Release Synapse 1.35.0

callahad · callahad · commit f414827c4974 · 2021-06-02T10:53:00.000+01:00
Signed-off-by: Dan Callahan &lt;danc@element.io&gt;
diff --git a/gatsby/content/blog/2021/01/2021-01-13-matrix-fossa-bug-bounties.mdx b/gatsby/content/blog/2021/01/2021-01-13-matrix-fossa-bug-bounties.mdx
@@ -0,0 +1,27 @@
+---
+  date: '2021-01-13'
+  title: Matrix Selected for EU's FOSSA Bug Bounty Programme
+  categories:
+    - General
+    - Security
+  author: Dan Callahan
+---
+
+The Matrix.org Foundation is proud to announce that we have been selected to participate in the next round of [EU-FOSSA](https://ec.europa.eu/info/departments/informatics/eu-fossa-2_en) bug bounties funded by the European Commission and designed to increase the security of key open source software used throughout Europe.
+
+Security researchers are now eligible for **bounties of up to €5,000** for discovering flaws in Matrix projects, including the Synapse homeserver and the Element suite of open source clients. Researchers can also **earn a 20% bonus** if they supply a patch that is accepted along with their vulnerability report.
+
+Projects in scope for bounties include:
+
+- [Synapse](https://github.com/matrix-org/synapse), the reference homeserver
+- [Sydent](https://github.com/matrix-org/sydent), the reference identity server
+- [Sygnal](https://github.com/matrix-org/sygnal), the reference push gateway
+- [Olm](https://gitlab.matrix.org/matrix-org/olm), Matrix’s implementation of the cryptographic double ratchet algorithm
+- The reference Matrix SDKs for [iOS](https://github.com/matrix-org/matrix-ios-sdk), [Android](https://github.com/matrix-org/matrix-android-sdk2), [JavaScript](https://github.com/matrix-org/matrix-js-sdk), and [React](https://github.com/matrix-org/matrix-react-sdk)
+- The [Element](https://element.io/get-started) suite of open source clients for Web, Desktop, Android, and iOS which build on the reference Matrix SDKs.
+
+With Matrix already powering secure communications within the French government ([Tchap](https://tech.newstatesman.com/in-partnership-with-element/inside-the-french-governments-mission-to-develop-an-encrypted-messaging-platform)) and in testing with the German military ([BwMessenger](https://sifted.eu/articles/european-armies-matrix/)), FOSSA was a natural fit.
+
+The programme is conducted in partnership with [Intigriti](https://www.intigriti.com/), a bug bounty platform that validates and triages incoming reports before forwarding them to the Matrix developers. The European Commission has approved funding sufficient for €32,000 in bounties, which will be available until October 2021.
+
+To learn more or get started, visit https://app.intigriti.com/programs/matrix/matrix/
diff --git a/gatsby/content/blog/2021/06/2021-06-01-synapse-1.35.0-released.mdx b/gatsby/content/blog/2021/06/2021-06-01-synapse-1.35.0-released.mdx
@@ -0,0 +1,41 @@
+---
+  date: '2021-06-01'
+  title: Synapse 1.35.0 released
+  categories:
+    - Releases
+  author: Dan Callahan
+---
+
+Synapse 1.35.0 is out!
+
+## Spaces: On by Default
+
+Following the successful release of [Synapse 1.34](../05/05/2021-05-17-synapse-1.34.0-released.mdx), the experimental Spaces flag is now enabled by default. If you had manually enabled the `experimental_features: { spaces_enabled: true }` flag in your homeserver configuration, you may now remove it.
+
+## Bug Squashing
+
+This release of Synapse fixes an issue which could cause federated room joins to fail when the join response exceeded a size limit which was too low ([#10082](https://github.com/matrix-org/synapse/pull/10082)). We've also improved what Synapse logs when it drops a connection in similar circumstances ([#10091](https://github.com/matrix-org/synapse/pull/10091)), which should aid diagnosis if a similar issue were to arise in the future.
+
+GitHub user thermaq contributed a fix ([#10014](https://github.com/matrix-org/synapse/pull/10014)) for a bug  which could cause user presence state to become stale.
+
+Lastly our OpenTracing support now allows for profiling end-to-end performance on a per-user basis ([#9978](https://github.com/matrix-org/synapse/pull/9978)).
+
+## An Update on Room Joins
+
+We've been hammering away at shrinking Synapse's memory footprint when joining large / complex rooms, and while we're not there yet, the end is in sight! In particular, this release includes many internal refactorings, including using [ijson](https://pypi.org/project/ijson/) to parse the JSON response to `/send_join` ([#9958](https://github.com/matrix-org/synapse/pull/9958)), which clear the way for substantial improvements.
+
+Memory usage still spikes because we're effectively doing the same work with a different library, but ijson's design allows for iterative parsing. This will pay dividends once we modify the code downstream of `/send_join` to take advantage of it.
+
+Concretely, Erik Johnston has an experimental branch of Synapse which completely eliminates the memory spike:
+
+![Memory usage graph for Synapse 1.33, 1.35, and an experimental branch](/blog/img/2021-06-01-synapse-1.35-join-memory.png)
+
+The remaining work is centered on splitting that branch into self-contained, reviewable pull requests, like a rewrite of the Synapse Keyring class ([#10035](https://github.com/matrix-org/synapse/pull/10035)). After that's merged, we'll need to make one further change to properly batch up work, at which point we should attain the efficiency gains from Erik's experiment.
+
+## Everything Else
+
+GitHub user savyajha contributed a security hardened systemd unit file which effectively sandboxes Synapse ([#9803](https://github.com/matrix-org/synapse/pull/9803)). While not enabled by default, we'd encourage security conscious users to review the [example file](https://github.com/matrix-org/synapse/blob/v1.35.0/contrib/systemd/override-hardened.conf) and associated [documentation](https://github.com/matrix-org/synapse/blob/v1.35.0/docs/systemd-with-workers/README.md#hardening).
+
+Please see the [Release Notes](https://github.com/matrix-org/synapse/blob/v1.35.0/CHANGES.md) for a complete list of changes in this release.
+
+Synapse is a Free and Open Source Software project, and we'd like to extend our thanks to everyone who contributed to this release, including [dklimpel](https://github.com/dklimpel), [jerinjtitus](https://github.com/jerinjtitus), [junquera](https://github.com/junquera), [lonyeon](https://github.com/lonyeon), [savyajha](https://github.com/savyajha), and [thermaq](https://github.com/thermaq).
