This Week in Matrix 2022-10-07
07.10.2022 00:00 — This Week in Matrix — ThibMatrix Live
Our guest for Matrix Live is Rich, to talk about how the Synapse team is hard at work to hunt those pesky spinners. Faster room joins now? Yes! But only for the brave!
This Week in Matrix 2022-09-30
30.09.2022 00:00 — This Week in Matrix — ThibMatrix Live
Matrix v1.4 release
29.09.2022 15:30 — Releases — Travis RalstonHey all,
It’s finally here: threads, edits, and private read receipts. v1.4 has been a little later than usual in the quarter because we wanted to make sure we nailed down all the core MSCs for threads before publishing the spec itself, but we’ve done that now and we’re excited about it.
Upgrade now to address E2EE vulnerabilities in matrix-js-sdk, matrix-ios-sdk and matrix-android-sdk2
28.09.2022 17:41 — Security — Matthew Hodgson , Denis Kasak , Matrix Cryptography Team , Matrix Security TeamTL;DR:
- Two critical severity vulnerabilities in end-to-end encryption were found in the SDKs which power Element, Beeper, Cinny, SchildiChat, Circuli, Synod.im and any other clients based on matrix-js-sdk, matrix-ios-sdk or matrix-android-sdk2.
- These have now been fixed, and we have not seen evidence of them being exploited in the wild. All of the critical vulnerabilities require cooperation from a malicious homeserver to be exploited.
- Please upgrade immediately in order to be protected against these vulnerabilities.
- Clients with other encryption implementations (including Hydrogen, ElementX, Nheko, FluffyChat, Syphon, Timmy, Gomuks and Pantalaimon) are not affected; this is not a protocol bug.
- We take the security of our end-to-end encryption extremely seriously, and we have an ongoing series of public independent audits booked to help guard against future vulnerabilities. We will also be making some protocol changes in the future to provide additional layers of protection.
- This resolves the pre-disclosure issued on September 23rd.
Announcing Third Room Tech Preview 1
27.09.2022 17:53 — Releases — Matthew HodgsonWe're excited to announce the first tech preview of Third Room, an open, standards-based, decentralised vision of the metaverse for the open Web, built entirely on Matrix… without cryptocurrencies, NFTs or walled gardens.
To see what it's all about, head over to https://thirdroom.io/preview - or come chat in #thirdroom-dev:matrix.org to learn more!
Synapse 1.68 released
27.09.2022 16:34 — Releases — Brendan AbolivierHey everyone, it's time for a new Synapse release! Synapse 1.68 just dropped, let's have a look at what's inside.
This Week in Matrix 2022-09-23
23.09.2022 19:09 — This Week in Matrix — ThibLast update: 23.09.2022 18:41
Matrix Live
Pre-disclosure: upcoming critical security release of Matrix SDKs and clients
23.09.2022 14:53 — Security — Matrix Security TeamWe will be releasing a security update to matrix-js-sdk, matrix-ios-sdk and matrix-android-sdk2 and clients which implement end-to-end encryption with these libraries, to patch critical security issues, on Wed, Sept 28th. The releases will be published in the afternoon, followed by the disclosure blog post around 16:00 UTC. The affected clients include Element Web, Desktop, iOS and Android. We will also be working with downstream packagers and forks over the coming days to ensure a synchronised release to address affected clients.
Clients using matrix-rust-sdk, hydrogen-sdk and matrix-nio are not affected by these critical issues. We are also auditing third-party client SDKs and clients in advance of the release, and will work with the projects if action is needed. So far we've confirmed that other popular SDK/clients including mtxclient (nheko), Matrix Dart SDK (FluffyChat), Trixnity (Timmy), Syphon, mautrix-go (Gomuks) and mautrix-python are not affected by the issues in question.
If you maintain or package a (potentially) affected E2EE-capable Matrix client and need to coordinate on the release, please contact [email protected].
We advise to upgrade as soon as possible after the patched versions are released.
Thank you for your patience while we work to resolve this issue.