Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

Unreleased

This will be the first release of Grapevine since it was forked from Conduit 0.7.0.

Security

  1. Prevent XSS via user-uploaded media. (!8)
  2. Switch from incorrect, hand-rolled X-Matrix Authorization parser to the much better implementation provided by Ruma. (!31)
    • This is not practically exploitable to our knowledge, but this change does reduce risk.
  3. Switch to a more trustworthy password hashing library. (!29)
    • This is not practically exploitable to our knowledge, but this change does reduce risk.
  4. Don't return redacted events from the search endpoint. (!41 (f74043d), !41 (83cdc9c))
  5. Prevent impersonation in EDUs. (!41 (da99b07))
    • m.signing_key_update was not affected by this bug.
  6. Verify PDUs and transactions against the temporally-correct signing keys. (!41 (9087da9))
  7. Only allow the admin bot to change the room ID that the admin room alias points to. (!42)

Removed

  1. Remove update checker. (17a0b34)
  2. Remove optional automatic display name emoji for newly registered users. (cddf699)
  3. Remove admin room welcome message on first startup. (c9945f6)
  4. Remove incomplete presence implementation. (f27941d)
  5. Remove Debian packaging. (d41f0fb)
  6. Remove Docker packaging. (!48)
  7. BREAKING: Remove unstable room versions. (!59)
  8. Remove memory-usage, clear-database-caches, and clear-service-caches admin commands. (!123)
    • The memory-usage command wasn't particularly useful since it can't actually give you an accurate value in bytes and isn't supported on all database backends.
    • The latter two commands had poor UX and didn't have any noticable effect on memory consumption.
  9. BREAKING: Remove the global.conduit_cache_capacity_modifier and global.pdu_cache_capacity configuration options. (!124)
    • Instead, it is now possible to configure each cache capacity individually.

Changed

  1. BREAKING: Rename Conduit to Grapevine. (360e020)
    • The CONDUIT_VERSION_EXTRA build-time environment variable has been renamed to GRAPEVINE_VERSION_EXTRA. This change only affects distribution packagers or non-Nix users who are building from source. If you fall into one of those categories and were explicitly setting this environment variable, make sure to change its name before building Grapevine.
  2. BREAKING: Change the default port from 8000 to 6167. (f205280)
    • If you relied on the default port being 8000, either update your other configuration to use the new port, or explicitly configure Grapevine's port to 8000.
  3. Improve tracing spans and events. (!11 (a275db3) (merged as 5172f66), !11 (a275db3) (merged as 5172f66), !11 (f556fce) (merged as ac42e0b), !18, !26, !50, !52, !54, !56, !69, !102, !127, !141)
  4. Stop returning unnecessary member counts from /_matrix/client/{r0,v3}/sync. (!12)
  5. BREAKING: Allow federation by default. (!24)
    • If you relied on federation being disabled by default, make sure to explicitly disable it before upgrading.
  6. BREAKING: Remove the [global] section from the configuration file. (!38)
    • Details on how to migrate can be found in the merge request's description.
  7. BREAKING: Allow specifying multiple transport listeners in the configuration file. (!39)
    • Details on how to migrate can be found in the merge request's description.
  8. Increase default log level so that span information is included. (!50)
  9. BREAKING: Reorganize config into sections. (!49)
    • Details on how to migrate can be found in the merge request's description.
  10. Try to generate thumbnails for remote media ourselves if the federation thumbnail request fails. (!58)
  11. BREAKING: Disable unauthenticated access to media by default. Use media.allow_unauthenticated_access to configure this behavior. (!103, !140)
  12. BREAKING: Split CLI into multiple subcommands. The CLI invocation to run the server is now behind the serve command, so grapevine --config ... becomes grapevine serve --config .... (!108)
  13. BREAKING: The path to media files is now specified separately from the database path. (!140, !170)
  14. Use trust-dns for all DNS queries, instead of only for SRV records and SRV record targets in server discovery. (!156)

Fixed

  1. Fix questionable numeric conversions. (71c48f6)
  2. Stop sending no-longer-valid cached responses from the /_matrix/client/{r0,v3}/sync endpoints. (!7)
  3. Stop returning extra E2EE device updates from /_matrix/client/{r0,v3}/sync as that violates the specification. (!12)
  4. Make certain membership state transitions work correctly again. (!16)
    • For example, it was previously impossible to unban users from rooms.
  5. Ensure that tracing-flame flushes all its data before the process exits. (!20 (263edcc))
  6. Reduce the likelihood of locking up the async runtime. (!19)
  7. Fix dynamically linked jemalloc builds. (!23)
  8. Fix search results not including subsequent pages in certain situations. (!35 (0cdf032))
  9. Fix search results missing events in subsequent pages in certain situations. (!35 (3551a6e))
  10. Only process admin commands if the admin bot is in the admin room. (!43)
  11. Fix bug where invalid account data from a client could prevent a user from joining any upgraded rooms and brick rooms that affected users attempted to upgrade. (!53)
  12. Fix bug where unexpected keys were deleted from m.direct account data events when joining an upgraded room. (!53)
  13. Fixed appservice users not receiving federated invites if the local server isn't already resident in the room (!80)
  14. Fix bug where, if a server has multiple public keys, only one would be fetched. (!78)
  15. Fix bug where expired keys may not be re-fetched in some scenarios. (!78)
  16. Fix bug where signing keys would not be fetched when joining a room if we hadn't previously seen any signing keys from that server. (!87)
  17. Fixed bug (#48) that caused us to attempt to fetch our own signing keys from ourselves over federation, and fail ("Won't send federation request to ourselves"). (!96)
  18. Fixed incoming HTTP/2 requests failing federation signature check. (!104)
  19. Return 403 instead of 500 when joins to a local-only room are denied. Consequently fixes Heisenbridge being unable to join puppeted users to its rooms (#85). (!127)
  20. Fix handling of v11 rooms with m.room.create event content that passes the authorization rules but doesn't match other parts of the spec. (!139)
  21. Fix tiebreaking comparisons between events during state resolution. This will reduce the rate at which servers disagree about the state of rooms. (!141)
  22. Fix bug where the backoff state for remote device key queries was not reset after a successful request, causing an increasing rate of key query failures over time until a server restart. (!149)
  23. Fix bug where remote key queries that were skipped because the target server was in backoff would increment the backoff delay further, leading to a positive feedback loop. (!149)
  24. Return 504 M_NOT_YET_UPLOADED instead of 500 M_UNKNOWN when a media file is present in the database but the contents are missing in the filesystem. Removing media from the filesystem was the only way to delete media before !99, so this situation is common. (!55) (!153)
  25. Return 400 M_BAD_ALIAS from PUT /_matrix/client/v3/rooms/{roomId}/state/{eventType}/{stateKey} instead of 400 M_FORBIDDEN when trying to set a canonical alias that does not exist. (!158)
  26. Validate schema of new m.room.canonical_alias event sent by clients, rather than silently allowing any contents if the event can't be parsed. (!158)
  27. Only validate canonical aliases that are new, rather than rather than revalidating every alias. This makes it possible to add/remove aliases when some of the existing aliases cannot be validated. (!158)
  28. Fix read receipts not being sent over federation (or only arbitrarily late) (!162)

Added

  1. Add various conveniences for users of the Nix package. (51f9650, bbb1a6f)
  2. Add a NixOS module. (33e7a46)
  3. Add a Conduit compat mode. (a25f2ec)
    • BREAKING: If you're migrating from Conduit, this option must be enabled or else your homeserver will refuse to start.
  4. Include GRAPEVINE_VERSION_EXTRA information in the /_matrix/federation/v1/version endpoint. (509b70b)
  5. Allow multiple tracing subscribers to be active at once. (!20 (7a154f74))
  6. Allow configuring the filter for tracing-flame. (!20 (507de06))
  7. Collect HTTP response time metrics via OpenTelemetry and optionally expose them as Prometheus metrics. This functionality is disabled by default. (!22)
  8. Collect metrics for lookup results (e.g. cache hits/misses). (!15, !36)
  9. Add configuration options for controlling the log format and colors. (!46)
  10. Recognize the !admin prefix to invoke admin commands. (!45)
  11. Add the tracing-filter admin command to view and change log/metrics/flame filters dynamically at runtime. (!49, !164)
  12. Add more configuration options. (!49)
    • observability.traces.filter: The tracing filter to use for OpenTelemetry traces.
    • observability.traces.endpoint: Where OpenTelemetry should send traces.
    • observability.flame.filter: The tracing filter for tracing-flame.
    • observability.flame.filename: Where tracing-flame will write its output.
    • observability.logs.timestamp: Whether timestamps should be included in the logs.
  13. Support building nix packages without IFD (!73)
  14. Report local users getting banned in the server logs and admin room. (!65, !84)
  15. Added support for Authenticated Media (MSC3916). (!58, !111)
  16. BREAKING: Added support for configuring and serving /.well-known/matrix/... data. (!90, !94)
    • The server_discovery.client.base_url option is now required.
  17. Added support for configuring old verify/signing keys in config (federation.old_verify_keys) (!96)
  18. Added admin commands to delete media (!99, !102, !148)
  19. Allow configuring the served API components per listener. (!109)
  20. Include the traceresponse header if OpenTelemetry Tracing is in use. (!112)
  21. Sending SIGHUP to the grapevine process now reloads TLS certificates from disk. (!97)
  22. Added a federation self-test, perfomed automatically on startup. (!106)
  23. Added support for HAProxy proxy protocol listeners. (!97)
  24. Add a check-config CLI subcommand to check whether the configuration file is valid. (!121)
  25. Add configuration options to tune the value of each cache individually. (!124)
  26. Allow adding canonical aliases from remote servers. (!158)