diff --git a/CHANGES.md b/CHANGES.md
index d4b64517bcf2713320f3cfa62232b433220e7703..1d123abc195a2ee855d36c28e8e2c174dff0d744 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -3,6 +3,16 @@ Synapse vNext
As of this release, Synapse no longer allows the tasks of verifying email address ownership, and password reset confirmation, to be delegated to an identity server. For more information, see the [upgrade notes](https://matrix-org.github.io/synapse/v1.64/upgrade.html#upgrading-to-v1640).
+
+Synapse 1.63.1 (2022-07-20)
+===========================
+
+Bugfixes
+--------
+
+- Fix a bug introduced in Synapse 1.63.0 where push actions were incorrectly calculated for appservice users. This caused performance issues on servers with large numbers of appservices. ([\#13332](https://github.com/matrix-org/synapse/issues/13332))
+
+
Synapse 1.63.0 (2022-07-19)
===========================
@@ -133,7 +143,7 @@ Bugfixes
- Update [MSC3786](https://github.com/matrix-org/matrix-spec-proposals/pull/3786) implementation to check `state_key`. ([\#12939](https://github.com/matrix-org/synapse/issues/12939))
- Fix a bug introduced in Synapse 1.58 where Synapse would not report full version information when installed from a git checkout. This is a best-effort affair and not guaranteed to be stable. ([\#12973](https://github.com/matrix-org/synapse/issues/12973))
- Fix a bug introduced in Synapse 1.60 where Synapse would fail to start if the `sqlite3` module was not available. ([\#12979](https://github.com/matrix-org/synapse/issues/12979))
-- Fix a bug where non-standard information was required when requesting the `/hierarchy` API over federation. Introduced
+- Fix a bug where non-standard information was required when requesting the `/hierarchy` API over federation. Introduced
in Synapse v1.41.0. ([\#12991](https://github.com/matrix-org/synapse/issues/12991))
- Fix a long-standing bug which meant that rate limiting was not restrictive enough in some cases. ([\#13018](https://github.com/matrix-org/synapse/issues/13018))
- Fix a bug introduced in Synapse 1.58 where profile requests for a malformed user ID would ccause an internal error. Synapse now returns 400 Bad Request in this situation. ([\#13041](https://github.com/matrix-org/synapse/issues/13041))
diff --git a/debian/changelog b/debian/changelog
index b1635bc39299c476e9cdf806f641f4e687460dc0..9417f8714f9b6fdb771093a4cab1ed6893a2f487 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+matrix-synapse-py3 (1.63.1) stable; urgency=medium
+
+ * New Synapse release 1.63.1.
+
+ -- Synapse Packaging team <packages@matrix.org> Wed, 20 Jul 2022 13:36:52 +0100
+
matrix-synapse-py3 (1.63.0) stable; urgency=medium
* Clarify that homeserver server names are included in the data reported
diff --git a/pyproject.toml b/pyproject.toml
index a27226f03daa3caaf394b377ea4210a4fda274b8..4da1331c932d02ba34c74e64fe67ddc6774a68f0 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -54,7 +54,7 @@ skip_gitignore = true
[tool.poetry]
name = "matrix-synapse"
-version = "1.63.0"
+version = "1.63.1"
description = "Homeserver for the Matrix decentralised comms protocol"
authors = ["Matrix.org Team and Contributors <packages@matrix.org>"]
license = "Apache-2.0"
diff --git a/synapse/push/bulk_push_rule_evaluator.py b/synapse/push/bulk_push_rule_evaluator.py
index e581af9a9af32fb6a346a91e3bae66e90ffd5b29..713dcf69504b6008fb00d4c8eb6c75cdf66a337e 100644
--- a/synapse/push/bulk_push_rule_evaluator.py
+++ b/synapse/push/bulk_push_rule_evaluator.py
@@ -131,6 +131,13 @@ class BulkPushRuleEvaluator:
local_users = await self.store.get_local_users_in_room(event.room_id)
+ # Filter out appservice users.
+ local_users = [
+ u
+ for u in local_users
+ if not self.store.get_if_app_services_interested_in_user(u)
+ ]
+
# if this event is an invite event, we may need to run rules for the user
# who's been invited, otherwise they won't get told they've been invited
if event.type == EventTypes.Member and event.membership == Membership.INVITE:
diff --git a/tests/push/test_push_rule_evaluator.py b/tests/push/test_push_rule_evaluator.py
index 9b623d0033cd8ea09ed415dc2c4d350854784e55..718f48957748c5bf77b4b8438dbd20040507e941 100644
--- a/tests/push/test_push_rule_evaluator.py
+++ b/tests/push/test_push_rule_evaluator.py
@@ -16,13 +16,23 @@ from typing import Dict, Optional, Set, Tuple, Union
import frozendict
+from twisted.test.proto_helpers import MemoryReactor
+
+import synapse.rest.admin
+from synapse.api.constants import EventTypes, Membership
from synapse.api.room_versions import RoomVersions
+from synapse.appservice import ApplicationService
from synapse.events import FrozenEvent
from synapse.push import push_rule_evaluator
from synapse.push.push_rule_evaluator import PushRuleEvaluatorForEvent
+from synapse.rest.client import login, register, room
+from synapse.server import HomeServer
+from synapse.storage.databases.main.appservice import _make_exclusive_regex
from synapse.types import JsonDict
+from synapse.util import Clock
from tests import unittest
+from tests.test_utils.event_injection import create_event, inject_member_event
class PushRuleEvaluatorTestCase(unittest.TestCase):
@@ -354,3 +364,78 @@ class PushRuleEvaluatorTestCase(unittest.TestCase):
"event_type": "*.reaction",
}
self.assertTrue(evaluator.matches(condition, "@user:test", "foo"))
+
+
+class TestBulkPushRuleEvaluator(unittest.HomeserverTestCase):
+ """Tests for the bulk push rule evaluator"""
+
+ servlets = [
+ synapse.rest.admin.register_servlets_for_client_rest_resource,
+ login.register_servlets,
+ register.register_servlets,
+ room.register_servlets,
+ ]
+
+ def prepare(self, reactor: MemoryReactor, clock: Clock, homeserver: HomeServer):
+ # Define an application service so that we can register appservice users
+ self._service_token = "some_token"
+ self._service = ApplicationService(
+ self._service_token,
+ "as1",
+ "@as.sender:test",
+ namespaces={
+ "users": [
+ {"regex": "@_as_.*:test", "exclusive": True},
+ {"regex": "@as.sender:test", "exclusive": True},
+ ]
+ },
+ msc3202_transaction_extensions=True,
+ )
+ self.hs.get_datastores().main.services_cache = [self._service]
+ self.hs.get_datastores().main.exclusive_user_regex = _make_exclusive_regex(
+ [self._service]
+ )
+
+ self._as_user, _ = self.register_appservice_user(
+ "_as_user", self._service_token
+ )
+
+ self.evaluator = self.hs.get_bulk_push_rule_evaluator()
+
+ def test_ignore_appservice_users(self) -> None:
+ "Test that we don't generate push for appservice users"
+
+ user_id = self.register_user("user", "pass")
+ token = self.login("user", "pass")
+
+ room_id = self.helper.create_room_as(user_id, tok=token)
+ self.get_success(
+ inject_member_event(self.hs, room_id, self._as_user, Membership.JOIN)
+ )
+
+ event, context = self.get_success(
+ create_event(
+ self.hs,
+ type=EventTypes.Message,
+ room_id=room_id,
+ sender=user_id,
+ content={"body": "test", "msgtype": "m.text"},
+ )
+ )
+
+ # Assert the returned push rules do not contain the app service user
+ rules = self.get_success(self.evaluator._get_rules_for_event(event))
+ self.assertTrue(self._as_user not in rules)
+
+ # Assert that no push actions have been added to the staging table (the
+ # sender should not be pushed for the event)
+ users_with_push_actions = self.get_success(
+ self.hs.get_datastores().main.db_pool.simple_select_onecol(
+ table="event_push_actions_staging",
+ keyvalues={"event_id": event.event_id},
+ retcol="user_id",
+ desc="test_ignore_appservice_users",
+ )
+ )
+
+ self.assertEqual(len(users_with_push_actions), 0)