Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Issues: matrix-org/synapse

Clear current search query, filters, and sorts
19 Open 22 Closed
19 Open 22 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

Users that knock on a room with a shared history visibility and are subsequently kicked are able to view all previous events A-Messages-Endpoint /messages client API endpoint (`RoomMessageListRestServlet`) (which also triggers /backfill) O-Uncommon Most users are unlikely to come across this or unexpected workflow S-Major Major functionality / product severely impaired, no satisfactory workaround. Security T-Defect Bugs, crashes, hangs, security vulnerabilities, or other reported issues.
#13968 opened Sep 30, 2022 by zamanzamzz
1
6
Finer-grained auth for federation profile lookups A-Federation Security T-Enhancement New features, changes in functionality, improvements in performance, or user-facing enhancements.
#13325 opened Jul 19, 2022 by dkasak
synapse blindly trusts X-Forwarded-For if x_forwarded option is enabled S-Minor Blocks non-critical functionality, workarounds exist. Security T-Defect Bugs, crashes, hangs, security vulnerabilities, or other reported issues.
#9471 opened Feb 23, 2021 by richvdh
4
Unable to deactivate users when identity server is disabled A-Account-Deactivation "Deleting"/"Removing" a user, GDPR erasure (erased) O-Occasional Affects or can be seen by some users regularly or most users rarely S-Major Major functionality / product severely impaired, no satisfactory workaround. Security T-Defect Bugs, crashes, hangs, security vulnerabilities, or other reported issues.
#8411 opened Sep 28, 2020 by kovalroma
Spec compliance: Logging in multiple times with same device ID does not invalidate old access tokens A-Spec-Compliance places where synapse does not conform to the spec O-Frequent Affects or can be seen by most users regularly or impacts most users' first experience S-Major Major functionality / product severely impaired, no satisfactory workaround. Security T-Defect Bugs, crashes, hangs, security vulnerabilities, or other reported issues. z-bug (Deprecated Label)
#6616 opened Jan 2, 2020 by aaronraimist
1
Synapse sends stack trace as error message over federation S-Tolerable Minor significance, cosmetic issues, low or no impact to users. Security T-Defect Bugs, crashes, hangs, security vulnerabilities, or other reported issues.
#6582 opened Dec 20, 2019 by Bubu
2
[Feature] Add client-server endpoint to logout from all current WEB sessions A-Login P4 (OBSOLETE: use S- labels.) Okay backlog: will not schedule, will accept patches S-Tolerable Minor significance, cosmetic issues, low or no impact to users. Security T-Enhancement New features, changes in functionality, improvements in performance, or user-facing enhancements. z-feature (Deprecated Label) z-p3 (Deprecated Label)
#5400 opened Jun 8, 2019 by menturion
1
.well-known lookups can be used to circumvent the IP address blacklist S-Minor Blocks non-critical functionality, workarounds exist. Security T-Defect Bugs, crashes, hangs, security vulnerabilities, or other reported issues.
#5273 opened May 28, 2019 by richvdh
1
Document Synapse Server Hardening Best Practices Security T-Other Questions, user support, anything else.
#5141 opened May 5, 2019 by brainscar
6
It is possible to set a stupidly long displayname A-Membership A-Validation 500 (mostly) errors due to lack of event/parameter validation P4 (OBSOLETE: use S- labels.) Okay backlog: will not schedule, will accept patches S-Tolerable Minor significance, cosmetic issues, low or no impact to users. Security T-Defect Bugs, crashes, hangs, security vulnerabilities, or other reported issues.
#5079 opened Apr 18, 2019 by richvdh
3
Access tokens are not invalidated when credentials are invalidated via an external auth provider Security T-Enhancement New features, changes in functionality, improvements in performance, or user-facing enhancements. z-p2 (Deprecated Label)
#4158 opened Nov 7, 2018 by richvdh
32
Manhole's server username / password / SSH keys should not be hard-coded O-Uncommon Most users are unlikely to come across this or unexpected workflow S-Minor Blocks non-critical functionality, workarounds exist. Security T-Defect Bugs, crashes, hangs, security vulnerabilities, or other reported issues.
#3850 opened Sep 12, 2018 by hawkowl
1
repeatedly calling /_matrix/client/r0/keys/upload DoSes federation A-Device-List-Tracking Telling clients about other devices. Often related to E2EE. P4 (OBSOLETE: use S- labels.) Okay backlog: will not schedule, will accept patches S-Minor Blocks non-critical functionality, workarounds exist. Security T-Defect Bugs, crashes, hangs, security vulnerabilities, or other reported issues.
#3657 opened Aug 6, 2018 by richvdh
1
Files in /var/lib/matrix-synapse/ are world-readable A-Packaging Our Debian packages, docker images; or issues relevant to downstream packagers P5 (OBSOLETE: use S- labels.) Dubious backlog: will not schedule, but may consider patches S-Minor Blocks non-critical functionality, workarounds exist. Security T-Defect Bugs, crashes, hangs, security vulnerabilities, or other reported issues.
#2955 opened Mar 6, 2018 by ghost
1
3
Media repo should strip out obvious file paths in filename S-Tolerable Minor significance, cosmetic issues, low or no impact to users. Security T-Defect Bugs, crashes, hangs, security vulnerabilities, or other reported issues.
#2887 opened Feb 18, 2018 by turt2live
Don't serve user-uploaded files with correct mime/content type A-Media-Repository Uploading, downloading images and video, thumbnailing Security T-Enhancement New features, changes in functionality, improvements in performance, or user-facing enhancements.
#2877 opened Feb 15, 2018 by rugk
3
Shutdown room API should somehow indicate to other homeservers that a content violation has occurred Security T-Enhancement New features, changes in functionality, improvements in performance, or user-facing enhancements.
#2692 opened Nov 16, 2017 by turt2live
1
When users change their identity mappings or other credentials we should warn all their known contact details. O-Uncommon Most users are unlikely to come across this or unexpected workflow S-Tolerable Minor significance, cosmetic issues, low or no impact to users. Security T-Enhancement New features, changes in functionality, improvements in performance, or user-facing enhancements.
#2093 opened Apr 1, 2017 by ara4n
GnuPG-signed releases A-Packaging Our Debian packages, docker images; or issues relevant to downstream packagers O-Uncommon Most users are unlikely to come across this or unexpected workflow S-Minor Blocks non-critical functionality, workarounds exist. Security T-Enhancement New features, changes in functionality, improvements in performance, or user-facing enhancements.
#2036 opened Mar 20, 2017 by sim6
6
ProTip! Adding no:label will show everything without a label.