Releases

142 posts tagged with "Releases" (See all Category)

Atom Feed

Matrix v1.7 release

25.05.2023 18:56 — Releases Travis Ralston

Hey all,

Matrix 1.7 has just been released! The last spec release was about 3 months ago, keeping us on track for regular quarterly releases. Unlike Matrix 1.6 though, today’s release is packed with plenty of features, some of which we’d like to call out here. Not all implementations will have support for these features yet though, and that’s okay (expected, even).

Adding support for a spec release can be a significant body of work. Instead of implementations having everything ready for spec release day, the idea is that they gain support over the next few months. If you’re able, please help those projects get v1.7’s features.

Today, we see 15 MSCs achieve their formally adopted status. All of them bring forward some much-needed features to Matrix, and a few highlights are below. Read on to the full changelog for a complete overview, and for a sneak peak at what the Spec Core Team (SCT) is planning to look at for v1.8 👀

Continue reading…

Security releases: matrix-js-sdk 24.0.0 and matrix-react-sdk 3.69.0

28.03.2023 00:00 — Releases Denis Kasak (dkasak)

Today we are issuing security releases of matrix-js-sdk and matrix-react-sdk to patch a pair of High severity vulnerabilities (CVE-2023-28427 / GHSA-mwq8-fjpf-c2gr for matrix-js-sdk and CVE-2023-28103 / GHSA-6g43-88cp-w5gv for matrix-react-sdk).

Affected clients include those which depend on the affected libraries, such as Element Web/Desktop and Cinny. Releases of the affected clients should follow shortly. We advise users of those clients to upgrade at their earliest convenience.

The issues involve prototype pollution via events containing special strings in key locations, which can temporarily disrupt normal functioning of matrix-js-sdk and matrix-react-sdk, potentially impacting the consumer's ability to process data safely.

Although we have only demonstrated a denial-of-service-style impact, we cannot completely rule out the possibility of a more severe impact due to the relatively extensive attack surface. We have therefore classified this as High severity and strongly recommend upgrading as a precautionary measure.

We found these issues during a codebase audit that we had previously announced in an earlier security release of matrix-js-sdk and matrix-react-sdk. The earlier release had already addressed a set of similar vulnerabilities that were assigned CVE-2022-36059 / GHSA-rfv9-x7hh-xc32 and CVE-2022-36060 / GHSA-2x9c-qwgf-94xr, which we had initially decided not to disclose until the completion of the audit. Now that the audit is finished, we are disclosing those previous advisories as well.

Matrix v1.6 release

14.02.2023 17:04 — Releases Travis Ralston

Hey all,

Matrix 1.6 is out there! Like Matrix 1.5 back in November, this release is largely a maintenance update. Matrix 1.1 through 1.4 have been relatively major upgrades, so a little time between features doesn’t feel like a bad idea :)

As with all spec releases, we encourage implementations to gradually update over the next few months rather than have support for everything on release day - please be kind to the projects you use, and help them gain support if able.

Matrix 1.6 sees just 7 MSCs get merged, though this is to be expected from a maintenance release. Check out Matthew’s Matrix 2.0 talk at FOSDEM for an idea of what’s expected over the next few releases.

We’ve covered a couple of the MSCs below, but read on to the full changelog for the full picture.

Continue reading…

Synapse 1.73 released

07.12.2022 00:00 — Releases Mathieu Velten

And here is another update to your beloved Matrix homeserver implementation, Synapse 1.73.

Announcements

Legacy Prometheus metric names removed

When releasing Synapse 1.69 a couple of months ago, we also announced the removal of old Prometheus metrics that have been replaced by more aptly named ones. he list of these metrics can be found here.

Synapse 1.73 implements the final phase of this plan and entirely removes support for those metrics. As a result, the enable_legacy_metrics configuration option, which was introduced in Synapse 1.71, has also been removed.

Server administrators who are still relying on these legacy metric names are encouraged to update their dashboards at their earliest convenience. For more information, please refer to the upgrade notes.

The new stuff

Performance

A bunch of performance improvements have been included in this release, specifically around the /messages endpoint.

Improvements to event filtering on the client-server API gave the matrix.org homeserver a first nice bump as visible on this graph:

Various optimizations around fetching bundled aggregations resulted in yet another nice improvement:

Note that the graph from the first image, and the second graph from the second image are apdexes, which is a measure that shows improvement when it goes up (as opposed to e.g. response times, which improve when they go down).

Extensible Events experimental support

Experimental support for Extensible Events has landed in Synapse.

This is exciting since this global rework of events presentation has been in talks for a while, and having an implementation to experiment with greatly helps bringing the feature closer to completion.

Note that this support is still very much experimental as the related MSCs are still under review and could change at any time, and therefore not recommended for use in production.

Everything else

See the full changelog, for a complete list of changes in the release. Also please have a look at the upgrade notes for this version.

Synapse is a Free and Open Source Software project, and we'd like to extend our thanks to everyone who contributed to this release, including (in no particular order) schmop, Ashish Kumar, realtyem, and Brennan Chapman as well as anyone helping us make Synapse better by sharing their feedback and reporting issues.

Synapse 1.72 released

22.11.2022 00:00 — Releases Mathieu Velten

It's not Christmas yet, but it's time for a new release! Say hello to Synapse 1.72.

It seems like this blog didn't self update through AI for the 2 preceding updates so this post will cover 1.70 to 1.72, sorry if this is a bit long but it's been a while :)

Announcements

Dropping support for PostgreSQL 10

PostgreSQL 10 has reached End Of Life: Synapse will no longer support it beginning with version 1.72 so please upgrade your database if you have not already done so.

Legacy Prometheus metric names disabled and to be removed

In previous versions of Synapse, some Prometheus metrics were emitted under two different names, an older name that was non-compliant with OpenMetrics and Prometheus conventions and a new compliant name.

Synapse 1.71 and later have the old metric names switched off by default.

For now it's still possible to get them by using enable_legacy_metrics: true, however server administrators still using legacy metric names are highly encouraged to migrate, as they will be removed in 1.73.

You can find the full list of renamed metrics here.

Changes to the events received by application services (interest)

Following the implementation of MSC3905, Synapse now only considers local users to be interesting to application services. In other words, the users namespace regex in an app service's registration file is only applied against local users of the homeserver.

Please note, this probably doesn't affect the expected behavior of your application service, since an interesting local user in a room still means all messages in the room (from local or remote users) will still be considered interesting.

You can find a bit more info in the MSC and in the upgrade notes.

The new stuff

Threads, threads, threads!

Several MSCs related to threads got implemented:

  • MSC3856 provide an API to fetch threads and related metadata.
  • MSC3771 and MSC3773 implementing per thread read receipts and per thread notification counts.
  • MSC3874 allows to filter out messages belonging to threads from the main timeline (still considered experimental). Along with MSC3856, this should noticeably improve performance of rooms that use threads heavily.

This should significantly improve user experience related to threads, being through behavior or performance impact.

Linking events together

Relationships are great, even more between events than humans!

MSC3664 allows Matrix clients to be notified in real time of related events, so you can now be made quickly aware of this cat emoji reaction that your cat photo clearly deserved.

Additionally, Synapse 1.72 includes an implementation of MSC3912, allowing users to redact the relations of a message alongside the message itself. This is particularly helpful in cases like edits, where users usually want to see their edits redacted at the same time as the original message. Note that this implementation is currently incomplete and still experimental, though, so watch this space!

Faster joins, continued

We continue our journey to get everything going as transparently as possible when doing fast remote room joins.

If you missed it you can refer to this previous blog post to get a lot more infos, and feel free to grep Synapse changelog and the numerous related issues/PRs for all the gory details.

Everything else

See the full changelogs (1.70, 1.71, 1.72) for a complete list of changes in the releases. Also please have a look at the upgrade notes for this version.

Synapse is a Free and Open Source Software project, and we'd like to extend our thanks to everyone who contributed to this release, including (in no particular order) Nico, sando38, realtyem, aceArt GmbH, Tuomas Ojamies, Ashish Kumar, asymmetric, Beeper, Ryan Miguel, Paul Tötterman, Abdullah Osama, Finn, Ivan Shapovalov, Dirk Klimpel, Jonathan de Jong, MichaIng and Aaron Raimist as well as anyone helping us make Synapse better by sharing their feedback and reporting issues.

Matrix v1.5 release

17.11.2022 16:56 — Releases Travis Ralston
Last update: 17.11.2022 16:44

Hey all,

We’ve just released Matrix 1.5, a largely maintenance update for the spec. We intentionally haven’t landed any major features in this release as Matrix 1.4, just shy of 2 months ago, had introduced fairly large features for clients and servers to consider. As with all spec releases, we encourage implementations to gradually update over the next few months rather than expect them to have support for everything on release day.

Matrix 1.5 sees just 2 MSCs get merged, though this is to be expected from a maintenance release. We expect that the next release (in Q1 2023) will have a few more exciting features to it :)

We’ve covered both MSCs below, but read on to the full changelog for the full picture.

MSC3267: Reference relations

Already supported implicitly by the spec up until now, reference relations are a way to simply reference another event. Usually these sorts of relations are used for events which need to be related to each other, but a dedicated relationship type doesn’t make a lot of sense.

In-room verification and MSC3381: Polls are examples of how these relations get used.

MSC3905: Clarify appservice interest in user IDs

MSC3905 fixes an issue in the specification where appservices (usually bridges) specifying a users regex without homeserver domain would end up receiving far more event traffic than they would have intended. With the MSC, appservices are now only considered interested in “local” users, regardless of how vague their users namespace is.

Overall this should have no effect on most bridges/appservices, however if an appservice in the wild really does need to listen to all users on all homeservers, it can specify a non-exclusive namespace on all rooms instead.

While writing this MSC into the spec we took some time to clarify the appservice registration requirements more generally: check them out here.

The full changelog

MSCs are how the spec changes in the way it does - adding, fixing, and maintaining features for the whole ecosystem to use. Check out the full changelog below, and the Spec Change Proposals page for more information on how these MSCs got merged (hint: they submitted a proposal, which anyone can do - take a look at the Matrix Live episode where Matthew covers the proposal process).

Client-Server API

Backwards Compatible Changes

  • Add m.reference relations, as per MSC3267. (#1206)
  • Add missing documentation for m.key.verification.request msgtype for in-room verification. (#1271)

Spec Clarifications

  • Fix various typos throughout the specification. (#1260, #1265, #1276)
  • Fix naming of device_one_time_keys_count in /sync. (#1266)
  • Improve display of event subtypes. (#1283)
  • Improve documentation about ephemeral events. (#1284)
  • Define a 400 response from /_matrix/client/v3/directory/rooms/{roomAlias}. (#1286)
  • Clarify parts of the end-to-end encryption sections. (#1294, #1345)
  • Various clarifications throughout the specification. (#1306)
  • Replace set_sound push rule action by set_tweak. (#1318)
  • Clarify the behavior of PUT /_matrix/client/v3/pushrules/{scope}/{kind}/{ruleId}. (#1319)
  • Clarify that .m.rule.master has a higher priority than any push rule. (#1320)
  • Require request field refresh_token at endpoint POST /_matrix/client/v3/refresh. (#1323)
  • Fix a number of broken links in the specification. (#1330)
  • Add example read receipt to GET /_matrix/client/v3/sync response example. (#1341)

Server-Server API

Spec Clarifications

  • Fix a number of broken links in the specification. (#1330)

Application Service API

Spec Clarifications

  • Clarify that application services can only register an interest in local users, as per MSC3905. (#1305)

Identity Service API

Spec Clarifications

  • Fix a number of broken links in the specification. (#1330)

Push Gateway API

No significant changes.

Room Versions

Spec Clarifications

  • Reword the event auth rules to clarify that users cannot demote other users with the same power level. (#1269)
  • Various clarifications to the text on event authorisation rules. (#1270)
  • Fix a number of broken links in the specification. (#1330)

Appendices

No significant changes.

Internal Changes/Tooling

Backwards Compatible Changes

  • Update docsy theme to v0.5.0 + matrix.org modifications (https://github.com/matrix-org/docsy/commit/a0032f8db919a6c67ba6cdef2c455f105b6272a2). (#1295)

Spec Clarifications

  • Improve error messages emitted by resolve-additional-types template. (#1303)
  • Fix link to API viewer. (#1308)
  • Stop rendering the subsections of the Client-Server API and Room Versions specs as their own separate pages. (#1317)
  • Use a link checker to ensure that we do not have broken links. (#1329, #1338)
  • Update instructions to preview Swagger definitions. (#1331)
  • Make definition anchors more unique. (#1339)
  • Generate the unstable changelogs with towncrier, for consistency. (#1340)
  • Update CONTRIBUTING.md to mention that non-content changes to this repo should have an "internal" changelog entry. (#1342)
  • Update module summary table with new modules: Event Replacements, Threading and Reference Relations. (#1344)
  • Disable RSS generation for the spec. (#1346)