Docker image
Regular image:
- Digest:
ghcr.io/element-hq/matrix-authentication-service@sha256:86851273658e8cd01c8f6dd79264c18c45088f7ccfd8e653de32f3dde0e9e72d oci.element.io/matrix-authentication-service@sha256:86851273658e8cd01c8f6dd79264c18c45088f7ccfd8e653de32f3dde0e9e72d - Tags:
ghcr.io/element-hq/matrix-authentication-service:1.18.0-rc.0 ghcr.io/element-hq/matrix-authentication-service:sha-49c0e6d oci-push.vpn.infra.element.io/matrix-authentication-service:1.18.0-rc.0 oci-push.vpn.infra.element.io/matrix-authentication-service:sha-49c0e6d
Debug variant:
- Digest:
ghcr.io/element-hq/matrix-authentication-service@sha256:63bca4299e39da705b722ab57d797f83507351e17eca37f22c7837960e409107 oci.element.io/matrix-authentication-service@sha256:63bca4299e39da705b722ab57d797f83507351e17eca37f22c7837960e409107 - Tags:
ghcr.io/element-hq/matrix-authentication-service:1.18.0-rc.0-debug ghcr.io/element-hq/matrix-authentication-service:sha-49c0e6d-debug oci-push.vpn.infra.element.io/matrix-authentication-service:1.18.0-rc.0-debug oci-push.vpn.infra.element.io/matrix-authentication-service:sha-49c0e6d-debug
What's Changed
New Features
- Disable the device code auto-filling by default and match the device authorization grant with the designs by @sandhose in #5704
Changes to the admin API
- Admin API - User - Add displayname and avatar url when adding user by @mcalinghee in #5671
Translations
- Translations updates for main by @matrixbot in #5705
Internal Changes
- Automatic merge back to main by @matrixbot in #5669
- Automatic merge back to main by @matrixbot in #5690
- Split multi-arch Docker build into parallel jobs by @sandhose in #5474
Other Changes
- Fix typo in manual: policy.path -> policy.wasm_module by @reivilibre in #5654
- Use translation text for "Cancel" button in
reauthtemplate by @MadLittleMods in #5666 - Add a bit more context for what bind address couldn't be parsed by @MadLittleMods in #5637
- Fix client linking to
noneon policy violation screen by @MadLittleMods in #5667 - Update policy violation screen when running into the session/device
soft_limitin interactive contexts by @MadLittleMods in #5639 - Document how to manually test login flows by @MadLittleMods in #5642
- Harden the security of our GitHub Actions by @anoadragon453 in #5664
- Add
oauth.device_code_grant_enabledconfiguration option by @hughns in #5612 - Fix
TestState.reset()to retain mock homeserver in-memory state by @MadLittleMods in #5678 - Bump lettre to appease
cargo-denyon RUSTSEC-2026-0141 by @sandhose in #5684 - Fix the transformation of the Docker build metadata in CI by @sandhose in #5683
- Increase dependabot interval from daily to monthly by @hughns in #5686
- Remove unused apalis dependabot config by @hughns in #5685
- Push MAS docker images to Element OCI Registry by @devonh in #5459
- Schedule
SyncDevicesJobafterdangerous_hard_limit_evictionso the homeserver stays up to date by @MadLittleMods in #5679 - Check whether policy evaluation result is
valid()when weprocess_violations_for_compat_login(...)by @MadLittleMods in #5681 - Interactive compat
m.login.ssotest for sessionsoft_limitby @MadLittleMods in #5675 - Show session/device limit errors on account page by @MadLittleMods in #5644
- Add
max_session_thresholdconfiguration (only applysession_limitto people under the threshold) by @MadLittleMods in #5670 - Fix
compatibilitytypo insession_limitconfig by @MadLittleMods in #5692 - Switch to pnpm by @sandhose in #5674
- Bump most frontend dependencies by @sandhose in #5699
- Update Compound to the latest version by @sandhose in #5703
- Migrate to Tailwind v4 by @sandhose in #5702
- Enforce
clippy::allow_attributes(prefer#[expect]over#[allow]) by @MadLittleMods in #5691
Dependency Updates
- build(deps-dev): bump postcss from 8.5.8 to 8.5.12 in /frontend by @dependabot[bot] in #5658
- build(deps): bump actions/upload-pages-artifact from 4.0.0 to 5.0.0 by @dependabot[bot] in #5626
- build(deps): bump softprops/action-gh-release from 2.6.1 to 3.0.0 by @dependabot[bot] in #5627
- build(deps): bump peter-evans/create-pull-request from 8.1.0 to 8.1.1 by @dependabot[bot] in #5628
- build(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 by @dependabot[bot] in #5629
- Bump the tracing group across 1 directory with 2 updates by @dependabot[bot] in #5676
Full Changelog: v1.17.0...v1.18.0-rc.0