diff --git a/CHANGELOG.md b/CHANGELOG.md index bb2f4445..4939ef49 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,35 @@ +# Continuwuity v0.5.4 (2026-02-08) + +## Features + +- The announcement checker will now announce errors it encounters in the first run to the admin room, plus a few other + misc improvements. Contributed by @Jade (#1288) +- Drastically improved the performance and reliability of account deactivations. Contributed by @nex (#1314) +- Refuse to process requests for and events in rooms that we no longer have any local users in (reduces state resets + and improves performance). Contributed by @nex (#1316) +- Added server-specific admin API routes to ban and unban rooms, for use with moderation bots. Contributed by @nex + (#1301) + +## Bugfixes + +- Fix the generated configuration containing uncommented optional sections. Contributed by @Jade (#1290) +- Fixed specification non-compliance when handling remote media errors. Contributed by @nex (#1298) +- UIAA requests which check for out-of-band success (sent by matrix-js-sdk) will no longer create unhelpful errors in + the logs. Contributed by @ginger (#1305) +- Use exists instead of contains to save writing to a buffer in `src/service/users/mod.rs`: `is_login_disabled`. + Contributed + by @aprilgrimoire. (#1340) +- Fixed backtraces being swallowed during panics. Contributed by @jade (#1337) +- Fixed a potential vulnerability that could allow an evil remote server to return malicious events during the room join + and knock process. Contributed by @nex, reported by violet & [mat](https://matdoes.dev). +- Fixed a race condition that could result in outlier PDUs being incorrectly marked as visible to a remote server. + Contributed by @nex, reported by violet & [mat](https://matdoes.dev). +- ACLs are no longer case-sensitive. Contributed by @nex, reported by [vel](matrix:u/vel:nhjkl.com?action=chat). + +## Docs + +- Fixed Fedora install instructions. Contributed by @julian45 (#1342) + # Continuwuity 0.5.3 (2026-01-12) ## Features @@ -8,42 +40,50 @@ - Fixed `M_BAD_JSON` error when sending invites to other servers or when providing joins. Contributed by @nex (#1286) - ## Docs - Improve admin command documentation generation. Contributed by @ginger (#1280) - ## Misc - Improve timeout-related code for federation and URL previews. Contributed by @Jade (#1278) - # Continuwuity 0.5.2 (2026-01-09) ## Features -- Added support for issuing additional registration tokens, stored in the database, which supplement the existing registration token hardcoded in the config file. These tokens may optionally expire after a certain number of uses or after a certain amount of time has passed. Additionally, the `registration_token_file` configuration option is superseded by this feature and **has been removed**. Use the new `!admin token` command family to manage registration tokens. Contributed by @ginger (#783). +- Added support for issuing additional registration tokens, stored in the database, which supplement the existing + registration token hardcoded in the config file. These tokens may optionally expire after a certain number of uses or + after a certain amount of time has passed. Additionally, the `registration_token_file` configuration option is + superseded by this feature and **has been removed**. Use the new `!admin token` command family to manage registration + tokens. Contributed by @ginger (#783). - Implemented a configuration defined admin list independent of the admin room. Contributed by @Terryiscool160. (#1253) -- Added support for invite and join anti-spam via Draupnir and Meowlnir, similar to that of synapse-http-antispam. Contributed by @nex. (#1263) +- Added support for invite and join anti-spam via Draupnir and Meowlnir, similar to that of synapse-http-antispam. + Contributed by @nex. (#1263) - Implemented account locking functionality, to complement user suspension. Contributed by @nex. (#1266) - Added admin command to forcefully log out all of a user's existing sessions. Contributed by @nex. (#1271) -- Implemented toggling the ability for an account to log in without mutating any of its data. Contributed by @nex. (#1272) -- Add support for custom room create event timestamps, to allow generating custom prefixes in hashed room IDs. Contributed by @nex. (#1277) -- Certain potentially dangerous admin commands are now restricted to only be usable in the admin room and server console. Contributed by @ginger. +- Implemented toggling the ability for an account to log in without mutating any of its data. Contributed by @nex. ( + #1272) +- Add support for custom room create event timestamps, to allow generating custom prefixes in hashed room IDs. + Contributed by @nex. (#1277) +- Certain potentially dangerous admin commands are now restricted to only be usable in the admin room and server + console. Contributed by @ginger. ## Bugfixes - Fixed unreliable room summary fetching and improved error messages. Contributed by @nex. (#1257) -- Client requested timeout parameter is now applied to e2ee key lookups and claims. Related federation requests are now also concurrent. Contributed by @nex. (#1261) -- Fixed the whoami endpoint returning HTTP 404 instead of HTTP 403, which confused some appservices. Contributed by @nex. (#1276) +- Client requested timeout parameter is now applied to e2ee key lookups and claims. Related federation requests are now + also concurrent. Contributed by @nex. (#1261) +- Fixed the whoami endpoint returning HTTP 404 instead of HTTP 403, which confused some appservices. Contributed by + @nex. (#1276) ## Misc -- The `console` feature is now enabled by default, allowing the server console to be used for running admin commands directly. To automatically open the console on startup, set the `admin_console_automatic` config option to `true`. Contributed by @ginger. +- The `console` feature is now enabled by default, allowing the server console to be used for running admin commands + directly. To automatically open the console on startup, set the `admin_console_automatic` config option to `true`. + Contributed by @ginger. - We now (finally) document our container image mirrors. Contributed by @Jade - # Continuwuity 0.5.0 (2025-12-30) **This release contains a CRITICAL vulnerability patch, and you must update as soon as possible** diff --git a/changelog.d/1288.feature.md b/changelog.d/1288.feature.md deleted file mode 100644 index 448426ba..00000000 --- a/changelog.d/1288.feature.md +++ /dev/null @@ -1 +0,0 @@ -The announcement checker will now announce errors it encounters in the first run to the admin room, plus a few other misc improvements. Contributed by @Jade diff --git a/changelog.d/1290.bugfix.md b/changelog.d/1290.bugfix.md deleted file mode 100644 index c0a1824b..00000000 --- a/changelog.d/1290.bugfix.md +++ /dev/null @@ -1 +0,0 @@ -Fix the generated configuration containing uncommented optional sections. Contributed by @Jade diff --git a/changelog.d/1298.bugfix b/changelog.d/1298.bugfix deleted file mode 100644 index cff78623..00000000 --- a/changelog.d/1298.bugfix +++ /dev/null @@ -1 +0,0 @@ -Fixed specification non-compliance when handling remote media errors. Contributed by @nex. diff --git a/changelog.d/1302.bugfix.md b/changelog.d/1302.bugfix.md deleted file mode 100644 index 131ea3c0..00000000 --- a/changelog.d/1302.bugfix.md +++ /dev/null @@ -1 +0,0 @@ -UIAA requests which check for out-of-band success (sent by matrix-js-sdk) will no longer create unhelpful errors in the logs. diff --git a/changelog.d/1314.feature b/changelog.d/1314.feature deleted file mode 100644 index 201bcc3f..00000000 --- a/changelog.d/1314.feature +++ /dev/null @@ -1 +0,0 @@ -Drastically improved the performance and reliability of account deactivations. Contributed by @nex. diff --git a/changelog.d/1316.feature b/changelog.d/1316.feature deleted file mode 100644 index cccb8d3a..00000000 --- a/changelog.d/1316.feature +++ /dev/null @@ -1,2 +0,0 @@ -Refuse to process requests for and events in rooms that we no longer have any local users in (reduces state resets). -Contributed by @nex. diff --git a/changelog.d/1340.bugfix b/changelog.d/1340.bugfix deleted file mode 100644 index 60e415fd..00000000 --- a/changelog.d/1340.bugfix +++ /dev/null @@ -1 +0,0 @@ -Use exists instead of contains to save writing to a buffer in src/service/users/mod.rs: is_login_disabled. Contributed by @aprilgrimoire. diff --git a/changelog.d/1342.doc b/changelog.d/1342.doc deleted file mode 100644 index 3789ac92..00000000 --- a/changelog.d/1342.doc +++ /dev/null @@ -1 +0,0 @@ -Fixed Fedora install instructions. Contributed by @julian45.