Matrix logo

This Week in Matrix 2023-08-11

11.08.2023 00:00 — This Week in Matrix Hubert Chathi

Matrix Live

Dept of Spec 📜

TravisR says

Spec

Here's your weekly spec update! The heart of Matrix is the specification - and this is modified by Matrix Spec Change (MSC) proposals. Learn more about how the process works at https://spec.matrix.org/proposals.

MSC Status

New MSCs:

MSCs proposed for Final Comment Period:

MSCs in Final Comment Period:

Accepted MSCs:

  • No MSCs were accepted this week.

Closed MSCs:

  • No MSCs were closed/rejected this week.

Spec Updates

We have a release date planned for Matrix 1.8! We're looking at Wednesday, August 23rd, 2023, and tracked as issue #1614. Currently the only release blocker is room version 11, which should land well in advance of August 23rd. If there's other things we should be considering please raise them ASAP in #sct-office:matrix.org.

August 23rd also begins the Matrix 1.9 cycle where we'll be sticking to our MSC review plan more strongly. Stay tuned to TWIM for news on the exact MSCs/features we'll be looking at for that cycle, and let us know in #sct-office:matrix.org if you think we should consider something in our planning.

The SCT has otherwise been thinking a lot about the MIMI working group at the IETF and how the protocol layering works there. About half of the SCT is going to take a break from MSC review over the next few weeks to ensure the protocol we're designing for MIMI will be fully compatible with Matrix - this will mean that some MSCs will move slower through FCP, sorry.

As always, if you have questions, concerns, complaints, etc then let us know in #sct-office:matrix.org 🙂

TravisR also announces

port 8448 has formally been registered by IANA 🎉

Dept of Servers 🏢

Synapse (website)

Synapse is a Matrix homeserver implementation developed by the matrix.org core team

Shay says

This week we released 1.90.0rc1. Highlights include:

  • Fix a long-standing bug where purging history and paginating simultaneously could lead to database corruption when using workers.
  • Scope transaction IDs to devices (implement MSC3970).
  • Remove support for legacy application service paths
  • Fix a long-standing bug where the synapse_port_db failed to configure sequences for application services and partial stated rooms

and much more. If you'd like to take a deep dive into the changes, you can find the release notes here and as always, if you encounter a bug feel free to report it at https://github.com/matrix-org/synapse/issues/new/choose.

f0x notes

Recently added a Synapse worker to handle ~ ^/_matrix/federation/v1/send/ (which I apparently forgot back when I added all the other workers), and it resulted in huge performance improvements after my homeserver was getting absolutely trashed by incoming EDU's. Also now survived zfs trim running quite well, which I usually cancel halfway because it impacts disk so much Synapse becomes rather unusable.

https://stats.pixie.town/d/synapse-new/synapse?orgId=1&from=1690544792772&to=1691752981336

Conduit (website)

Conduit is a simple, fast and reliable chat server powered by Matrix

Timo on Conduit ⚡️ announces

Announcing Conduit v0.6.0

Hey everyone, it's been a long time since the last stable Conduit release, but v0.6.0 has finally been released. It's the biggest update yet, adding support for threads, spaces, edit history, backfilling and much more, along with other improvements like automatic corruption recovery, check out https://conduit.rs/changelog for more information.

It's becoming harder and harder to notice missing features, the biggest one is being unable to join rooms with old room versions. You should give Conduit a try if you haven't already!

To update, simple replace the binary and restart. If it worked, you should receive a message in your admin room.

I currently work on Conduit in my free time, you can support me on https://liberapay.com/timokoesters

Dept of Clients 📱

Nheko (website)

Desktop client for Matrix using Qt and C++17.

Nico announces

I have been away travelling for so long, that I forgot what I last posted an update on, so I'll just summarize what happened recently!

Nheko now shows an indicator for moderators and admins in the timeline. Don't be confused if that mismatches the definition in Element, we don't hardcode specific powerlevels so our definition is slightly different. We also removed the last remnants of Qt Widgets in our code and are now relying only on Qml (apart from parts where Qt uses widgets as the fallback). Nheko now also compiles against {fmt} version 10 and the macOS intel nightlies should work again. You can now also mark a room as read from the room list, Nheko should not break on rooms without a creator anymore and reactions should render smoothly again.

Outside of that, people might have met me at FrOScon, where I popped up randomly and gave a surprise talk to everyone including me and I also stole some food at the Matrix User Meetup in Berlin. If you are attending the Chaos Camp, you might be able to catch me there soon or you can possibly also spot me at the Matrix summit in September. Let's see if I get to finish any code until then...

That's all and let's hope I can make my way through the backlog of open PRs soon!

FluffyChat (website)

Krille-chan says

That was some hard work in the last weeks. FluffyChat's migration to Github meant that I need to rewrite the whole CI/CD setup. And some blockers on the Linux version of FluffyChat didn't let me sleep last night. But at least the iOS version is now working and so I am proud to present FluffyChat v1.13.0 with some new features and minor design changes.

https://github.com/krille-chan/fluffychat/releases/tag/v1.13.0

ALL CHANGES:

  • feat: option to not send typing notifications (Bnyro)
  • feat: small performance tweaks for Message (gilice)
  • feat: New onboarding screen with SSO as first class feature
  • feat: Import/Export emoji packs from/to zip file
  • fix: Set iOS badge (Krille)
  • refactor: Switch the dev hosting platform from GitLab to GitHub
  • design: New more compact chat bubble design and other design tweaks
  • design: Login now shows SSO more prominent and deprecates in-app registration in favor of SSO registration
  • Translated using Weblate (Arabic) (Rex_sa)
  • Translated using Weblate (Chinese (Simplified)) (Poesty Li)
  • Translated using Weblate (Estonian) (Priit Jõerüüt)
  • Translated using Weblate (German) (nautilusx)
  • Translated using Weblate (Indonesian) (Linerly)
  • Translated using Weblate (Ukrainian) (Ihor Hordiichuk)

Element X iOS (website)

A total rewrite of Element-iOS using the Matrix Rust SDK underneath and targeting devices running iOS 16+.

Ștefan reports

Exciting week for Element X iOS as release 1.2.2 went out and 1.2.3 is hot on its heels. We have a lot of new features, improvements and bug fixes that will make the app (even more of) a joy to use. As always, you can check the full release notes here.

This week we:

  • Improved how responsive the timeline action menu is to toggle
  • Started parsing the latest room message displayed in the room list and render it accordingly
  • Re-enabled and simplified the background app refresh
  • Re-enabled room list caching and offline support
  • Fixed issues around modal presentations and deep linking from notifications
  • Fixed crashes when trying to reply to media timeline items
  • Made good progress on polls
  • and more great fixes coming out of the SDK

Stay tuned, even more exciting times ahead!

Element X Android (website)

Android Matrix messenger application using the Matrix Rust Sdk and Jetpack Compose

Jorge announces

This week on Android we've been focusing on ironing out several critical bugs:

  • We had crashes in async Rust functions caused by a bug in the included Rust SDK version.
  • Rust and Android logs weren't being properly formatted and sent in rageshakes.
  • Fixed several stability issues around the sync process.
  • Notifications should now be more reliable, and we also don't display fallback notifications anymore for events that couldn't be fetched by the Rust SDK.

In other news, we've also:

  • Worked in standardising our design components following Compound, so you'll notice several UI and UX changes that should make Android, iOS and web look more consistent.
  • Started bringing polls to EAX.
  • Made the initial planning for integrating Element Call into the app.

Element Web/Desktop (website)

Secure and independent communication, connected via Matrix. Come talk with us in #element-web:matrix.org!

Danielle reports

  • This week on Web… We’ve been making progress on our updates to the room header and right panel. Check out our changes by using the Labs flag from Element Nightly or Develop.
    • We’re aiming to simplify our product in order to make it more accessible and user friendly overall. It’s an exciting time and evolution.
  • We’re working on stuck notifications; this week turning our attention to the automated tests. Ensuring that tests are set up and clearly define the behaviour that we want means that it’ll be easier for us to identify mis-steps in the future.

Dept of VoIP 🤙

Element Call (website)

Native Decentralised End-to-end Encrypted Group Calls in Matrix, as a standalone web app

Florian Heese reports

Hello from the VoIP team

We have a new Element Call release v0.4.3. This time we concentrated mainly on bug fixes and polishing:

  • fixing device selection bugs
  • preventing devices from sleeping during calls
  • Starting large calls auto-muted

Wait there is one more thing: We added the foundation for (media) end-to-end encryption which you can find and test in the developer settings. You can expect a major UX rework supporting proper end-to-end encryption handling soonTM.

Dept of SDKs and Frameworks 🧰

Trixnity (website)

Multiplatform Kotlin SDK for Matrix

Benedict reports

Trixnity v3.10.0 has been released.

features/improvements:

  • Added Room::createEventContent to get some common information about the room like room version or room type
  • Added Room::lastRelevantEventTimestamp to sort rooms without fetching TimelineEvents.
  • Removed async transactions. They were introduced, because realm only supports one transaction at a time. They led to some consistency issues, so they were removed. Another workaround for realm was found.
  • Reworked the cache (now called ObserveableCache) to be way more memory efficient and therefore faster (a former rework in v3.7.0 still had some memory issues)

matrix-rust-sdk (website)

Next-gen crypto-included SDK for developing Clients, Bots and Appservices; written in Rust with bindings for Node, Swift and WASM

Jonas Platte announces

New features:

Bug fixes:

Dimension (website)

An open source integration manager for matrix clients, like Element.

TravisR reports

Dimension is archived

Unfortunately, I haven't had time in the last 1-2 years to maintain Dimension, and so it's been archived. Community members may have been aware that it's not been receiving maintenance for quite a while now, but the last step was to formally archive the project.

For those not familiar, Dimension is (was) an integration manager: a UI for managing room-level integrations supported by Element. Typically available via "Add widgets, bridges & bots", the integration manager provides an easier way to configure such things, though the default one in Element does not support self-hosted bots & bridges at the moment.

With this news, it's strongly recommended to not deploy Dimension in your infrastructure: there's more than 1 year's worth of undiagnosed security issues, and the project doesn't even run in most cases. Unfortunately, there are no open source alternatives at the moment either. Others are welcome to start their own replacement project, and I'd suggest not using Dimension as a base to get away from years of bad code/technical debt (sorry).

Chances are you don't need an integration manager though:

  • Widgets can be added to rooms with Element Web/Desktop with /addwidget
  • Self-hosted bots and bridges can be managed entirely by commands
  • Stickers are best supported by https://github.com/maunium/stickerpicker and alternative clients like Nheko

If you have questions or concerns, #dimension:t2bot.io will live on as a room, but support will not be provided.

Dept of Services 🚀

etke.cc (website)

Your matrix server on your conditions

Aine announces

Hey TWIM, long time no see!

etke.cc service update is here.

A while ago, we started providing etke.host subdomains for free for new orders. You want a matrix server but don't have a domain name? Sure, get a yourname.etke.host subdomain when you order a matrix server from us with no additional fee, works both for on-premises and cloud/hosting setups.

Now we're extending that subdomain offering - the new onmatrix.chat domain is available for order for new customers. From now on, you can get a matrix server with MXIDs like @john:doe.onmatrix.chat with no extra fee.

Get your own matrix server and follow the #news:etke.cc for updates

Dept of Events and Talks 🗣️

Matrix Community Summit Berlin

Christian Paul (jaller94) says

With 6 weeks until the Summit in Berlin, get a ticket now. https://tickets.summit2023.matrixmeetup.de/matrix-salon/summit2023/

Looking for sponsors

Our expenses are mostly food and drinks. If the Summit is relevant to your work, please ask your employer to buy a ticket for you or to become a sponsor. Sponsors will allow us to pay for the drinks at the c-base bar, have a BBQ at c-base and invite everyone for dinner as a networking event. Furthermore, we're looking for a Media Sponsor to rent video and audio recording equipment for expert interviews, discussing projects presented at the event.

Call for participation (1 week left)

Also, we're still looking for people to give talks or workshops about their projects and Matrix use cases. Are you developing an interesting client, bot or library? Have you found ways to make hosting, monitoring or moderating Matrix servers easier? Please share your knowledge on the two conference days (Friday and Saturday)! Please submit proposals at https://summit2023.matrixmeetup.de/conference/

Summit overview

Thu, 21st Sep - Barcamp (= attendees suggest and vote for topics to discuss in the morning of the day; then we split up in groups according to our interests) Fri + Sat, 22nd and 23rd Sep - Conference Sun, 24th Sep - Open Door Day (c-base will be open for open discussions and collaboration)

Greetings from FrOSCon!

HarHarLinks reports

Last weekend (August 5-6), the Free and Open Source Conference took place at the University of applied Sciences Bonn Rhine Sieg.

We had an awesome time and it was great to see everybody in person!

There were a lot of spontaneous amendments to our programme, including a presentation streamed through Element Call! We thank everybody involved:

  • Our own devroom VOC team, thanks to whom we will be able to provide video recordings of most sessions for anyone who could not attend in person! Slides are already mostly available and videos will be as soon️™️ as they are ready, watch this space!
  • Everybody answering questions and selling [matrix] merch at the stand!
  • The whole FrOSCon crew for allowing us to be a part of this event!
  • Of course, all of the speakers and presenters involved!
  • Last but not least, everybody attending!

Join us in our FrOSCon Matrix room for discussion and see you next time: #FrOSCon:fiksel.info

That's all I know

See you next week, and be sure to stop by #twim:matrix.org with your updates!

Libera.Chat bridge temporarily unavailable.

04.08.2023 22:30 — Bridges Neil

Following a series of stability issues, the Libera.Chat team has requested that the Matrix <> Libera.Chat bridge be disabled until we can resolve the stability issues.

From 14:00 UTC on Saturday 5th August the bridge will be unavailable. We will be working to get the bridge back up as soon as we can, however, given the severity of the situation we do not expect immediate resolution.

We send our sincere apologies to anyone caught up in this decision and unable to reach folks on the Libera side.

We’ll get you back as soon as we can.

This Week in Matrix 2023-08-04

04.08.2023 18:19 — This Week in Matrix MTRNord

Matrix Live

Dept of Spec 📜

Andrew Morgan (anoa) says

Here's your weekly spec update! The heart of Matrix is the specification - and this is modified by Matrix Spec Change (MSC) proposals. Learn more about how the process works at https://spec.matrix.org/proposals.

MSC Status

New MSCs:

  • There were no new MSCs this week.

MSCs in Final Comment Period:

  • No MSCs are in FCP.

Accepted MSCs:

  • No MSCs were accepted this week.

Closed MSCs:

  • No MSCs were closed/rejected this week.

Spec Updates

No movement through the process on the surface for any MSCs according to the above chart, but some things have been happening! Other than the usual background hum of IETF work, conversations across many MSCs have been moving along. We also saw MSC3930 (Polls push notifications) have FCP proposed! The latter would stop a notification from being generated every time someone voted in a poll, which is sorely needed.

A reminder that in keeping with the spec's quarterly release schedule, Matrix v1.8 is due to release this month and Matrix v1.9 is due for November. We want to plan well ahead for the v1.9 release though, so if you would like to see anything in particular land in v1.9, please raise that concern in the Office of the Spec Core Team room!

See this message in the same room for more information including the currently planned v1.9 spec changes.

Random MSC of the Week

The random MSC of the week is... Refine and clarify how presence works!

This is a very old "MSC" (still on google docs), but it's come up and I've seen folks taking a look at revamping presence recently, so I figured it may be interesting to share.

The document lists a number of confusing behaviours that come with the current presence spec (at the time, though it hasn't moved much since then). There is also a bullet-point list of what a redesigned presence could look like.

Given the conversation on the GitHub issue, this document appears lost to time. But perhaps someone will find it useful today.

Dept of Servers 🏢

Conduit (website)

Conduit is a simple, fast and reliable chat server powered by Matrix

Timo on Conduit ⚡️ announces

Conduit was at the top of Hacker News this week! https://news.ycombinator.com/item?id=36937713

Synapse (website)

Synapse is a Matrix homeserver implementation developed by the matrix.org core team

Shay announces

This week we released 1.89.0. Highlights include:

  • Allow + in Matrix IDs, per MSC4009
  • Support room version 11 from MSC3820
  • Allow configuring the set of workers to proxy outbound federation traffic through via outbound_federation_restricted_to
  • Fix a long-standing bug where remote invites weren't correctly pushed
  • Fix a bug where resyncing stale device lists could block responding to federation transactions, and thus delay receiving new data from the remote server

and much more. If you'd like to take a deep dive into the changes, you can find the release notes here and as always, if you encounter a bug feel free to report it at https://github.com/matrix-org/synapse/issues/new/choose.

Dept of Bridges 🌉

mattermost-to-matrix

Gabriel R. announces

Hi! I've made a new Matrix<->Mattermost message history import tool and bridge: https://github.com/gabrc52/mattermost-to-matrix. It allows importing and bridging entire Mattermost teams into Matrix spaces. If you have any questions about it, you can DM me or use GitHub issues.

Dept of Clients 📱

Quaternion 0.0.96 beta4 (website)

A Qt5-based IM client for Matrix

kitsune says

After another round of smashing the keyb^W bugs, another beta of Quaternion is out now - hopefully the last one before the release. Nicer timeline scrolling, (much) better HTML insertion and a few other fixes all around. Packagers and translators - that's a great moment to update your stuff where necessary (would be especially great to see help on Ukrainian, Polish, and Spanish translations).

Element X iOS (website)

A total rewrite of Element-iOS using the Matrix Rust SDK underneath and targeting devices running iOS 16+.

Ștefan announces

It's holiday season in Element land (and everywhere else?) but that doesn't mean we don't have cool updates for you:

  • Version 1.2.1 has been submitted to AppStore review and, as a result of that, we are now building a special home screen state for when you're not part of any rooms 😅
  • We're setting up the foundations for the RichTextEditor adoption
  • Started looking in what it would take to adopt Element Call and the results are promising
  • We have a brand new notification settings screen
  • The app now shows avatars for direct messages
  • Made improvements to how read receipts are sent
  • And, as always, a bunch of bug fixes and performance improvements

Element X Android (website)

Android Matrix messenger application using the Matrix Rust Sdk and Jetpack Compose

ganfra announces

  • Investigate release blocker issues, including fix of async uniFFI bug on Kotlin
  • Continue integration of Compound
  • Continue working on Polls
  • The app now shows avatars for direct messages
  • A bunch of bug fixes and performance improvements

Element Web/Desktop (website)

Secure and independent communication, connected via Matrix. Come talk with us in #element-web:matrix.org!

Danielle announces

Element Web/Desktop

  • This week in web… We’re heads down on the stuck notifications issues we’ve been battling. We’re making significant progress across the board. We’ve coined the current issues as “zombie notifications” as these are the ones that are removed by entering a room but come back when the app restarts. Rest assured, we’re doing all we can.
  • Also new in this week’s release are the updated colours. We’ve updated our colour system across the board to improve legibility and usability throughout the app. It goes hand-in-hand with our other accessibility improvements.

Dept of SDKs and Frameworks 🧰

Matrix-Login

Skyler M reports

Reworked matrix-login script to an web-app form so it's usable at https://matrix-token.skylab.fi (source code: https://gitlab.com/samip5/matrix-login, secured by hCaptcha).

  • Supports only SSO at this moment and spits out an access token to be used eg with Whatsapp double puppet.

Trixnity (website)

Multiplatform Kotlin SDK for Matrix

Benedict announces

Trixnity v3.9.0 has been released:

features:

  • BREAKING CHANGE: more type safe push rules (sealed interface for different kinds of push rules)
  • added ServerDefaultPushRules

improvements:

  • CoroutineCache performance improvements (one of the 3.7.x releases made it a bit slower)

Dept of Bots 🤖

Dominik announces

MatrixJoinLink is bot that allows the creation of invite links to non-public rooms in matrix. It uses the Trixnity framework. The bot is currently in early alpha and primarily used as proof-of-concept. In addition, I currently gather feedback regarding the concept.

Reason for this Bot

I always struggled with the problem that I have private rooms, I want to share with a group of friends. Before the bot, I had to invite all the people. Now I can invite JoinLink and create an invite link. This link can be shared to my friends who want to join my room (including spaces).

Technical Details / How it works

  1. Let's assume that you want to share the private room !private:room.domain
  2. After you've invited the bot, you can enter !join link IShareLinksWithYou
  3. The bot creates a new public room that contains "IShareLinksWithYou" in its name. The room will not be listed in the room directory; for this example its ID is !public:room.domain
  4. If somebody joins the public room, the bot verifies whether the rooms belong to each other based on two encrypted state events in !private:room.domain and !public:room.domain. If the validation is successful, the bot invites the user to the private room.
  5. If you want to disable the share simply type !join unlink in the private room. This will invalidate the link.

MensaBot

Dominik announces

The MensaBot is a bot I created at the beginning of the year using the Trixnity framework. It sends a daily reminder of the food that is currently available in your canteen (German: Mensa). You can also use commands to request the list directly. Currently, it only supports the API of my university's canteen. However, the bot is extensible for new canteens.

Features

  • Schedule daily posts about the food in your canteen
  • Get a summary of the food in your canteen (on the current date)
  • Simple rights management (only configured admins can interact with the bot)

flip-matrix-bot (website)

A Matrix bot for the Friendly Linux Players community.

HER0 announces

Among other (less interesting) changes, the bot received an update to the response generated by the information events command, contributed by a community member!

Additionally, the in-progress documentation keeps getting improvements. This week, it was focused on the Running the bot section, starting with the Installation chapter.

Dept of Events and Talks 🗣️

Matrix @ FrOSCon

HarHarLinks says

FrOSCon is happening this weekend! If you're very spontaneous, or at least a bit spontaneous and not too far away, drop by our Matrix Community Stand and Devroom!

Dept of Guides 🧭

Matrix client tutorial

uhoreg says

The initial version of the Olm encryption section of my Matrix client tutorial is now up. The plan is to do sending/receiving of to-device messages next, and then a section where all the e2ee pieces get put together into a more coherent package. After the to-device section is written, it will be almost a replacement for the current e2ee implementation guide, with the missing sections being encrypted attachments (which, in the current guide, is just a pointer to the spec), and key requests/forwarding.

Dept of Ping

Here we reveal, rank, and applaud the homeservers with the lowest ping, as measured by pingbot, a maubot that you can host on your own server.

#ping:maunium.net

Join #ping:maunium.net to experience the fun live, and to find out how to add YOUR server to the game.

RankHostnameMedian MS
1test.zemos.net256
2zemos.net609
3herkinf.de653
4kittenface.studio880
5maescool.be970
6geipert.eu1003.5
7wcore.org1096
8matrix.comrademajor.bond1411.5
9wi11.co.uk1981
10rom4nik.pl2441

#ping-no-synapse:maunium.net

Join #ping-no-synapse:maunium.net to experience the fun live, and to find out how to add YOUR server to the game.

RankHostnameMedian MS
1test.zemos.net67.5
2zemos.net137
3herkinf.de205.5
4shiftsystems.net333.5
5matrix.org364
6777.tf503
7forlorn.day874
8rustybever.be930.5
9matrix.shutdown.network292340

That's all I know

See you next week, and be sure to stop by #twim:matrix.org with your updates!

Disclosure: Bridges security issues

04.08.2023 10:30 — Bridges Integrations Team , Matrix Security Team

Hi folks. As previously mentioned on Monday, we’re now disclosing the vulnerabilities patched for the IRC, Slack and Hookshot bridges. If you have not already done so, please ensure you are running the patched versions.

Today we are disclosing the 3 vulnerabilities.

matrix-appservice-bridge doesn't verify the sub parameter of an openId token exchange (CVE-2023-38691)

GHSA-vc7j-h8xg-fv5x / CVE-2023-38691

The POST /v1/exchange_openid endpoint did not check that the servername part of the sub parameter (containing the user's claimed MXID) is the same as the servername we are talking to. This could allow a malicious actor to spin up a server on any given domain, respond with a sub parameter according to the user they want to act as and use the resulting token to perform provisioning requests.

This is now patched so that the server part of the sub / user ID is checked against the server used to make the request.

Discovered and reported by a community member.

IRC command injection via admin commands containing newlines (CVE-2023-38690)

GHSA-3pmj-jqqp-2mj3 / CVE-2023-38690

When the IRC bridge attempted to parse an admin command from a Matrix user, it would only split arguments by a literal space. For example, sending “!join #matrix\nfoobar” would treat the channel name as “#matrix\nfoobar”. This could then be exploited to inject any IRC command into the bridge to be run. Since the !join command first joins via the bridge bot user, it could be used to execute commands as the bridge bot.

This is now patched so that both the command handler is more strict about its arguments, as well as channel names being explicitly validated when provided by users.

Discovered and reported by Val Lorentz.

Events can be crafted to leak parts of targeted messages from other bridged rooms (CVE-2023-38700)

GHSA-c7hh-3v6c-fj4q / CVE-2023-38700

The IRC bridge caches recent timeline messages in memory, so that when a reply is seen for a message it doesn’t need to request the event content from the homeserver. However the room ID was not validated when accessing this cache, so a malicious actor could craft a reply event in another room referencing any event ID (so long as it was still in the bridge cache) to trick the bridge into posting the message content into a bridged reply.

Discovered and reported by Val Lorentz.

If you have further questions, please reach out on [email protected]

Bridges Security Update

31.07.2023 11:40 — Bridges Integrations Team , Matrix Security Team

Today we are announcing security updates for several of our bridges.

In addition we have released matrix-appservice-bridge 9.0.1 (and backported to 8.1.2) which patches GHSA-vc7j-h8xg-fv5x.

All mentioned bridges are affected by a vulnerability in the provisioning interfaces of these bridges. If you are unable to upgrade, please disable provisioning for now (which should be documented in the relevant bridge sample config).

Continue reading…

This Week in Matrix 2023-07-28

28.07.2023 18:00 — This Week in Matrix Thib

Matrix Live

Dept of Spec 📜

Andrew Morgan (anoa) says

Here's your weekly spec update! The heart of Matrix is the specification - and this is modified by Matrix Spec Change (MSC) proposals. Learn more about how the process works at https://spec.matrix.org/proposals.

MSC Status

New MSCs:

MSCs in Final Comment Period:

Accepted MSCs:

  • No MSCs were accepted this week.

Closed MSCs:

  • No MSCs were closed/rejected this week.

Spec Updates

We've been quite busy at IETF 117 this last week discussing MLS and MIMI in several contexts, meetings, and sessions. Overall things have moved pretty fast in the last week, but the short summary is we're working with MIMI to get (Linearized) Matrix used as the new-found "signalling layer". This layer delegates membership of the room to the crypto layer when the crypto layer (namely MLS) supports being used as such, and is responsible for enforcing all policies. Policies in the context of MIMI are things like join rules, history visibility, and power levels, but with an added twist: we're looking at supporting Role-Based Access Control (RBAC) in combination with power levels in MIMI, which should also bring RBAC to Matrix in the form of a currently-unwritten MSC.

All told, we've got several new documents to write and MSCs to draft, but we'll get there in time. The MIMI working group is expecting solutions in place by about September, so watch this space for more news as we progress. An architecture draft is also in progress on the MIMI side to further explain what all of these new layers mean. In the meantime, if you have questions then please visit the matrix-spec room on Matrix!

We're also looking for more Matrix 1.9 candidates. Currently we have just custom emoji and anything to do with MIMI on the agenda - if you'd like to add more, let us know in the Office of the Matrix Spec Core Team room on Matrix.

Random MSC of the Week

The random MSC of the week is... MSC3062: Bot verification!

This MSC describes a method for verifying (cross-signing) the devices of a bot user, and how verification of that sort could be done. Obviously it wouldn't make much sense to verify emoji with a bot. Instead, this MSC suggests that the bot provide a URL to present to the user. If the URL appears trustworthy (those who would control this URL should also be in charge of this bot), then the user can choose to continue the verification.

The user's Matrix client would then make a request to the URL with details of the verification. If the server responds successfully, some cryptographic magic happens, and your client will consider the bot verified!

This is essentially tying a bot's verification with control of a domain's DNS, which I think is a smart way to do things. But you do need to watch out for those pesky UTF-8 control characters when asking the user to verify the URL!

Dept of Servers 🏢

Synapse (website)

Synapse is a Matrix homeserver implementation developed by the matrix.org core team

Shay says

This week we released 1.89.rc1. Highlights include:

  • Add Unix Socket support for HTTP Replication Listeners. Document and provide usage instructions for utilizing Unix sockets in Synapse
  • Fix a long-standing bug where remote invites weren't correctly pushed
  • Ensure a long state res does not starve CPU by occasionally yielding to the reactor
  • Remove support for calling the /register endpoint with an unspecced user property for application services
  • Support room version 11 from MSC3820

and much more. If you'd like to take a deep dive into the changes, you can find the release notes here and as always, if you encounter a bug feel free to report it at https://github.com/matrix-org/synapse/issues/new/choose.

Dept of Bridges 🌉

Thib says

we have asked the Libera.Chat team to postpone the removal of portals from 31st July to 11th August, both to leave us more time to get the bridge ready and to leave people more time to turn their portals into plumbed rooms.

We're grateful to the Libera Chat team for accepting our request and being mindful of our community.

Dept of Clients 📱

Element X iOS (website)

A total rewrite of Element-iOS using the Matrix Rust SDK underneath and targeting devices running iOS 16+.

Ștefan reports

Another week, another successful campaign on tweaks and bugfixes. We’ve continued our foray with:

Otherwise we’re also working on room notification settings and support for polls

Element X Android (website)

Android Matrix messenger application using the Matrix Rust Sdk and Jetpack Compose

benoit reports

  • We are still fixing issues on Element X Android, to be able to release it. Thanks for your patience!
  • We are also making progress on some new features like polls for instance, mainly on the Rust SDK side right now.
  • The project got an updated readme: https://github.com/vector-im/element-x-android!

Element Web/Desktop (website)

Secure and independent communication, connected via Matrix. Come talk with us in #element-web:matrix.org!

Johannes Marbach says

  • We’ve continued our quest to eliminate stuck notifications. Fixes around read receipts for non-thread relations on thread roots, missing replies and some of the zombie notifications that appear on app reload have landed. Hot off the press, we’ve also identified a promising fix for the unread count mismatch before and after decryption. Check out our meta issue for the plan going forward.
  • On the Compound front, we’ve had discussions around theming support and aligned on letting a small subset of customisable colours define the theme identity while not entirely disabling fully custom themes
  • Lastly, we’ve also made some more progress around the logout path in the native OIDC integration. Sadly, things will be somewhat delayed here with folks going on summer vacation and having to pivot to other projects temporarily.

Element Android (website)

Secure and independent communication for Android, connected via Matrix. Come talk with us in #element-android:matrix.org!

benoit says

  • Element Android 1.6.5 has been released, it contains some bugfixes, especially when the device is out of network range. Should be available soon on GooglePlay and F-Droid.

Commune (website)

Commune is a communications suite built on top of matrix. Commune aims to bring together chat, discussions, email and other interactive apps into a single matrix client.

ahq reports

Shpong is an instance of Commune, a publicly-accessible matrix community.

Dept of Non Chat Clients 🎛️

Thirdroom (website)

A browser-based open metaverse client

Matthew (away) reports

We've had to stop development on Third Room for the foreseeable due to lack of funding (folks who said they were interested in funding the project unfortunately did not come through in the end, and Element unfortunately doesn't have the resources to continue funding the development solo). All the code is of course Apache Licensed open source, and we very much hope that the codebase will find a way to live on in future.

Dept of SDKs and Frameworks 🧰

Matrix.swift SDK (website)

cvwright reports

The Circles team at FUTO is proud to announce the first alpha pre-release of Matrix.swift, our homegrown Swift client SDK for Matrix apps on Apple platforms including iOS and MacOS.

Although the project is still quite rough around the edges, it already provides most of the basic functionality that a simple Matrix client app would need. It can create, join, and leave rooms, and it can send and receive messages and media attachments, with support for Matrix end-to-end encryption via the Rust Crypto SDK.

A more complete list of features is available in the main project repo.

The first alpha v0.1.0 release is available from the FUTO Gitlab as well as from a Github mirror.

Trixnity (website)

Multiplatform Kotlin SDK for Matrix

Benedict reports

Trixnity 3.8.0 is released with matrix 1.7 support 🎉

features:

  • matrix 1.7 support (reactions and more)
  • extend MatrixClient API of sync allowing to set presence
  • configurable sync delays (contribution by @steffen.eichenberg)

bugfixes:

  • don't fail filling timeline when room does not exist locally yet

matrix-rust-sdk (website)

Next-gen crypto-included SDK for developing Clients, Bots and Appservices; written in Rust with bindings for Node, Swift and WASM

Jonas Platte reports

This week, we made progress on four key areas:

Dept of Bots 🤖

Matrix Registration Bot (website)

moanos [he/him] announces

The matrix-registration-bot allows you to manage an invite only matrix server. An admin asks the bot for a invite code and then sends this code to a friend (or enemy) that they want to invite to the server.

it is now a lot easier to run the bot

  • Create an admin account on your server for the bot
  • run docker run -it -e "BOT_USERNAME=@matrix-registration-bot:example.org" -e "BOT_PASSWORD=SECURE_PASSWORD" -e "BOT_SERVER=https://synapse.example.org" moanos/matrix-registration-bot:1.3.0
  • Message the bot help to find out about all it can do

For all the folks using matrix-docker-ansible-deploy: Adding the following to you vars.yml is enough to fully configure the bot

matrix_bot_matrix_registration_bot_enabled: true

#By default, the playbook will set use the bot with a username like 
## this: `@bot.matrix-registration-bot:DOMAIN`.
# To use a different username, uncomment & adjust the variable.
# matrix_bot_matrix_registration_bot_matrix_user_id_localpart: bot.matrix-registration-bot

# Generate a strong password here. Consider generating it with `pwgen -s 64 1`
matrix_bot_matrix_registration_bot_bot_password: PASSWORD_FOR_THE_BOT

# Enables registration
matrix_synapse_enable_registration: true

# Restrict registration to users with a token
matrix_synapse_registration_requires_token: true

No more hassle with access tokens - the bot can obtain them now on it's own!

For questions and support visit #matrix-registration-bot:hyteck.de

flip-matrix-bot (website)

A Matrix bot for the Friendly Linux Players community.

HER0 says

The new online documentation has received a bunch of updates, and now the Interacting with the bot section (starting with the usage overview) is much more fleshed out.

The docs are still in an early state, but this is a step towards making the bot easier to work with! If you have any feedback on this, feel free to file an issue or discuss it with us in #flip-matrix-bot:flip.earth.

Dept of Events and Talks 🗣️

Michael Weimann says

Schau dir den Vortrag „Die aufregende Reise einer Matrix-Nachricht“ am Sonntag, den 06.08. August um 10:00 Uhr auf der FrOSCon an

This post is about a talk „The exciting journey of a Matrix message“ explaining the Matrix protocol and APIs at FrOSCon. Since the conference is mainly in German, the main content of this post is also in German.

Wenn ihr wissen wollt, warum Matrix funktioniert und ihr nächstes Wochenende in der Nähe von Bonn (bzw. Sankt Augustin) seid, schaut euch den Vortrag „Die aufregende Reise einer Matrix-Nachricht“ auf der FrOSCon an!

Im Vortrag verfolgen wir den Weg einer Matrix-Nachricht vom eigenen Eingabefeld bis zur Timeline des Empfängers: Was passiert da, wer redet mit wem und wie zum Geier funktioniert eigentlich diese Verschlüsselung? Zu jedem Schritt schauen wir uns an, welche APIs benutzt werden. Außerdem werfen wir einen Blick in die Matrix-Spezifikation, in der drinsteht, wie das alles funktioniert.

Der Vortrag wird danach auch als Stream bei media.ccc.de verfügbar sein. Die komplette Beschreibung zum Vortrag gibt es im FrOSCon Programm.

HarHarLinks says

Matrix @ FrOSCon

FrOSCon is happening next week!

Matrix User Meetup Berlin

saces reports

Next Matrix user meetup 2.8.2023, 8 pm @ c-base

Meet other matrix users, chat about Matrix, the rest, and everything else, discuss your Matrix ideas, sign each other in persona, and maybe spice the evening with a good mate or beer.

Also when the bbq is lit you may wish you brougth your favorite item :)

Every first Wednesday of the month in the c-base at 8pm ('til the next pandemic).

Matrix room: #mumb:c-base.org

Dept of Ping

Here we reveal, rank, and applaud the homeservers with the lowest ping, as measured by pingbot, a maubot that you can host on your own server.

#ping:maunium.net

Join #ping:maunium.net to experience the fun live, and to find out how to add YOUR server to the game.

RankHostnameMedian MS
1test.zemos.net273
2zemos.net462.5
3maescool.be467
4infosec.exchange677.5
5herkinf.de715
6kittenface.studio814
7matrix.org2807.5
80xdead10cc.com3498
9anonymousland.org4500
10plocki.org6476

#ping-no-synapse:maunium.net

Join #ping-no-synapse:maunium.net to experience the fun live, and to find out how to add YOUR server to the game.

RankHostnameMedian MS
1test.zemos.net68
2zemos.net123
3herkinf.de151
4777.tf206
5matrix.org337
6l1qu1d.net750.5
7evilcyberhacker.net1184.5
8shiftsystems.net22843

That's all I know

See you next week, and be sure to stop by #twim:matrix.org with your updates!

Postponing the Libera.Chat deportalling

28.07.2023 14:00 — Bridges Thib

We have recently announced that we will be honouring Libera Chat’s request to turn off portalled rooms on the Libera.Chat bridge maintained by the Matrix.org Foundation. The changes were originally scheduled to be effective on 31st July. In the meantime, we posted instructions for people to turn their portalled rooms into plumbed ones so the bridge keeps working for them.

Some stability issues on the bridge have prevented people from turning their portalled rooms into plumbed ones. We have been actively working on resolving those issues since the first reports and the situation is gradually improving. However, at this point, we do not believe the plumbed mode can be considered sufficiently stable yet.

Continue reading…

This Week in Matrix 2023-07-21

21.07.2023 00:00 — This Week in Matrix Hubert Chathi

Dept of Spec 📜

Andrew Morgan (anoa) says

Here's your weekly spec update! The heart of Matrix is the specification - and this is modified by Matrix Spec Change (MSC) proposals. Learn more about how the process works at https://spec.matrix.org/proposals.

MSC Status

New MSCs:

MSCs in Final Comment Period:

  • No MSCs are in FCP.

Accepted MSCs:

Closed MSCs:

  • No MSCs were closed/rejected this week.

Spec Updates

This week we have been preparing for IETF117, Matrix 1.8, Matrix 1.9, and Messaging Layer Security (MLS) for Matrix. Most of our work on globally interoperable communications is ongoing through the More Instant Messaging Interoperability (MIMI) working group at the IETF, and will be making significant strides in the coming days as we head to the IETF117 hackathon and meetup.

Over the last few months we've been working on a version of Linearized Matrix which supports the simplicity of linear event history while being fully compatible with today's Matrix network, and while we think that the 03 draft we wrote up accomplishes a lot of this, there's further work to be done to make it cleaner and easier to use. We've also been writing implementations of it to prove the semantics (and find areas which need improvement), starting with our cleanroom eigen-server TypeScript implementation and interoperating it with a branch of Synapse. During IETF117 we expect more implementations to sprout and have their interoperability tested - watch this space for updates on how that goes.

Aside from IETF117, we're continuing to look at the previously-selected Matrix 1.8 MSCs for release in mid-late August 2023. This might be slow over the next couple of weeks while half of us are at IETF117, but expect more forward progress when we get back. Matrix 1.9 is scheduled to be released sometime in November 2023, and a few months ago we said we were aiming to plan ahead for releases a bit more deliberately. Starting this week, we're accepting submissions for ideas and specific MSCs which need our attention in Matrix 1.9. If you have an MSC (current or future) which will need Spec Core Team (SCT) attention between August 2023 and November 2023, let us know in the SCT Office room. Once Matrix 1.8 is released (exact date TBD) we will have limited availability to add things to the Matrix 1.9 target - please raise your MSCs & themes as soon as possible. The current set of MSCs up for consideration can be found on the SCT Intake Board.

If you've made it this far in our weekly update, congratulations, and thank you. We expect things will rapidly start to happen with IETF117 kicking off tomorrow (July 22, 2023), and we will do our best to keep folks updated. Next week's TWIM in particular will have a post-IETF117 debrief for your reading enjoyment :)

As always, if you have any questions or concerns about what we're working on, visit the SCT Office and let us know. We can't promise a prompt reply (particularly during IETF117), but we will take a look when we can.

Random MSC of the Week

The random MSC of the week is... MSC3105: Previewing UIA flows!

This MSC addresses a shortcoming in the current User-Interactive Authentication (UIA) mechanism where attempting to deduce the required authentication flows for an action will result in that action being carried out if it turns out no flows were required. This makes it tricky for a client to present a "are you sure you want to do X?" as a final step in completing an action that requires authentication.

The proposals aims to allow an OPTIONS pre-flight HTTP request to the same endpoint in order to retrieve the flows necessary, without actually carrying out the action. The proposal does note that using OPTIONS for this case is a bit non-standard though, and some clients may treat the typical 401 error code returned during User-Interactive Auth as a fatal error.

While this does address a flaw in the UIA system, it's worth noting that many other flaws exist! Matrix is planning to move over to an OpenID Connect-based authentication system in the not too distant future, which will likely have far fewer edge cases than our traditional, home-grown one. You can visit https://areweoidcyet.com/ for more information and to track the current progress on that front.

Dept of Servers 🏢

Synapse (website)

Synapse is a Matrix homeserver implementation developed by the matrix.org core team

Shay reports

This week we released 1.88.0. First, an announcement: Please note that this release

  • raises the minimum supported version of Python to 3.8, as Python 3.7 is now end-of-life and
  • removes deprecated config options related to worker deployment.

See the upgrade notes for more information. Now the highlights:

  • Remove deprecated worker_replication_host, worker_replication_http_port and worker_replication_http_tls configuration options.
  • Pin pydantic to ^=1.7.4 to avoid backwards-incompatible API changes from the 2.0.0 release
  • Correctly resize thumbnails with pillow version >=10
  • Add not_user_type param to the list accounts admin API
  • Use lower isolation level when cleaning old presence stream data to avoid serialization errors

and much more. If you'd like to take a deep dive into the changes, you can find the release notes here and as always, if you encounter a bug feel free to report it at https://github.com/matrix-org/synapse/issues/new/choose.

Dept of Bridges 🌉

mautrix-gmessages

tulir announces

There's a Google Messages bridge now for bridging RCS (and normal SMS/MMS too): https://github.com/mautrix/gmessages

Since Google's RCS is basically completely proprietary and doesn't have any real interoperability (despite what they want you to think), the only way to bridge it is to act as the Messages for Web app. It's also a much more reliable way of bridging SMS from an Android phone, because the Messages app on Android has access to all of Google's cheat codes to avoid being killed/limited by the OS.

Dept of Clients 📱

FluffyChat (website)

Krille-chan reports

FluffyChat took a little development break to migrate to Github. However I hope that this improves some flows after all and makes releases more stable in the future. Stay tuned ❤️

Element X iOS (website)

A total rewrite of Element-iOS using the Matrix Rust SDK underneath and targeting devices running iOS 16+.

Ștefan says

We're continuing our bug fixing spree following the App Store release:

  • massive improvements to the timeline and message rendering
  • redaction is now supported for group moderators
  • fixed bugs around pasting media into the message composer
  • blocked members are now updated accordingly
  • improvements to how to exercise the sync loop
  • fixed thumbnails for portrait videos
  • fixed alert and dialog tint colors throughout the app
  • fixed tint colors in dark mode
  • fixed incorrect file reply icons
  • and we have promoted location sharing from behind a feature flag and made it available to all

Element X Android (website)

Android Matrix messenger application using the Matrix Rust Sdk and Jetpack Compose

benoit says

  • We’re working with Google to get our first version of Element X published on the play store!
  • We’re making steady progress with push notifications, our current task is to be testing to ensure the best experience possible for users of the app.

Element Web/Desktop (website)

Secure and independent communication, connected via Matrix. Come talk with us in #element-web:matrix.org!

Danielle announces

  • Stuck notifications improvements are here! We’re making some significant improvements in the area of stuck notifications that some users have been experiencing. We aren’t taking our foot off the pedal though, we still have some pesky things to iron out and are continuing to work on these.
  • For our accessibility work, we’re making great progress on color this week. If you use our Develop or Nightly instances you’ll have seen the changes already. We’re increasing contrast throughout the app, improving legibility and reducing eye strain.

Dept of Encryption 🔐

Messaging Layer Security

uhoreg reports

Messaging Layer Security (MLS) is now RFC 9420! MLS is an IETF standard for end-to-end encryption in messaging systems. You can read the Matrix.org Foundation's blog post about the publication of MLS at https://matrix.org/blog/2023/07/a-giant-leap-with-mls/, and the IETF's blog post at https://www.ietf.org/blog/mls-protocol-published/. We've been working on integrating MLS into Matrix via a proof-of-concept implementation in Element Web. We have basic functionality working, and even key backup is working. You can read more about our progress and view demo videos at https://arewemlsyet.com.

Dept of SDKs and Frameworks 🧰

Trixnity (website)

Multiplatform Kotlin SDK for Matrix

Benedict announces

I fixed two bugs with Trixnity 3.7.1 and 3.7.2 and introduced RoomService::canSendEvent as easy power level check (e. g. matrixClient.room.canSendEvent<NameEventContent>(roomId)). Currently I'm working on matrix 1.7 compatibility.

Dept of Ops 🛠

matrix-docker-ansible-deploy (website)

Matrix server setup using Ansible and Docker

Slavi says

Thanks to Michael Hollister from FUTO, the creators of the Circles app, matrix-docker-ansible-deploy can now set up matrix-media-repo.

To learn more see our Storing Matrix media files using matrix-media-repo documentation page.

Slavi also announces

Thanks to Shreyas Ajjarapu's efforts, matrix-docker-ansible-deploy now supports bridging to Google Messages via the mautrix-gmessages bridge.

See our Setting up Mautrix Google Messages bridging documentation page for getting started.

Dept of Services 🚀

Matthew says

wordpress is now running an official community Matrix server! https://make.wordpress.org/meta/2023/07/20/matrix-chat-summary-july-20-2023/

Dept of Bots 🤖

flip-matrix-bot (website)

A Matrix bot for the Friendly Linux Players community.

HER0 reports

The greeter function of the bot now takes a guess at whether a new room member is a guest and sends a different welcome message. This aims to explain that the session does not persist, and that they may create a new account if they want.

Dept of Events and Talks 🗣️

Matrix @ FrOSCon

HarHarLinks says

TLDR: Preliminary schedule of the whole conference, including our Matrix devroom (C120), is now online: Saturday / Sunday

On August 05-06 the annual Free and Open Source Conference (short FrOSCon) will take place at the German University of applied Sciences Bonn Rhine Sieg. A small team of volunteers from the community has gotten together to organize both a Devroom and a Booth/Stand.

There will be plenty of talks, presentations and workshops about Matrix and lots of surrounding things too, such as talks about open source in German public administration which often includes Matrix. Did you miss our CfP deadline but still have an idea for something you want to present? Get in touch with us at #FrOSCon:fiksel.info.

We might have some shop.matrix.org merch and other things available at the stand - contact us at #FrOSCon:fiksel.info for reservations.

You're attending and want to link up to other Matrix geeks or just other attendees in general? Also join us at #FrOSCon:fiksel.info!

Dept of Interesting Projects 🛰️

Matthew reports

cool use of Matrix for comms within a hacked Google Nest Mini: https://twitter.com/justLV/status/1681377298308820992

Dept of Guides 🧭

Matrix Client Tutorial

uhoreg reports

I've just posted the initial version of the Megolm encryption/decryption section of my Matrix client tutorial. The Megolm section alone is longer than the entirety of the current End-to-End Encryption implementation guide, which, depending on your point of view, could be either a good thing or a bad thing. The next section I'll be working on will be Olm encryption/decryption. The tutorial is available at https://uhoreg.gitlab.io/matrix-tutorial/index.html, and the Megolm section is at https://uhoreg.gitlab.io/matrix-tutorial/megolm.html. The source code is at https://gitlab.com/uhoreg/matrix-tutorial.

Matrix in the News 📰

HarHarLinks announces

BWI, maker of BwMessenger (for German armed forces) and BundesMessenger based on and in collaboration with Element, in an interview with German IT news heise https://www.heise.de/hintergrund/Interview-Ueber-den-Bundeswehr-Messenger-und-warum-Open-Source-wichtig-ist-9217085.html

Matthew reports

also an interview with me in Heise: https://www.heise.de/hintergrund/Sichere-Messenger-fuer-alle-Matrix-Gruender-im-Interview-9220484.html

That's all I know

See you next week, and be sure to stop by #twim:matrix.org with your updates!

A giant leap forwards for encryption with MLS

18.07.2023 14:00 — Encryption Matthew Hodgson , Hubert Chathi

Hi all,

Given our commitment to open standards and interoperability, we’re delighted to see MLS be ratified by the IETF as RFC9420.

MLS is a new encryption standard defined by the IETF, the standards body that maintains much of what makes the internet work. In the same way that Transport Layer Security (TLS, another IETF standard) defines the way to provide encryption between users and servers, or between two different servers, MLS provides a standard way for users of a messaging service to communicate securely without servers being able to eavesdrop on their conversations.

Continue reading…

This Week in Matrix 2023-07-14

14.07.2023 00:00 — This Week in Matrix Hubert Chathi

Matrix Live

Dept of Spec 📜

Andrew Morgan (anoa) announces

Here's your weekly spec update! The heart of Matrix is the specification - and this is modified by Matrix Spec Change (MSC) proposals. Learn more about how the process works at https://spec.matrix.org/proposals.

MSC Status

New MSCs:

MSCs in Final Comment Period:

Accepted MSCs:

  • No MSCs were accepted this week.

Closed MSCs:

  • No MSCs were closed/rejected this week.

Spec Updates

Not a lot to say this week. The Spec Core Team is humming along with review, while we also wait for progress of various MSCs from their authors. The full list of what's in flight can be found in this week's Tuesday ping in the Office of the Spec Core Team room.

IETF and MIMI work is still continuing on in the background. Look out for a TWIM in the near future for an update to progress on that front!

Random MSC of the Week

The random MSC of the week is... MSC3192: Batch state endpoint!

This MSC defines an endpoint to send lots of state (max 50 at once) into a room in one go. This sounds useful for all sorts of tasks, and it's a wonder that it hasn't come up before.

If that sounds like an endpoint you'd like to go, give feedback on the MSC linked above!

Dept of Servers 🏢

Synapse (website)

Synapse is a Matrix homeserver implementation developed by the matrix.org core team

Shay announces

This week we released 1.88.0rc1. First, an announcement: Please note that this release

  • raises the minimum supported version of Python to 3.8, as Python 3.7 is now end-of-life and
  • removes deprecated config options related to worker deployment.

See the upgrade notes for more information. Now the highlights:

  • Remove deprecated worker_replication_host, worker_replication_http_port and worker_replication_http_tls configuration options.
  • Remove support for Python 3.7 and hence for Debian Buster.
  • Correctly resize thumbnails with pillow version >=10
  • Add not_user_type param to the list accounts admin API

and much more. If you'd like to take a deep dive into the changes, you can find the release notes here and as always, if you encounter a bug feel free to report it at https://github.com/matrix-org/synapse/issues/new/choose.

Dept of Clients 📱

iamb

ulyssa announces

iamb (website), a terminal-based Matrix client that uses Vim keybindings, had a new release this past week. Release v0.0.8 includes:

  • Pasting images from the "* clipboard register
  • A new :leave command to leave rooms
  • Configure how usernames are displayed
  • Configure an external command for opening downloads
  • Restore layout on restart, or from config.json
  • Completing Emoji shortcodes in the message bar

Quaternion (website)

A Qt5-based IM client for Matrix

kitsune reports

Quaternion 0.0.96 beta 3

One more iteration on the way to the final release is published. Two biggest changes are in dependencies: unlike the previous iteration that used Qt 5 and libQuotient 0.7.x, beta 3 requires Qt 6 and libQuotient 0.8.x. On top, AppImages for Linux are no more published, giving way to Flatpak. If you want Qt 5 or AppImages back, say so in #quaternion:matrix.org, otherwise the final release will cement these decisions!

Not many changes in the functionality otherwise; but you can now switch E2EE on or off per-account at runtime, rather than across the board at compile time. Check out the release notes at the usual place; and if you're on Linux and want a flatpak, it's already there in the beta channel at Flathub.

Element X iOS (website)

A total rewrite of Element-iOS using the Matrix Rust SDK underneath and targeting devices running iOS 16+.

Doug reports

  • Notifications are cleared from Notification Centre when marked as read.
  • Room notification settings are starting to take shape.
  • Laying the groundwork to support animations in the timeline.
  • Adopting the latest and greatest features from the Rust SDK.
  • Much work has been put into improving the reliability of our Tests.
  • Bug fixes galore! Thanks for all your feedback following our App Store release.

Element X Android (website)

Android Matrix messenger application using the Matrix Rust Sdk and Jetpack Compose

Jorge reports

  • This week we have been polishing the app, getting rid of lots of minor issues so the app is as stable as possible, improving the performance of the timeline, fixing bugs in notifications and improving the overall UX of the app.
  • There is now an Element X Android room where discussion is happening for those brave enough to either build their own versions of the app or download them from our CI! Just keep in mind that it's still a work in progress and the apks are built in debug mode so performance can be quite bad especially when scrolling, as they don't have any performance optimizations and contain lots of debug tooling.

Element Web/Desktop (website)

Secure and independent communication, connected via Matrix. Come talk with us in #element-web:matrix.org!

Johannes Marbach says

  • We’re continuing to invest into fixing stuck notification issues. This week, we’ve landed a fix on develop that sends read receipts for thread roots on the main timeline rather than in the thread (which Synapse rejects). We’ve also opened another MSC to clarify what timeline we think thread roots belong in to to help with this problem in future.
  • Our notification settings work is set up for shipping in labs next week
  • On the Compound side we’ve made fix-ups around the typography update and landed a first version of accessible colour updates on develop. Meanwhile, we’ve started exploring the future of theming.
  • Last but not least, we merged the OIDC-native login functionality and have switched to a different OIDC library do help facilitate upcoming changes

Element iOS (website)

Secure and independent communication for iOS, connected via Matrix. Come talk with us in #element-ios:matrix.org!

Doug says

This week we disabled the Share and Siri extensions along with replying from a notification to work around a bug where our current use of app extensions causes corruption in the Rust crypto layer. Sharing is still available from within the app and Siri can be invoked from the keyboard, but we are aware this isn’t ideal.

Dept of SDKs and Frameworks 🧰

Matrix-nio

Paarth Shah reports

matrix-nio 0.21.0 A new version of matrix-nio has been released, with some fantastic new features, and some breaking changes! Full details can be found in the changelog, but as for some highlights:

  • Adding support for Space Parent/Child Events
  • Adding support for knocking on rooms, and enabling room knocking on existing rooms
  • Switching from logbook to the standard library logging module
  • Dropping support for end-of-life python3.7

Trixnity (website)

Multiplatform Kotlin SDK for Matrix

Benedict announces

The next Trixnity version has been released. It includes some major performance and internal improvements as well as some cool new features.

performance improvements:

  • lots of performance improvements in the cache leading to faster sync processing and significant less RAM usage
  • prevent unnecessary reads from repository
  • small performance improvements for realm

features:

  • allow to forget rooms (delete room specific content from database and cache) -> rewrite of the cache to allow indexes
  • PowerLevelsEventContent with type safe "events"-field (e. g. allow content.events.get<MessageEventContent>() additionally to the old way content.events["m.room.message"])
  • Introduce module trixnity-crypto-core and replace native crypto algorithms using native APIs (CoreCrypto on apple and OpenSSL on linux/mingw targets)
  • Own SecureRandom implementation using native APIs
  • MatrixClient handles own CoroutineScope
  • upgrade logging (requires SLF4J 2)
  • unified test suite for repositories (it makes adding new repository implementations significantly less time-consuming, because no tests need to be written)

bugfixes:

  • rollback realm transactions on exceptions
  • fix possibly broken media files

Dept of Bots 🤖

flip-matrix-bot (website)

A Matrix bot for the Friendly Linux Players community.

HER0 says

The bot gained a bit more reliability, as in-room event reminders are now sent as expected, even if the bot was restarted just before the event reminder was supposed to be triggered. Before, reminder logic was calculated based on the current local time, not the time that the event was actually scheduled at, and that would prevent some notifications from being sent.

The GitLab project path was also changed, so that it now exists within the bots subgroup of the Friendly Linux Players group. The main reason for this was to create a separate documentation project that can live alongside the main project in the hierarchy. The documentation is not too interesting to look at yet, but there are plans to provide details within them on how to use the bot in Matrix, run the bot, and contribute to the bot and/or documentation.

On the website side, some server-side and client-side caching, related to events (scheduled by the bot), has been implemented/fixed. This results in load times that are potentially multiple orders of magnitude faster! I'm really glad that I got around to addressing this, as the site feels super snappy now, in comparison.

That's all I know

See you next week, and be sure to stop by #twim:matrix.org with your updates!