This Week in Matrix 2023-06-02

2023-06-02 — This Week in Matrix — Thib

Matrix Live

Dept of Spec 📜

Andrew Morgan (anoa) reports

Here's your weekly spec update! The heart of Matrix is the specification - and this is modified by Matrix Spec Change (MSC) proposals. Learn more about how the process works at https://spec.matrix.org/proposals.

MSC Status

New MSCs:

MSCs in Final Comment Period:

  • No MSCs are in FCP.

Accepted MSCs:

  • No MSCs were accepted this week.

Closed MSCs:

Spec Updates

Part of the SCT's goals with Matrix 1.8 is to pre-plan the majority of our review attention, which means we need to be told what folks are working on to plan accordingly. We'll still have some room for random/surprise MSC work, but this is expected to be harder to acquire going forward (and so should not be relied upon).

Please let us know if you're working on something which affects the spec! We want to hear about:

  • things that aren't MSCs (yet)
  • things that are MSCs but aren't planned to be merged in 1.8
  • MSCs which are expected to be ready in time for Matrix 1.8 (in ~2 months)

If you aren't sure if your project affects the spec, talk to us about it. We do not want to be the bottleneck in your development cycle, instead preferring to know ahead of time that something will need attention from us.

All we need is for you to mention your project/MSC and timeline in the #sct-office:matrix.org - DMs and private rooms with SCT members are not enough to get something on the roadmap. This is to ensure there is full transparency in why the SCT is looking at something, and to ensure that the MSC moves through the process in an efficient manner. If your project has a sensitive context (commercial or otherwise), then we ask that you reference that here and someone from the team will contact you to get more information, relaying as much (non-sensitive) detail as possible back to the room here.

Our expected outcome for this system is to not only be a more effective team, but also to give you a faster/more reasonable turnaround on MSC review (at all stages), more rapid deployment of stable features (dropping unstable prefixes), and overall fewer review iterations as the SCT can think about problems ahead of you actually needing a review. We seriously do not want to be a blocker, but we need to know what we could end up blocking by accident.

Starting approximately August 1st, we will be starting to plan out what Matrix 1.9's release cycle will look like. A similar call to action will be raised at that point. Note that Matrix 1.8 is set to be released in late August, meaning we're aiming to have Matrix 1.9 thought out before Matrix 1.8 is released, which is a deliberately accelerated timeline than the current Matrix 1.8 release cycle planning.

As always, if you have any questions about this, please let us know in #sct-office:matrix.org.

Random MSC of the Week

The random MSC of the week is... MSC3869: Read event relations with the Widget API!

This MSC would allow Matrix Widgets, knowing an event ID, to request any and all other events that relate to it. Thus, if you had a m.room.message event, you could ask the client whether any edits have been made to that event, via asking for m.room.message events with m.replace relations.

This would be useful for Widgets to traverse any data structure that used relations to tie together events - which could model all sorts of use cases!

As always, leave your feedback on the MSC if this is something you're interested in or want to push forwards :)

Dept of Servers 🏢

Synapse (website)

Synapse is a Matrix homeserver implementation developed by the matrix.org core team

Shay reports

It's Friday which means it's time for another TWIM. This week the backend team released Synapse v1.85.0rc2. Notable highlights include:

  • Fix a performance issue introduced in Synapse v1.83.0 which meant that purging rooms was very slow and database-intensive
  • Improve performance of backfill requests by performing backfill of previously failed requests in the background.
  • Fix a long-standing bug where setting the read marker could fail when using message retention
  • Fix a long-standing bug where deactivated users were still able to login using the custom org.matrix.login.jwt login type (if enabled)

And so much more! To read about everything in the release, take a look at the release notes here and otherwise have a great week.

Dept of Clients 📱

FluffyChat (website)

Krille-chan reports

In FluffyChat we are still working on finishing the new release and polish the new html message rendering. We are nearly done and are also fixing our CI configuration so that all platforms receive the release without further problems (hopefully :D). Beside of that there is a nice merge request from @theonewiththebraid for animated emojis. For more information click here: https://gitlab.com/famedly/fluffychat/-/merge_requests/1124 (also contains a video) I really like it but before merging I would like to find a way how we can reduce the app size first.

Stay tuned <3

Element Web/Desktop (website)

Secure and independent communication, connected via Matrix. Come talk with us in #element-web:matrix.org!

Johannes Marbach announces

  • Work on stuck notifications continues and we think we've been able to unblock the release scheduled for next week and are preparing the necessary spec changes. The overall status is tracked in vector-im/element-web#24392.
  • We've completed testing for our intentional mentions and design review for the notification settings update. Getting close now as we've started discussing rollout strategies.
  • We started putting together a plan for integrating Compound, our new design system, into Element Web. Watch this space for more updates in the near future.

Element iOS (website)

Secure and independent communication for iOS, connected via Matrix. Come talk with us in #element-ios:matrix.org!

Doug announces

This week on Element iOS we’ve added support for sharing your device’s screen whilst in a Jitsi video call.

Element Android (website)

Secure and independent communication for Android, connected via Matrix. Come talk with us in #element-android:matrix.org!

benoit says

Element Android will get a new release candidate 1.6.2 with more fixes following the release with the Crypto Rust SDK. In particular, some ANR (Application Not Responding) have been fixed.

Element X iOS (website)

Doug announces

  • When replying to a message, a preview of the message is now shown above the composer.
  • The authentication flow has been reworked in preparation for OIDC support.
  • Many fixes for navigation within the app, app launch, notifications and incorrect colours.

Element X Android (website)

benoit reports

More and more features are available on EAx! We are working on media upload and media rendering, and are improving the general rendering of the timeline. Also worth noting that notifications now include messages content and meta-data such as sender name and sender avatar!

Dept of SDKs and Frameworks 🧰

matrix-rust-sdk (website)

Next-gen crypto-included SDK for developing Clients, Bots and Appservices; written in Rust with bindings for Node, Swift and WASM

Jonas Platte reports

This week was a short one, since some team members were off due to national holidays on Monday and Tuesday. Nevertheless, we:

Dept of Events and Talks 🗣️

Call for Participation (CfP): Matrix Community Summit 2023

Christian Paul (jaller94) says

We are looking for talks and workshops. From the past to the future, from the moment of the idea, the story of the creation or the vision of the future. We’d like to understand the principles as well as the technology.

Come to Berlin in September to present your Matrix projects and products!

  • Thursday, 21th September - Matrix Summit Barcamp (no schedule)
  • Fri + Sat, 22th and 23th September - Matrix Summit Conference (CfP open now)

https://summit2023.matrixmeetup.de/conference/

We try to keep everything low-cost. But we need some money for food, drinks, merch, recording services, travel and accommodation. Please contact us via e-mail about sponsoring the event. The e-mail address can be found on the website above.

Matrix User Meetup Berlin

saces says

Next Matrix user meetup 7.6.2023, 8 pm @ c-base

Meet other matrix users, chat about Matrix, the rest, and everything else, discuss your Matrix ideas, sign each other in persona, and maybe spice the evening with a good mate or beer.

Also when the bbq is lit you may wish you brougth your favorite item :)

Every first Wednesday of the month in the c-base at 8pm ('til the next pandemic).

Matrix room: #mumb:c-base.org

Dept of Ping

Here we reveal, rank, and applaud the homeservers with the lowest ping, as measured by pingbot, a maubot that you can host on your own server.

#ping:maunium.net

Join #ping:maunium.net to experience the fun live, and to find out how to add YOUR server to the game.

RankHostnameMedian MS
1test.zemos.net319
2zemos.net623
3075-141-169-120.res.spectrum.com:8446723
4kittenface.studio738
5wcore.org1086.5
6projectsegfau.lt2187
7brockhus.com.au2800.5
8abot.xyz3155.5
9chrrreeeeesss.com5201.5
10matrix.org5415

#ping-no-synapse:maunium.net

Join #ping-no-synapse:maunium.net to experience the fun live, and to find out how to add YOUR server to the game.

RankHostnameMedian MS
1test.zemos.net129.5
2zemos.net206
3777.tf217.5
4sibnsk.net241.5
5075-141-169-120.res.spectrum.com:8446250.5
6matrix.org376
7herkulessi.de455
8rustybever.be692
9herkinf.de1037.5
10grin.hu11110

That's all I know

See you next week, and be sure to stop by #twim:matrix.org with your updates!

This Week in Matrix 2023-05-26

2023-05-26 — This Week in Matrix — uhoreg

Matrix Spec (website)

uhoreg announces

Here's your weekly spec update! The heart of Matrix is the specification - and this is modified by Matrix Spec Change (MSC) proposals. Learn more about how the process works at https://spec.matrix.org/proposals.

MSC Status

New MSCs:

MSCs in Final Comment Period:

  • No MSCs are in FCP.

Accepted MSCs:

  • No MSCs were accepted this week.

Closed MSCs:

Spec Updates

We released version 1.7 of the Matrix Spec on Thursday. This release features media repository improvements and reactions. Thank you to all who contributed to this release, whether through writing or reviewing MSCs, writing spec PRs, or finding spec bugs. And congratulations to those who had their first MSC make it to the release. Read the blog post for the full details.

We're in the process of working out what Matrix 1.8 looks like and need to hear what people are working on. If you have an MSC or idea you're planning on looking at in the next 2 months, let us know in #sct-office:matrix.org so we can prioritize it accordingly.

Random MSC of the Week

The random MSC of the week is... MSC3184: Challenges Messages! This feature allows participants in a room to make decisions randomly by playing rock, paper, scissors; flipping a coin; or drawing straws.

Dept of Servers 🏢

Synapse (website)

Synapse is a Matrix homeserver implementation developed by the matrix.org core team

dmr announces

Happy Friday, everyone. This week we disclosed three security advisories for Synapse. The TL;DR is that you should upgrade to at least Synapse 1.74.0 or newer. Please see the Matrix.org blogpost for links to the advisories.

Also of note is the release of Synapse 1.84.0 this Tuesday. New in this release is

Alongside this are a batch of bugfixes and internal improvements. We are aware of one regression in v1.84.0—expect a minor release with a fix to that sooner rather than later.

We've also begun an effort to profile and improve the performance of the /messages endpoint. That should benefit everyone, but in particular we hope to improve the UX of the Matrix Public Archive.

Thank you as ever to our contributors, testers, and community of server operators.

Dept of Clients 📱

Nheko (website)

Desktop client for Matrix using Qt and C++17.

Nico announces

Hey, it's been a while. Which means we were busy, just not with developing Nheko! However, we did do some stuff now:

  • The sticker and emoji pickers now have sections and include both normal emojis and custom emojis in the emoji picker. This means your search results are also sectioned and you don't need to use ~ for custom emoji anymore. You can also now edit your custom emoji right from the picker (or rather open the settings menu from there). This should make going crazy with custom emoji much easier and I hope you have fun with it!
  • LorenDB also finally fixed that pressing a key would focus the input bar but eat the first key. This was pretty annoying, but it should now behave much nicer!
  • Sateallia meanwhile fixed a similar bug with the focus in the search menu on some platforms, implemented selecting multiple files to upload in the filepicker (before you only could drop a group of files into Nheko at once).
  • You can now copy images from the image viewer to the clipboard.
  • And lastly your rooms in the search are now ordered by recency of the last message. This should make rooms with the same name have always the right room appear on top. Additionally upgraded rooms are now in italics, which should make it still possible to jump to them, but also distinguish them in the search.

Have a nice day and try custom stickers and emojis some time!

Neochat (website)

A client for matrix, the decentralized communication protocol

Tobias Fella announces

Here's what's happened in NeoChat in the last weeks:

  • I (Tobias) implemented support for sending stickers, based on MSC2545. You can now send them from the emoji picker, which has also been improved visually.
  • I also implemented support for editing your account's stickers in NeoChat's settings. Other parts of the MSC (room stickers, etc.) are coming soon.
  • James improved read markers and state changed, limiting the number of the that are shown at the same time.
  • Aleix and I improved the notifications by grouping multiple messages from the same room into a single notification.
  • James added caching for the last event in a room, meaning that on startup, NeoChat will now sort all rooms in a correct order.
  • We fixed a bug where the user/room/emoji completion menu randomly did not open.
  • James finished documenting all of NeoChat's codebase.
  • I improved NeoChat's space support by replacing the existing space view with a new sidebar in style similar to many other clients.
  • I also improved logging, which will hopefully help us debug many problems, especially around encryption issues. In the future, if you notice such problems, make a copy of ~/.local/share/KDE/neochat.log (on Linux; for other platforms, talk to us to figure out where the log file is) and possible also neochat.log.old immediately, to help with debugging.
  • Rooms with only two users (i.e., DMs) will now show a more useful sidebar, omitting irrelevant details like the normal room member list.
  • James also improved NeoChat's developer tools, now showing more useful information.

FluffyChat (website)

Krille-chan reports

📢 This Week in FluffyChat 🐾

Fixed memory leak and addressed minor bugs. Made progress on new HTML rendering logic for upcoming release. Translated FluffyChat into Chinese (Simplified), Croatian, Estonian, Galician, Indonesian, Romanian, Spanish, and Ukrainian. Updated dependencies and improved features: Updated file_picker to 5.3.0. Added storage persistence request on web. Optimized member retrieval in public rooms. Stay tuned for the new and improved FluffyChat! 🐱💬

Ement.el (website)

Matrix client for Emacs

alphapapa announces

Ement.el, a Matrix client for the GNU Emacs Lisp machine and text editor, was graciously feature by David Wilson in his weekly System Crafters stream. He thoroughly demo'ed Ement's powerful, unique features, giving a great introduction to new users, and showing the power of Emacs in general. Check it out!

Element Web/Desktop (website)

Secure and independent communication, connected via Matrix. Come talk with us in #element-web:matrix.org!

Danielle announces

Here at Element web our week has been focused on notifications!

  • In our journey to rid the ele-web-world of stuck notifications we’ve fixed several bugs. Unfortunately fixing these bugs has surfaced other existing bugs that make the experience worse :sob:
    • We’re hard at work on all these items, keeping the original fixes and introducing new fixes.
  • While that means we’re skipping the public release this week, it does also mean that we’ll have made some significant improvement in our next version!
  • Also on the topic of notifications we’re adding the final touches to our new notifications settings screens, ensuring that the push rules and toggles match up as you’d expect.
  • Next week we’re hosting a community testing session for our Intentional Mentions MSC. The MSC aims to remove the unnecessary pings when people use your username in the timeline but do not tag you explicitly.

Element X iOS

The next generation of Element on iOS.

Ștefan says

We’re waving bye bye to another fun week in ElementX land. We kept ourselves entertained by:

Dept of Non Chat Clients 🎛️

Circles (website)

E2E encrypted social networking built on Matrix. Safe, private sharing for your friends, family, and community.

cvwright reports

Circles is an E2E encrypted social network app built on Matrix.

This week we are happy to announce a new beta build of Circles for Android. New in v1.0.11:

  • Major compatibility fixes for cross-signing
  • Improved support for UnifiedPush
  • Use of Matrix threads for replies to top-level posts
  • Bug fixes to enable switching accounts without logging out

The latest build is available in our F-Droid beta repo and in the Google Play Store. And for those who like to DIY, you can always grab the APK directly and install it yourself.

Also new for this release is a GitHub mirror of the Circles Android source repo, for easier bug reporting.

Dept of SDKs and Frameworks 🧰

matrix-rust-sdk (website)

Next-gen crypto-included SDK for developing Clients, Bots and Appservices; written in Rust with bindings for Node, Swift and WASM

Ivan 🦀 reports

This week, new projects have started!

That's all I know

See you next week, and be sure to stop by #twim:matrix.org with your updates!

Matrix v1.7 release

2023-05-25 — Releases, Spec — Travis Ralston

Hey all,

Matrix 1.7 has just been released! The last spec release was about 3 months ago, keeping us on track for regular quarterly releases. Unlike Matrix 1.6 though, today’s release is packed with plenty of features, some of which we’d like to call out here. Not all implementations will have support for these features yet though, and that’s okay (expected, even).

Adding support for a spec release can be a significant body of work. Instead of implementations having everything ready for spec release day, the idea is that they gain support over the next few months. If you’re able, please help those projects get v1.7’s features.

Today, we see 15 MSCs achieve their formally adopted status. All of them bring forward some much-needed features to Matrix, and a few highlights are below. Read on to the full changelog for a complete overview, and for a sneak peak at what the Spec Core Team (SCT) is planning to look at for v1.8 👀

🖼️ Finally, improvements to media in Matrix

The media repo has been largely unchanged since it was first released in 2015 as r0.0.0 - the only change being the addition of URL previews in r0.3.0 (released in 2017). Thankfully, the folks over at Beeper have been busy changing this situation!

MSC3860 and MSC2246 are both available as of today in the spec, improving how much bandwidth media repos need to offer and fixing a long-standing issue where uploading large files can be a challenge. MSC3860, specified here as allow_redirect, allows clients to opt-in to HTTP redirects on downloads, avoiding slowdowns from the server having to proxy and move the media twice. It’s particularly useful if your server uses a CDN like S3 to host media - just tell clients to go grab media directly from S3 instead.

Meanwhile, MSC2246 (largely specified here) gives clients an ability to upload their media after sending the associated event. The MSC was originally designed with bridges in mind, where message order and delays are very perceivable problems for users, however clients like Element X are thinking about using the feature to improve local echo on uploads as well. We’re excited to see uploads finally be reliable, and non-blocking for the conversation flow!

History would indicate that we’ve got several years to go before the next major improvement to media, but we’re looking to change that: MSC3916: Authentication for media, MSC4016: Streaming E2EE file transfers, and MSC3870: Upload direct to URL are all fairly promising MSCs we’re planning to take a look at in the next year or so.

💖 Reactions are here

Reactions have actually been in use for quite some time already, but the MSC struggled to make it into the spec formally. With Matrix 1.7 though, MSC2677 is merged.

MSC2677 was the last part of the MSC1849 saga, with MSC2674 (relationships) and MSC2675 (server-side aggregation) landing in Matrix 1.3, and MSC2676 (edits) landing in Matrix 1.4 back in September 2022. There’s still some work to be done in this area though, and certainly some quality of life improvements asking to be written up as MSCs - watch this space for progress on those fronts.

🎉 Achievement: First MSC merged

One of the best parts about writing an MSC is eventually seeing it released in the spec, and these folks saw their MSCs reach this milestone for the first time. Congratulations everyone, and please keep them coming!

In no particular order:

Anyone can contribute MSCs, improving the whole of Matrix for everyone. If you have an idea (or bugfix), check out the guidelines and let us know if you run into any questions in #matrix-spec:matrix.org on Matrix - we’re always happy to help.

🔜 Early considerations for Matrix 1.8

The SCT aims to cut a release in the middle of each calendar quarter, largely to avoid most conflicts with regional holidays, and since Matrix 1.1 the releases have been getting less and less organic. Instead of looking at MSCs whenever they’re raised, the SCT has been aiming to hear about which MSCs will need looking at. This is a very subtle difference, but one that dramatically changes how the quarterly releases are structured.

With each spec release, the SCT has slowly been working towards a place where the majority of MSC work is thought about in advance, and Matrix 1.8 is another milestone along this journey. Over the next couple weeks we’ll be working on a roadmap based on the MSCs that are raised to us in the SCT Office room on Matrix, starting with the ideas we raised ourselves earlier in the year.

As of writing, our current plan for Matrix 1.8 includes:

  • Further work on adopting OIDC (namely progress on MSC3824, MSC2965, and other similar proposals).
  • Pushing the MSC3995 suite of MSCs towards acceptance/merge status.
  • Continuing the improvements of VoIP (MatrixRTC) as we work towards Matrix 2.0.
  • Various improvements to event relationships, such as MSC3981, and push in general, such as MSC3958 and MSC3391.

While this doesn’t represent a commitment to have these MSCs merged, these are the areas that the SCT is likely to be thinking about for the next 3ish months. If you have MSCs that might be possible to merge before roughly August, let us know in the SCT Office room (even if those MSCs aren’t on-theme with the above - we still want to hear about them!).

Critically, our release planning does not just include MSCs that are on track for being merged. We are also aiming to track that a given MSC needs technical review (for example), or that it might be receiving attention external to the SCT (such as implementation). We’d love to hear what you’re working on so we can start bringing those MSCs to the top of the list - let us know in the SCT Office room.

As is the theme for this section, if you have any questions about what the release process looks like (or where a given MSC currently sits in the roadmap), let us know in the SCT Office room.

The full changelog

There’s so many more things than what we covered in this blog post - flip through the changelog below for a full idea of what’s landed. Special thanks to MichaelKohler, zecakeh, and Cadair for contributing clarification & bug fix PRs in this release - we greatly appreciate it!

Client-Server API

New EndpointsBackwards Compatible Changes
  • Changes to the server-side aggregation of m.replace (edit) events, as per MSC3925. (#1440, #1525)
  • Add new push rule conditions event_property_is and event_property_contains, as per MSC3758 and MSC3966. (#1464)
  • Add m.annotation relations (reactions), as per MSC2677. (#1475, #1531)
  • Support asynchronous media uploads, as per MSC2246. (#1499, #1510)
  • Document the m.mentions property; the .m.rule.is_user_mention and .m.rule.is_room_mention push rules; and other notification behaviour, as per MSC3952. (#1508)
  • Improve VoIP signaling, as per MSC2746. (#1511, #1540)
  • Update the scope of transaction IDs, as per MSC3970. (#1526)
  • Add an ability to redirect media downloads, as per MSC3860. (#1529)
  • Add an ability to use an existing session to log in another, as per MSC3882. (#1530)
Spec Clarifications
  • Clarify the sections of the specification concerning aggregation of child events. (#1424)
  • Fix various typos throughout the specification. (#1432, #1442, #1447, #1455, #1465, #1500, #1509)
  • Clarify that reply chain fallback for threads might not be present. (#1439)
  • Clarify what event property the content-specific push rules match against. (#1441)
  • Clarify the semantics that make requests idempotent. (#1449)
  • Improve documentation of how clients use push rules. (#1461)
  • Clarify that servers should enforce a default limit on a filter if one is not specified. (#1463)
  • Disambiguate using property names with dots in them during push rule processing, as per MSC3873 and MSC3980. (#1464)
  • Fix phrasing & typography in the registration endpoint description. Contributed by @HarHarLinks. (#1474)
  • Remove outdated text saying that state_default is 0 if there is no m.room.power_levels event in a room. (#1479)
  • Remove fictitious token parameter on /keys/query endpoint. (#1485)
  • Fix rendering of properties with a list of types. (#1487)
  • Clarify parts of the cross-signing signature upload request. (#1495)
  • Remove the dont_notify and coalesce push rule actions, as per MSC3987. (#1501)
  • Clarify m.location scheme by partially reverting f1f32d3. Contributed by @HarHarLinks. (#1507)
  • Add missing knock_restricted join rule to the m.room.join_rules schema. (#1535)

Server-Server API

Spec Clarifications
  • Fix various typos throughout the specification. (#1431, #1447, #1466, #1518)
  • Fix PDU examples by removing invalid OpenAPI reference to examples/minimal_pdu.json. (#1454)
  • Remove leftover {key_id} from /_matrix/key/v2/server/. (#1473)
  • Remove extraneous age_ts field from the reference hash calculation section. (#1536)

Application Service API

New EndpointsBackwards Compatible Changes
  • Add homeserver->appservice ping mechanism, as per MSC2659. Contributed by @tulir at @beeper. (#1516, #1541)
Spec Clarifications
  • Fix various typos throughout the specification. (#1447)

Identity Service API

Spec Clarifications
  • Corrections to the response format of /_matrix/identity/v2/store-invite. (#1486)

Push Gateway API

No significant changes.

Room Versions

Spec Clarifications
  • Clarifications of event ID formats in early room versions (#1484)

Appendices

Spec Clarifications
  • Clarify that the term "Canonical JSON" is a specific thing within the Matrix specification. (#1468)
  • Remove references to groups. (#1483)
  • Clarifications of event ID formats in early room versions. (#1484)

Internal Changes/Tooling

Spec Clarifications
  • Update references to Inter font. (#1444)
  • Endpoint disclosures now hide everything but the URL. (#1446)
  • Wrap $ref in allOf where other attributes are present, to improve OpenAPI compliance. (#1457)
  • Minor cleanups to the GitHub Actions workflows (#1476)
  • Fix generation of anchors for additional properties. (#1488)
  • Fix various typos throughout the specification. (#1534)
  • Document more of the spec release timeline/process. (#1538)

Disclosing Synapse security advisories

2023-05-24 — Security — Denis Kasak (dkasak)

Today we are retroactively publishing advisories for security bugs in Synapse. From oldest to most recent, they are:

We strongly advise Synapse operators who are still on earlier Synapse versions to upgrade to the latest version (v1.84.0) or at the very least v1.74.0 (released Dec 2022), to prevent attacks based on these vulnerabilities. Please see the advisories for the full details, including a description of

  • the vulnerability and potential attacks,
  • exactly which deployments are vulnerable, and
  • workarounds and mitigations.

Because these bugs are either related to or exploitable over Matrix federation, we have delayed publishing these advisories until now out of caution. This allowed us to ensure that the majority of Synapse homeservers across the public federation have upgraded to a sufficiently patched version, based on the (opt-in) stats reporting to the Matrix.org foundation.

If you have any questions or comments about this announcement or any of the advisories, e-mail us at [email protected].

This Week in Matrix 2023-05-19

2023-05-19 — This Week in Matrix — Andrew Morgan (anoa)

Matrix Live

No Matrix Live this week as Thib's away. Tune in next week though - maybe he'll do two!

Dept of Spec 📜

Andrew Morgan (anoa) announces

Here's your weekly spec update! The heart of Matrix is the specification - and this is modified by Matrix Spec Change (MSC) proposals. Learn more about how the process works at https://spec.matrix.org/proposals.

MSC Status

New MSCs:

MSCs in Final Comment Period:

  • No MSCs are in FCP.

Accepted MSCs:

  • No MSCs were accepted this week.

Closed MSCs:

  • No MSCs were closed/rejected this week.

Spec Updates

Matrix v1.7 has been given a release date of May 25th, right before the next TWIM! Expect a matrix.org blog post with all the details on the day.

Leading up to the release we've seen a number of great spec PRs appearing and being merged! Thank you to everyone for writing them (saving the SCT some time!) and to other reviewing on commenting. It's a huge help and the spec feels like it's chugging along at a blistering pace!

Random MSC of the Week

The random MSC of the week is... MSC2213: Rejoinability of private/invite-only rooms!

This MSC adds the ability for users who have previously joined a room to rejoin again. Typically this isn't desired in a public room setting, but it does specifically make sense in the case of a DM that you've left and want to return to without the other user needing to invite you. This case has specific implications for cases where there could be only ever one room between two users. Being able to rejoin it if the other user has disappeared is key!

Outside of the DM use case, this functionality can mostly already be achieved by using restricted rooms, where users of a given space/another room can always join your room. However, it would be nice to have the flexibility of allowing certain users to rejoin a room without needing another room to serve as proof of membership.

Is this something you're interested in? Do you have additional use cases? Feel free to check out the MSC and comment with your thoughts!

Dept of Clients 📱

Fractal (website)

Matrix messaging app for GNOME written in Rust.

Kévin Commaille says

Fractal 5.beta1 is out!

Fractal 5.beta1 is the first beta release since the rewrite of Fractal to take advantage of GTK 4 and the Matrix Rust SDK. It is the result of over two years of work.

New features since Fractal 5.alpha1:

  • Joining room by ID, by alias or with a Matrix URI
  • Creation of direct chats
  • Sending and displaying read receipts, read markers and typing notifications
  • Notifications on new messages
  • Highlight messages with mentions
  • Added media file history viewers in the room details, thanks to our GSoC intern Marco Melorio
  • Displaying the other user's avatar as a room avatar for direct chats

Of course, there are a also a lot of less visible changes, fixes and translations thanks to all our contributors, and our upstream projects.

As the version implies, this is still considered beta stage and might trigger crashes or other bugs but overall should be pretty stable. It is available to install via Flathub Beta, see the instructions in our README.

The GNOME 44 runtime used by the beta version Flatpak was shipped with a GTK version that has a regression which messes with room order in the sidebar: some rooms can appear twice and some rooms are missing. This is a known issue so there is no need to report it, there is nothing for us to do but wait until the fix is backported and shipped in an update of the GNOME runtime. In the meantime, the nightly version is unaffected by that.

A list of blocking issues for the release of version 5 can be found in the Fractal 5 milestone on GitLab. All contributions are welcome !

FluffyChat (website)

Krille announces

Here's a quick rundown of what's been happening in the Fluffy world over the past week:

📱 Android:

  • Updated minimum SDK version from 16 to 19. With the latest Flutter upgrade this was necessary. So FluffyChat will no longer be installable on Android 4.3 and below.

🔧 Miscellaneous:

  • Added missing blockquote style.
  • Cleaned up unused translations.
  • Various code clean-ups and maintenance tasks.

🔄 Refactoring and Updates:

  • Refactored Flutter Matrix HTML
  • Updated fonts for improved visuals.
  • Leveraged DateTime for accurate weekday localization.

🐞 Bug Fixes:

  • Fixed render overflow caused by long file names.- Improved error reporting for critical issues.

💡 Exciting New Features:

  • Mute notifications from chat groups with a simple toggle.

🔧 Maintenance and Dependency Updates:

  • Streamlined codebase by removing unnecessary dependencies.
  • Updated dependencies for enhanced performance and security.
  • Enhanced release curl calls for better error handling.
  • Updated translations (thanks to all translators)

We are working hard to make the next release possible to bring these changes to all users soon. Stay tuned <3

Ement.el (website)

Matrix client for Emacs

alphapapa says

Ement.el, a Matrix client for the GNU Emacs Lisp machine and text editor, has been released at version 0.9. Changes since the last release include:

Additions

  • Option ement-room-timestamp-header-align controls how timestamp headers are aligned in room buffers.
  • Option ement-room-view-hook runs functions when ement-room-view is called. (By default, it refreshes the room list buffer.)
  • In the room list, middle-clicking a room which has a buffer closes its buffer.
  • Basic support for video events. (Thanks to Arto Jantunen.)

Changes

  • Using new option ement-room-timestamp-header-align, timestamp headers default to right-aligned. (With default settings, this keeps them near message timestamps and makes for a cleaner appearance.)

Fixes

  • Recognition of certain MXID or displayname forms in outgoing messages when linkifying (aka "pilling") them.
  • Unreadable room avatar images no longer cause errors. (Fixes #147. Thanks to @jgarte for reporting.)
  • Don't error in ~ement-room-list~ when no rooms are joined. (Fixes #123. Thanks to @Kabouik and Omar Antolín Camarena for reporting.)
  • Enable member/room completion in compose buffers. (Fixes #115. Thanks to Thanks to Justus Piater and Caleb Chase for reporting.)

Feel free to join us in the chat room: https://matrix.to/#/#ement.el:matrix.org.

Element Android (website)

Secure and independent communication for Android, connected via Matrix. Come talk with us in #element-android:matrix.org!

kittykat reports

  • Element Android 1.6.0 has been released in the beta channel, it is now using the Crypto Rust SDK. It will be rolled out slowly (currently 5%). We are monitoring the deployment and gathering feedback. The production release will only happen after the rollout and might contain any needed fixes
  • We’ve also had some improvements to the Rich Text Editor, especially to mention slash commands.

Element X Android (website)

The next generation of Element on Android! Come talk with us in #element-android:matrix.org!

kittykat reports

  • The team is working on:
    • Adding invite users to room
    • Roomlist context menu (which will include settings and leaving the room)

Element X iOS

Ștefan says

This has been a very exciting week for Element X iOS with our second ever public release seeing the light of day. The change log is huge and the app is better than ever so do please join our public testflight if you haven't already. We now have room and member details, media uploading, animated gif support, user blocking, system notifications, room leaving and many many more. Feel free to also join our public room

Otherwise this week we have been focusing on:

  • custom rendering for different reply room message types in the timeline
  • background app refresh support
  • read receipts
  • inviting people to rooms
  • creating new rooms
  • and last but not least: bug fixes, general stack cleanup and architectural improvements

Dept of SDKs and Frameworks 🧰

Elm SDK (website)

Bram reports

Sometimes, development isn't about writing code, it's about looking ahead and planning! In the past three weeks, I've tried to figure out how filters work combined with endpoints like /sync, /messages and /context - and it turns out I couldn't find any straight answers!

So I wrote a whitepaper in the Elm SDK repository on the inconsistencies and where the spec is unclear (to me, at least). I hope you're willing to look into it as I might open up an MSC soon where I request to be more specific about filters and the endpoints.

Read the whitepaper here, and please give me your feedback and/or corrections!

matrix-scala (website)

cheb reports

I've developed a rudimentary Matrix-Library for Scala for akka, for distributed async systems. The underlying code is actually automatically generated from the specification, with strong typing, automatic JSON (de-) serializiation and a rudimentary client provided. It features the entirety of the client-server API. This is achieved via a custom code-generator. This library provides just enough stuff to easily build a fully fletched client. A more high-level client is in development right now. Encryption will be hard, but will hopefully be implemented via JNI in the foreseeable future.

This is part of Germany's effort to move hospitals messaging systems to the Matrix protocol.

In case you want to check it out: A prebuilt is also provided https://github.com/UMEssen/matrix-scala/tree/main

Trixnity (website)

Multiplatform Kotlin SDK for Matrix

Benedict announces

Trixnity got its first big external contribution in version v3.6.2!

features:

  • added support for Android room database. Thanks to Jon Poulton!

bugfixes:

  • allow parallel use of Okio media store

Dept of Bots 🤖

Trinity (website)

bnjbvr reports

Matrix bots in Rust and WebAssembly. If you're interested to follow the project, feel free to join #trinity:delire.party or get the code on Github.

Since last time, we've upgraded to the latest version of wasmtime, wit-bindgen and cargo-component, and even found a bug in the toolchain! Thanks to the Bytecode Alliance folks for helping with a workaround.

We've also converted all the bot commands so they make use of the simpler libcommand API, and thanks to that, we could add support for emoji reactions easily. Now the bot will report success by adding 👌 annotation to the (human) request.

The bot will also report its presence as disconnected as soon as the program exits (and automatically mark itself connected when it gets back, but that part is thanks to the Rust SDK 💜).

Dept of Events and Talks 🗣️

Matrix Community Summit 2023 (website)

Christian Paul (jaller94) reports

To follow up on the overwhelmingly successful conference last year, we're planning a second Matrix Community Summit in Berlin. We expect this to have 3 days of activities.

  • Thu, 21st Sep: BarCamp day (attendees pitch topics and vote for which to discuss)
  • Fri, 22nd Sep: Conference day
  • Sat, 23rd Sep: Conference day

The website and Call for Presentations is being worked on. Expect both to be announced here in the following weeks.

This event will take place in Berlin, with the most likely location being the one from last year: The famous hacker space c-base. If you know any place more suited for a conference, please contact us. https://matrix.to/#/#matrix-community-summit:c-base.org

Your Matrix Salon Berlin

Dept of Interesting Projects 🛰️

Beepberry (website)

Eric Migicovsky announces

I announced a little side project yesterday: Beepberry - a portable e-paper computer for hackers, designed for chatting on Beeper (universal messaging app built on top of Matrix). My day job is running Beeper, but I will always have a soft spot for building hardware (I was the founder of Pebble).

I wanted to create a ‘weekend’ device that would let me stay in touch with friends and family, without the distractions of a full smartphone. I imagined a tiny, hackable e-paper screen with a physical keyboard, powered by a Raspberry Pi, that I could use to chat around my home…and do pretty much nothing else.

Before Matrix, the idea probably would not have gone anywhere. Most chat apps do not have an API, making it practically impossible to hack something like this together.

I partnered with sqmfi and they’re starting to take pre-orders at https://beepberry.sqfmi.com for the first batch. It’s $79 (or $99 including a Pi Zero). Specs: Sharp Memory LCD (same display tech as in Pebble!), Pi Zero (BT/WIFI), physical keyboard, 2000mAh lipo.

On top of being an amazing chat device, it’s basically an e-paper Cyberdeck that fits in your pocket. It’s a ton of fun to hack on. Keep in mind - THIS IS NOT A REAL FINISHED PRODUCT. It’s basically a devkit.

More info in the blog post: https://blog.beeper.com/p/beeper-x-sqmfi-beepberry, or join #beeper-general:beeper.com

Here's what it looks like running a slightly customized version of gomuks: https://www.youtube.com/watch?v=fIgzybDcvYk

If you are a hacker and want to apply to get one early, fill in this form after ordering.

NeoBoard (website)

Dominik Henneke reports

We are pleased to announce the NeoBoard — an open-source collaborative whiteboard widget for Matrix! The NeoBoard is an ideal tool for creating and sharing content, conducting presentations, and collaborating with colleagues or friends. All data is stored as Matrix events within the Matrix room, leveraging Matrix's native end-to-end encryption, decentralization, and data privacy features.

The widget uses CRDT documents (conflict-free replicated data type) and WebRTC to provide a seamless and fast editing experience. It is used in the German public sector and is now available to anyone looking for a powerful and secure way to collaborate.

The NeoBoard is the latest widget from Nordeck, which we have been developing behind the scenes in the past months, and we're excited to finally share it with the Matrix community. If you have any questions, reach out to us at #nordeck:matrix.org.

That's all I know

See you next week, and be sure to stop by #twim:matrix.org with your updates!

This Week in Matrix 2023-05-12

2023-05-12 — This Week in Matrix — Thib

Matrix Live

Dept of Spec 📜

Andrew Morgan (anoa) announces

Here's your weekly spec update! The heart of Matrix is the specification - and this is modified by Matrix Spec Change (MSC) proposals. Learn more about how the process works at https://spec.matrix.org/proposals.

MSC Status

New MSCs:

MSCs in Final Comment Period:

  • No MSCs are in FCP.

Accepted MSCs:

Closed MSCs:

Spec Updates

A regular reminder that every Tuesday, the Spec Core Team (SCT) publishes their approximate priorities in the public Office of the Spec Core Team room - check it out to see what the SCT is working on. Similarly, if you’d like the SCT to engage with your MSC, mention so in that room.

The release of Matrix 1.7 is expected in the next 1-2 weeks! Keep an eye out for announcement blog post specifically for it. We'll call it out in the following TWIM as well of course :)

Matrix 1.8 is currently scheduled for around August 2023.

Random MSC of the Week

The random MSC of the week is... MSC3914: Matrix native group call push rule!

This MSC adds a new push rule that causes your Matrix client to emit a notification if a group call (as defined by MSC3401 is started in a Matrix room. This MSC (obviously) depends on MSC3041, so that MSC will need to be accepted before this one can be.

There is currently a client-side implementation for this MSC, but it is missing a homeserver side one (for adding the push rule).

Check out the MSC if you're interested, or perhaps take a look at adding that server-side implementation?

Dept of Servers 🏢

Synapse (website)

Synapse is a Matrix homeserver implementation developed by the matrix.org core team

Shay says

Synapse

It's Friday Friday Friday which means it's time for another TWIM. This week the backend team released Synapse v1.83.0. Notable highlights include:

  • Update support for MSC3983 to allow always returning fallback-keys in a /keys/claim request.
  • Fix a long-standing bug where cached server key results which were directly fetched would not be properly re-used.
  • Fix a bug introduced in Synapse 1.73.0 where some experimental push rules were returned by default.
  • Add experimental support to recursively provide relations per MSC3981

And so much more! To read about everything in the release, take a look at the release notes here and otherwise have a great week.

Dept of Clients 📱

Cetirizine

A Matrix Client written for MTRNord

MTRNord says

Hi everyone :)

I recently started to work on my own personal Matrix client. It's still early in the progress, but I wanted to share it.

It mostly is based around some core concepts of element-web UI, however deviates from it quite quickly. Notable changes are that it merges the space and roomviews into a single list, it has a richtext editor, and it renders things slightly different but close to element-web.

Additionally, the client is using the matrix-rust-sdk-crypto-js bindings as underlying e2ee and sliding-sync as it's /sync implementation.

This week it's just a preview, but I hope to improve upon it and make it more usable for people. You will find plenty of bugs like e2ee not decrypting past messages, no upscroll, no verification. But for very basic chatting it should work already.

Feel free to peek into #cetirizine:midnightthoughts.space or have a look at the repo https://github.com/MTRNord/cetirizine or try it for yourself at https://mtrnord.github.io/cetirizine (Or just view the storyboard at https://mtrnord.github.io/cetirizine/storybook )

Note that since this is meant to be a personal client there is no support given, and it's purely "free and source available" but neither includes community support nor any form of professional support. This is to prevent mental exhaustion for myself. Also note that this is still very early into the process. So many things are missing or buggy. If you try it, be careful.

Element Web/Desktop (website)

Secure and independent communication, connected via Matrix. Come talk with us in #element-web:matrix.org!

Danielle announces

  • Our work on notifications continues with a big improvement to the stuck notifications bug hitting production this week!

    • The MSC 3981 is in review and other bug fixes are also continuing to land
    • The enhancements to Settings are underway, this week we’ve looked at mapping users current selections to the new design to ensure that a migration is as smooth as possible

  • Our Accessibility work continues with more than 20 issues closed in the last few weeks. This will continue to be a priority for us over the coming few weeks so please continue to raise any issues or areas that we could be improving.

Element Android (website)

Secure and independent communication for Android, connected via Matrix. Come talk with us in #element-android:matrix.org!

Manu announces

  • The 1.6.0 release candidate for Element-Android is still being tested before it lands on the Play Store. It contains a major change where we switch the crypto module to use the rust crate from the matrix-rust-sdk.
  • Still on Element-Android, we are improving accessibility on several screens
  • Meanwhile on ElementX-Android, we added the upload of image, video and files. Room creation, invite and join is almost complete

Element X iOS (website)

Everything related to Element but not strictly bound to a client

Ștefan says

Hello Friday and goodbye to another productive Element X week. We’re working very hard on stabilizing the application and getting it ready for a new public release but meanwhile:

Dept of SDKs and Frameworks 🧰

matrix-rust-sdk (website)

Next-gen crypto-included SDK for developing Clients, Bots and Appservices; written in Rust with bindings for Node, Swift and WASM

Jonas Platte says

Over the last two weeks,

  • SQlite replaced sled as the default on-disk state store backend!
  • We added more convenient power level action checks and exposed them in matrix-sdk-ffi
  • The FFI crate also gained support for sending image attachments through the timeline
  • We made the timeline strip reply fallbacks (so replies don't get rendered twice)
  • We've steadily been improving our logging
  • And of course there were lots of bug fixes, CI improvements and refactorings as well
    • Notably, we optimized the size of some futures, which could be the solution for a stack overflow Windows users have been reporting from time to time (we're waiting for somebody who previously saw the bug to try out the latest version)

Dept of Ops 🛠

radicale-auth-matrix (website)

Aine says

Radicale is dead simple CalDAV/CardDAV server, it's not fancy, but does the job. The only caveat with Radicale we had at etke.cc is manual htpasswd-based user management which is painful both for us and our customers.

So, we did that thing, called radicale-auth-matrix and you can use it authenticate from radicale against your matrix server, delegating user management on matrix side, where you have proper API and even UI for that.

How it works? You enter your matrix account's credentials when login to your Radicale server, that's it! It even has simple hash-based cache to avoid unnecessary requests to matrix API once you logged in.

Pretty niche thing, but it pain caused by manual user management is gone 😄

Source code. We even have ready-to-use Radicale docker image with that plugin installed

Dept of Events and Talks 🗣️

Matrix administration and development courses (German) at Linuxhotel

Nik | Klampfradler 🎸🚴🏻 announces

The deadline for registrations for the two Matrix courses at the German Open Source training center Linuxhotel is fast approaching, and the courses, sadly, are at risk to be cancelled due to lack of interest:

If you know someone who might be interested in 3 to 5 days of hands-on Matrix experience for their company, team, or as a hobbyist, please share the invitation ☺!

HarHarLinks reports

[m][email protected]

Hi TWIM! It's been 3 months since a good chunk of the Matrix community gathered at FOSDEM. We had lots of fun meeting people at FOSDEM itself and on top an overwhelming response to the #fosdem23-community-meetup:matrix.org we hosted on Friday in advance.

One of the next hacker events has now appeared on the horizon, namely Chaos Communication Camp 2023 happening August 15-19. Find all the info about it in several posts on https://events.ccc.de/category/camp-2023/ and in the rooms contained within the #camp2023:events.ccc.de space. Note that this event, while happening close to Berlin, Germany, and some of the presented content might be in German, the Camp still targets an international audience.

Some of us have already gotten together to organize a Matrix village at the CCCamp. If you are interested in attending or - even better - have any ideas to share, we invite you to join us in that room. In particular, we will meet next Monday (May 15) in a video conference in #chaosevents:matrix.org for planning, exchanging info, etc.

Matrix in the News 📰

Nightshade reports

A rather known tech related German journal talked about interoperability hurdles, MIMI, and also Matrix. The german article can be found on their website.

Dept of Ping

Here we reveal, rank, and applaud the homeservers with the lowest ping, as measured by pingbot, a maubot that you can host on your own server.

#ping:maunium.net

Join #ping:maunium.net to experience the fun live, and to find out how to add YOUR server to the game.

RankHostnameMedian MS
1test.zemos.net339
2matrix.lukeog.com442
3coolegrane.farm550
4envs.net620
5kittenface.studio1090
6zemos.net1692
7rom4nik.pl2282.5
8wcore.org2489
9herkulessi.de4554.5
10mailstation.de4803

#ping-no-synapse:maunium.net

Join #ping-no-synapse:maunium.net to experience the fun live, and to find out how to add YOUR server to the game.

RankHostnameMedian MS
1test.zemos.net108
2l1qu1d.net194.5
3feline.support286
4777.tf416.5
5herkulessi.de422
6zemos.net729.5
7shiftsystems.net961

That's all I know

See you next week, and be sure to stop by #twim:matrix.org with your updates!

NextPage 2

All posts

This Week in Matrix 2023-06-02
This Week in Matrix 2023-05-26
Matrix v1.7 release
Disclosing Synapse security advisories
This Week in Matrix 2023-05-19
This Week in Matrix 2023-05-12
This Week in Matrix 2023-05-05
This Week in Matrix 2023-04-28
This Week in Matrix 2023-04-21
This Week in Matrix 2023-04-14
This Week in Matrix 2023-04-10
This Week in Matrix 2023-03-31
Security releases: matrix-js-sdk 24.0.0 and matrix-react-sdk 3.69.0
This Week in Matrix 2023-03-24
This Week in Matrix 2023-03-17
The DMA Stakeholder Workshop: Interoperability between messaging services
This Week in Matrix 2023-03-10
This Week in Matrix 2023-03-03
Synapse 1.78 released
This Week in Matrix 2023-02-24
DiscoverTry MatrixClientsBotsSDKsHosting
GuidesGetting StartedClient-Server APIInstall SynapseBridgesAll guides
Develop DocsSpecAPI PlaygroundCode
BlogAll PostsThis Week In MatrixSecuritySecurity RSSRSS
MoreFAQsMatrix LiveSecurity Disclosure PolicySecurity Hall of FameCode of Conduct for Matrix.orgLegalContactSite Source
Copyright Notice