v0.4.7-rc

remove `ProcSubset=pid` from systemd units for now

they appear to cause strange rust malloc issues on Debian systems

Signed-off-by: strawberry <[email protected]>

v0.4.6

conduwuit

Release 0.4.6

Hi everyone! conduwuit 0.4.6 has been released. This is a huge release with many different bug fixes, changes, features, improvements, etc. It definitely has been a while and we hope the wait has been worth it!

---

The biggest thing on everyone's mind is that authenticated media has been added and enabled by default. No user intervention is needed, however if you'd like to disable the legacy media endpoints set allow_legacy_media to false.

Thanks to @morguldir, a LOT of sliding sync issues were fixed that make Element X a lot more enjoyable to use on conduwuit. This includes heroes support, timestamps, fixing a panic, properly resetting connections, supporting per-room account data, supporting read receipts extensions (MSC3960), and receiving room invites.

Lots and lots of admin commands were added/fixed pertaining to general moderation, media cleanup and deletion, debugging, server/build information, and many more. See your local !admin --help command and their subcommands as usual to explore what's been added as there's too many to list here.

Some media issues that may have been caused by Conduit database media compatibility have been resolved. Compatibility symlinking was also disabled by default, and can be re-enabled if there is a desire to move back to Conduit.

The appservice ping endpoint and MSC3316 timestamped massaging were added, both primarily used by Mautrix appservices.

Thanks to @isosphere from many hours of debugging and their code, threads are no longer backwards. Additionally, the "age" unsigned field is no longer hardcoded to 1 which may be used by some clients.

We have dropped the required aarch64 target architecture to Cortex-A73 / ARMv8-A as the previous one was too new which broke support for some slightly older aarch64 devices.

The Debian package may have failed to install on some older versions of Debian as it was using a flag only available on the latest Debian. This has been corrected.

The last_seen_ip field is now set on initial new device creation. This, alongside last_seen_ts, still needs work on keeping it updated, but at least you have an initial IP address to see which is way better than nothing at all.

We've fixed Element Web/Desktop and likely other clients missing "inline profiles" by always sending redundant memberships (include_redundant_members) as Synapse does this too, and most clients seem to require this knowledge to properly load all inline profiles.

Some admin commands may look a bit different thanks to our new admin command log capture, which allows you to see the logs generated by an admin command ran. See our example config for configuring this behaviour if needed.

Lots of code under the hood has been refactored, improved, simplified, optimised, etc, and continues to be!

Some other small/misc things are:

• Presence status messages can now be set properly by clients
• The forbidden_remote_server_names config option was extended to support blocking outbound and inbound federation to said servers.
• The m.room.guest_access event is now properly respected.
• MSC4166 support was added which simply returns 404 on the /_matrix/client/v3/voip/turnServer endpoint if no TURN URIs were configured
• The new user display name suffix is no longer forcibly applied to appservice user registrations (some did consider this a feature but it was a bug. If you think you want this still, let me know and I'd be happy to make it a config option)
• The old room alias is now properly removed on room upgrades
• When banning a room, any local room aliases are deleted and the room is unpublished from the room directory
• Removed 2 redundant CSP directives that were already inherited by default-src
• axum-dual-protocol (HTTP/HTTPS listening when using TLS mode, no rev proxy) is no longer feature-gated for simplicity
• Various documentation improvements

And of course, the usual dependency updates/bumps have taken place, including RocksDB v9.5.2, bumping the Nix flake lockfile, and using latest Rust 1.80.1.

250 commits have been added since 0.4.5 (which we usually don't have this many each release!), so if you'd like to see the full set of changes that I may not have listed here see the commit history below.

---

Commit history: v0.4.5...v0.4.6

GitHub Releases | Docker Hub | NixOS

Liberapay | GitHub Sponsors | Ko-fi

Chat with us in #conduwuit:puppygock.gay

v0.4.6-rc

syncv3: read receipts extension (MSC3960)

v0.4.5

conduwuit

Release 0.4.5

Hi everyone! conduwuit 0.4.5 has been released. This is primarily a bug fix release with some misc improvements.

• Some edge-case federation issues were found only with servers that use SRV records for delegation, this regression has been fixed and it's recommended to update to 0.4.5.
• A potential race condition on membership updates (e.g. joins, leaves, invites, etc) was fixed
• Potential unclean shutdown issues that were in the form of panics during high-load activity was fixed
• When using outgoing presence, empty presence EDUs were identified to be erroneously sending to other servers. This release fixes this, and has been found to improve the performance of outgoing presence overall.
• For the console feature, a command tab completion feature was implemented
• If conduwuit encounters a runtime panic, it can now fully catch and recover the panic, improving the reliability of conduwuit
• Access control checks were added for room directory publishing
• Static binaries and OCI images are now built with --all-features, which noticeably gains the console feature for everyone to use without building conduwuit
• Static binaries and OCI images are also now built with CPU optimisations, which will help improve performance overall. aarch64 binaries are optimised for ARM cortex-a55 (minimum requires ARMv8.2-a). x86_64 binaries are built for x86-64-v2 (minimum requires SSE 4.2).
• RocksDB was updated to v9.4.0
• For NixOS users, the empty version string regressed in v0.4.4 and was fixed
• Misc logging improvements
• Various code cleanup, refactors, improvements, etc which may result in improved performance
• A force join room admin command was added
• A make server admin command was added to make the specified local user an admin of your server

Commit history: v0.4.4...v0.4.5

GitHub Releases | Docker Hub | NixOS

Liberapay | GitHub Sponsors | Ko-fi

Chat with us in #conduwuit:puppygock.gay

v0.4.5-rc

ci: dont publish `-rc` tags as `latest` docker branches

Signed-off-by: strawberry <[email protected]>

v0.4.4

conduwuit

Release 0.4.4

Hi everyone! conduwuit 0.4.4 has been released. This release introduced significant code cleanups, misc bug fixes, major performance optimisations tailored to database-functions, the deletion of the SQLite backend, Room Summary API support (MSC3266), OpenID routes to make Element Integration Manager work, and the SHA256 media feature integrated in a forwards-compatible way.

---

A breaking change that shouldn't affect anyone is that SQLite support was fully removed from conduwuit. This was done due to SQLite being used incorrectly as an extremely inefficient and slow key-value store with no proper schema, SQLite in general not being very suitable for a Matrix homeserver, the rusqlite library was holding back some necessary future database refactoring and improvements, and being a burden to maintain for something that almost no one uses. Because the SQLite usage was little to none, no automatic migration path was provided, but conduit_toolbox provides a SQLite -> RocksDB migration tool if you are impacted. RocksDB is the only supported database backend for conduwuit, and as always we intend on closing the feature gap that SQLite may have provided over RocksDB as much as possible.

Removal of SQLite along with some feature refactoring now makes the --all-features Rust build flag work for conduwuit.

A long-standing edge-case database bug was fixed that had the small possibility of causing mild jank upon room joins for the specific room being joined. The chances of this happening were low, but it was more likely on high-load servers and/or very fast servers. It's recommended to update to v0.4.4 to prevent the possibility of this issue happening.

More significant code cleanups, simplifications/minifications, refactoring, etc were done that also significantly improved database performance and performance on some hot code paths. Ping times have been found to be even better than before. Memory usage may also be improved from this.

MSC3266 support aka "Room Summary API" was added, just lacking federation bits at the moment but is functional for most uses of it. The OpenID routes were also added which is primarily used to make Element's "Integration Manager" functional.

The long-time optional sha256_media conduwuit feature has been fully integrated into conduwuit in a Conduit database forwards-compatible way through filesystem symlinks and startup media scans/checks. This prevents the upstream media bug on filesystems that don't allow long file names in the form of "File name too long (os error)" due to upstream using base64 for file names while still retaining upstream database compatibility. Users who used this optional feature are transparently migrated to the same database version as everyone else.

If you do not ever intend on moving back to Conduit, you can disable the 2 config options that retain database compatibility to speed up startup times and reduce media directory clutter: media_compat_file_link and media_statup_check in the example config.

Miscellaneous bugs were fixed related to spaces/hierarchy, redactions, restricted room joins, preventing infinite well-known caching, etc. And the usual dependencies were updated, including RocksDB to v9.3.1 from v9.2.1.

Commit history: v0.4.3...v0.4.4

GitHub Releases | Docker Hub | NixOS

Liberapay | GitHub Sponsors | Ko-fi

Chat with us in #conduwuit:puppygock.gay

v0.4.3

conduwuit

Release 0.4.3

Hi everyone! conduwuit 0.4.3 has been released. This release features admin room infrastructure improvements, some new admin commands, general maintenance, small logging cleanup, a brand new console interface, and the ability to run admin commands in any room.

This server-side CLI console feature can be activated by building conduwuit with the console feature and sending CTRL+C. This is subject to change and may be included as a default feature soon, or offer console builds. In this console interface (prefixed with uwu> ), you can run standard admin commands and receive coloured outputs. To exit, send CTRL+D. To shutdown your server after exiting the console, send CTRL+\ (SIGQUIT). The server will continue functioning as normal with the console open.

^{yes this is the Minecraft monospace font called Monocraft, yes I use it}

To run admin commands and receive their outputs in the same room and as yourself ("public admin escaped commands"), you must be an admin on your server, and enter any admin command as you usually would with the backslash prefix. Either \!admin or \\!admin followed by your command. This feature can be disabled if desired in your config via admin_escape_commands = false.

This feature also does not work in encrypted rooms. In theory though, you might be able to send an unencrypted message in an encrypted room to run these commands.

Admin commands to check your uptime, shutdown your server, restart your server (works with systemd!), echo a message/input, and send a message to the admin room were added in !admin server and !admin debug.

Commit history: v0.4.2...v0.4.3

GitHub Releases | Docker Hub | NixOS

Liberapay | GitHub Sponsors | Ko-fi

Chat with us in #conduwuit:puppygock.gay

v0.4.2

conduwuit

Release 0.4.2

Hi everyone! conduwuit 0.4.2 has been released. This is a relatively huge update along with an upstream security fix which may result in local privilege escalation that primarily impacts public homeservers, and some various new features, performance optimisations, and bug fixes. It is very important to update to the latest as soon as possible if you are hosting a public homeserver, or generally have untrusted users on your server. A few database bugs were also fixed that may clear up various jank.

If you are unable to upgrade your server immediately, a mitigation for the vulnerability is provided below which is registering a fake/shim appservice (!admin appservices register) with the following contents:

id: temp-mitigation
as_token: <CHANGEME>
hs_token: <CHANGEME>
namespaces:
  users:
    - exclusive: true
      regex: "@.*"
  aliases:
    - exclusive: true
      regex: "#.*"
  rooms: []
rate_limited: false
sender_localpart: <CHANGEME>

This fake appservice can be deleted after upgrading to 0.4.2. Change the values to something random.

List of notable changes include:

• "See history" button in Element on state events "view source" to see their history now work
• Fixed 3 long-standing database bugs that resulted in various jank, including room joins issues, federated invites not working fully, member counts being out of sync, some push notification issues, and likely some client room name calculation not working
• Admin commands for viewing some room info such as joined members in a room and seeing the room topic were added
• An experimental implementation of Dendrite's AdminDownloadState (/admin/downloadState/{serverName}/{roomID}) admin API endpoint was added as a debug command to download and use a room's state from a remote server in the room
• UNIX socket support has been fixed and is fully functional now
• conduwuit now logs the client IP on some requests (will be extended more in the future)
• Deactivations now leave all rooms by default (including admin room deactivation), along with removing your display name and profile picture like Synapse
• Fix not allowing various federation endpoints for world readable rooms
• Add guest/unauthenticated user support for TURN (turn_allow_guests) like Synapse
• Add a --force argument for deleting past remote media admin command to skip errors, and fixed a logic bug with it
• Fix emergency password not working
• Log out all sessions of the server service account when emergency password is unset
• Add some additional room alias checks and allow creators to delete their own created room aliases like Synapse
• Add Element spec-compliance client hack for password changes and deactivations not working on legacy Element iOS and Android
• Use a more strict and secure CSP apart of a recent Matrix spec proposal
• conduwuit spec compliance with media on Content-Disposition and Content-Type handling is now corrected
• Remove unnecessary PDU exists check on receiving read receipts, slightly speeding up transaction handling for read receipts
• Fix some edge-case client search bugs
• Disable URL previews by default in new admin room creations
• Add support for listening on multiple addresses similar to listening on multiple ports
• Default to listening on both IPv4 localhost (127.0.0.1) and IPv6 localhost (::1)
• Allow "world readable" read receipt EDUs again
• Fix some potential shutdown hanging issues
• General dependency updates/bumps
• Lots and lots of code cleanups, dedupes, optimisations, refactors, and such

A conduwuit community code of conduct was also added that tailors to at least our Matrix community: https://conduwuit.puppyirl.gay/conduwuit_coc.html

Commit history: v0.4.1...v0.4.2

GitHub Releases | Docker Hub | NixOS

Liberapay | GitHub Sponsors | Ko-fi

Chat with us in #conduwuit:puppygock.gay

v0.4.1

conduwuit

Release 0.4.1

Hi everyone! conduwuit 0.4.1 (and 0.4.0) has been released. The most important change were the various medium and high severity federation security fixes from inherited upstream code. It's strongly recommended users update to 0.4.1 as soon as possible.

These fixes impact the federation endpoints /send_join, /make_join, /send, /send_leave, /make_leave, /invite, and fix indirect bypass of room ACLs, and accepting inbound EDU impersonation such as read receipts, typing indicators, device messages, etc (except e2ee master key). Some Complement tests were also fixed as part of this that were loosely security related.

Due to the volume of fixes, the details and specific changes can be found here: #406

Other various changes in this release include CI/testing and Nix infrastructure improved, io_uring and jemalloc are enabled by default and in static binaries, Complement in CI is now enforcing, some misc logging improvements, and various code simplifications, improvements, removals, etc.

Commit history: v0.3.4...v0.4.1

GitHub Releases | Docker Hub | NixOS

Liberapay | GitHub Sponsors | Ko-fi

Chat with us in #conduwuit:puppygock.gay

v0.3.4

conduwuit

Release 0.3.4

Hi everyone! conduwuit 0.3.4 has been released. This is a small maintenance release in preparation for the upcoming v0.4.0 release later this week. No new features were added.

conduwuit was officially added to Complement, and support for running the Content-Disposition safety tests was added there too. (matrix-org/complement#723)

Through those Complement tests, we found one more edge-case Content-Type being allowed as inline (image/svg+xml) and currently we now pass all 3 Content-Disposition Complement tests after fixing that.

In addition, we now fully distrust the client or remote server's Content-Type for all media (uploads, thumbnails, and downloads) and return what we detected the file is (with a valid fallback to application/octet-stream).

Both of these further improve client security by making sure we detect the true file fully, and we send the correct behaviour to web browsers.

The Debian packaging has been fixed as it's been broken for a while and partially in upstream, some CI improvements were made, and cleaned up some documentation and example configs in our repo.

Commit history: v0.3.3...v0.3.4

GitHub Releases | Docker Hub | NixOS

Liberapay | GitHub Sponsors | Ko-fi

Chat with us in #conduwuit:puppygock.gay