Skip to main content

ESS LTS 24.04 Changelog and Update Notes

24.04.03-gui

New Features

EnterpriseImprove GroupSync performance with large member lists
EnterpriseAdd Azure Blob Storage support to Auditbot
EnterpriseConfig GroupSync memory usage based on resource limits/requests

Upgrade Notes

Enterprise / StarterUpgrade Element Web to 1.11.66

Bug Fixes

EnterpriseImprove reliability of Synapse user provisioning
EnterpriseImprove Jitsi timezone validation
Enterprise / StarterImprove Postgres shutdown behaviour when using the ESS Postgreses in cluster

24.04.02-gui

Upgrade Notes

EnterpriseUpgrade airgapped microk8s to 1.27.13

Bug Fixes

EnterpriseFix issue upgrading from 23.10 LTS in an Airgapped environment where images weren't uploaded to the registry anymore
EnterpriseSynapse HTTP proxy settings can now be edited in the installer.
Enterprise / StarterMedia volume name and size can now be configured for standalone cluster deployments.

24.04.01-gui

Release Summary

23.10.29 LTS to 24.04.01 LTS highlights

This release has focused on making deployments on Kubernetes more reliable. A lot of bugs were fixed, and helm charts have been enhanced to allow to deploy webhooks and CRDs together without the operator and updater.

(LTS) New Features

Enterprise / StarterThe admin app now allows viewing of uploaded media
EnterpriseAdd WhatsApp Bridge support
EnterpriseCheck the health of the deployment or a component using `kubectl describe` against any Element CRs, in the `status`. Our documentation describes how to configure ArgoCD to get these informations into your Application health.
EnterpriseAdd the possiblity to configure S3 for Synapse media storage.
EnterpriseImprove support for non-OIDC compliant upstream identity providers with Matrix Authentication Service,
Enterprise / StarterAllow configuration of seLinuxOptions on all workloads.
EnterpriseEnable simple configuration of whether Element Web generates sharing links with its own URL or matrix.to
EnterpriseWhen using Airgapped deployment, it is now possible to login to the target upload registry in the installer UI.
Enterprise / StarterA couple of speedups have been implemented both in the operator and the installer.
Enterprise / StarterChange deploy order of components to have the core components deployed first by the updater.
Enterprise / StarterThe operator and the updater are now built based on distroless container, to reduce the image size and contents.
EnterpriseAuditbot UI does not need any ingress anymore.
Enterprise / StarterThe installer now contains crictl to allow for local ctr daemon maintenance on microk8s.
EnterpriseReduce required resources for Standalone to 2 vCPU and 3Gb of memory.
Enterprise / StarterReduce postgres in cluster requests to 100Mi.
EnterpriseAdd participant limit field in ElementCall configuration.
Enterprise / StarterAdd support for tolerations and nodeSelectors on workload.
EnterpriseCoturn is now managed by the UI view, by the updater, alongside ElementCall and Jitsi. It is now possible to deploy Coturn on a Kubernetes cluster.
Enterprise / StarterWe now configure automatically a CPU Limit of each Operator & Updater to be 25% of the machine vCPUs on standalone. The node still needs at least 2 vCPUs to work properly. On Kubernetes deployment, there's no CPU limit. The number of workers will be adapted relatively to the memory available to the operator/updater.

(LTS) Upgrade Notes

This new LTS can be upgraded from 23.10 if you want to get the new latest features of ESS.

(LTS) Version Updates

Enterprise / StarterUpdate operator-sdk to v1.34.1
EnterpriseUpdate Hookshot to 5.2.1
Enterprise / StarterUpdate ElementWeb to v1.11.64
Enterprise / StarterUpdate SlidingSync to v0.99.15
EnterpriseUpdate Synapse to v1.99.0 with CVE-2024-31208 fix
EnterpriseUpdate Element Call to 0.5.16 and LiveKit to 1.5.1
EnterpriseUpdate Sydent to 2.6.1

(LTS) Synapse security release

This release contains a fix for GHSA-3h7q-rfh9-xm4v / CVE-2024-31208, a high severity Synapse security issue. Upgrading is advised at the soonest possible moment.

Important notes regarding rollback of this release

This release contains an important Synapse security fix with a backwards incompatible change. Please note that simply reverting this ESS release is not possible.

Please ensure to have a working backups before upgrading as downgrading is not a possibility from this release.

New Features

EnterpriseCheck the health of the deployment or a component using kubectl describe against any Element CRs, in the status. Our documentation describes how to configure ArgoCD to get these information into your Application health.
EnterpriseAdd the possibility to configure S3 for Synapse media storage.
EnterpriseAdd options under Delegated Auth to configure users profiles editing permissions.
EnterpriseImprove support for non-OIDC compliant upstream identity providers with Matrix Authentication Service
Enterprise / StarterAllow configuration of seLinuxOptions on all workloads
EnterpriseEnable simple configuration of whether Element Web generates sharing links with its own URL or matrix.to
EnterpriseSupport GCM/FCM API v1 in Sygnal
Enterprise / StarterConfigure ansible poll interval to 0.01 to reduce CPU load
Enterprise / StarterA couple of speedups have been implemented both in the operator and the installer.
Enterprise / StarterWe now configure automatically a CPU Limit of each Operator & Updater to be 25% of the machine vCPUs on standalone. The node still needs at least 2 vCPUs to work properly. On Kubernetes deployment, there's no CPU limit. The number of workers will be adapted relatively to the memory available to the operator/updater.

Upgrade Notes

Enterprise / StarterUpdate operator-sdk to v1.34.1
EnterpriseUpdate Hookshot to 5.2.1
Enterprise / StarterUpdate SlidingSync to v0.99.15
EnterpriseUpdate Synapse to v1.99.0 with CVE-2024-31208 fix
Enterprise / StarterUpgrade Element Web to v1.11.64.
EnterpriseUpgrade Matrix Authentication Service to v0.9.0.
EnterpriseUpdate Secure Border Gateway to v1.1.1.
EnterpriseUpgrade Group Sync to v0.13.6.
EnterpriseElement Call 0.5.16 and LiveKit 1.5.1
EnterpriseSydent 2.6.1
EnterpriseMake Jitsi and Element Call STUN configuration consistent with each other to ease the upgrade from 23.10.
EnterpriseUpgrade Sygnal to v0.14.1.

Security Issues

EnterpriseUpgrade IRC Bridge to 2.0.0 to fix CVE-2024-32000.

Bug Fixes

Enterprise / StarterCorrectly install apt package python3-venv on recent ubuntu version.
EnterpriseFixes to how Admin/Auditbot configs are maintained in the installer.
Enterprise / StarterImprove installer one-time login codes security.
Enterprise / StarterMitigate installer log injections via HTTP headers.
EnterpriseFix admin console discovery of OIDC to use MSC2956.
EnterpriseUpdate Auditbot S3 object name to one that will not clash with other files.
EnterpriseFix issues passing in Coturn external-ip and enabling host mode.
Enterprise / StarterFix an issue where Auditbot S3 storage would prune files too early.
Enterprise / StarterFix an issue with Jitsi where it would not be possible to configure the Sync Power Level in the Restrict Widgets to Synapse configuration.
EnterpriseAdminBot and Matrix Authentication Service can now be deployed together
EnterpriseUpgrade Synapse Admin to better support homeservers using SRV delegation
EnterpriseFix support for APNS notifications in Sygnal going via a HTTP Forward Proxy
EnterpriseFix configuration of multiple TURN servers in Synapse when manually configuring
EnterpriseFix Sydent Terms & Conditions having a version that's just a number
Enterprise / StarterFix ServiceMonitors being left behind when components are removed
EnterpriseFix SIP Bridge Services clashing
EnterpriseFix a bug which could make airgapped impossible to deploy due to microk8s snap refresh being in error state.
EnterpriseFix Synapse bootstrap phase getting stuck due to incompatible registration options.
Enterprise / StarterStop displaying NGINX version on error pages.
EnterpriseClarify and improve validation of TURN server configuration section.
EnterpriseIgnore Adminbot/Auditbot users in IRC admin rooms.
EnterpriseFix an issue where configuring Coturn would lead to infinite reconciliation.

Other

EnterpriseClean up unused Matrix Authentication Service spa HTTP resource.
EnterpriseAuditbot no longer requires the configuration of a dedicated UI ingress. This is handled by Synapse Admin UI now
EnterpriseClarify description of Synapse default room encryption section.