Skip to main content

ESS LTS 24.04 Changelog and Update Notes

24.04.02-gui

Upgrade Notes

  • (Enterprise) Upgrade airgapped microk8s to 1.27.13

Bug Fixes

  • (Enterprise) Fix issue upgrading from 23.10 LTS in an Airgapped environment where images weren't uploaded to the registry anymore
  • (Enterprise) Synapse HTTP proxy settings can now be edited in the installer.
  • (Enterprise/Starter) Media volume name and size can now be configured for standalone cluster deployments.
Heading 1Heading 2Heading 3
Category 1 Lorem Ipsum Dolor
Category 2 Sit Amet Consectetur
Category 3AdipiscingElitSed
Category 1LoremIpsumDolor
Category 2SitAmetConsectetur
Category 3 Adipiscing Elit Sed

24.04.01-gui

Release Summary

23.10.29 LTS to 24.04.01 LTS highlights

This release has focused on making deployments on Kubernetes more reliable. A lot of bugs were fixed, and helm charts have been enhanced to allow to deploy webhooks and CRDs together without the operator and updater.

(LTS) New Features

  • (Enterprise/Starter) The admin app now allows viewing of uploaded media
  • (Enterprise) Add WhatsApp Bridge support
  • (Enterprise) - Check the health of the deployment or a component using kubectl describe against any Element CRs, in the status. Our documentation describes how to configure ArgoCD to get these informations into your Application health.
  • (Enterprise) - Add the possiblity to configure S3 for Synapse media storage.
  • (Enterprise) Improve support for non-OIDC compliant upstream identity providers with Matrix Authentication Service,
  • (Enterprise/Starter) Allow configuration of seLinuxOptions on all workloads.
  • (Enterprise) Enable simple configuration of whether Element Web generates sharing links with its own URL or matrix.to
  • (Enterprise) - When using Airgapped deployment, it is now possible to login to the target upload registry in the installer UI.
  • (Enterprise/Starter) - A couple of speedups have been implemented both in the operator and the installer.
  • (Enterprise/Starter) - Change deploy order of components to have the core components deployed first by the updater.
  • (Enterprise/Starter) - The operator and the updater are now built based on distroless container, to reduce the image size and contents.
  • (Enterprise) - Auditbot UI does not need any ingress anymore.
  • (Enterprise/Starter) - The installer now contains crictl to allow for local ctr daemon maintenance on microk8s.
  • (Enterprise) - Reduce required resources for Standalone to 2 vCPU and 3Gb of memory.
  • (Enterprise/Starter) - Reduce postgres in cluster requests to 100Mi.
  • (Enterprise) - Add participant limit field in ElementCall configuration.
  • (Enterprise/Starter) - Add support for tolerations and nodeSelectors on workload.
  • (Enterprise) - Coturn is now managed by the UI view, by the updater, alongside ElementCall and Jitsi. It is now possible to deploy Coturn on a Kubernetes cluster.
  • (Enterprise/Starter) - We now configure automatically a CPU Limit of each Operator & Updater to be 25% of the machine vCPUs on standalone. The node still needs at least 2 vCPUs to work properly. On Kubernetes deployment, there's no CPU limit. The number of workers will be adapted relatively to the memory available to the operator/updater.

(LTS) Upgrade Notes

  • This new LTS can be upgraded from 23.10 if you want to get the new latest features of ESS.

(LTS) Version Updates

  • (Enterprise/Starter) - Update operator-sdk to v1.34.1
  • (Enterprise) - Update Hookshot to 5.2.1
  • (Enterprise/Starter) - Update ElementWeb to v1.11.64
  • (Enterprise/Starter) - Update SlidingSync to v0.99.15
  • (Enterprise) - Update Synapse to v1.99.0 with CVE-2024-31208 fix
  • (Enterprise) - Update Element Call to 0.5.16 and LiveKit to 1.5.1
  • (Enterprise) - Update Sydent to 2.6.1

(LTS) Synapse security release

This release contains a fix for GHSA-3h7q-rfh9-xm4v / CVE-2024-31208, a high severity Synapse security issue. Upgrading is advised at the soonest possible moment.

Important notes regarding rollback of this release

This release contains an important Synapse security fix with a backwards incompatible change. Please note that simply reverting this ESS release is not possible. Please ensure to have a working backups before upgrading as downgrading is not a possibility from this release.

New Features

  • (Enterprise) - Check the health of the deployment or a component using kubectl describe against any Element CRs, in the status. Our documentation describes how to configure ArgoCD to get these information into your Application health.
  • (Enterprise) - Add the possibility to configure S3 for Synapse media storage.
  • (Enterprise) - Add options under Delegated Auth to configure users profiles editing permissions.
  • (Enterprise) Improve support for non-OIDC compliant upstream identity providers with Matrix Authentication Service
  • (Enterprise/Starter) Allow configuration of seLinuxOptions on all workloads
  • (Enterprise) Enable simple configuration of whether Element Web generates sharing links with its own URL or matrix.to
  • (Enterprise) Support GCM/FCM API v1 in Sygnal
  • (Enterprise/Starter) - Configure ansible poll interval to 0.01 to reduce CPU load
  • (Enterprise/Starter) - A couple of speedups have been implemented both in the operator and the installer.
  • (Enterprise/Starter) - We now configure automatically a CPU Limit of each Operator & Updater to be 25% of the machine vCPUs on standalone. The node still needs at least 2 vCPUs to work properly. On Kubernetes deployment, there's no CPU limit. The number of workers will be adapted relatively to the memory available to the operator/updater.

Upgrade Notes

  • (Enterprise/Starter) - Update operator-sdk to v1.34.1
  • (Enterprise) - Update Hookshot to 5.2.1
  • (Enterprise/Starter) - Update SlidingSync to v0.99.15
  • (Enterprise) - Update Synapse to v1.99.0 with CVE-2024-31208 fix
  • (Enterprise/Starter) - Upgrade Element Web to v1.11.64.
  • (Enterprise) - Upgrade Matrix Authentication Service to v0.9.0.
  • (Enterprise) - Update Secure Border Gateway to v1.1.1.
  • (Enterprise) - Upgrade Group Sync to v0.13.6.
  • (Enterprise) Element Call 0.5.16 and LiveKit 1.5.1
  • (Enterprise) Sydent 2.6.1
  • (Enterprise) - Make Jitsi and Element Call STUN configuration consistent with each other to ease the upgrade from 23.10.
  • (Enterprise) - Upgrade Sygnal to v0.14.1.

Security Issues

  • (Enterprise) Upgrade IRC Bridge to 2.0.0 to fix CVE-2024-32000.

Bug Fixes

  • (Enterprise/Starter) - Correctly install apt package python3-venv on recent ubuntu version.
  • (Enterprise) - Fixes to how Admin/Auditbot configs are maintained in the installer.
  • (Enterprise/Starter) - Improve installer one-time login codes security.
  • (Enterprise/Starter) - Mitigate installer log injections via HTTP headers.
  • (Enterprise) - Fix admin console discovery of OIDC to use MSC2956.
  • (Enterprise) - Update Auditbot S3 object name to one that will not clash with other files.
  • (Enterprise) - Fix issues passing in Coturn external-ip and enabling host mode.
  • (Enterprise/Starter) - Fix an issue where Auditbot S3 storage would prune files too early.
  • (Enterprise/Starter) - Fix an issue with Jitsi where it would not be possible to configure the Sync Power Level in the Restrict Widgets to Synapse configuration.
  • (Enterprise) AdminBot and Matrix Authentication Service can now be deployed together
  • (Enterprise) Upgrade Synapse Admin to better support homeservers using SRV delegation
  • (Enterprise) Fix support for APNS notifications in Sygnal going via a HTTP Forward Proxy
  • (Enterprise) Fix configuration of multiple TURN servers in Synapse when manually configuring
  • (Enterprise) Fix Sydent Terms & Conditions having a version that's just a number
  • (Enterprise/Starter) Fix ServiceMonitors being left behind when components are removed
  • (Enterprise) Fix SIP Bridge Services clashing
  • (Enterprise) - Fix a bug which could make airgapped impossible to deploy due to microk8s snap refresh being in error state.
  • (Enterprise) - Fix Synapse bootstrap phase getting stuck due to incompatible registration options.
  • (Enterprise/Starter) - Stop displaying NGINX version on error pages.
  • (Enterprise) - Clarify and improve validation of TURN server configuration section.
  • (Enterprise) - Ignore Adminbot/Auditbot users in IRC admin rooms.
  • (Enterprise) - Fix an issue where configuring Coturn would lead to infinite reconciliation.

Other

  • (Enterprise) - Clean up unused Matrix Authentication Service spa HTTP resource.
  • (Enterprise) Auditbot no longer requires the configuration of a dedicated UI ingress. This is handled by Synapse Admin UI now
  • (Enterprise) - Clarify description of Synapse default room encryption section.