Sourced from matrix-synapse's releases.

v1.48.0

Synapse 1.48.0 (2021-11-30)

This release removes support for the long-deprecated trust_identity_server_for_password_resets configuration flag.

This release also fixes some performance issues with some background database updates introduced in Synapse 1.47.0.

No significant changes since 1.48.0rc1.

Synapse 1.48.0rc1 (2021-11-25)

Features

• Experimental support for the thread relation defined in MSC3440. (#11161)
• Support filtering by relation senders & types per MSC3440. (#11236)
• Add support for the /_matrix/client/v3 and /_matrix/media/v3 APIs from Matrix v1.1. (#11318, #11371)
• Support the stable version of MSC2778: the m.login.application_service login type. Contributed by @​tulir. (#11335)
• Add a new version of delete room admin API DELETE /_synapse/admin/v2/rooms/<room_id> to run it in the background. Contributed by @​dklimpel. (#11223)
• Allow the admin Delete Room API to block a room without the need to join it. (#11228)
• Add an admin API to un-shadow-ban a user. (#11347)
• Add an admin API to run background database schema updates. (#11352)
• Add an admin API for blocking a room. (#11324)
• Update the JWT login type to support custom a sub claim. (#11361)
• Store and allow querying of arbitrary event relations. (#11391)

Bugfixes

• Fix a long-standing bug wherein display names or avatar URLs containing null bytes cause an internal server error when stored in the DB. (#11230)
• Prevent MSC2716 historical state events from being pushed to an application service via /transactions. (#11265)
• Fix a long-standing bug where uploading extremely thin images (e.g. 1000x1) would fail. Contributed by @​Neeeflix. (#11288)
• Fix a bug, introduced in Synapse 1.46.0, which caused the check_3pid_auth and on_logged_out callbacks in legacy password authentication provider modules to not be registered. Modules using the generic module interface were not affected. (#11340)
• Fix a bug introduced in 1.41.0 where space hierarchy responses would be incorrectly reused if multiple users were to make the same request at the same time. (#11355)
• Fix a bug introduced in 1.45.0 where the read_templates method of the module API would error. (#11377)
• Fix an issue introduced in 1.47.0 which prevented servers re-joining rooms they had previously left, if their signing keys were replaced. (#11379)
• Fix a bug introduced in 1.13.0 where creating and publishing a room could cause errors if room_list_publication_rules is configured. (#11392)
• Improve performance of various background database updates. (#11421, #11422)

Improved Documentation

• Suggest users of the Debian packages add configuration to /etc/matrix-synapse/conf.d/ to prevent, upon upgrade, being asked to choose between their configuration and the maintainer's. (#11281)
• Fix typos in the documentation for the username_available admin API. Contributed by Stanislav Motylkov. (#11286)
• Add Single Sign-On, SAML and CAS pages to the documentation. (#11298)
• Change the word 'Home server' as one word 'homeserver' in documentation. (#11320)

... (truncated)

Sourced from matrix-synapse's changelog.

Synapse 1.48.0 (2021-11-30)

This release removes support for the long-deprecated trust_identity_server_for_password_resets configuration flag.

This release also fixes some performance issues with some background database updates introduced in Synapse 1.47.0.

No significant changes since 1.48.0rc1.

Synapse 1.48.0rc1 (2021-11-25)

Features

• Experimental support for the thread relation defined in MSC3440. (#11161)
• Support filtering by relation senders & types per MSC3440. (#11236)
• Add support for the /_matrix/client/v3 and /_matrix/media/v3 APIs from Matrix v1.1. (#11318, #11371)
• Support the stable version of MSC2778: the m.login.application_service login type. Contributed by @​tulir. (#11335)
• Add a new version of delete room admin API DELETE /_synapse/admin/v2/rooms/<room_id> to run it in the background. Contributed by @​dklimpel. (#11223)
• Allow the admin Delete Room API to block a room without the need to join it. (#11228)
• Add an admin API to un-shadow-ban a user. (#11347)
• Add an admin API to run background database schema updates. (#11352)
• Add an admin API for blocking a room. (#11324)
• Update the JWT login type to support custom a sub claim. (#11361)
• Store and allow querying of arbitrary event relations. (#11391)

Bugfixes

• Fix a long-standing bug wherein display names or avatar URLs containing null bytes cause an internal server error when stored in the DB. (#11230)
• Prevent MSC2716 historical state events from being pushed to an application service via /transactions. (#11265)
• Fix a long-standing bug where uploading extremely thin images (e.g. 1000x1) would fail. Contributed by @​Neeeflix. (#11288)
• Fix a bug, introduced in Synapse 1.46.0, which caused the check_3pid_auth and on_logged_out callbacks in legacy password authentication provider modules to not be registered. Modules using the generic module interface were not affected. (#11340)
• Fix a bug introduced in 1.41.0 where space hierarchy responses would be incorrectly reused if multiple users were to make the same request at the same time. (#11355)
• Fix a bug introduced in 1.45.0 where the read_templates method of the module API would error. (#11377)
• Fix an issue introduced in 1.47.0 which prevented servers re-joining rooms they had previously left, if their signing keys were replaced. (#11379)
• Fix a bug introduced in 1.13.0 where creating and publishing a room could cause errors if room_list_publication_rules is configured. (#11392)
• Improve performance of various background database updates. (#11421, #11422)

Improved Documentation

• Suggest users of the Debian packages add configuration to /etc/matrix-synapse/conf.d/ to prevent, upon upgrade, being asked to choose between their configuration and the maintainer's. (#11281)
• Fix typos in the documentation for the username_available admin API. Contributed by Stanislav Motylkov. (#11286)
• Add Single Sign-On, SAML and CAS pages to the documentation. (#11298)
• Change the word 'Home server' as one word 'homeserver' in documentation. (#11320)
• Fix missing quotes for wildcard domains in federation_certificate_verification_whitelist. (#11381)

... (truncated)

• e713855 Merge trust_identity_server_for_password_resets PRs
• f663426 Move notices up
• 3d83141 Fixup changelog
• 4bdad80 1.48.0
• c54c9df Fix docker hub name
• d4dcc05 Incorporate review from synapse-dev
• b757b68 Fixup changelog
• 946c102 1.48.0rc1
• 0d88c4f Improve performance of remove_{hidden,deleted}_devices_from_device_inbox (#...
• 7f9841b Lower minumum batch size to 1 for background updates (#11422)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)