ESS LTS 24.04 Changelog and Update Notes
24.04.03-gui
New Features
Enterprise | Improve GroupSync performance with large member lists |
Enterprise | Add Azure Blob Storage support to Auditbot |
Enterprise | Config GroupSync memory usage based on resource limits/requests |
Upgrade Notes
Enterprise / Starter | Upgrade Element Web to 1.11.66 |
Bug Fixes
Enterprise | Improve reliability of Synapse user provisioning |
Enterprise | Improve Jitsi timezone validation |
Enterprise / Starter | Improve Postgres shutdown behaviour when using the ESS Postgreses in cluster |
24.04.02-gui
Upgrade Notes
Enterprise | Upgrade airgapped microk8s to 1.27.13 |
Bug Fixes
Enterprise | Fix issue upgrading from 23.10 LTS in an Airgapped environment where images weren't uploaded to the registry anymore |
Enterprise | Synapse HTTP proxy settings can now be edited in the installer. |
Enterprise / Starter | Media volume name and size can now be configured for standalone cluster deployments. |
24.04.01-gui
Release Summary
23.10.29 LTS to 24.04.01 LTS highlights
This release has focused on making deployments on Kubernetes more reliable. A lot of bugs were fixed, and helm charts have been enhanced to allow to deploy webhooks and CRDs together without the operator and updater.
(LTS)LTS New Features
Enterprise / Starter | The admin app now allows viewing of uploaded media |
Enterprise | Add WhatsApp Bridge support |
Enterprise | Check the health of the deployment or a component using `kubectl describe` against any Element CRs, in the `status`. Our documentation describes how to configure ArgoCD to get these informations into your Application health. |
Enterprise | Add the possiblity to configure S3 for Synapse media storage. |
Enterprise | Improve support for non-OIDC compliant upstream identity providers with Matrix Authentication Service, |
Enterprise / Starter | Allow configuration of seLinuxOptions on all workloads. |
Enterprise | Enable simple configuration of whether Element Web generates sharing links with its own URL or matrix.to |
Enterprise | When using Airgapped deployment, it is now possible to login to the target upload registry in the installer UI. |
Enterprise / Starter | A couple of speedups have been implemented both in the operator and the installer. |
Enterprise / Starter | Change deploy order of components to have the core components deployed first by the updater. |
Enterprise / Starter | The operator and the updater are now built based on distroless container, to reduce the image size and contents. |
Enterprise | Auditbot UI does not need any ingress anymore. |
Enterprise / Starter | The installer now contains crictl to allow for local ctr daemon maintenance on microk8s. |
Enterprise | Reduce required resources for Standalone to 2 vCPU and 3Gb of memory. |
Enterprise / Starter | Reduce postgres in cluster requests to 100Mi. |
Enterprise | Add participant limit field in ElementCall configuration. |
Enterprise / Starter | Add support for tolerations and nodeSelectors on workload. |
Enterprise | Coturn is now managed by the UI view, by the updater, alongside ElementCall and Jitsi. It is now possible to deploy Coturn on a Kubernetes cluster. |
Enterprise / Starter | We now configure automatically a CPU Limit of each Operator & Updater to be 25% of the machine vCPUs on standalone. The node still needs at least 2 vCPUs to work properly. On Kubernetes deployment, there's no CPU limit. The number of workers will be adapted relatively to the memory available to the operator/updater. |
(LTS)LTS Upgrade Notes
This new LTS can be upgraded from 23.10 if you want to get the new latest features of ESS.
(LTS)LTS Version Updates
Enterprise / Starter | Update operator-sdk to v1.34.1 |
Enterprise | Update Hookshot to 5.2.1 |
Enterprise / Starter | Update ElementWeb to v1.11.64 |
Enterprise / Starter | Update SlidingSync to v0.99.15 |
Enterprise | Update Synapse to v1.99.0 with CVE-2024-31208 fix |
Enterprise | Update Element Call to 0.5.16 and LiveKit to 1.5.1 |
Enterprise | Update Sydent to 2.6.1 |
(LTS)LTS Synapse security release
This release contains a fix for GHSA-3h7q-rfh9-xm4v / CVE-2024-31208, a high severity Synapse security issue. Upgrading is advised at the soonest possible moment.
Important notes regarding rollback of this release
This release contains an important Synapse security fix with a backwards incompatible change. Please note that simply reverting this ESS release is not possible.
Please ensure to have a working backups before upgrading as downgrading is not a possibility from this release.
New Features
Enterprise | Check the health of the deployment or a component using kubectl describe against any Element CRs, in the status. Our documentation describes how to configure ArgoCD to get these information into your Application health. |
Enterprise | Add the possibility to configure S3 for Synapse media storage. |
Enterprise | Add options under Delegated Auth to configure users profiles editing permissions. |
Enterprise | Improve support for non-OIDC compliant upstream identity providers with Matrix Authentication Service |
Enterprise / Starter | Allow configuration of seLinuxOptions on all workloads |
Enterprise | Enable simple configuration of whether Element Web generates sharing links with its own URL or matrix.to |
Enterprise | Support GCM/FCM API v1 in Sygnal |
Enterprise / Starter | Configure ansible poll interval to 0.01 to reduce CPU load |
Enterprise / Starter | A couple of speedups have been implemented both in the operator and the installer. |
Enterprise / Starter | We now configure automatically a CPU Limit of each Operator & Updater to be 25% of the machine vCPUs on standalone. The node still needs at least 2 vCPUs to work properly. On Kubernetes deployment, there's no CPU limit. The number of workers will be adapted relatively to the memory available to the operator/updater. |
Upgrade Notes
Enterprise / Starter | Update operator-sdk to v1.34.1 |
Enterprise | Update Hookshot to 5.2.1 |
Enterprise / Starter | Update SlidingSync to v0.99.15 |
Enterprise | Update Synapse to v1.99.0 with CVE-2024-31208 fix |
Enterprise / Starter | Upgrade Element Web to v1.11.64. |
Enterprise | Upgrade Matrix Authentication Service to v0.9.0. |
Enterprise | Update Secure Border Gateway to v1.1.1. |
Enterprise | Upgrade Group Sync to v0.13.6. |
Enterprise | Element Call 0.5.16 and LiveKit 1.5.1 |
Enterprise | Sydent 2.6.1 |
Enterprise | Make Jitsi and Element Call STUN configuration consistent with each other to ease the upgrade from 23.10. |
Enterprise | Upgrade Sygnal to v0.14.1. |
Security Issues
Enterprise | Upgrade IRC Bridge to 2.0.0 to fix CVE-2024-32000. |
Bug Fixes
Enterprise / Starter | Correctly install apt package python3-venv on recent ubuntu version. |
Enterprise | Fixes to how Admin/Auditbot configs are maintained in the installer. |
Enterprise / Starter | Improve installer one-time login codes security. |
Enterprise / Starter | Mitigate installer log injections via HTTP headers. |
Enterprise | Fix admin console discovery of OIDC to use MSC2956. |
Enterprise | Update Auditbot S3 object name to one that will not clash with other files. |
Enterprise | Fix issues passing in Coturn external-ip and enabling host mode. |
Enterprise / Starter | Fix an issue where Auditbot S3 storage would prune files too early. |
Enterprise / Starter | Fix an issue with Jitsi where it would not be possible to configure the Sync Power Level in the Restrict Widgets to Synapse configuration. |
Enterprise | AdminBot and Matrix Authentication Service can now be deployed together |
Enterprise | Upgrade Synapse Admin to better support homeservers using SRV delegation |
Enterprise | Fix support for APNS notifications in Sygnal going via a HTTP Forward Proxy |
Enterprise | Fix configuration of multiple TURN servers in Synapse when manually configuring |
Enterprise | Fix Sydent Terms & Conditions having a version that's just a number |
Enterprise / Starter | Fix ServiceMonitors being left behind when components are removed |
Enterprise | Fix SIP Bridge Services clashing |
Enterprise | Fix a bug which could make airgapped impossible to deploy due to microk8s snap refresh being in error state. |
Enterprise | Fix Synapse bootstrap phase getting stuck due to incompatible registration options. |
Enterprise / Starter | Stop displaying NGINX version on error pages. |
Enterprise | Clarify and improve validation of TURN server configuration section. |
Enterprise | Ignore Adminbot/Auditbot users in IRC admin rooms. |
Enterprise | Fix an issue where configuring Coturn would lead to infinite reconciliation. |
Other
Enterprise | Clean up unused Matrix Authentication Service spa HTTP resource. |
Enterprise | Auditbot no longer requires the configuration of a dedicated UI ingress. This is handled by Synapse Admin UI now |
Enterprise | Clarify description of Synapse default room encryption section. |