Do not expose server room directory by default

Prompted by: https://matrix.org/blog/2019/11/09/avoiding-unwelcome-visitors-on-private-matrix-servers This is a bit controversial, because.. the Synapse default remains open, while the general advice (as per the blog post) is to make it more private. I'm not sure exactly what kind of server people set up and whether they want to make the room directory public. Our general goal is to favor privacy and security when running personal (family & friends) and corporate homeservers, both of which likely benefit from having a more secure default.
2019-11-10 08:48:42 +02:00
parent 50614f1bad
commit 2da40c729a
3 changed files with 23 additions and 2 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,3 +1,15 @@
+# 2019-11-10
+
+## Tightened security around room directory publishing
+
+As per this [advisory blog post](https://matrix.org/blog/2019/11/09/avoiding-unwelcome-visitors-on-private-matrix-servers), we've decided to change the default publishing rules for the Matrix room directory.
+
+Our general goal is to favor privacy and security when running personal (family & friends) and corporate homeservers.
+Both of these likely benefit from having a more secure default of **not showing the room directory without authentication** and **not publishing the room directory over federation**.
+
+As with anything else, these new defaults can be overriden by changing the `matrix_synapse_allow_public_rooms_without_auth` and `matrix_synapse_allow_public_rooms_over_federation` variables, respectively.
+
+
 # 2019-10-05

 ## Improved Postgres upgrading/importing