ESS LTS 24.04 Change Logs and Upgrade Notes
LTS 24.04 Changelogs and important Update Notes, always check here before upgrading!
Upgrade Notes for the 24.04 LTS
If you are planning on upgrading to the LTS we always recommend upgrading to the latest LTS patch version, however you should be aware of all significant upgrade notes from each prior patch version. They have been collated for convenience below, you can find the full changelogs of each release there after.
24.04.05-gui | Major Change: The standalone installer now upgrades microk8s gracefully automatically. The microk8s upgrade procedure does not anymore involve a uninstall/reinstall of microk8s. It now will automatically upgrade microk8s to the expected version, and the flag --upgrade-cluster has been removed.Any customization to CNI Configuration in /var/snap/microk8s/current/args/cni-network/cni.yaml will have to be reconfigured. During the upgrade, microk8s will restart, and addons will be disabled to force an upgrade. It can induce a small downtime of a couple of minutes. |
24.04.04-gui | No Important Upgrade Notes |
24.04.03-gui | No Important Upgrade Notes |
24.04.02-gui | No Important Upgrade Notes |
24.04.01-gui | This release contains an important Synapse security fix with a backwards incompatible change. Please note that simply reverting this ESS release is not possible. Please ensure to have a working backups before upgrading as downgrading is not a possibility from this |
24.04.05-gui
New Features
Enterprise / Starter | Major Change: The standalone installer now upgrades microk8s gracefully automatically. The microk8s upgrade procedure does not anymore involve a uninstall/reinstall of microk8s. It now will automatically upgrade microk8s to the expected version, and the flag --upgrade-cluster has been removed.Any customization to CNI Configuration in /var/snap/microk8s/current/args/cni-network/cni.yaml will have to be reconfigured. During the upgrade, microk8s will restart, and addons will be disabled to force an upgrade. It can induce a small downtime of a couple of minutes. |
Enterprise | Status watchers are now golang containers. Resources used by the operator and updater are now reduced. |
Upgrade Notes
Enterprise | Upgrade Telegram bridge to 0.15.1-mod-1 |
Enterprise | Upgrade WhatsApp bridge to 0.10.7-mod-1 |
Bug Fixes
Enterprise / Starter | Fix haproxy failing on ipv4-only nodes. |
Enterprise | Fix inconsistent behaviour when switching between S3/Persistent volume option under media tab. |
Enterprise / Starter | Fix watchers to avoid triggering unneeded reconciliation loops |
Enterprise | GroupSync - Fix issue when LDAP identities contain commas in their names. |
Enterprise / Starter | Fix cert-manager upgrade failing to remove old resources. |
Enterprise | Fix media screen on standalone setup. |
Enterprise / Starter | Remove --upgrade-cluster parameter as microk8s is now upgraded gracefully. |
Enterprise / Starter | Fix operator and updater having permissions issues under Openshift |
Enterprise / Starter | Fix Jitsi JVB fails to get ready when STUN servers list is empty and Coturn is not deployed. |
Enterprise / Starter | The installer does not flake anymore between bootstrap and installer view when the kubernetes cluster is not reachable intermittently. |
Enterprise | Configuring monitoring stack persistent volumes properly in microk8s requires to recreate their statefulsets. |
Enterprise | Fix an ansible error when installing the telemetry script on the local host when user GID != UID. |
Enterprise | Fix missing storage class on some Monitoring PVCs. |
24.04.04-gui
Bug Fixes
Enterprise / Starter | Improve robustness of adding custom well-known delegation configuration |
Enterprise / Starter | Fix missing media tab in the Admin Console when using microk8s. |
Enterprise | Fix Enable DM Admin not being respected for Adminbot |
Enterprise / Starter | Fix failure regenerating installer authentication links. |
24.04.03-gui
New Features
Enterprise | Improve GroupSync performance with large member lists |
Enterprise | Add Azure Blob Storage support to Auditbot |
Enterprise | Config GroupSync memory usage based on resource limits/requests |
Upgrade Notes
Enterprise / Starter | Upgrade Element Web to 1.11.66 |
Bug Fixes
Enterprise | Improve reliability of Synapse user provisioning |
Enterprise | Improve Jitsi timezone validation |
Enterprise / Starter | Improve Postgres shutdown behaviour when using the ESS Postgreses in cluster |
24.04.02-gui
Upgrade Notes
Enterprise | Upgrade airgapped microk8s to 1.27.13 |
Bug Fixes
Enterprise | Fix issue upgrading from 23.10 LTS in an Airgapped environment where images weren't uploaded to the registry anymore |
Enterprise | Synapse HTTP proxy settings can now be edited in the installer. |
Enterprise / Starter | Media volume name and size can now be configured for standalone cluster deployments. |
24.04.01-gui
Release Summary
23.10.29 LTS to 24.04.01 LTS highlights
This release has focused on making deployments on Kubernetes more reliable. A lot of bugs were fixed, and helm charts have been enhanced to allow to deploy webhooks and CRDs together without the operator and updater.
LTS New Features
Enterprise / Starter | The admin app now allows viewing of uploaded media |
Enterprise | Add WhatsApp Bridge support |
Enterprise | Check the health of the deployment or a component using kubectl describe against any Element CRs, in the status . Our documentation describes how to configure ArgoCD to get these informations into your Application health. |
Enterprise | Add the possiblity to configure S3 for Synapse media storage. |
Enterprise | Improve support for non-OIDC compliant upstream identity providers with Matrix Authentication Service, |
Enterprise / Starter | Allow configuration of seLinuxOptions on all workloads. |
Enterprise | Enable simple configuration of whether Element Web generates sharing links with its own URL or matrix.to |
Enterprise | When using Airgapped deployment, it is now possible to login to the target upload registry in the installer UI. |
Enterprise / Starter | A couple of speedups have been implemented both in the operator and the installer. |
Enterprise / Starter | Change deploy order of components to have the core components deployed first by the updater. |
Enterprise / Starter | The operator and the updater are now built based on distroless container, to reduce the image size and contents. |
Enterprise | Auditbot UI does not need any ingress anymore. |
Enterprise / Starter | The installer now contains crictl to allow for local ctr daemon maintenance on microk8s. |
Enterprise | Reduce required resources for Standalone to 2 vCPU and 3Gb of memory. |
Enterprise / Starter | Reduce postgres in cluster requests to 100Mi. |
Enterprise | Add participant limit field in ElementCall configuration. |
Enterprise / Starter | Add support for tolerations and nodeSelectors on workload. |
Enterprise | Coturn is now managed by the UI view, by the updater, alongside ElementCall and Jitsi. It is now possible to deploy Coturn on a Kubernetes cluster. |
Enterprise / Starter | We now configure automatically a CPU Limit of each Operator & Updater to be 25% of the machine vCPUs on standalone. The node still needs at least 2 vCPUs to work properly. On Kubernetes deployment, there's no CPU limit. The number of workers will be adapted relatively to the memory available to the operator/updater. |
LTS Upgrade Notes
This new LTS can be upgraded from 23.10 if you want to get the new latest features of ESS.
LTS Version Updates
Enterprise / Starter | Update operator-sdk to v1.34.1 |
Enterprise | Update Hookshot to 5.2.1 |
Enterprise / Starter | Update ElementWeb to v1.11.64 |
Enterprise / Starter | Update SlidingSync to v0.99.15 |
Enterprise | Update Synapse to v1.99.0 with CVE-2024-31208 fix |
Enterprise | Update Element Call to 0.5.16 and LiveKit to 1.5.1 |
Enterprise | Update Sydent to 2.6.1 |
LTS Synapse security release
This release contains a fix for GHSA-3h7q-rfh9-xm4v / CVE-2024-31208, a high severity Synapse security issue. Upgrading is advised at the soonest possible moment.
Important notes regarding rollback of this release
This release contains an important Synapse security fix with a backwards incompatible change. Please note that simply reverting this ESS release is not possible.
Please ensure to have a working backups before upgrading as downgrading is not a possibility from this release.
New Features
Enterprise | Check the health of the deployment or a component using kubectl describe against any Element CRs, in the status. Our documentation describes how to configure ArgoCD to get these information into your Application health. |
Enterprise | Add the possibility to configure S3 for Synapse media storage. |
Enterprise | Add options under Delegated Auth to configure users profiles editing permissions. |
Enterprise | Improve support for non-OIDC compliant upstream identity providers with Matrix Authentication Service |
Enterprise / Starter | Allow configuration of seLinuxOptions on all workloads |
Enterprise | Enable simple configuration of whether Element Web generates sharing links with its own URL or matrix.to |
Enterprise | Support GCM/FCM API v1 in Sygnal |
Enterprise / Starter | Configure ansible poll interval to 0.01 to reduce CPU load |
Enterprise / Starter | A couple of speedups have been implemented both in the operator and the installer. |
Enterprise / Starter | We now configure automatically a CPU Limit of each Operator & Updater to be 25% of the machine vCPUs on standalone. The node still needs at least 2 vCPUs to work properly. On Kubernetes deployment, there's no CPU limit. The number of workers will be adapted relatively to the memory available to the operator/updater. |
Upgrade Notes
Enterprise / Starter | Update operator-sdk to v1.34.1 |
Enterprise | Update Hookshot to 5.2.1 |
Enterprise / Starter | Update SlidingSync to v0.99.15 |
Enterprise | Update Synapse to v1.99.0 with CVE-2024-31208 fix |
Enterprise / Starter | Upgrade Element Web to v1.11.64. |
Enterprise | Upgrade Matrix Authentication Service to v0.9.0. |
Enterprise | Update Secure Border Gateway to v1.1.1. |
Enterprise | Upgrade Group Sync to v0.13.6. |
Enterprise | Element Call 0.5.16 and LiveKit 1.5.1 |
Enterprise | Sydent 2.6.1 |
Enterprise | Make Jitsi and Element Call STUN configuration consistent with each other to ease the upgrade from 23.10. |
Enterprise | Upgrade Sygnal to v0.14.1. |
Security Issues
Enterprise | Upgrade IRC Bridge to 2.0.0 to fix CVE-2024-32000. |
Bug Fixes
Enterprise / Starter | Correctly install apt package python3-venv on recent ubuntu version. |
Enterprise | Fixes to how Admin/Auditbot configs are maintained in the installer. |
Enterprise / Starter | Improve installer one-time login codes security. |
Enterprise / Starter | Mitigate installer log injections via HTTP headers. |
Enterprise | Fix admin console discovery of OIDC to use MSC2956. |
Enterprise | Update Auditbot S3 object name to one that will not clash with other files. |
Enterprise | Fix issues passing in Coturn external-ip and enabling host mode. |
Enterprise / Starter | Fix an issue where Auditbot S3 storage would prune files too early. |
Enterprise / Starter | Fix an issue with Jitsi where it would not be possible to configure the Sync Power Level in the Restrict Widgets to Synapse configuration. |
Enterprise | AdminBot and Matrix Authentication Service can now be deployed together |
Enterprise | Upgrade Synapse Admin to better support homeservers using SRV delegation |
Enterprise | Fix support for APNS notifications in Sygnal going via a HTTP Forward Proxy |
Enterprise | Fix configuration of multiple TURN servers in Synapse when manually configuring |
Enterprise | Fix Sydent Terms & Conditions having a version that's just a number |
Enterprise / Starter | Fix ServiceMonitors being left behind when components are removed |
Enterprise | Fix SIP Bridge Services clashing |
Enterprise | Fix a bug which could make airgapped impossible to deploy due to microk8s snap refresh being in error state. |
Enterprise | Fix Synapse bootstrap phase getting stuck due to incompatible registration options. |
Enterprise / Starter | Stop displaying NGINX version on error pages. |
Enterprise | Clarify and improve validation of TURN server configuration section. |
Enterprise | Ignore Adminbot/Auditbot users in IRC admin rooms. |
Enterprise | Fix an issue where configuring Coturn would lead to infinite reconciliation. |
Other
Enterprise | Clean up unused Matrix Authentication Service spa HTTP resource. |
Enterprise | Auditbot no longer requires the configuration of a dedicated UI ingress. This is handled by Synapse Admin UI now |
Enterprise | Clarify description of Synapse default room encryption section. |