Engine versions
- Node:
14.21.3
- MongoDB:
4.4, 5.0, 6.0
- Apps-Engine:
1.43.0
What’s New
We've enhanced our security features with end-to-end encryption (E2EE) updates, including async key distribution, and disabled unnecessary menu items for encrypted messages. E2EE is currently in beta, but we’re still busy adding features and making adjustments, so stay tuned! Additionally, our UI got a boost with improved message readability, a new "Pending Users" tab, and better LDAP sync performance.
Minor Changes
-
(#32471) Removed "Unknown media type" errors on the client side by using
application/octet-stream
as a fallback media type (MIME type) for all files -
(#31859) Introduced the use of the
API_User_Limit
setting to limit amount of members to simultaneously auto-join a room in a team -
(#32551) Implement E2EE warning callouts letting users know that encrypted messages can't be searched and auditted on search contextual bar and audit panel.
-
(#32446) Added E2EE room setup header, with just limited functionality and room actions.
-
(#32552) Fixed an issue that would not allow the user to dismiss the closeToSeatsLimit banner for old workspaces
-
(#31987) Implemented a new "Pending Users" tab on the users page to list users who have not yet been activated and/or have not logged in for the first time.
Additionally, added a "Pending Action" column to aid administrators in identifying necessary actions for each user. Incorporated a "Reason for Joining" field
into the user info contextual bar, along with a callout for exceeding the seats cap in the users page header. Finally, introduced a new logic to disable user creation buttons upon surpassing the seats cap. -
(#32316) Support encrypted files on end-to-end encrypted rooms.
-
(#32436) Added a "LDAP group validation strategy" setting to LDAP channels and roles sync in order to enable faster syncs
-
(#32605) Moves the quotes to be on top of the message for better readability
-
(#32197) Async End-to-End Encrypted rooms key distribution process. Users now don't need to be online to get the keys of their subscribed encrypted rooms, the key distribution process is now async and users can recieve keys even when they are not online.
-
(#32559) Disable "Reply in direct message", "Copy link" and "Forward message" message menu items for encrypted messages as they don't apply to encrypted messages and also disable apps menu items and show a warning.
-
(#32040) Introduced a new setting which doesn't allow users to access encrypted rooms until E2EE is configured and also doesn't allow users to send un-encrypted messages in encrypted rooms.
New room setup for E2EE feature which helps users to setup their E2EE keys and introduced states to E2EE feature.
-
(#32604) Upgrades fuselage-toastbar version in order to add RTL support to the component
-
(#31974) Clicking on a message attachment link in the Desktop App will now initiate a direct download of the attachment only when the attachment is not a PDF file
-
(#31821) New runtime for apps in the Apps-Engine based on the Deno platform
-
(#32425) Added the possibility to choose the time unit (days, hours, minutes) to the global retention policy settings
Bug Fixes
We resolved several issues to make your experience smoother, such as fixing file upload settings, improving retention policy warnings, and correcting UI permission checks. Also, we addressed problems with encrypted message handling and stream recreation after login, ensuring a seamless and secure user experience.
Patch Changes
-
(#32579) Improved Retention Policy Warning messages
-
(#32152 by @AllanPazRibeiro) Resolved an issue with the room type filter not being reset after navigating between admin sections.
-
Bump @rocket.chat/meteor version.
-
Bump @rocket.chat/meteor version.
-
Bump @rocket.chat/meteor version.
-
Bump @rocket.chat/meteor version.
-
Bump @rocket.chat/meteor version.
-
Bump @rocket.chat/meteor version.
-
Bump @rocket.chat/meteor version.
-
Bump @rocket.chat/meteor version.
-
(#32478) Fixed "File Upload > Accepted Media Types" setting to allow all type of files uploads
-
(#32489) Fixed streams being called when the user is not logged in
-
(#32610) Fixes the supported versions problem, where in most cases the data chosen was the oldest
-
(#32696) Added the allowDiskUse option to the users page queries so that if the mongodb memory threshold is exceeded it will use disk space instead of throwing an error.
-
(#32376) Fixed an issue with how the UI checked for permissions when deciding if editing or deleting a message by moderators users
-
(#32459) Prevent usage of OTR messages with End-to-end Encryption, both feature shouldn't and can't work together.
-
(#32563) fixes not being able to reinstall app after installation failure
-
(#32499) Fixed codeBlock styles in light mode
-
(#32380) Decrypt pinned encrypted messages in the chat and pinned messages contextual bar.
-
(#32175) Fixed "Take it" button behavior disabling it when agent status is set to offline
-
(#32472) When using
DISABLE_DB_WATCHERS=true
this fixes message updates with URLs that were missing the link preview. -
(#32587) Fixes issues with loading license modules when loading the page while logged out
-
(#32452) Fixed 2 issues with
QueueInactivityMonitor
callback. This callback was in charge of scheduling the job that would close the inquiry, but it was checking on a property that didn't exist. This caused the callback to early return without scheduling the job, making the feature to not to work. -
(#32522 by @AllanPazRibeiro) Changed streaming logic to prevent hidden system messages from being broadcasted through
stream-room-messages
. -
(#32624) Fixed an issue where private encrypted room creation was being forced even when E2EE feature was disabled.
-
(#32428) Fixed an issue that allowed saveSettings method to save NaN values on numeric settings.
-
(#32640) Fixes the issue where the modal backdrop is overlapping the options of the
Select
component -
(#32636) Fixed file name being incorrectly sent from the client when uploading assets
-
(#32431) Fixed last message preview in Sidebar for E2E Ecrypted channels
-
(#32547) Fixes the issue not allowing users without edit-room-retention-policy permission try to edit the room with the retention policy enabled
-
(#32653) Prevent E2EE key reset on startup due to possible race conditions
-
(#32625) Fixes an issue where settings code mirror is not being displayed correctly in full screen mode
-
(#32548) Disable slash commands in encrypted rooms and show a disabled warning.
-
(#32566) Fix the sorting by last chat in Contact Center table
-
(#32412) Fixes an issue not rendering the proper error and empty state on users in role table
-
(#32485) Adds the missing
ignoreThreads
param fixing the issue not allowing ignoring threads when overriding retention policy -
(#31750) Don't show Join default channels option on edit user form.
-
(#32612) Fixes a cosmetic issue where emoji picker object and symbols category icon are swapped
-
(#32329) Added a new setting
Restrict files access to users who can access room
that controls file visibility. This new setting allows users that "can access a room" to also download the files that are there. This is specially important for users with livechat manager or monitor roles, or agents that have special permissions to view closed rooms, since this allows them to download files on the conversation even after the conversation is closed.
New setting is disabled by default and it is mutually exclusive with the settingRestrict file access to room members
since this allows more types of users to download files. -
(#32500) Fix user not being set as online when setting "Use REST instead of websocket for Meteor calls" is disabled
-
(#32534) Fixed an issue where apps installed via the Marketplace would not be shown in the installed list if the app is unpublished
-
(#32458) Fixed
EditRoomInfo
encrypted field placement -
(#32479) Executing a logout and login action in the same "tab/instance", some streams were not being recreated, causing countless types of bugs.
PS: as a workaround reloading after logout or login in also solves the problem.
-
(#32572) Fixes issues causing nonstop sound notification when taking a chat from the
Current Chats
view -
(#32381) Fixed Encrypted thread main message reactivity issues. Earlier the encrypted thread main message was having some reactivity issues and flaky behavior.
-
(#32106) Fixed inverted navigation direction in the image gallery
-
(#32507) Forces the highlight code language registration, preventing it to not being available when trying to use on the UI
-
(#31363) Remove password change reason when the
request password change
option is set to false -
(#32690) Security Hotfix (https://docs.rocket.chat/guides/security/security-updates)
-
Updated dependencies [d3c493b, 02dd875, 16b67aa, a565999, 1056f22, 1240c87, 768cad6, 2ef71e8, 59df102, eaf2f11, 5f95c4e, 363a011, 495628b, f75a2cb, 45dc3d5, ee43f2c, 07c4ca0, 3039968, 4fd9c4c, 4f72d62, dfa49bd]:
- @rocket.chat/i18n@0.5.0
- @rocket.chat/fuselage-ui-kit@8.0.0
- @rocket.chat/ui-kit@0.35.0
- @rocket.chat/core-typings@6.10.0
- @rocket.chat/gazzodown@8.0.0
- @rocket.chat/model-typings@0.5.0
- @rocket.chat/rest-typings@6.10.0
- @rocket.chat/omnichannel-services@0.2.0
- @rocket.chat/web-ui-registration@8.0.0
- @rocket.chat/instance-status@0.1.0
- @rocket.chat/api-client@0.2.0
- @rocket.chat/pdf-worker@0.1.0
- @rocket.chat/ui-theming@0.2.0
- @rocket.chat/core-services@0.4.0
- @rocket.chat/ui-video-conf@8.0.0
- @rocket.chat/presence@0.2.0
- @rocket.chat/ui-composer@0.2.0
- @rocket.chat/ui-contexts@8.0.0
- @rocket.chat/license@0.2.0
- @rocket.chat/ui-avatar@4.0.0
- @rocket.chat/ui-client@8.0.0
- @rocket.chat/models@0.1.0
- @rocket.chat/apps@0.1.0
- @rocket.chat/cron@0.1.0
- @rocket.chat/server-cloud-communication@0.0.2
For more detailed information, check out our documentation