MSC4140: Delayed events #4140
Open
MSC4140: Delayed events #4140
+841
−0
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Timo K <toger5@hotmail.de>
Signed-off-by: Timo K <toger5@hotmail.de>
toger5
force-pushed
the
toger5/expiring-events-keep-alive
branch
from
2bc07c4 to
0eb1abc
Compare
Signed-off-by: Timo K <toger5@hotmail.de>
toger5
force-pushed
the
toger5/expiring-events-keep-alive
branch
from
0eb1abc to
8bf6db7
Compare
Signed-off-by: Timo K <toger5@hotmail.de>
AndrewFerr
reviewed
May 8, 2024
Signed-off-by: Timo K <toger5@hotmail.de>
turt2live
changed the title
turt2live
added
proposal
toger5
force-pushed
the
toger5/expiring-events-keep-alive
branch
from
3e54c2a to
c82adf7
Compare
Signed-off-by: Timo K <toger5@hotmail.de>
toger5
force-pushed
the
toger5/expiring-events-keep-alive
branch
from
c82adf7 to
54fff99
Compare
…is used to trigger on of the actions Signed-off-by: Timo K <toger5@hotmail.de>
Signed-off-by: Timo K <toger5@hotmail.de>
Add event type to the body Add event id template variable
MatMaul
reviewed
May 20, 2024
toger5
commented
May 20, 2024
AndrewFerr
reviewed
May 22, 2024
AndrewFerr
reviewed
May 23, 2024
AndrewFerr
reviewed
May 30, 2024
Co-authored-by: Andrew Ferrazzutti <af_0_af@hotmail.com>
yingziwu
added a commit
to yingziwu/synapse
that referenced
this pull request
Oct 17, 2024
No significant changes since 1.117.0rc1. - Add config option `redis.password_path`. ([\#17717](element-hq/synapse#17717)) - Fix a rare bug introduced in v1.29.0 where invalidating a user's access token from a worker could raise an error. ([\#17779](element-hq/synapse#17779)) - In the response to `GET /_matrix/client/versions`, set the `unstable_features` flag for [MSC4140](matrix-org/matrix-spec-proposals#4140) to `false` when server configuration disables support for delayed events. ([\#17780](element-hq/synapse#17780)) - Improve input validation and room membership checks in admin redaction API. ([\#17792](element-hq/synapse#17792)) - Clarify the docstring of `test_forget_when_not_left`. ([\#17628](element-hq/synapse#17628)) - Add documentation note about PYTHONMALLOC for accurate jemalloc memory tracking. Contributed by @hensg. ([\#17709](element-hq/synapse#17709)) - Remove spurious "TODO UPDATE ALL THIS" note in the Debian installation docs. ([\#17749](element-hq/synapse#17749)) - Explain how load balancing works for `federation_sender_instances`. ([\#17776](element-hq/synapse#17776)) - Minor performance increase for large accounts using sliding sync. ([\#17751](element-hq/synapse#17751)) - Increase performance of the notifier when there are many syncing users. ([\#17765](element-hq/synapse#17765), [\#17766](element-hq/synapse#17766)) - Fix performance of streams that don't change often. ([\#17767](element-hq/synapse#17767)) - Improve performance of sliding sync connections that do not ask for any rooms. ([\#17768](element-hq/synapse#17768)) - Reduce overhead of sliding sync E2EE loops. ([\#17771](element-hq/synapse#17771)) - Sliding sync minor performance speed up using new table. ([\#17787](element-hq/synapse#17787)) - Sliding sync minor performance improvement by omitting unchanged data from incremental responses. ([\#17788](element-hq/synapse#17788)) - Speed up sliding sync when there are many active subscriptions. ([\#17789](element-hq/synapse#17789)) - Add missing license headers on new source files. ([\#17799](element-hq/synapse#17799)) * Bump phonenumbers from 8.13.45 to 8.13.46. ([\#17773](element-hq/synapse#17773)) * Bump python-multipart from 0.0.10 to 0.0.12. ([\#17772](element-hq/synapse#17772)) * Bump regex from 1.10.6 to 1.11.0. ([\#17770](element-hq/synapse#17770)) * Bump ruff from 0.6.7 to 0.6.8. ([\#17774](element-hq/synapse#17774))
Also define a sync filter
|
Given element-call is the default VOIP solution in EX clients, and I CONSTANTLY have to help people to get calls unstuck (so often that I had to write up instructions on how toresolve them at https://sspaeth.de/2025/02/how-to-resolve-stuck-matrixrtc-calls/ :-). |
netbsd-srcmastr
pushed a commit
to NetBSD/pkgsrc
that referenced
this pull request
Mar 27, 2025
Fixes high severity vulnerability *exploited in the wild*! # Synapse 1.127.1 (2025-03-26) ## Security - Fix [CVE-2025-30355](https://www.cve.org/CVERecord?id=CVE-2025-30355) / [GHSA-v56r-hwv5-mxg6](GHSA-v56r-hwv5-mxg6). **High severity vulnerability affecting federation. The vulnerability has been exploited in the wild.** # Synapse 1.127.0 (2025-03-25) No significant changes since 1.127.0rc1. # Synapse 1.127.0rc1 (2025-03-18) ### Features - Update [MSC4140](matrix-org/matrix-spec-proposals#4140) implementation to no longer cancel a user's own delayed state events with an event type & state key that match a more recent state event sent by that user. ([\#17810](element-hq/synapse#17810)) ### Improved Documentation - Fixed a minor typo in the Synapse documentation. Contributed by @karuto12. ([\#18224](element-hq/synapse#18224)) ### Internal Changes - Remove undocumented `SYNAPSE_USE_FROZEN_DICTS` environment variable. ([\#18123](element-hq/synapse#18123)) - Fix detection of workflow failures in the release script. ([\#18211](element-hq/synapse#18211)) - Add caching support to media endpoints. ([\#18235](element-hq/synapse#18235)) ### Updates to locked dependencies * Bump anyhow from 1.0.96 to 1.0.97. ([\#18201](element-hq/synapse#18201)) * Bump bcrypt from 4.2.1 to 4.3.0. ([\#18207](element-hq/synapse#18207)) * Bump bytes from 1.10.0 to 1.10.1. ([\#18227](element-hq/synapse#18227)) * Bump http from 1.2.0 to 1.3.1. ([\#18245](element-hq/synapse#18245)) * Bump sentry-sdk from 2.19.2 to 2.22.0. ([\#18205](element-hq/synapse#18205)) * Bump serde from 1.0.218 to 1.0.219. ([\#18228](element-hq/synapse#18228)) * Bump serde_json from 1.0.139 to 1.0.140. ([\#18202](element-hq/synapse#18202)) * Bump ulid from 1.2.0 to 1.2.1. ([\#18246](element-hq/synapse#18246))
yingziwu
added a commit
to yingziwu/synapse
that referenced
this pull request
Apr 13, 2025
No significant changes since 1.127.0rc1. - Update [MSC4140](matrix-org/matrix-spec-proposals#4140) implementation to no longer cancel a user's own delayed state events with an event type & state key that match a more recent state event sent by that user. ([\#17810](element-hq/synapse#17810)) - Fixed a minor typo in the Synapse documentation. Contributed by @karuto12. ([\#18224](element-hq/synapse#18224)) - Remove undocumented `SYNAPSE_USE_FROZEN_DICTS` environment variable. ([\#18123](element-hq/synapse#18123)) - Fix detection of workflow failures in the release script. ([\#18211](element-hq/synapse#18211)) - Add caching support to media endpoints. ([\#18235](element-hq/synapse#18235)) * Bump anyhow from 1.0.96 to 1.0.97. ([\#18201](element-hq/synapse#18201)) * Bump bcrypt from 4.2.1 to 4.3.0. ([\#18207](element-hq/synapse#18207)) * Bump bytes from 1.10.0 to 1.10.1. ([\#18227](element-hq/synapse#18227)) * Bump http from 1.2.0 to 1.3.1. ([\#18245](element-hq/synapse#18245)) * Bump sentry-sdk from 2.19.2 to 2.22.0. ([\#18205](element-hq/synapse#18205)) * Bump serde from 1.0.218 to 1.0.219. ([\#18228](element-hq/synapse#18228)) * Bump serde_json from 1.0.139 to 1.0.140. ([\#18202](element-hq/synapse#18202)) * Bump ulid from 1.2.0 to 1.2.1. ([\#18246](element-hq/synapse#18246))
turt2live
added
implementation-needs-checking
|
MSCs proposed for Final Comment Period (FCP) should meet the requirements outlined in the checklist prior to being accepted into the spec. This checklist is a bit long, but aims to reduce the number of follow-on MSCs after a feature lands. SCT members: please check off things you check for, and raise a concern against FCP if the checklist is incomplete. If an item doesn't apply, prefer to check it rather than remove it. Unchecking items is encouraged where applicable. Checklist:
|
github-project-automation
bot
moved this to Needs idea feedback / initial review
in Spec Core Team Workflow
turt2live
moved this from Needs idea feedback / initial review
to Ready for FCP ticks
in Spec Core Team Workflow
turt2live
moved this from Ready for FCP ticks
to Proposed for FCP readiness
in Spec Core Team Workflow
turt2live
reviewed
Jul 8, 2025
There was a problem hiding this comment.
sorry for the massive review - this is editorial stuff that was picked up while reviewing the checklist for the MSC. Where possible, I've added suggestions to make resolution a bit easier/faster (hopefully).
After the MSC is ready for re-review, let us know in the SCT Office and we'll get some technical content reviews going, including a push towards FCP.
Comment on lines
+544
to
+545
| A scoped token that only allows to interact with the `delayed_events` endpoint and only with a subset of `delay_id`s | ||
| would be used. |
There was a problem hiding this comment.
it'd probably be scoped to being allowed to send certain event types without delay, so when the SFU determines the user has dropped, it can send the event itself at that time.
There was a problem hiding this comment.
Both work. The advantage here is that a scoped token to only manage already send and signed delayed events is "very" save.
If we allow the SFU to send staate events (even if scoped to one type and room) is already a bit much. The SFU also does not need to be a trusted instance (The MatrixRTC spec is designed so it would break but it would not be a vounerablility if the SFU is malicious. It cannot even inject abusive content into the call since the source of truth is the room state.)
Additionally state events should be signed (or even better encrypted) to really make MatrixRTC as secure as possible. Then the SFU could not send a signed leave event but the delayed delegation still would work.
Do we want this discussion to be evaluated in the MSC text?
|
|
||
| All new endpoints are authenticated. | ||
|
|
||
| Servers **should** impose a maximum timeout value for delay timeouts of not more than a month. |
There was a problem hiding this comment.
Discussed out of band: It appears the implementation doesn't do this, which is fine, but adding rationale either here or to the Synapse docs as to why limiting to more than a month is a bad idea would be good (or, remove this line and leave it up to implementations to figure out).
There was a problem hiding this comment.
This has been adressed in: bf5df9b
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Rendered
This could also supersede MSC2228 (by making it possible to send a redaction with the
/sendendpoint. This is the case as mentioned here)Implementations:
SCT stuff:
checklist
FCP not yet started