. Identity Servers are just for mapping 3rd party IDs to matrix IDs.

This process is very security-sensitive, as there is obvious risk of spam if it is too easy to sign up for Matrix accounts or harvest 3PID data. In the longer term, we hope to create a decentralised system to manage it (matrix-doc #712), but in the meantime, the role of managing trusted identity in the Matrix ecosystem is farmed out to a cluster of known trusted ecosystem partners, who run 'Matrix Identity Servers' such as Sydent, whose role is purely to authenticate and track 3PID logins and publish end-user public keys.

You can host your own copy of Sydent, but this will prevent you reaching other users in the Matrix ecosystem via their email address, and prevent them finding you. We therefore recommend that you use one of the centralised identity servers at https://matrix.org or https://vector.im for now.

To reiterate: the Identity server will only be used if you choose to associate an email address with your account, or send an invite to another user via their email address.

Development

We welcome contributions to Synapse from the community! The best place to get started is our guide for contributors. This is part of our larger documentation, which includes

information for Synapse developers as well as Synapse administrators. Developers might be particularly interested in:

Alongside all that, join our developer community on Matrix: #synapse-dev:matrix.org, featuring real humans!