Skip to content

Add option to limit key queries to users sharing rooms as per MSC4263 #18180

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
sandhose merged 7 commits into from
May 28, 2025
Merged

Add option to limit key queries to users sharing rooms as per MSC4263 #18180

sandhose merged 7 commits into from
May 28, 2025

Conversation

@Johennes
Copy link
Contributor

@Johennes Johennes commented Feb 20, 2025
edited
Loading

This implements matrix-org/matrix-spec-proposals#4263.

Pull Request Checklist

  • Pull request is based on the develop branch
  • Pull request includes a changelog file. The entry should:
    • Be a short description of your change which makes sense to users. "Fixed a bug that prevented receiving messages from other servers." instead of "Moved X method from EventStore to EventWorkerStore.".
    • Use markdown where necessary, mostly for code blocks.
    • End with either a period (.) or an exclamation mark (!).
    • Start with a capital letter.
    • Feel free to credit yourself, by adding a sentence "Contributed by @github_username." or "Contributed by [Your Name]." to the end of the entry.
  • Code style is correct
    (run the linters)

@github-actions github-actions bot deployed to PR Documentation Preview February 20, 2025 11:33 Active
@Johennes Johennes mentioned this pull request Feb 20, 2025
Open
@github-actions github-actions bot deployed to PR Documentation Preview February 20, 2025 11:36 Active
@Johennes Johennes mentioned this pull request Feb 20, 2025
Closed
@Johennes Johennes marked this pull request as ready for review February 20, 2025 12:16
@Johennes Johennes requested a review from a team as a code owner February 20, 2025 12:16
Johennes
Johennes commented Feb 21, 2025
View reviewed changes
@CLAassistant
Copy link

CLAassistant commented Mar 23, 2025
edited
Loading

CLA assistant check
All committers have signed the CLA.

sandhose
sandhose requested changes May 5, 2025
View reviewed changes
@Johennes Johennes requested a review from sandhose May 21, 2025 07:58
sandhose
sandhose approved these changes May 28, 2025
View reviewed changes
Copy link
Member

@sandhose sandhose left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me, although this looks like it would prevent people from DMing other people who they don't share a room with? But it looks like this concern was already raised on the MSCs, so I'll leave the discussion there

@sandhose sandhose merged commit c8733be into element-hq:develop May 28, 2025
39 checks passed
netbsd-srcmastr pushed a commit to NetBSD/pkgsrc that referenced this pull request Jul 17, 2025
chat/matrix-synapse: Update to 1.134.0
58bfe11 
Builds on NetBSD 10 amd64, and builds/tests-ok on NetBSD 9 amd64 using
dependencies from 2025Q2.

NB: A security update to synapse is scheduled for July 22.  Consult
  https://matrix.org/blog/2025/07/security-predisclosure/
for further details.

Those running synapse in production may wish to update to 1.134.0 to
reduce the magnitude of change when updating to the July 22 version
(although that will be a big update regardless).  Note that the usual
pkgsrc pre-commit test is upgrading from the current pkgsrc version
and briefly checking operation.  Therefore, not upgrading has a
theoretical risk of encountering a 1.127.1 to 1.135.0 update bug when
1.127.1 to 134.0 and 1.134.0 to 1.135.0 are ok.

# Synapse 1.134.0 (2025-07-15)

- Support for [MSC4235](matrix-org/matrix-spec-proposals#4235): `via` query param for hierarchy endpoint. Contributed by Krishan (@kfiven). ([\#18070](element-hq/synapse#18070))
- Add `forget_forced_upon_leave` capability as per [MSC4267](matrix-org/matrix-spec-proposals#4267). ([\#18196](element-hq/synapse#18196))
- Add `federated_user_may_invite` spam checker callback which receives the entire invite event. Contributed by @tulir @ Beeper. ([\#18241](element-hq/synapse#18241))

# Synapse 1.133.0 (2025-07-01)

- Add support for the [MSC4260 user report API](matrix-org/matrix-spec-proposals#4260). ([\#18120](element-hq/synapse#18120))

# Synapse 1.132.0 (2025-06-17)

- Add support for [MSC4155](matrix-org/matrix-spec-proposals#4155) Invite Filtering. ([\#18288](element-hq/synapse#18288))
- Add experimental `user_may_send_state_event` module API callback. ([\#18455](element-hq/synapse#18455))
- Add experimental `get_media_config_for_user` and `is_user_allowed_to_upload_media_of_size` module API callbacks that allow overriding of media repository maximum upload size. ([\#18457](element-hq/synapse#18457))
- Add experimental `get_ratelimit_override_for_user` module API callback that allows overriding of per-user ratelimits. ([\#18458](element-hq/synapse#18458))
- Pass `room_config` argument to `user_may_create_room` spam checker module callback. ([\#18486](element-hq/synapse#18486))
- Support configuration of default and extra user types. ([\#18456](element-hq/synapse#18456))
- Successful requests to `/_matrix/app/v1/ping` will now force Synapse to reattempt delivering transactions to appservices. ([\#18521](element-hq/synapse#18521))
- Support the import of the `RatelimitOverride` type from `synapse.module_api` in modules and rename `messages_per_second` to `per_second`. ([\#18513](element-hq/synapse#18513))

# Synapse 1.131.0 (2025-06-03)

- Add `msc4263_limit_key_queries_to_users_who_share_rooms` config option as per [MSC4263](matrix-org/matrix-spec-proposals#4263). ([\#18180](element-hq/synapse#18180))
- Add option to allow registrations that begin with `_`. Contributed by `_` (@hex5f). ([\#18262](element-hq/synapse#18262))
- Include room ID in response to the [Room Deletion Status Admin API](https://element-hq.github.io/synapse/latest/admin_api/rooms.html#status-of-deleting-rooms). ([\#18318](element-hq/synapse#18318))
- Add support for calling Policy Servers ([MSC4284](matrix-org/matrix-spec-proposals#4284)) to mark events as spam. ([\#18387](element-hq/synapse#18387))

# Synapse 1.130.0 (2025-05-20)

- Add an Admin API endpoint `GET /_synapse/admin/v1/scheduled_tasks`  to fetch scheduled tasks. ([\#18214](element-hq/synapse#18214))
- Add config option `user_directory.exclude_remote_users` which, when enabled, excludes remote users from user directory search results. ([\#18300](element-hq/synapse#18300))
- Add support for handling `GET /devices/` on workers. ([\#18355](element-hq/synapse#18355))


# Synapse 1.129.0 (2025-05-06)

- Add `passthrough_authorization_parameters` in OIDC configuration to allow passing parameters to the authorization grant URL. ([\#18232](element-hq/synapse#18232))
- Add `total_event_count`, `total_message_count`, and `total_e2ee_event_count` fields to the homeserver usage statistics. ([\#18260](element-hq/synapse#18260))

# Synapse 1.128.0 (2025-04-08)

- Add an access token introspection cache to make Matrix Authentication Service integration ([MSC3861](matrix-org/matrix-spec-proposals#3861)) more efficient. ([\#18231](element-hq/synapse#18231))
- Add background job to clear unreferenced state groups. ([\#18254](element-hq/synapse#18254))
- Hashes of media files are now tracked by Synapse. Media quarantines will now apply to all files with the same hash. ([\#18277](element-hq/synapse#18277), [\#18302](element-hq/synapse#18302), [\#18296](element-hq/synapse#18296))
netbsd-srcmastr pushed a commit to NetBSD/pkgsrc that referenced this pull request Jul 18, 2025
@coypoop
Pullup ticket #6991 - requested by gdt
9806d2e 
chat/matrix-synapse: Update package in anticipation of security fix

Revisions pulled up:
- chat/matrix-synapse/Makefile                                  1.112
- chat/matrix-synapse/PLIST                                     1.59
- chat/matrix-synapse/cargo-depends.mk                          1.27
- chat/matrix-synapse/distinfo                                  1.80

---
   Module Name:    pkgsrc
   Committed By:   gdt
   Date:           Thu Jul 17 11:24:44 UTC 2025

   Modified Files:
           pkgsrc/chat/matrix-synapse: Makefile PLIST cargo-depends.mk distinfo

   Log Message:
   chat/matrix-synapse: Update to 1.134.0

   Builds on NetBSD 10 amd64, and builds/tests-ok on NetBSD 9 amd64 using
   dependencies from 2025Q2.

   NB: A security update to synapse is scheduled for July 22.  Consult
     https://matrix.org/blog/2025/07/security-predisclosure/
   for further details.

   Those running synapse in production may wish to update to 1.134.0 to
   reduce the magnitude of change when updating to the July 22 version
   (although that will be a big update regardless).  Note that the usual
   pkgsrc pre-commit test is upgrading from the current pkgsrc version
   and briefly checking operation.  Therefore, not upgrading has a
   theoretical risk of encountering a 1.127.1 to 1.135.0 update bug when
   1.127.1 to 134.0 and 1.134.0 to 1.135.0 are ok.

   # Synapse 1.134.0 (2025-07-15)

   - Support for [MSC4235](matrix-org/matrix-spec-proposals#4235): `via` query param for hierarchy endpoint. Contributed by Krishan (@kfiven).
   ([\#18070](element-hq/synapse#18070))
   - Add `forget_forced_upon_leave` capability as per [MSC4267](matrix-org/matrix-spec-proposals#4267). ([\#18196](element-hq/synapse#18196))
   - Add `federated_user_may_invite` spam checker callback which receives the entire invite event. Contributed by @tulir @ Beeper. ([\#18241](element-hq/synapse#18241))

   # Synapse 1.133.0 (2025-07-01)

   - Add support for the [MSC4260 user report API](matrix-org/matrix-spec-proposals#4260). ([\#18120](element-hq/synapse#18120))

   # Synapse 1.132.0 (2025-06-17)

   - Add support for [MSC4155](matrix-org/matrix-spec-proposals#4155) Invite Filtering. ([\#18288](element-hq/synapse#18288))
   - Add experimental `user_may_send_state_event` module API callback. ([\#18455](element-hq/synapse#18455))
   - Add experimental `get_media_config_for_user` and `is_user_allowed_to_upload_media_of_size` module API callbacks that allow overriding of media repository maximum upload size.
   ([\#18457](element-hq/synapse#18457))
   - Add experimental `get_ratelimit_override_for_user` module API callback that allows overriding of per-user ratelimits. ([\#18458](element-hq/synapse#18458))
   - Pass `room_config` argument to `user_may_create_room` spam checker module callback. ([\#18486](element-hq/synapse#18486))
   - Support configuration of default and extra user types. ([\#18456](element-hq/synapse#18456))
   - Successful requests to `/_matrix/app/v1/ping` will now force Synapse to reattempt delivering transactions to appservices. ([\#18521](element-hq/synapse#18521))
   - Support the import of the `RatelimitOverride` type from `synapse.module_api` in modules and rename `messages_per_second` to `per_second`.
   ([\#18513](element-hq/synapse#18513))

   # Synapse 1.131.0 (2025-06-03)

   - Add `msc4263_limit_key_queries_to_users_who_share_rooms` config option as per [MSC4263](matrix-org/matrix-spec-proposals#4263).
   ([\#18180](element-hq/synapse#18180))
   - Add option to allow registrations that begin with `_`. Contributed by `_` (@hex5f). ([\#18262](element-hq/synapse#18262))
   - Include room ID in response to the [Room Deletion Status Admin API](https://element-hq.github.io/synapse/latest/admin_api/rooms.html#status-of-deleting-rooms).
   ([\#18318](element-hq/synapse#18318))
   - Add support for calling Policy Servers ([MSC4284](matrix-org/matrix-spec-proposals#4284)) to mark events as spam.
   ([\#18387](element-hq/synapse#18387))

   # Synapse 1.130.0 (2025-05-20)

   - Add an Admin API endpoint `GET /_synapse/admin/v1/scheduled_tasks`  to fetch scheduled tasks. ([\#18214](element-hq/synapse#18214))
   - Add config option `user_directory.exclude_remote_users` which, when enabled, excludes remote users from user directory search results. ([\#18300](element-hq/synapse#18300))
   - Add support for handling `GET /devices/` on workers. ([\#18355](element-hq/synapse#18355))

   # Synapse 1.129.0 (2025-05-06)

   - Add `passthrough_authorization_parameters` in OIDC configuration to allow passing parameters to the authorization grant URL. ([\#18232](element-hq/synapse#18232))
   - Add `total_event_count`, `total_message_count`, and `total_e2ee_event_count` fields to the homeserver usage statistics. ([\#18260](element-hq/synapse#18260))

   # Synapse 1.128.0 (2025-04-08)

   - Add an access token introspection cache to make Matrix Authentication Service integration ([MSC3861](matrix-org/matrix-spec-proposals#3861)) more efficient.
   ([\#18231](element-hq/synapse#18231))
   - Add background job to clear unreferenced state groups. ([\#18254](element-hq/synapse#18254))
   - Hashes of media files are now tracked by Synapse. Media quarantines will now apply to all files with the same hash. ([\#18277](element-hq/synapse#18277),
   [\#18302](element-hq/synapse#18302), [\#18296](element-hq/synapse#18296))
riastradh pushed a commit to riastradh/pkgsrc-test20250901 that referenced this pull request Sep 1, 2025
@coypoop
Pullup ticket #6991 - requested by gdt
0f22535 
chat/matrix-synapse: Update package in anticipation of security fix

Revisions pulled up:
- chat/matrix-synapse/Makefile                                  1.112
- chat/matrix-synapse/PLIST                                     1.59
- chat/matrix-synapse/cargo-depends.mk                          1.27
- chat/matrix-synapse/distinfo                                  1.80

---
   Module Name:    pkgsrc
   Committed By:   gdt
   Date:           Thu Jul 17 11:24:44 UTC 2025

   Modified Files:
           pkgsrc/chat/matrix-synapse: Makefile PLIST cargo-depends.mk distinfo

   Log Message:
   chat/matrix-synapse: Update to 1.134.0

   Builds on NetBSD 10 amd64, and builds/tests-ok on NetBSD 9 amd64 using
   dependencies from 2025Q2.

   NB: A security update to synapse is scheduled for July 22.  Consult
     https://matrix.org/blog/2025/07/security-predisclosure/
   for further details.

   Those running synapse in production may wish to update to 1.134.0 to
   reduce the magnitude of change when updating to the July 22 version
   (although that will be a big update regardless).  Note that the usual
   pkgsrc pre-commit test is upgrading from the current pkgsrc version
   and briefly checking operation.  Therefore, not upgrading has a
   theoretical risk of encountering a 1.127.1 to 1.135.0 update bug when
   1.127.1 to 134.0 and 1.134.0 to 1.135.0 are ok.

   # Synapse 1.134.0 (2025-07-15)

   - Support for [MSC4235](matrix-org/matrix-spec-proposals#4235): `via` query param for hierarchy endpoint. Contributed by Krishan (@kfiven).
   ([\#18070](element-hq/synapse#18070))
   - Add `forget_forced_upon_leave` capability as per [MSC4267](matrix-org/matrix-spec-proposals#4267). ([\#18196](element-hq/synapse#18196))
   - Add `federated_user_may_invite` spam checker callback which receives the entire invite event. Contributed by @tulir @ Beeper. ([\#18241](element-hq/synapse#18241))

   # Synapse 1.133.0 (2025-07-01)

   - Add support for the [MSC4260 user report API](matrix-org/matrix-spec-proposals#4260). ([\#18120](element-hq/synapse#18120))

   # Synapse 1.132.0 (2025-06-17)

   - Add support for [MSC4155](matrix-org/matrix-spec-proposals#4155) Invite Filtering. ([\#18288](element-hq/synapse#18288))
   - Add experimental `user_may_send_state_event` module API callback. ([\#18455](element-hq/synapse#18455))
   - Add experimental `get_media_config_for_user` and `is_user_allowed_to_upload_media_of_size` module API callbacks that allow overriding of media repository maximum upload size.
   ([\#18457](element-hq/synapse#18457))
   - Add experimental `get_ratelimit_override_for_user` module API callback that allows overriding of per-user ratelimits. ([\#18458](element-hq/synapse#18458))
   - Pass `room_config` argument to `user_may_create_room` spam checker module callback. ([\#18486](element-hq/synapse#18486))
   - Support configuration of default and extra user types. ([\#18456](element-hq/synapse#18456))
   - Successful requests to `/_matrix/app/v1/ping` will now force Synapse to reattempt delivering transactions to appservices. ([\#18521](element-hq/synapse#18521))
   - Support the import of the `RatelimitOverride` type from `synapse.module_api` in modules and rename `messages_per_second` to `per_second`.
   ([\#18513](element-hq/synapse#18513))

   # Synapse 1.131.0 (2025-06-03)

   - Add `msc4263_limit_key_queries_to_users_who_share_rooms` config option as per [MSC4263](matrix-org/matrix-spec-proposals#4263).
   ([\#18180](element-hq/synapse#18180))
   - Add option to allow registrations that begin with `_`. Contributed by `_` (@hex5f). ([\#18262](element-hq/synapse#18262))
   - Include room ID in response to the [Room Deletion Status Admin API](https://element-hq.github.io/synapse/latest/admin_api/rooms.html#status-of-deleting-rooms).
   ([\#18318](element-hq/synapse#18318))
   - Add support for calling Policy Servers ([MSC4284](matrix-org/matrix-spec-proposals#4284)) to mark events as spam.
   ([\#18387](element-hq/synapse#18387))

   # Synapse 1.130.0 (2025-05-20)

   - Add an Admin API endpoint `GET /_synapse/admin/v1/scheduled_tasks`  to fetch scheduled tasks. ([\#18214](element-hq/synapse#18214))
   - Add config option `user_directory.exclude_remote_users` which, when enabled, excludes remote users from user directory search results. ([\#18300](element-hq/synapse#18300))
   - Add support for handling `GET /devices/` on workers. ([\#18355](element-hq/synapse#18355))

   # Synapse 1.129.0 (2025-05-06)

   - Add `passthrough_authorization_parameters` in OIDC configuration to allow passing parameters to the authorization grant URL. ([\#18232](element-hq/synapse#18232))
   - Add `total_event_count`, `total_message_count`, and `total_e2ee_event_count` fields to the homeserver usage statistics. ([\#18260](element-hq/synapse#18260))

   # Synapse 1.128.0 (2025-04-08)

   - Add an access token introspection cache to make Matrix Authentication Service integration ([MSC3861](matrix-org/matrix-spec-proposals#3861)) more efficient.
   ([\#18231](element-hq/synapse#18231))
   - Add background job to clear unreferenced state groups. ([\#18254](element-hq/synapse#18254))
   - Hashes of media files are now tracked by Synapse. Media quarantines will now apply to all files with the same hash. ([\#18277](element-hq/synapse#18277),
   [\#18302](element-hq/synapse#18302), [\#18296](element-hq/synapse#18296))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sandhose sandhose sandhose approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Johennes @CLAassistant @sandhose