Matrix server on chat.librem.one seems to be synapse 1.66.0 while joinmatrix.org considers anything less than 1.85.0 to be "vulnerable"

see the title. running the federation tester at https://federationtester.matrix.org on librem.one and looking at the json report says the matrix server is synapse version 1.66.0. at Information for Matrix Users - Public Matrix Homeserver List it says that any version of synapse less than 1.85.0 is “vulnerable” (has known vulnerabilities) and that having such an old server version is a warning sign that the server maintainers are likely “not keeping up with maintenance”.

what’s up here?

i’m looking to start using matrix and have seen recommendations to avoid matrix.org for my homeserver for my matrix ID for a number of reasons. for me the biggest reason is simply that this goes against the idea of federation and decentralization. so i thought, don’t i have a matrix ID already with my librem.one account? it turns out i do have one. surely i trust the motives of the operators of this server? however, the data i report above seems to argue against trusting their technical competence.

what matrix ID homeserver do other folks here use? how did you decide?

(yes, i am aware of the work on p2p matrix and that it would pretty much abolish any issues of what homeserver to trust. it might be a while before that actually works well enough, and @matthew recently posted elsewhere that it (and several other very nice projects) was at the moment not prioritized due to not enough funding.)

This has been a chronic issue for Purism. I’m an outsider so take what I say as speculation but they run a somewhat nonstandard config using ldap auth for their homeserver, possibly among other things, so upgrades don’t always go smoothly. In addition to that, I think they are spread fairly thin as far as staffing so librem one server upgades fall way behind due to prioritization.

I would certainly love for them to keep up with the upgrades though. I would like to use the new supposedly much improved in every way app “Element X” that has been released for Android/ios but it doesn’t work with such an old version of synapse

They don’t mention Librem One as part of their enterprise offerings, but I think they are going to have to step up support of Librem One, if they do add it to their enterprise mix.

@joao.azevedo, i notice that there seem to be roughly yearly forum topics from you notifying us that synapse is being upgraded. does that mean that the matrix server is upgraded roughly once a year? or are there more frequent upgrades with no forum message about them?