Skip to content

MSC4260: Reporting users (Client-Server API) #4260

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Mar 9, 2025
Merged

MSC4260: Reporting users (Client-Server API) #4260

merged 4 commits into from
Mar 9, 2025

Conversation

turt2live
Copy link
Member

@turt2live turt2live commented Jan 30, 2025
edited
Loading

Rendered

I am Director of Standards Development at The Matrix.org Foundation C.I.C., Matrix Spec Core Team (SCT) member, employed by Element, and operate the t2bot.io service. This proposal is written and published as a Trust & Safety team member allocated in full to the Foundation.

SCT stuff:

MSC checklist

FCP tickyboxes

@turt2live turt2live changed the title MSC: Reporting users (Client-Server API) MSC4260: Reporting users (Client-Server API) Jan 30, 2025
@turt2live turt2live marked this pull request as ready for review January 30, 2025 18:50
@turt2live turt2live added proposal A matrix spec change proposal client-server Client-Server API kind:core MSC which is critical to the protocol's success needs-implementation This MSC does not have a qualifying implementation for the SCT to review. The MSC cannot enter FCP. labels Jan 30, 2025
turt2live
turt2live commented Jan 30, 2025
View reviewed changes
@turt2live turt2live mentioned this pull request Jan 30, 2025
Merged
clokep
clokep reviewed Jan 30, 2025
View reviewed changes
@turt2live turt2live mentioned this pull request Jan 30, 2025
Merged
3 tasks
@turt2live turt2live removed the needs-implementation This MSC does not have a qualifying implementation for the SCT to review. The MSC cannot enter FCP. label Jan 30, 2025
@turt2live
Copy link
Member Author

MSCs proposed for Final Comment Period (FCP) should meet the requirements outlined in the checklist prior to being accepted into the spec. This checklist is a bit long, but aims to reduce the number of follow-on MSCs after a feature lands.

SCT members: please check off things you check for, and raise a concern against FCP if the checklist is incomplete. If an item doesn't apply, prefer to check it rather than remove it. Unchecking items is encouraged where applicable.

Checklist:

  • Are appropriate implementation(s)
    specified in the MSC’s PR description?
  • Are all MSCs that this MSC depends on already accepted?
  • For each new endpoint that is introduced:
    • Have authentication requirements been specified?
    • Have rate-limiting requirements been specified?
    • Have guest access requirements been specified?
    • Are error responses specified?
      • Does each error case have a specified errcode (e.g. M_FORBIDDEN) and HTTP status code?
        • If a new errcode is introduced, is it clear that it is new?
  • Will the MSC require a new room version, and if so, has that been made clear?
    • Is the reason for a new room version clearly stated? For example,
      modifying the set of redacted fields changes how event IDs are calculated,
      thus requiring a new room version.
  • Are backwards-compatibility concerns appropriately addressed?
  • Are the endpoint conventions honoured?
    • Do HTTP endpoints use_underscores_like_this?
    • Will the endpoint return unbounded data? If so, has pagination been considered?
    • If the endpoint utilises pagination, is it consistent with
      the appendices?
  • An introduction exists and clearly outlines the problem being solved.
    Ideally, the first paragraph should be understandable by a non-technical audience.
  • All outstanding threads are resolved
    • All feedback is incorporated into the proposal text itself, either as a fix or noted as an alternative
  • While the exact sections do not need to be present,
    the details implied by the proposal template are covered. Namely:
    • Introduction
    • Proposal text
    • Potential issues
    • Alternatives
    • Dependencies
  • Stable identifiers are used throughout the proposal, except for the unstable prefix section
    • Unstable prefixes consider the awkward accepted-but-not-merged state
    • Chosen unstable prefixes do not pollute any global namespace (use “org.matrix.mscXXXX”, not “org.matrix”).
  • Changes have applicable Sign Off from all authors/editors/contributors
  • There is a dedicated "Security Considerations" section which detail
    any possible attacks/vulnerabilities this proposal may introduce, even if this is "None.".
    See RFC3552 for things to think about,
    but in particular pay attention to the OWASP Top Ten.

@turt2live
Copy link
Member Author

@mscbot fcp merge

@mscbot
Copy link
Collaborator

mscbot commented Jan 31, 2025
edited by dbkr
Loading

Team member @turt2live has proposed to merge this. The next step is review by the rest of the tagged people:

Once at least 75% of reviewers approve (and there are no outstanding concerns), this will enter its final comment period. If you spot a major issue that hasn't been raised at any point in this process, please speak up!

See this document for information about what commands tagged team members can give me.

@mscbot mscbot added proposed-final-comment-period Currently awaiting signoff of a majority of team members in order to enter the final comment period. disposition-merge labels Jan 31, 2025
dbkr
dbkr reviewed Feb 11, 2025
View reviewed changes
@turt2live turt2live requested a review from dbkr February 13, 2025 20:20
@mscbot
Copy link
Collaborator

mscbot commented Mar 4, 2025

🔔 This is now entering its final comment period, as per the review above. 🔔

@mscbot mscbot added final-comment-period This MSC has entered a final comment period in interest to approval, postpone, or delete in 5 days. and removed proposed-final-comment-period Currently awaiting signoff of a majority of team members in order to enter the final comment period. labels Mar 4, 2025
@turt2live turt2live moved this from Ready for FCP ticks to In FCP in Spec Core Team Workflow Mar 4, 2025
@mscbot
Copy link
Collaborator

mscbot commented Mar 9, 2025

The final comment period, with a disposition to merge, as per the review above, is now complete.

@mscbot mscbot added finished-final-comment-period and removed disposition-merge final-comment-period This MSC has entered a final comment period in interest to approval, postpone, or delete in 5 days. labels Mar 9, 2025
@turt2live turt2live merged commit a15271b into main Mar 9, 2025
1 check passed
@turt2live turt2live added spec-pr-missing Proposal has been implemented and is being used in the wild but hasn't yet been added to the spec and removed finished-final-comment-period labels Mar 9, 2025
@turt2live turt2live moved this from In FCP to Requires spec writing in Spec Core Team Workflow Mar 9, 2025
@Johennes Johennes mentioned this pull request Mar 13, 2025
Merged
3 tasks
@Johennes
Copy link
Contributor

Spec PR: matrix-org/matrix-spec#2093

@MatMaul MatMaul mentioned this pull request Mar 13, 2025
Closed
@turt2live turt2live moved this from Requires spec writing to Requires spec PR review in Spec Core Team Workflow Mar 13, 2025
@turt2live turt2live added spec-pr-in-review A proposal which has been PR'd against the spec and is in review and removed spec-pr-missing Proposal has been implemented and is being used in the wild but hasn't yet been added to the spec labels Mar 13, 2025
@turt2live
Copy link
Member Author

Merged 🎉

@turt2live turt2live added merged A proposal whose PR has merged into the spec! and removed spec-pr-in-review A proposal which has been PR'd against the spec and is in review labels Mar 21, 2025
@turt2live turt2live moved this from Requires spec PR review to Done to some definition in Spec Core Team Workflow Mar 21, 2025
This was referenced Mar 27, 2025
Closed
Merged
@reivilibre reivilibre mentioned this pull request Jun 9, 2025
Open
30 tasks
@Johennes Johennes mentioned this pull request Jul 2, 2025
Open
30 tasks
netbsd-srcmastr pushed a commit to NetBSD/pkgsrc that referenced this pull request Jul 17, 2025
chat/matrix-synapse: Update to 1.134.0
58bfe11 
Builds on NetBSD 10 amd64, and builds/tests-ok on NetBSD 9 amd64 using
dependencies from 2025Q2.

NB: A security update to synapse is scheduled for July 22.  Consult
  https://matrix.org/blog/2025/07/security-predisclosure/
for further details.

Those running synapse in production may wish to update to 1.134.0 to
reduce the magnitude of change when updating to the July 22 version
(although that will be a big update regardless).  Note that the usual
pkgsrc pre-commit test is upgrading from the current pkgsrc version
and briefly checking operation.  Therefore, not upgrading has a
theoretical risk of encountering a 1.127.1 to 1.135.0 update bug when
1.127.1 to 134.0 and 1.134.0 to 1.135.0 are ok.

# Synapse 1.134.0 (2025-07-15)

- Support for [MSC4235](matrix-org/matrix-spec-proposals#4235): `via` query param for hierarchy endpoint. Contributed by Krishan (@kfiven). ([\#18070](element-hq/synapse#18070))
- Add `forget_forced_upon_leave` capability as per [MSC4267](matrix-org/matrix-spec-proposals#4267). ([\#18196](element-hq/synapse#18196))
- Add `federated_user_may_invite` spam checker callback which receives the entire invite event. Contributed by @tulir @ Beeper. ([\#18241](element-hq/synapse#18241))

# Synapse 1.133.0 (2025-07-01)

- Add support for the [MSC4260 user report API](matrix-org/matrix-spec-proposals#4260). ([\#18120](element-hq/synapse#18120))

# Synapse 1.132.0 (2025-06-17)

- Add support for [MSC4155](matrix-org/matrix-spec-proposals#4155) Invite Filtering. ([\#18288](element-hq/synapse#18288))
- Add experimental `user_may_send_state_event` module API callback. ([\#18455](element-hq/synapse#18455))
- Add experimental `get_media_config_for_user` and `is_user_allowed_to_upload_media_of_size` module API callbacks that allow overriding of media repository maximum upload size. ([\#18457](element-hq/synapse#18457))
- Add experimental `get_ratelimit_override_for_user` module API callback that allows overriding of per-user ratelimits. ([\#18458](element-hq/synapse#18458))
- Pass `room_config` argument to `user_may_create_room` spam checker module callback. ([\#18486](element-hq/synapse#18486))
- Support configuration of default and extra user types. ([\#18456](element-hq/synapse#18456))
- Successful requests to `/_matrix/app/v1/ping` will now force Synapse to reattempt delivering transactions to appservices. ([\#18521](element-hq/synapse#18521))
- Support the import of the `RatelimitOverride` type from `synapse.module_api` in modules and rename `messages_per_second` to `per_second`. ([\#18513](element-hq/synapse#18513))

# Synapse 1.131.0 (2025-06-03)

- Add `msc4263_limit_key_queries_to_users_who_share_rooms` config option as per [MSC4263](matrix-org/matrix-spec-proposals#4263). ([\#18180](element-hq/synapse#18180))
- Add option to allow registrations that begin with `_`. Contributed by `_` (@hex5f). ([\#18262](element-hq/synapse#18262))
- Include room ID in response to the [Room Deletion Status Admin API](https://element-hq.github.io/synapse/latest/admin_api/rooms.html#status-of-deleting-rooms). ([\#18318](element-hq/synapse#18318))
- Add support for calling Policy Servers ([MSC4284](matrix-org/matrix-spec-proposals#4284)) to mark events as spam. ([\#18387](element-hq/synapse#18387))

# Synapse 1.130.0 (2025-05-20)

- Add an Admin API endpoint `GET /_synapse/admin/v1/scheduled_tasks`  to fetch scheduled tasks. ([\#18214](element-hq/synapse#18214))
- Add config option `user_directory.exclude_remote_users` which, when enabled, excludes remote users from user directory search results. ([\#18300](element-hq/synapse#18300))
- Add support for handling `GET /devices/` on workers. ([\#18355](element-hq/synapse#18355))


# Synapse 1.129.0 (2025-05-06)

- Add `passthrough_authorization_parameters` in OIDC configuration to allow passing parameters to the authorization grant URL. ([\#18232](element-hq/synapse#18232))
- Add `total_event_count`, `total_message_count`, and `total_e2ee_event_count` fields to the homeserver usage statistics. ([\#18260](element-hq/synapse#18260))

# Synapse 1.128.0 (2025-04-08)

- Add an access token introspection cache to make Matrix Authentication Service integration ([MSC3861](matrix-org/matrix-spec-proposals#3861)) more efficient. ([\#18231](element-hq/synapse#18231))
- Add background job to clear unreferenced state groups. ([\#18254](element-hq/synapse#18254))
- Hashes of media files are now tracked by Synapse. Media quarantines will now apply to all files with the same hash. ([\#18277](element-hq/synapse#18277), [\#18302](element-hq/synapse#18302), [\#18296](element-hq/synapse#18296))
netbsd-srcmastr pushed a commit to NetBSD/pkgsrc that referenced this pull request Jul 18, 2025
@coypoop
Pullup ticket #6991 - requested by gdt
9806d2e 
chat/matrix-synapse: Update package in anticipation of security fix

Revisions pulled up:
- chat/matrix-synapse/Makefile                                  1.112
- chat/matrix-synapse/PLIST                                     1.59
- chat/matrix-synapse/cargo-depends.mk                          1.27
- chat/matrix-synapse/distinfo                                  1.80

---
   Module Name:    pkgsrc
   Committed By:   gdt
   Date:           Thu Jul 17 11:24:44 UTC 2025

   Modified Files:
           pkgsrc/chat/matrix-synapse: Makefile PLIST cargo-depends.mk distinfo

   Log Message:
   chat/matrix-synapse: Update to 1.134.0

   Builds on NetBSD 10 amd64, and builds/tests-ok on NetBSD 9 amd64 using
   dependencies from 2025Q2.

   NB: A security update to synapse is scheduled for July 22.  Consult
     https://matrix.org/blog/2025/07/security-predisclosure/
   for further details.

   Those running synapse in production may wish to update to 1.134.0 to
   reduce the magnitude of change when updating to the July 22 version
   (although that will be a big update regardless).  Note that the usual
   pkgsrc pre-commit test is upgrading from the current pkgsrc version
   and briefly checking operation.  Therefore, not upgrading has a
   theoretical risk of encountering a 1.127.1 to 1.135.0 update bug when
   1.127.1 to 134.0 and 1.134.0 to 1.135.0 are ok.

   # Synapse 1.134.0 (2025-07-15)

   - Support for [MSC4235](matrix-org/matrix-spec-proposals#4235): `via` query param for hierarchy endpoint. Contributed by Krishan (@kfiven).
   ([\#18070](element-hq/synapse#18070))
   - Add `forget_forced_upon_leave` capability as per [MSC4267](matrix-org/matrix-spec-proposals#4267). ([\#18196](element-hq/synapse#18196))
   - Add `federated_user_may_invite` spam checker callback which receives the entire invite event. Contributed by @tulir @ Beeper. ([\#18241](element-hq/synapse#18241))

   # Synapse 1.133.0 (2025-07-01)

   - Add support for the [MSC4260 user report API](matrix-org/matrix-spec-proposals#4260). ([\#18120](element-hq/synapse#18120))

   # Synapse 1.132.0 (2025-06-17)

   - Add support for [MSC4155](matrix-org/matrix-spec-proposals#4155) Invite Filtering. ([\#18288](element-hq/synapse#18288))
   - Add experimental `user_may_send_state_event` module API callback. ([\#18455](element-hq/synapse#18455))
   - Add experimental `get_media_config_for_user` and `is_user_allowed_to_upload_media_of_size` module API callbacks that allow overriding of media repository maximum upload size.
   ([\#18457](element-hq/synapse#18457))
   - Add experimental `get_ratelimit_override_for_user` module API callback that allows overriding of per-user ratelimits. ([\#18458](element-hq/synapse#18458))
   - Pass `room_config` argument to `user_may_create_room` spam checker module callback. ([\#18486](element-hq/synapse#18486))
   - Support configuration of default and extra user types. ([\#18456](element-hq/synapse#18456))
   - Successful requests to `/_matrix/app/v1/ping` will now force Synapse to reattempt delivering transactions to appservices. ([\#18521](element-hq/synapse#18521))
   - Support the import of the `RatelimitOverride` type from `synapse.module_api` in modules and rename `messages_per_second` to `per_second`.
   ([\#18513](element-hq/synapse#18513))

   # Synapse 1.131.0 (2025-06-03)

   - Add `msc4263_limit_key_queries_to_users_who_share_rooms` config option as per [MSC4263](matrix-org/matrix-spec-proposals#4263).
   ([\#18180](element-hq/synapse#18180))
   - Add option to allow registrations that begin with `_`. Contributed by `_` (@hex5f). ([\#18262](element-hq/synapse#18262))
   - Include room ID in response to the [Room Deletion Status Admin API](https://element-hq.github.io/synapse/latest/admin_api/rooms.html#status-of-deleting-rooms).
   ([\#18318](element-hq/synapse#18318))
   - Add support for calling Policy Servers ([MSC4284](matrix-org/matrix-spec-proposals#4284)) to mark events as spam.
   ([\#18387](element-hq/synapse#18387))

   # Synapse 1.130.0 (2025-05-20)

   - Add an Admin API endpoint `GET /_synapse/admin/v1/scheduled_tasks`  to fetch scheduled tasks. ([\#18214](element-hq/synapse#18214))
   - Add config option `user_directory.exclude_remote_users` which, when enabled, excludes remote users from user directory search results. ([\#18300](element-hq/synapse#18300))
   - Add support for handling `GET /devices/` on workers. ([\#18355](element-hq/synapse#18355))

   # Synapse 1.129.0 (2025-05-06)

   - Add `passthrough_authorization_parameters` in OIDC configuration to allow passing parameters to the authorization grant URL. ([\#18232](element-hq/synapse#18232))
   - Add `total_event_count`, `total_message_count`, and `total_e2ee_event_count` fields to the homeserver usage statistics. ([\#18260](element-hq/synapse#18260))

   # Synapse 1.128.0 (2025-04-08)

   - Add an access token introspection cache to make Matrix Authentication Service integration ([MSC3861](matrix-org/matrix-spec-proposals#3861)) more efficient.
   ([\#18231](element-hq/synapse#18231))
   - Add background job to clear unreferenced state groups. ([\#18254](element-hq/synapse#18254))
   - Hashes of media files are now tracked by Synapse. Media quarantines will now apply to all files with the same hash. ([\#18277](element-hq/synapse#18277),
   [\#18302](element-hq/synapse#18302), [\#18296](element-hq/synapse#18296))
@turt2live turt2live mentioned this pull request Aug 1, 2025
Open
riastradh pushed a commit to riastradh/pkgsrc-test20250901 that referenced this pull request Sep 1, 2025
@coypoop
Pullup ticket #6991 - requested by gdt
0f22535 
chat/matrix-synapse: Update package in anticipation of security fix

Revisions pulled up:
- chat/matrix-synapse/Makefile                                  1.112
- chat/matrix-synapse/PLIST                                     1.59
- chat/matrix-synapse/cargo-depends.mk                          1.27
- chat/matrix-synapse/distinfo                                  1.80

---
   Module Name:    pkgsrc
   Committed By:   gdt
   Date:           Thu Jul 17 11:24:44 UTC 2025

   Modified Files:
           pkgsrc/chat/matrix-synapse: Makefile PLIST cargo-depends.mk distinfo

   Log Message:
   chat/matrix-synapse: Update to 1.134.0

   Builds on NetBSD 10 amd64, and builds/tests-ok on NetBSD 9 amd64 using
   dependencies from 2025Q2.

   NB: A security update to synapse is scheduled for July 22.  Consult
     https://matrix.org/blog/2025/07/security-predisclosure/
   for further details.

   Those running synapse in production may wish to update to 1.134.0 to
   reduce the magnitude of change when updating to the July 22 version
   (although that will be a big update regardless).  Note that the usual
   pkgsrc pre-commit test is upgrading from the current pkgsrc version
   and briefly checking operation.  Therefore, not upgrading has a
   theoretical risk of encountering a 1.127.1 to 1.135.0 update bug when
   1.127.1 to 134.0 and 1.134.0 to 1.135.0 are ok.

   # Synapse 1.134.0 (2025-07-15)

   - Support for [MSC4235](matrix-org/matrix-spec-proposals#4235): `via` query param for hierarchy endpoint. Contributed by Krishan (@kfiven).
   ([\#18070](element-hq/synapse#18070))
   - Add `forget_forced_upon_leave` capability as per [MSC4267](matrix-org/matrix-spec-proposals#4267). ([\#18196](element-hq/synapse#18196))
   - Add `federated_user_may_invite` spam checker callback which receives the entire invite event. Contributed by @tulir @ Beeper. ([\#18241](element-hq/synapse#18241))

   # Synapse 1.133.0 (2025-07-01)

   - Add support for the [MSC4260 user report API](matrix-org/matrix-spec-proposals#4260). ([\#18120](element-hq/synapse#18120))

   # Synapse 1.132.0 (2025-06-17)

   - Add support for [MSC4155](matrix-org/matrix-spec-proposals#4155) Invite Filtering. ([\#18288](element-hq/synapse#18288))
   - Add experimental `user_may_send_state_event` module API callback. ([\#18455](element-hq/synapse#18455))
   - Add experimental `get_media_config_for_user` and `is_user_allowed_to_upload_media_of_size` module API callbacks that allow overriding of media repository maximum upload size.
   ([\#18457](element-hq/synapse#18457))
   - Add experimental `get_ratelimit_override_for_user` module API callback that allows overriding of per-user ratelimits. ([\#18458](element-hq/synapse#18458))
   - Pass `room_config` argument to `user_may_create_room` spam checker module callback. ([\#18486](element-hq/synapse#18486))
   - Support configuration of default and extra user types. ([\#18456](element-hq/synapse#18456))
   - Successful requests to `/_matrix/app/v1/ping` will now force Synapse to reattempt delivering transactions to appservices. ([\#18521](element-hq/synapse#18521))
   - Support the import of the `RatelimitOverride` type from `synapse.module_api` in modules and rename `messages_per_second` to `per_second`.
   ([\#18513](element-hq/synapse#18513))

   # Synapse 1.131.0 (2025-06-03)

   - Add `msc4263_limit_key_queries_to_users_who_share_rooms` config option as per [MSC4263](matrix-org/matrix-spec-proposals#4263).
   ([\#18180](element-hq/synapse#18180))
   - Add option to allow registrations that begin with `_`. Contributed by `_` (@hex5f). ([\#18262](element-hq/synapse#18262))
   - Include room ID in response to the [Room Deletion Status Admin API](https://element-hq.github.io/synapse/latest/admin_api/rooms.html#status-of-deleting-rooms).
   ([\#18318](element-hq/synapse#18318))
   - Add support for calling Policy Servers ([MSC4284](matrix-org/matrix-spec-proposals#4284)) to mark events as spam.
   ([\#18387](element-hq/synapse#18387))

   # Synapse 1.130.0 (2025-05-20)

   - Add an Admin API endpoint `GET /_synapse/admin/v1/scheduled_tasks`  to fetch scheduled tasks. ([\#18214](element-hq/synapse#18214))
   - Add config option `user_directory.exclude_remote_users` which, when enabled, excludes remote users from user directory search results. ([\#18300](element-hq/synapse#18300))
   - Add support for handling `GET /devices/` on workers. ([\#18355](element-hq/synapse#18355))

   # Synapse 1.129.0 (2025-05-06)

   - Add `passthrough_authorization_parameters` in OIDC configuration to allow passing parameters to the authorization grant URL. ([\#18232](element-hq/synapse#18232))
   - Add `total_event_count`, `total_message_count`, and `total_e2ee_event_count` fields to the homeserver usage statistics. ([\#18260](element-hq/synapse#18260))

   # Synapse 1.128.0 (2025-04-08)

   - Add an access token introspection cache to make Matrix Authentication Service integration ([MSC3861](matrix-org/matrix-spec-proposals#3861)) more efficient.
   ([\#18231](element-hq/synapse#18231))
   - Add background job to clear unreferenced state groups. ([\#18254](element-hq/synapse#18254))
   - Hashes of media files are now tracked by Synapse. Media quarantines will now apply to all files with the same hash. ([\#18277](element-hq/synapse#18277),
   [\#18302](element-hq/synapse#18302), [\#18296](element-hq/synapse#18296))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@clokep clokep clokep left review comments

@dbkr dbkr Awaiting requested review from dbkr

Assignees
No one assigned
Labels
client-server Client-Server API kind:core MSC which is critical to the protocol's success merged A proposal whose PR has merged into the spec! proposal A matrix spec change proposal
Projects
Spec Core Team Workflow
Status: Merged
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@turt2live @mscbot @Johennes @clokep @dbkr