Matrix logo

Security release of matrix-appservice-irc 0.35.0 (High severity)

13.09.2022 16:56 — Releases Denis Kasak

We've released a new version of matrix.org's node-irc 1.3.0 and matrix-appservice-irc 0.35.0, to patch several security issues:

The details of the final vulnerability will be released at a later date, pending an audit of the codebase to ensure it's not affected by other similar vulnerabilities.

The vulnerabilities have been patched in node-irc version 1.3.0 and matrix-appservice-irc 0.35.0. You can get the release on Github.

The bridges running on the Libera Chat, OFTC and other networks bridged by the Matrix.org Foundation have been patched.

Please upgrade your IRC bridge as soon as possible.

The above vulnerabilities were reported by Val Lorentz. Thank you!

Security releases: matrix-js-sdk 19.4.0 and matrix-react-sdk 3.53.0

31.08.2022 18:13 — Releases Denis Kasak

Today we are issuing security releases of matrix-js-sdk and matrix-react-sdk to patch a couple of High severity vulnerabilities (reserved as CVE-2022-36059 for the matrix-js-sdk and CVE-2022-36060 for the matrix-react-sdk).

Affected clients include those which depend on the affected libraries, such as Element Web/Desktop and Cinny. Releases of the affected clients will follow shortly. We advise users of those clients to upgrade at their earliest convenience.

The vulnerabilities give an adversary who you share a room with the ability to carry out a denial-of-service attack against the affected clients, making it not show all of a user's rooms or spaces and/or causing minor temporary corruption.

The full vulnerability details will be disclosed at a later date, to give people time to upgrade and us to perform a more thorough audit of the codebase.

Note that while the vulnerability was to our knowledge never exploited maliciously, some unintentional public testing has left some people affected by the bug. We made a best effort to sanitize this to stop the breakage. If you are affected, you may still need to clear the cache and reload your Matrix client for it to take effect.

We thank Val Lorentz who discovered and reported the vulnerability over the weekend.

This Week in Matrix 2022-08-26

26.08.2022 19:03 — This Week in Matrix Brendan Abolivier
Last update: 26.08.2022 18:43

Happy TWIMday everyone! Thib is away this week again, so I'm covering for him as your host in this edition of This Week In Matrix.

Matrix Live 🎙

Following up on last week's tutorial about using Docker Compose to install Synapse, this week Thib explains how to use Ansible to deploy your own Matrix homeserver.

Dept of Status of Matrix 🌡️

TravisR reports

Earlier in the year, t2bot.io passed 1 Million known rooms and now it's passed 10 Million bridged users (10,039,915 users to be exact, at time of writing). Most of these users will be people who have participated in a channel/chat on Discord or Telegram that was bridged to Matrix through t2bot.io's free service, with about 500 thousand being active each month.

Approximately 8 Million of the users are from Telegram, covering about 11% of all Telegram users (previously 15% based on information available at the time). The remaining 2 Million are Discord users, roughly 0.5% of Discord's user base. For perspective, t2bot.io has just over 683 Million events in the database and is bridging between 30 and 40 thousand people a day.

Like last time, this is just a milestone update, though it's also a good reminder to host your own server if you can. Element's own hosting platform is a great option if you'd like to have a server without running it yourself, and Beeper offers a richer bridging experience than t2bot.io can feasibly provide. If you'd like to go down the self-hosting route, check out Thib's video guide on hosting synapse or last week's Matrix Live for a better understanding of what hosting Synapse actually means.

As for an interesting statistic: despite not having much functionality that deals with Spaces, t2bot.io can see 2687 Spaces from the wider world. The plan in the coming months is to support a way to bridge a whole Discord server to a Matrix Space, making this statistic hopefully more interesting as time goes on.

Dept of Spec 📜

uhoreg reports

Here's your weekly spec update! The heart of Matrix is the specification - and this is modified by Matrix Spec Change (MSC) proposals. Learn more about how the process works at https://matrix.org/docs/spec/proposals.

MSC Status

Merged MSCs:

  • No MSCs were merged this week.

MSCs in Final Comment Period:

  • No MSCs are in FCP.

New MSCs:

Spec Core Team

The Spec Core Team has been continuing to push forward on the spec. Several new MSCs have been opened recently. The Spec Core Team is available in #sct-office:matrix.org when MSC authors think that they are ready for primetime.

Random MSC of the Week

The random MSC of the week is... MSC2162: Signaling Errors at Bridges!

Bridges sometimes are unable to relay messages to the remote service for one reason or another. This MSC proposes a way to allow bridges to indicate that a message failed to be delivered, and allow users to tell the bridge to retry.

Dept of Outreachy 🎓️

andybalaam announces

Usman's internship, working on Favourite Messages, is coming to an end! Check out Usman's blog post and Andy's blog post! To follow progress on Favourite Messages (which is still very much a prototype), check out the tracking issue: Tracking issue for Favourite Messages. Thanks to Usman for being an awesome mentee!

Dept of Servers 🏢

Synapse (website)

Synapse is a Matrix homeserver implementation developed by the matrix.org core team

Brendan Abolivier says

This week we've released Synapse 1.66.0rc1! This upcoming release deprecates delegating email validation to an identity server (more info here) and includes improved validation around user-interactive authentication, support for a couple of experimental features, as well as the usual batch of bug fixes and performance improvements 🙂

As always, any help with testing and feedback on this RC is appreciated! Feel free to drop any feedback or bug report in #synapse:matrix.org and the Synapse repo respectively.

Dendrite (website)

Second generation Matrix homeserver

neilalexander announces

This week we released Dendrite 0.9.5 which includes a number of fixes, particularly for federation:

  • The roomserver will now correctly unreject previously rejected events if necessary when reprocessing
  • The handling of event soft-failure has been improved on the roomserver input by no longer applying rejection rules and still calculating state before the event if possible
  • The federation /state and /state_ids endpoints should now return the correct error code when the state isn't known instead of returning a HTTP 500
  • The federation /event should now return outlier events correctly instead of returning a HTTP 500
  • A bug in the federation backoff allowing zero intervals has been corrected
  • The create-account utility will no longer error if the homeserver URL ends in a trailing slash
  • A regression in /sync introduced in 0.9.4 should be fixed

As always, please feel free to join us in #dendrite:matrix.org for more Dendrite-related discussion.

Dept of Ops 🛠

matrix-docker-ansible-deploy (website)

Matrix server setup using Ansible and Docker

Slavi reports

Thanks to Aine of etke.cc, matrix-docker-ansible-deploy can now set up the new Postmoogle email bridge/bot. Postmoogle is like the email2matrix bridge (also already supported by the playbook), but more capable and with the intention to soon support sending emails, not just receiving.

See our Setting up Postmoogle email bridging documentation to get started.

Dept of Bridges 🌉

Aine reports

follow-up to Slavi's announcement: Postmoogle is here!

Actually, he explained it pretty good, so here are some additional links

Source code and Roadmap with implemented and planned features and as usual, say hi in the #postmoogle:etke.cc

Dept of Clients 📱

Quadrix (website)

A Minimal, simple, multi-platform chat client for the Matrix protocol.

JFA says

Quadrix v1.2.5 has been released! The update is already available for Linux, MacOS and iOS. The Windows and Android updates are awaiting approval from the respective stores. This release has mostly "under the hood" improvements (upgrade to React Native 0.69, React 18 and other key dependencies), but also fixes a few bugs and brings minor UI improvements.

Great news: Quadrix finally made it to https://matrix.org/clients/ :-) Many thanks to @madlittlemods:matrix.org!!!

Please leave feedback/comments at #quadrix:matrix.org or in the issues at https://github.com/alariej/quadrix (stars welcome :-))

Element Web/Desktop (website)

Secure and independent communication, connected via Matrix. Come talk with us in #element-web:matrix.org!

kittykat says

In labs (you can enable labs features in settings on develop.element.io or on Nightly):

  • We’re working hard on updating Threads, squashing bugs and improving performance. We have several MSCs open introducing new functionality to read receipts so that notifications work better than ever.

Element iOS (website)

Secure and independent communication for iOS, connected via Matrix. Come talk with us in #element-ios:matrix.org!

Ștefan reports

  • We’re working hard on making the new layout ready for general use, squashing bugs and taking names until everything is in tip top shape. We have a test flight build out: we’ve delayed the release to next week while we iron out the last creases.
  • In ElementX land we have started on adding analytics and Xcode Cloud support and have updated our logging strategy. We will also start adopting sliding sync and using the new Rust Timeline providers

Dept of VoIP 🤙

Element Call (website)

Native Decentralised End-to-end Encrypted Group Calls in Matrix, as a standalone web app

Robin announces

Element Call v0.2.7 and v0.2.8 have been released this past week, adding local volume control, full screen mode, audio in screen sharing and, ahem, fixing an embarrassing bug where we broke walkie-talkie mode... 🐑 Oh, and it's also all in TypeScript now. 🚀 https://github.com/vector-im/element-call/releases/tag/v0.2.7

Dept of SDKs and Frameworks 🧰

simplematrixbotlib (website)

simplematrixbotlib is an easy to use bot library for the Matrix ecosystem written in Python and based on matrix-nio.

HarHarLinks says

simplematrixbotlib has reached version 2.7.0, adding support for end-to-end encryption! 🎉 Come chat over at #simplematrixbotlib:matrix.org!

Here is a summary of things that have happened since we last announced v2.6.3 on this channel:

  • 🌐 The repo canonically moved to https://github.com/i10b/simplematrixbotlib, but the PyPI package remains available in the usual place.
  • 🔒️ E2EE support! To enable it, simply install the optional e2ee dependencies. Find out how in the manual.
  • 😄 Emoji verification support! Enable the option and you'll be able to interactively verify between the bot and your devices. (But mind that for now, in-room verification is not supported, but only to-device).
  • ☝️ Fingerprint verification support! As an additional method, the bot will print it's encryption fingerprint so you can "manually verify".
  • 🗄️ Extensible config file! It is now easier than ever to add your own configuration options to the built-in TOML config file.
  • 🧹 The usual housekeeping, bumping matrix-nio to 0.19.0.
  • 🗨️ I (HarHarLinks) will be presenting the library this weekend at #matrix-summit-berlin-2022:c-base.org! If you are in the Berlin 🇩🇪 area, come visit c-base!

The easiest to use bot library for Matrix. Get started in just 10 lines of code:

import simplematrixbotlib as botlib

config = botlib.Config()
config.emoji_verify = True
creds = botlib.Creds("https://home.server", "user", "pass")
bot = botlib.Bot(creds, config)

@bot.listener.on_message_event
async def echo(room, message):
    if botlib.MessageMatch(room, message, bot, PREFIX).is_not_from_this_bot():
        await bot.api.send_text_message(room.room_id, message.body)

bot.run()

matrix-rust-sdk (website)

Matrix Client-Server SDK for Rust

ben announces

With a few people out of office, this weeks has been one of the more quiet ones, but progress has been made non-the-less. Again a lot happens in draft PRs and the background, like with the upcoming Timeline API but also the path forward for integrating the crypto bindings into the js-sdk. There are a few notable PRs merged this week still improving the API (#972 and #973, #961), upgrading to latest ruma, removing dependencies (parking_lot) to improve compile times as well as merging the release infrastructure for crypto-js.

👉 Wanna hack on matrix rust? Go check out our help wanted tagged issues and join our matrix channel at Matrix Rust SDK.

Dept of Bots 🤖

Alertbot (website)

moanos [he/him] announces

This new bot allows users to use webhooks to forward monitoring alerts (e.g from prometheus) to matrix rooms. This means that you no longer have to use E-Mail or Slack to receive alerts. To set it up visit Github Alertmanager or join #alertbot:hyteck.de

Opsdroid (website)

An open source chat-ops bot framework

Oleg says

Though this release doesn't include Matrix-related changes. Still there are new feature and fixes worth mentioning:

Thanks for all the contributions! 🙌 See the full changelog for details.

Dept of Events and Talks 🗣️

HarHarLinks says

Greetings to the world from #matrix-summit-berlin-2022:c-base.org!

Dept of Interesting Projects 🛰️

Array in a Matrix reports

Matrix AI that generates messages based off other users' messages using a neural network. The bot trains its GPT-2 model using the CPU and is written in JavaScript (Node.JS) and Python. The project's code can be found here.

MinesTRIX (website)

A privacy focused social media based on MATRIX

Henri Carnot reports

Hi all, quite a lot happened since the last twim post a few months ago.

In a nutshell, we refactored the feed page and user page for a better viewing experience. We also now allow displaying and commenting post images in a dedicated view. Also, you can now send follow request using knocking, thanks to profile as space support. (Yes, MSC is coming)

Finally, we have now multi account support, better stories display and refactored login and settings page.

Well... we almost modified everything :D

See more at https://minestrix.henri2h.fr/posts/

Stay tuned, event organization is coming soon (you can see the first implementation in the blog post.

PS: For those at the Matrix summit, I will be presenting it tomorrow

Dept of Guides 🧭

Nate Covington reports

I recently made a blog post / video walk through of Matrix, hopefully it will be helpful to someone: https://www.covingtoncreations.com/blog/what-can-matrix-do-for-your-organization

Room of the Week 📆

ssorbom ⚡️ says

Have you ever felt lost in the Matrix world? Too many rooms and spaces to manage? Well, back by popular demand (with Timo's blessing), I present, The Room of the Week! Every week we strive to highlight a room or a space that we believe deserves attention for discussing interesting going on across the Matrix Network.

This week on room of the week:

We Are All Tech enthusiasts on The Matrix Network, but do you ever experience Tech burnout? Do you ever wish you could find discussions in The Matrix Universe about things other than Tech? Well, this week we bring you a very technical solution!

Because we are highlighting:

#non-technology:matrix.org

A space where you will find information about everything except technology. Groups are helpfully categorized by Subspace, and feature discussions about everything from musical instruments to beverages. If it isn't about computing, it's there.

If you have a room you wish to see highlighted, join us at: https://matrix.to/#/!bIyiUUnriVoHtYzuPS:fachschaften.org?via=chat.shawnsorbom.net&via=matrix.org&via=fachschaften.org To get your favorite room of the week highlighted.

Dept of Ping 🏓

No ping stats while Thib is away, but you can always join the fun at #ping:maunium.net and #ping-no-synapse:maunium.net!

That's all I know 🏁

See you next week, and be sure to stop by #twim:matrix.org with your updates!

This Week in Matrix 2022-08-19

19.08.2022 21:42 — This Week in Matrix Brendan Abolivier
Last update: 19.08.2022 18:52

Hey folks, welcome to a new edition of This Week In Matrix! Thib is offline this week and next so I'll be taking over while he's away.

Matrix Live 🎙

This week Thib (is he ever really away?) shows us how to host Synapse with Docker Compose.

Dept of Status of Matrix 🌡️

Matthew shared with us the Matrix Summer Special 2022! Come read all about what's happened in Matrix-land so far this year, and what's coming up next, right here: https://matrix.org/blog/2022/08/15/the-matrix-summer-special-2022

Dept of Spec 📜

Andrew Morgan (anoa) announces

Here's your weekly spec update! The heart of Matrix is the specification - and this is modified by Matrix Spec Change (MSC) proposals. Learn more about how the process works at https://matrix.org/docs/spec/proposals.

MSC Status

New MSCs:

MSCs in Final Comment Period:

  • No MSCs are in FCP.

Merged MSCs:

  • No MSCs were merged this week.

Closed MSCs:

Spec Updates

This week the Spec Core Team focused on improvements to the spec source itself. richvdh opened a PR for edit events, and yours truly did a small PR to clarify the required state of the response to /_matrix/client/v3/login/.

There's a lot more open issues available for people to tackle however, so feel free to get involved and help out if you have some spare time!

Finally other than the usual rounds of review by the team, I've been working on a spec process document that aims to explain the practical portions of the text found at https://spec.matrix.org/proposals/, but in a easily scannable manner. Look out for a PR with that in the near future.

Random MSC of the Week

The random MSC of the week is... MSC2871: Give widgets an indication of which capabilities they were approved for! What a mouthful!

Historically, widgets have laid outside of the spec and have only been implemented in a small subset of clients - mainly Element. As of recent weeks though, there's now a team at Element backing the feature. So exciting times ahead!

Regardless, let's highlight this MSC! It solves a crucial problem with a simple solution. Widgets can ask the client they're embedded in to do certain things (if granted certain capabilities), and the client, potentially after asking the user for permission, can allow or deny those actions. This MSC adds the machinery for a further step: the client will tell the widget what capabilities they requested were allowed, and which were denied.

I believe this spec is non-contentious, but is blocked on widgets entering the spec as a whole. Regardless, if this particular piece of the puzzle interests you, or you'd like to read all about widgets in general, the see either the MSC above or this widget spec tracking PR: https://github.com/matrix-org/matrix.org/pull/825.

Dept of Servers 🏢

Synapse (website)

Synapse is a Matrix homeserver implementation developed by the matrix.org core team

Shay announces

It's the last days of summer here and we are toiling away at making Synapse faster and leaner! In addition to continued work on faster joins, we released Synapse v1.65.0, with new features such as support for stable prefixes for private read receipts and a new module API method for creating a room (plus some other features!), as well as a host of bugfixes and internal changes to make Synapse faster and more stable. Make sure to check it out!

Dendrite (website)

Second generation Matrix homeserver

neilalexander announces

This week we released Dendrite 0.9.4, containing primarily bug fixes:

  • A bug in the roomserver around handling rejected outliers has been fixed
  • Backfilled events will now use the correct history visibility where possible
  • The device list updater backoff has been fixed, which should reduce the number of outbound HTTP requests and Failed to query device keys for some users log entries for dead servers
  • The /sync endpoint will no longer incorrectly return room entries for retired invites which could cause some rooms to show up in the client "Historical" section
  • The /createRoom endpoint will now correctly populate is_direct in invite membership events, which may help clients to classify direct messages correctly
  • The create-account tool will now log an error if the shared secret is not set in the Dendrite config
  • A couple of minor bugs have been fixed in the membership lazy-loading
  • Queued EDUs in the federation API are now cached properly

As always, please feel free to join us in #dendrite:matrix.org for more Dendrite-related discussion.

Homeserver Deployment 📥️

Helm Chart (website)

Matrix Kubernetes applications packaged into helm charts

Ananace says

This week has seen a quite a few Helm Chart updates; element-web got updated to 1.11.3, matrix-media-repo got a Redis usage fix, and matrix-synapse got updated to 1.65.0

Dept of Clients 📱

Nheko (website)

Desktop client for Matrix using Qt and C++17.

Nico reports

Nheko now has some very dirty hack to render spoilers on desktop platforms. This does not show the reason and not work in mobile mode, doesn't hide it from notifications or from the sidebar. But it is at least something. Similarly we tightened what tags we allow when validating the incoming html again. Also, as a small fix, DMs should now also properly start with encryption enabled when started from a profile and there were a few crash fixes when searching for direct chat partners and closing the window too quickly or when a user uploads a device with invalid keys.

Element Web/Desktop (website)

Secure and independent communication, connected via Matrix. Come talk with us in #element-web:matrix.org!

Danielle announces

  • Bug fixes and final polishing has been taking place for our “Start DM on first message” project. This is where the user receiving a new room invite as a DM will not get the notification until you’ve sent a message.
  • The team is testing embedding Element Call in Element Web, as well as working on other improvements to Video rooms.
  • The new user’s checklist is live in product. It’s our first version so let us know what you think!

In labs (you can enable labs features in settings on develop.element.io or on Nightly):

  • Notifications improvements to Threads are underway. The team has been testing the new MSC and related Proof of Concept (POC) which we think will solve most of the issues with Threads right now.

Element iOS (website)

Secure and independent communication for iOS, connected via Matrix. Come talk with us in #element-ios:matrix.org!

Ștefan announces

  • We did the AppStore review dance and version 1.8.27 is now available. We even got better usage strings out of it.
  • We now have UI integration and performance tests in ElementX. Even more, they’re joined by some really nice Screenshot UI tests. Test all the things!
  • We’ve fixed some small bugs and some not so small ones, coming to an Element close to you early next week. The way things are laid out, you might even see a new feature land 😉
  • The new app layout testing session went well and we are looking for more iOS testers for future sessions. If you’d like to help out in future sessions, please join #element-community-testing:matrix.org

Element Android (website)

Secure and independent communication for Android, connected via Matrix. Come talk with us in #element-android:matrix.org!

Danielle says

  • We had a very successful testing session with the all new app layout. If you’d like to take part in a future session, join us over at #element-community-testing:matrix.org
  • This week we’ve been working on fixing some FTUE crashes and covering some edge cases. Thanks to the community members submitting bugs and more info - keep it coming!
  • We’re investigating reports of missing messages, as well as a bug with the Threads beta where not all 'threaded messages' are showing up in the right place…

Dept of SDKs and Frameworks 🧰

Trixnity (website)

Multiplatform Kotlin SDK for Matrix

Benedict reports

Trixnity got some minor updates with bugfixes and iOS ARM64 Simulator support.

ruby-matrix-sdk (website)

Ruby SDK for the Matrix communication protocol

Ananace reports

Just pushed another version (2.8.0) of the Ruby Matrix SDK, which drops support for the EoL Ruby 2.6 (and drops a bunch of workarounds for it) in order to support much improved caching of room state data, along with more helper methods and a fix for a floating accessor that didn't get hooked up correctly.

matrix-rust-sdk (website)

Matrix Client-Server SDK for Rust

ben says

The Matrix Rust SDK team has been busy this week, too. Progress has been made on Siding Sync in particular, the types have been finalised and merged into mainline ruma, and more API has been made accessible via FFI. The new reactive Timeline API has been progressed, it, too, has some FFI definitions now, allowing mobile client to start playing with it. Crypto-JS, too, has progressed, adding support for de/encrypting attachments in an memory efficient fashion. On the crypto-side, the longer on-going refactor and improvements have yielded another few PRs, too, that have successfully merged, while others are still pending reviews. Other than that, we've seen quite a few smaller fixes and improvements, around logging, docs and the examples.

👉️ Wanna hack on matrix rust? Go check out our help wanted tagged issues and join our matrix channel at Matrix Rust SDK.

Matrix Dart SDK (website)

Matrix SDK written in pure Dart.

Nico announces

This week in the dart SDK we mostly fixed bugs. Many of those are related to call negotiations where streams were closed in the wrong order, not closed at all or in group calls the call never learned about new members or the call_ids would not match. There were also a few fixes to the background thumbnailing support added in 0.11.1, helper methods were added to easily send the right message corresponding to the mimetype of some media and fetching a timeline for some event id should work properly again.

We have some support to mark a room as either a dm or a group using slashcommands now, you have more flexibility when implementing the SSSS Bootstrap now (using the extra Bootstrap parameter in onUpdate() and to round it all off, we now have nice coverage numbers as well as coverage display on merge request diffs.

For more info, check the release notes for 0.11.2, 0.12.0, 0.12.1 and 0.12.2: https://pub.dev/packages/matrix/changelog ;-)

Dept of Events and Talks 🗣️

ChristianP says

Six days until Matrix Community Summit Berlin 2022

In less than a week the Matrix Community Summit Berlin is taking place at c-base. Join us early on Thursday (25th August) for a Barcamp where we will brainstorm, draft and prototype new ideas. The main conference days are Friday and Saturday (26th and 27th August). We have a schedule all about Matrix hosting, clients and development. With three simultaneous tracks there sure is something for you to listen to. It's also the perfect place to get to know other community members. Look forward to talks, workshops, a signing party, a Matrix P2P live test, dinner and barbecue!

We're not planing to stream or record the event. Our focus lies on providing a great in-person activities. If attendees want to blog or toot/tweet about it, please use the hashtag #MatrixCommunitySummit. Also, German-speaking folks can look forward to more coverage from the event on my podcast. https://chrpaul.de/podcast/

Because we've heard about some confusion: The event is NOT organised by the Matrix Foundation. To minimize the misconception, we've renamed it to the Matrix Community Summit Berlin. This is an event initiated by Yan, jaller94 and other Matrix enthusiasts. We also organise the Matrix Meetup Berlin.

Matrix Space: #matrix-summit-berlin-2022:c-base.org

Schedule: https://cfp.summit2022.matrixmeetup.de/matrix-summit-conference-2022/schedule/

cel says

One week until DWeb Camp

Next week (August 24-28), people will meet outdoors in California to learn and share about decentralized web technologies.

Some attendees and organizers are using Matrix internally for camp chat.

Public chat: https://matrix.to/#/#decentralizedweb-general:matrix.org

Site: https://dwebcamp.org/

Schedule (in progress): https://dwebcamp2022.sched.com

More info: https://gitlab.com/getdweb/dweb-camp-2022/#dweb-camp-2022

Previously announced: https://matrix.org/blog/2022/04/14/this-week-in-matrix-2022-04-14#dweb-camp

Room of the Week 📆

ssorbom ⚡️ announces

Have you ever felt lost in the Matrix world? Too many rooms and spaces to manage? Well, back by popular demand (with Timo's blessing), I present, The Room of the Week! Every week we strive to highlight a room or a space that we believe deserves attention for discussing interesting going on across the Matrix Network.

Last week, we were serving coffee, this week, it's tea! Specifically, tea at

#tea:matrix.org

Do you prefer sheng or shu puerh? Maybe bit more into lapsang, liuan or perhaps cliff oolongs? Greens or whites? Sencha? Having mood to discuss impact of varios clays and pot shapes? Is it better warm up water in bofura, tetsubin or electric kettle? Simply everything about the tea.

Come join us while the kettle is whistling.

If you have a room you wish to see highlighted, join us at: https://matrix.to/#/!bIyiUUnriVoHtYzuPS:fachschaften.org?via=chat.shawnsorbom.net&via=matrix.org&via=fachschaften.org To get your favorite room of the week highlighted.

Dept of Ping 🏓

No ping stats while Thib is away, but you can always join the fun at #ping:maunium.net and #ping-no-synapse:maunium.net!

That's all I know 🏁

See you next week, and be sure to stop by #twim:matrix.org with your updates!

Synapse 1.65 released

17.08.2022 15:44 — Releases Brendan Abolivier
Last update: 17.08.2022 15:25

Hey everyone! We've just released Synapse 1.65! Let's have a peek at what's inside.

Private read receipts

A feature that the more privacy-focused users of Matrix have been missing was the ability to hide read receipts from other users. Read receipts in rooms can tell a user which messages another user has read in a room. However, they can also be an unwelcome indicator that a user is currently reading a certain room, thus giving away the user's activity on Matrix at a given time.

Hiding one's read receipts from other Matrix users is unfortunately not as straightforward as simply preventing a client from sharing read receipts with the server. This is because read receipts are also used by Matrix homeservers to calculate how much of a room a user has read, and generate notification counts for rooms accordingly.

Synapse 1.65 introduces stable support for private read receipts. This feature, described by MSC2285, allows clients to send a different type of read receipt to the server. This then tells the homeserver to use this piece of information to update the user's notification counts, but not to share it with other users.

Improved room management APIs for modules

This version of Synapse includes two new module API methods to help Synapse modules interact and manage rooms. The first one, lookup_room_alias, allows modules to retrieve the room ID corresponding to a given room alias. This works both for local and remote aliases. The second one, create_room, allows modules to create new rooms on behalf of an existing user.

The update_room_membership method has also been updated in this release of Synapse to allow modules to join a room the server is not already in via federation. This can be done by using the new remote_room_hosts argument, which takes a list of homeservers to try to join via.

Everything else

Synapse 1.65 stabilises the implementation of MSC3827, which allows filtering public room searches on room types. This means it is now possible to search specifically for public spaces. For more information on this feature, see the Synapse 1.63 announcement.

Additionally, Synapse 1.65 implements the new experimental error codes documented by MSC3848. Once stabilised, these error codes will allow clients to show more specific errors to their users about why an event could not be sent.

See the full changelog for a complete list of changes in this release.

Synapse is a Free and Open Source Software project, and we'd like to extend our thanks to everyone who contributed to this release, including (in no particular order) Beeper, andrewdoh, Julian-Samuel Gebühr and Dirk Klimpel, as well as anyone helping us make Synapse better by sharing their feedback and reporting issues.