Skip to main content

ESS LTS 24.04 Changelog and Update Notes

24.04.02-gui

Upgrade Notes

  • (Enterprise) Upgrade airgapped microk8s to 1.27.13

Bug Fixes

  • (Enterprise) Fix issue upgrading from 23.10 LTS in an Airgapped environment where images weren't uploaded to the registry anymore
  • (Enterprise) Synapse HTTP proxy settings can now be edited in the installer.
  • (Enterprise/Starter) Media volume name and size can now be configured for standalone cluster deployments.
Enterprise / StarterThe admin app now allows viewing of uploaded media
EnterpriseAdd WhatsApp Bridge support
EnterpriseCheck the health of the deployment or a component using `kubectl describe` against any Element CRs, in the `status`. Our documentation describes how to configure ArgoCD to get these informations into your Application health.
EnterpriseAdd the possiblity to configure S3 for Synapse media storage.
EnterpriseImprove support for non-OIDC compliant upstream identity providers with Matrix Authentication Service,
Enterprise / StarterAllow configuration of seLinuxOptions on all workloads.
EnterpriseEnable simple configuration of whether Element Web generates sharing links with its own URL or matrix.to
EnterpriseWhen using Airgapped deployment, it is now possible to login to the target upload registry in the installer UI.
Enterprise / StarterA couple of speedups have been implemented both in the operator and the installer.
Enterprise / StarterChange deploy order of components to have the core components deployed first by the updater.
Enterprise / StarterThe operator and the updater are now built based on distroless container, to reduce the image size and contents.
EnterpriseAuditbot UI does not need any ingress anymore.
Enterprise / StarterThe installer now contains crictl to allow for local ctr daemon maintenance on microk8s.
EnterpriseReduce required resources for Standalone to 2 vCPU and 3Gb of memory.
Enterprise / StarterReduce postgres in cluster requests to 100Mi.
EnterpriseAdd participant limit field in ElementCall configuration.
Enterprise / StarterAdd support for tolerations and nodeSelectors on workload.
EnterpriseCoturn is now managed by the UI view, by the updater, alongside ElementCall and Jitsi. It is now possible to deploy Coturn on a Kubernetes cluster.
Enterprise / StarterWe now configure automatically a CPU Limit of each Operator & Updater to be 25% of the machine vCPUs on standalone. The node still needs at least 2 vCPUs to work properly. On Kubernetes deployment, there's no CPU limit. The number of workers will be adapted relatively to the memory available to the operator/updater.
Enterprise / StarterUpdate operator-sdk to v1.34.1
EnterpriseUpdate Hookshot to 5.2.1
Enterprise / StarterUpdate ElementWeb to v1.11.64
Enterprise / StarterUpdate SlidingSync to v0.99.15
EnterpriseUpdate Synapse to v1.99.0 with CVE-2024-31208 fix
EnterpriseUpdate Element Call to 0.5.16 and LiveKit to 1.5.1
EnterpriseUpdate Sydent to 2.6.1
EnterpriseCheck the health of the deployment or a component using kubectl describe against any Element CRs, in the status. Our documentation describes how to configure ArgoCD to get these information into your Application health.
EnterpriseAdd the possibility to configure S3 for Synapse media storage.
EnterpriseAdd options under Delegated Auth to configure users profiles editing permissions.
EnterpriseImprove support for non-OIDC compliant upstream identity providers with Matrix Authentication Service
Enterprise / StarterAllow configuration of seLinuxOptions on all workloads
EnterpriseEnable simple configuration of whether Element Web generates sharing links with its own URL or matrix.to
EnterpriseSupport GCM/FCM API v1 in Sygnal
Enterprise / StarterConfigure ansible poll interval to 0.01 to reduce CPU load
Enterprise / StarterA couple of speedups have been implemented both in the operator and the installer.
Enterprise / StarterWe now configure automatically a CPU Limit of each Operator & Updater to be 25% of the machine vCPUs on standalone. The node still needs at least 2 vCPUs to work properly. On Kubernetes deployment, there's no CPU limit. The number of workers will be adapted relatively to the memory available to the operator/updater.
Enterprise / StarterUpdate operator-sdk to v1.34.1
EnterpriseUpdate Hookshot to 5.2.1
Enterprise / StarterUpdate SlidingSync to v0.99.15
EnterpriseUpdate Synapse to v1.99.0 with CVE-2024-31208 fix
Enterprise / StarterUpgrade Element Web to v1.11.64.
EnterpriseUpgrade Matrix Authentication Service to v0.9.0.
EnterpriseUpdate Secure Border Gateway to v1.1.1.
EnterpriseUpgrade Group Sync to v0.13.6.
EnterpriseElement Call 0.5.16 and LiveKit 1.5.1
EnterpriseSydent 2.6.1
EnterpriseMake Jitsi and Element Call STUN configuration consistent with each other to ease the upgrade from 23.10.
EnterpriseUpgrade Sygnal to v0.14.1.
Enterprise / StarterCorrectly install apt package python3-venv on recent ubuntu version.
EnterpriseFixes to how Admin/Auditbot configs are maintained in the installer.
Enterprise / StarterImprove installer one-time login codes security.
Enterprise / StarterMitigate installer log injections via HTTP headers.
EnterpriseFix admin console discovery of OIDC to use MSC2956.
EnterpriseUpdate Auditbot S3 object name to one that will not clash with other files.
EnterpriseFix issues passing in Coturn external-ip and enabling host mode.
Enterprise / StarterFix an issue where Auditbot S3 storage would prune files too early.
Enterprise / StarterFix an issue with Jitsi where it would not be possible to configure the Sync Power Level in the Restrict Widgets to Synapse configuration.
EnterpriseAdminBot and Matrix Authentication Service can now be deployed together
EnterpriseUpgrade Synapse Admin to better support homeservers using SRV delegation
EnterpriseFix support for APNS notifications in Sygnal going via a HTTP Forward Proxy
EnterpriseFix configuration of multiple TURN servers in Synapse when manually configuring
EnterpriseFix Sydent Terms & Conditions having a version that's just a number
Enterprise / StarterFix ServiceMonitors being left behind when components are removed
EnterpriseFix SIP Bridge Services clashing
EnterpriseFix a bug which could make airgapped impossible to deploy due to microk8s snap refresh being in error state.
EnterpriseFix Synapse bootstrap phase getting stuck due to incompatible registration options.
Enterprise / StarterStop displaying NGINX version on error pages.
EnterpriseClarify and improve validation of TURN server configuration section.
EnterpriseIgnore Adminbot/Auditbot users in IRC admin rooms.
EnterpriseFix an issue where configuring Coturn would lead to infinite reconciliation.
EnterpriseClean up unused Matrix Authentication Service spa HTTP resource.
EnterpriseAuditbot no longer requires the configuration of a dedicated UI ingress. This is handled by Synapse Admin UI now
EnterpriseClarify description of Synapse default room encryption section.

24.04.01-gui

Release Summary

23.10.29 LTS to 24.04.01 LTS highlights

This release has focused on making deployments on Kubernetes more reliable. A lot of bugs were fixed, and helm charts have been enhanced to allow to deploy webhooks and CRDs together without the operator and updater.

(LTS) New Features

  • (Enterprise/Starter) The admin app now allows viewing of uploaded media
  • (Enterprise) Add WhatsApp Bridge support
  • (Enterprise) - Check the health of the deployment or a component using kubectl describe against any Element CRs, in the status. Our documentation describes how to configure ArgoCD to get these informations into your Application health.
  • (Enterprise) - Add the possiblity to configure S3 for Synapse media storage.
  • (Enterprise) Improve support for non-OIDC compliant upstream identity providers with Matrix Authentication Service,
  • (Enterprise/Starter) Allow configuration of seLinuxOptions on all workloads.
  • (Enterprise) Enable simple configuration of whether Element Web generates sharing links with its own URL or matrix.to
  • (Enterprise) - When using Airgapped deployment, it is now possible to login to the target upload registry in the installer UI.
  • (Enterprise/Starter) - A couple of speedups have been implemented both in the operator and the installer.
  • (Enterprise/Starter) - Change deploy order of components to have the core components deployed first by the updater.
  • (Enterprise/Starter) - The operator and the updater are now built based on distroless container, to reduce the image size and contents.
  • (Enterprise) - Auditbot UI does not need any ingress anymore.
  • (Enterprise/Starter) - The installer now contains crictl to allow for local ctr daemon maintenance on microk8s.
  • (Enterprise) - Reduce required resources for Standalone to 2 vCPU and 3Gb of memory.
  • (Enterprise/Starter) - Reduce postgres in cluster requests to 100Mi.
  • (Enterprise) - Add participant limit field in ElementCall configuration.
  • (Enterprise/Starter) - Add support for tolerations and nodeSelectors on workload.
  • (Enterprise) - Coturn is now managed by the UI view, by the updater, alongside ElementCall and Jitsi. It is now possible to deploy Coturn on a Kubernetes cluster.
  • (Enterprise/Starter) - We now configure automatically a CPU Limit of each Operator & Updater to be 25% of the machine vCPUs on standalone. The node still needs at least 2 vCPUs to work properly. On Kubernetes deployment, there's no CPU limit. The number of workers will be adapted relatively to the memory available to the operator/updater.

(LTS) Upgrade Notes

  • This new LTS can be upgraded from 23.10 if you want to get the new latest features of ESS.

(LTS) Version Updates

  • (Enterprise/Starter) - Update operator-sdk to v1.34.1
  • (Enterprise) - Update Hookshot to 5.2.1
  • (Enterprise/Starter) - Update ElementWeb to v1.11.64
  • (Enterprise/Starter) - Update SlidingSync to v0.99.15
  • (Enterprise) - Update Synapse to v1.99.0 with CVE-2024-31208 fix
  • (Enterprise) - Update Element Call to 0.5.16 and LiveKit to 1.5.1
  • (Enterprise) - Update Sydent to 2.6.1

(LTS) Synapse security release

This release contains a fix for GHSA-3h7q-rfh9-xm4v / CVE-2024-31208, a high severity Synapse security issue. Upgrading is advised at the soonest possible moment.

Important notes regarding rollback of this release

This release contains an important Synapse security fix with a backwards incompatible change. Please note that simply reverting this ESS release is not possible. Please ensure to have a working backups before upgrading as downgrading is not a possibility from this release.

New Features

  • (Enterprise) - Check the health of the deployment or a component using kubectl describe against any Element CRs, in the status. Our documentation describes how to configure ArgoCD to get these information into your Application health.
  • (Enterprise) - Add the possibility to configure S3 for Synapse media storage.
  • (Enterprise) - Add options under Delegated Auth to configure users profiles editing permissions.
  • (Enterprise) Improve support for non-OIDC compliant upstream identity providers with Matrix Authentication Service
  • (Enterprise/Starter) Allow configuration of seLinuxOptions on all workloads
  • (Enterprise) Enable simple configuration of whether Element Web generates sharing links with its own URL or matrix.to
  • (Enterprise) Support GCM/FCM API v1 in Sygnal
  • (Enterprise/Starter) - Configure ansible poll interval to 0.01 to reduce CPU load
  • (Enterprise/Starter) - A couple of speedups have been implemented both in the operator and the installer.
  • (Enterprise/Starter) - We now configure automatically a CPU Limit of each Operator & Updater to be 25% of the machine vCPUs on standalone. The node still needs at least 2 vCPUs to work properly. On Kubernetes deployment, there's no CPU limit. The number of workers will be adapted relatively to the memory available to the operator/updater.

Upgrade Notes

  • (Enterprise/Starter) - Update operator-sdk to v1.34.1
  • (Enterprise) - Update Hookshot to 5.2.1
  • (Enterprise/Starter) - Update SlidingSync to v0.99.15
  • (Enterprise) - Update Synapse to v1.99.0 with CVE-2024-31208 fix
  • (Enterprise/Starter) - Upgrade Element Web to v1.11.64.
  • (Enterprise) - Upgrade Matrix Authentication Service to v0.9.0.
  • (Enterprise) - Update Secure Border Gateway to v1.1.1.
  • (Enterprise) - Upgrade Group Sync to v0.13.6.
  • (Enterprise) Element Call 0.5.16 and LiveKit 1.5.1
  • (Enterprise) Sydent 2.6.1
  • (Enterprise) - Make Jitsi and Element Call STUN configuration consistent with each other to ease the upgrade from 23.10.
  • (Enterprise) - Upgrade Sygnal to v0.14.1.

Security Issues

  • (Enterprise) Upgrade IRC Bridge to 2.0.0 to fix CVE-2024-32000.

Bug Fixes

  • (Enterprise/Starter) - Correctly install apt package python3-venv on recent ubuntu version.
  • (Enterprise) - Fixes to how Admin/Auditbot configs are maintained in the installer.
  • (Enterprise/Starter) - Improve installer one-time login codes security.
  • (Enterprise/Starter) - Mitigate installer log injections via HTTP headers.
  • (Enterprise) - Fix admin console discovery of OIDC to use MSC2956.
  • (Enterprise) - Update Auditbot S3 object name to one that will not clash with other files.
  • (Enterprise) - Fix issues passing in Coturn external-ip and enabling host mode.
  • (Enterprise/Starter) - Fix an issue where Auditbot S3 storage would prune files too early.
  • (Enterprise/Starter) - Fix an issue with Jitsi where it would not be possible to configure the Sync Power Level in the Restrict Widgets to Synapse configuration.
  • (Enterprise) AdminBot and Matrix Authentication Service can now be deployed together
  • (Enterprise) Upgrade Synapse Admin to better support homeservers using SRV delegation
  • (Enterprise) Fix support for APNS notifications in Sygnal going via a HTTP Forward Proxy
  • (Enterprise) Fix configuration of multiple TURN servers in Synapse when manually configuring
  • (Enterprise) Fix Sydent Terms & Conditions having a version that's just a number
  • (Enterprise/Starter) Fix ServiceMonitors being left behind when components are removed
  • (Enterprise) Fix SIP Bridge Services clashing
  • (Enterprise) - Fix a bug which could make airgapped impossible to deploy due to microk8s snap refresh being in error state.
  • (Enterprise) - Fix Synapse bootstrap phase getting stuck due to incompatible registration options.
  • (Enterprise/Starter) - Stop displaying NGINX version on error pages.
  • (Enterprise) - Clarify and improve validation of TURN server configuration section.
  • (Enterprise) - Ignore Adminbot/Auditbot users in IRC admin rooms.
  • (Enterprise) - Fix an issue where configuring Coturn would lead to infinite reconciliation.

Other

  • (Enterprise) - Clean up unused Matrix Authentication Service spa HTTP resource.
  • (Enterprise) Auditbot no longer requires the configuration of a dedicated UI ingress. This is handled by Synapse Admin UI now
  • (Enterprise) - Clarify description of Synapse default room encryption section.