ESS LTS 24.04 Changelog and Update Notes
24.04.02-gui
Upgrade Notes
- (Enterprise) Upgrade airgapped microk8s to 1.27.13
Bug Fixes
- (Enterprise) Fix issue upgrading from 23.10 LTS in an Airgapped environment where images weren't uploaded to the registry anymore
- (Enterprise) Synapse HTTP proxy settings can now be edited in the installer.
- (Enterprise/Starter) Media volume name and size can now be configured for standalone cluster deployments.
| Enterprise / Starter | The admin app now allows viewing of uploaded media |
| Enterprise | Add WhatsApp Bridge support |
| Enterprise | Check the health of the deployment or a component using `kubectl describe` against any Element CRs, in the `status`. Our documentation describes how to configure ArgoCD to get these informations into your Application health. |
| Enterprise | Add the possiblity to configure S3 for Synapse media storage. |
| Enterprise | Improve support for non-OIDC compliant upstream identity providers with Matrix Authentication Service, |
| Enterprise / Starter | Allow configuration of seLinuxOptions on all workloads. |
| Enterprise | Enable simple configuration of whether Element Web generates sharing links with its own URL or matrix.to |
| Enterprise | When using Airgapped deployment, it is now possible to login to the target upload registry in the installer UI. |
| Enterprise / Starter | A couple of speedups have been implemented both in the operator and the installer. |
| Enterprise / Starter | Change deploy order of components to have the core components deployed first by the updater. |
| Enterprise / Starter | The operator and the updater are now built based on distroless container, to reduce the image size and contents. |
| Enterprise | Auditbot UI does not need any ingress anymore. |
| Enterprise / Starter | The installer now contains crictl to allow for local ctr daemon maintenance on microk8s. |
| Enterprise | Reduce required resources for Standalone to 2 vCPU and 3Gb of memory. |
| Enterprise / Starter | Reduce postgres in cluster requests to 100Mi. |
| Enterprise | Add participant limit field in ElementCall configuration. |
| Enterprise / Starter | Add support for tolerations and nodeSelectors on workload. |
| Enterprise | Coturn is now managed by the UI view, by the updater, alongside ElementCall and Jitsi. It is now possible to deploy Coturn on a Kubernetes cluster. |
| Enterprise / Starter | We now configure automatically a CPU Limit of each Operator & Updater to be 25% of the machine vCPUs on standalone. The node still needs at least 2 vCPUs to work properly. On Kubernetes deployment, there's no CPU limit. The number of workers will be adapted relatively to the memory available to the operator/updater. |
| Enterprise / Starter | Update operator-sdk to v1.34.1 |
| Enterprise | Update Hookshot to 5.2.1 |
| Enterprise / Starter | Update ElementWeb to v1.11.64 |
| Enterprise / Starter | Update SlidingSync to v0.99.15 |
| Enterprise | Update Synapse to v1.99.0 with CVE-2024-31208 fix |
| Enterprise | Update Element Call to 0.5.16 and LiveKit to 1.5.1 |
| Enterprise | Update Sydent to 2.6.1 |
| Enterprise | Check the health of the deployment or a component using kubectl describe against any Element CRs, in the status. Our documentation describes how to configure ArgoCD to get these information into your Application health. |
| Enterprise | Add the possibility to configure S3 for Synapse media storage. |
| Enterprise | Add options under Delegated Auth to configure users profiles editing permissions. |
| Enterprise | Improve support for non-OIDC compliant upstream identity providers with Matrix Authentication Service |
| Enterprise / Starter | Allow configuration of seLinuxOptions on all workloads |
| Enterprise | Enable simple configuration of whether Element Web generates sharing links with its own URL or matrix.to |
| Enterprise | Support GCM/FCM API v1 in Sygnal |
| Enterprise / Starter | Configure ansible poll interval to 0.01 to reduce CPU load |
| Enterprise / Starter | A couple of speedups have been implemented both in the operator and the installer. |
| Enterprise / Starter | We now configure automatically a CPU Limit of each Operator & Updater to be 25% of the machine vCPUs on standalone. The node still needs at least 2 vCPUs to work properly. On Kubernetes deployment, there's no CPU limit. The number of workers will be adapted relatively to the memory available to the operator/updater. |
| Enterprise / Starter | Update operator-sdk to v1.34.1 |
| Enterprise | Update Hookshot to 5.2.1 |
| Enterprise / Starter | Update SlidingSync to v0.99.15 |
| Enterprise | Update Synapse to v1.99.0 with CVE-2024-31208 fix |
| Enterprise / Starter | Upgrade Element Web to v1.11.64. |
| Enterprise | Upgrade Matrix Authentication Service to v0.9.0. |
| Enterprise | Update Secure Border Gateway to v1.1.1. |
| Enterprise | Upgrade Group Sync to v0.13.6. |
| Enterprise | Element Call 0.5.16 and LiveKit 1.5.1 |
| Enterprise | Sydent 2.6.1 |
| Enterprise | Make Jitsi and Element Call STUN configuration consistent with each other to ease the upgrade from 23.10. |
| Enterprise | Upgrade Sygnal to v0.14.1. |
| Enterprise / Starter | Correctly install apt package python3-venv on recent ubuntu version. |
| Enterprise | Fixes to how Admin/Auditbot configs are maintained in the installer. |
| Enterprise / Starter | Improve installer one-time login codes security. |
| Enterprise / Starter | Mitigate installer log injections via HTTP headers. |
| Enterprise | Fix admin console discovery of OIDC to use MSC2956. |
| Enterprise | Update Auditbot S3 object name to one that will not clash with other files. |
| Enterprise | Fix issues passing in Coturn external-ip and enabling host mode. |
| Enterprise / Starter | Fix an issue where Auditbot S3 storage would prune files too early. |
| Enterprise / Starter | Fix an issue with Jitsi where it would not be possible to configure the Sync Power Level in the Restrict Widgets to Synapse configuration. |
| Enterprise | AdminBot and Matrix Authentication Service can now be deployed together |
| Enterprise | Upgrade Synapse Admin to better support homeservers using SRV delegation |
| Enterprise | Fix support for APNS notifications in Sygnal going via a HTTP Forward Proxy |
| Enterprise | Fix configuration of multiple TURN servers in Synapse when manually configuring |
| Enterprise | Fix Sydent Terms & Conditions having a version that's just a number |
| Enterprise / Starter | Fix ServiceMonitors being left behind when components are removed |
| Enterprise | Fix SIP Bridge Services clashing |
| Enterprise | Fix a bug which could make airgapped impossible to deploy due to microk8s snap refresh being in error state. |
| Enterprise | Fix Synapse bootstrap phase getting stuck due to incompatible registration options. |
| Enterprise / Starter | Stop displaying NGINX version on error pages. |
| Enterprise | Clarify and improve validation of TURN server configuration section. |
| Enterprise | Ignore Adminbot/Auditbot users in IRC admin rooms. |
| Enterprise | Fix an issue where configuring Coturn would lead to infinite reconciliation. |
| Enterprise | Clean up unused Matrix Authentication Service spa HTTP resource. |
| Enterprise | Auditbot no longer requires the configuration of a dedicated UI ingress. This is handled by Synapse Admin UI now |
| Enterprise | Clarify description of Synapse default room encryption section. |
24.04.01-gui
Release Summary
23.10.29 LTS to 24.04.01 LTS highlights
This release has focused on making deployments on Kubernetes more reliable. A lot of bugs were fixed, and helm charts have been enhanced to allow to deploy webhooks and CRDs together without the operator and updater.
(LTS) New Features
- (Enterprise/Starter) The admin app now allows viewing of uploaded media
- (Enterprise) Add WhatsApp Bridge support
- (Enterprise) - Check the health of the deployment or a component using
kubectl describeagainst any Element CRs, in thestatus. Our documentation describes how to configure ArgoCD to get these informations into your Application health. - (Enterprise) - Add the possiblity to configure S3 for Synapse media storage.
- (Enterprise) Improve support for non-OIDC compliant upstream identity providers with Matrix Authentication Service,
- (Enterprise/Starter) Allow configuration of seLinuxOptions on all workloads.
- (Enterprise) Enable simple configuration of whether Element Web generates sharing links with its own URL or matrix.to
- (Enterprise) - When using Airgapped deployment, it is now possible to login to the target upload registry in the installer UI.
- (Enterprise/Starter) - A couple of speedups have been implemented both in the operator and the installer.
- (Enterprise/Starter) - Change deploy order of components to have the core components deployed first by the updater.
- (Enterprise/Starter) - The operator and the updater are now built based on distroless container, to reduce the image size and contents.
- (Enterprise) - Auditbot UI does not need any ingress anymore.
- (Enterprise/Starter) - The installer now contains crictl to allow for local ctr daemon maintenance on microk8s.
- (Enterprise) - Reduce required resources for Standalone to 2 vCPU and 3Gb of memory.
- (Enterprise/Starter) - Reduce postgres in cluster requests to 100Mi.
- (Enterprise) - Add participant limit field in ElementCall configuration.
- (Enterprise/Starter) - Add support for tolerations and nodeSelectors on workload.
- (Enterprise) - Coturn is now managed by the UI view, by the updater, alongside ElementCall and Jitsi. It is now possible to deploy Coturn on a Kubernetes cluster.
- (Enterprise/Starter) - We now configure automatically a CPU Limit of each Operator & Updater to be 25% of the machine vCPUs on standalone. The node still needs at least 2 vCPUs to work properly. On Kubernetes deployment, there's no CPU limit. The number of workers will be adapted relatively to the memory available to the operator/updater.
(LTS) Upgrade Notes
- This new LTS can be upgraded from 23.10 if you want to get the new latest features of ESS.
(LTS) Version Updates
- (Enterprise/Starter) - Update operator-sdk to v1.34.1
- (Enterprise) - Update Hookshot to 5.2.1
- (Enterprise/Starter) - Update ElementWeb to v1.11.64
- (Enterprise/Starter) - Update SlidingSync to v0.99.15
- (Enterprise) - Update Synapse to v1.99.0 with CVE-2024-31208 fix
- (Enterprise) - Update Element Call to 0.5.16 and LiveKit to 1.5.1
- (Enterprise) - Update Sydent to 2.6.1
(LTS) Synapse security release
This release contains a fix for GHSA-3h7q-rfh9-xm4v / CVE-2024-31208, a high severity Synapse security issue. Upgrading is advised at the soonest possible moment.
Important notes regarding rollback of this release
This release contains an important Synapse security fix with a backwards incompatible change. Please note that simply reverting this ESS release is not possible. Please ensure to have a working backups before upgrading as downgrading is not a possibility from this release.
New Features
- (Enterprise) - Check the health of the deployment or a component using kubectl describe against any Element CRs, in the status. Our documentation describes how to configure ArgoCD to get these information into your Application health.
- (Enterprise) - Add the possibility to configure S3 for Synapse media storage.
- (Enterprise) - Add options under Delegated Auth to configure users profiles editing permissions.
- (Enterprise) Improve support for non-OIDC compliant upstream identity providers with Matrix Authentication Service
- (Enterprise/Starter) Allow configuration of seLinuxOptions on all workloads
- (Enterprise) Enable simple configuration of whether Element Web generates sharing links with its own URL or matrix.to
- (Enterprise) Support GCM/FCM API v1 in Sygnal
- (Enterprise/Starter) - Configure ansible poll interval to 0.01 to reduce CPU load
- (Enterprise/Starter) - A couple of speedups have been implemented both in the operator and the installer.
- (Enterprise/Starter) - We now configure automatically a CPU Limit of each Operator & Updater to be 25% of the machine vCPUs on standalone. The node still needs at least 2 vCPUs to work properly. On Kubernetes deployment, there's no CPU limit. The number of workers will be adapted relatively to the memory available to the operator/updater.
Upgrade Notes
- (Enterprise/Starter) - Update operator-sdk to v1.34.1
- (Enterprise) - Update Hookshot to 5.2.1
- (Enterprise/Starter) - Update SlidingSync to v0.99.15
- (Enterprise) - Update Synapse to v1.99.0 with CVE-2024-31208 fix
- (Enterprise/Starter) - Upgrade Element Web to v1.11.64.
- (Enterprise) - Upgrade Matrix Authentication Service to v0.9.0.
- (Enterprise) - Update Secure Border Gateway to v1.1.1.
- (Enterprise) - Upgrade Group Sync to v0.13.6.
- (Enterprise) Element Call 0.5.16 and LiveKit 1.5.1
- (Enterprise) Sydent 2.6.1
- (Enterprise) - Make Jitsi and Element Call STUN configuration consistent with each other to ease the upgrade from 23.10.
- (Enterprise) - Upgrade Sygnal to v0.14.1.
Security Issues
- (Enterprise) Upgrade IRC Bridge to 2.0.0 to fix CVE-2024-32000.
Bug Fixes
- (Enterprise/Starter) - Correctly install apt package python3-venv on recent ubuntu version.
- (Enterprise) - Fixes to how Admin/Auditbot configs are maintained in the installer.
- (Enterprise/Starter) - Improve installer one-time login codes security.
- (Enterprise/Starter) - Mitigate installer log injections via HTTP headers.
- (Enterprise) - Fix admin console discovery of OIDC to use MSC2956.
- (Enterprise) - Update Auditbot S3 object name to one that will not clash with other files.
- (Enterprise) - Fix issues passing in Coturn external-ip and enabling host mode.
- (Enterprise/Starter) - Fix an issue where Auditbot S3 storage would prune files too early.
- (Enterprise/Starter) - Fix an issue with Jitsi where it would not be possible to configure the Sync Power Level in the Restrict Widgets to Synapse configuration.
- (Enterprise) AdminBot and Matrix Authentication Service can now be deployed together
- (Enterprise) Upgrade Synapse Admin to better support homeservers using SRV delegation
- (Enterprise) Fix support for APNS notifications in Sygnal going via a HTTP Forward Proxy
- (Enterprise) Fix configuration of multiple TURN servers in Synapse when manually configuring
- (Enterprise) Fix Sydent Terms & Conditions having a version that's just a number
- (Enterprise/Starter) Fix ServiceMonitors being left behind when components are removed
- (Enterprise) Fix SIP Bridge Services clashing
- (Enterprise) - Fix a bug which could make airgapped impossible to deploy due to microk8s snap refresh being in error state.
- (Enterprise) - Fix Synapse bootstrap phase getting stuck due to incompatible registration options.
- (Enterprise/Starter) - Stop displaying NGINX version on error pages.
- (Enterprise) - Clarify and improve validation of TURN server configuration section.
- (Enterprise) - Ignore Adminbot/Auditbot users in IRC admin rooms.
- (Enterprise) - Fix an issue where configuring Coturn would lead to infinite reconciliation.
Other
- (Enterprise) - Clean up unused Matrix Authentication Service spa HTTP resource.
- (Enterprise) Auditbot no longer requires the configuration of a dedicated UI ingress. This is handled by Synapse Admin UI now
- (Enterprise) - Clarify description of Synapse default room encryption section.