Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Contains important security updates. Changes in [1.11.36](https://github.com/vector-im/element-web/releases/tag/v1.11.36) (2023-07-18) ================================================================================================= ## 🔒 Security * Fixes for [CVE-2023-37259](https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CVE-2023-37259) / [GHSA-c9vx-2g7w-rp65](GHSA-c9vx-2g7w-rp65) ## 🦖 Deprecations * Deprecate customisations in favour of Module API ([\#25736](element-hq/element-web#25736)). Fixes #25733. ## ✨ Features * OIDC: store initial screen in session storage ([\#25688](element-hq/element-web#25688)). Fixes #25656. Contributed by @kerryarchibald. * Allow default_server_config as a fallback config ([\#25682](element-hq/element-web#25682)). Contributed by @ShadowRZ. * OIDC: remove auth params from url after login attempt ([\#25664](element-hq/element-web#25664)). Contributed by @kerryarchibald. * feat(faq): remove keyboard shortcuts button ([\#9342](matrix-org/matrix-react-sdk#9342)). Fixes #22625. Contributed by @gefgu. * GYU: Update banner ([\#11211](matrix-org/matrix-react-sdk#11211)). Fixes #25530. Contributed by @justjanne. * Linkify mxc:// URLs as links to your media repo ([\#11213](matrix-org/matrix-react-sdk#11213)). Fixes #6942. * OIDC: Log in ([\#11199](matrix-org/matrix-react-sdk#11199)). Fixes #25657. Contributed by @kerryarchibald. * Handle all permitted url schemes in linkify ([\#11215](matrix-org/matrix-react-sdk#11215)). Fixes #4457 and #8720. * Autoapprove Element Call oidc requests ([\#11209](matrix-org/matrix-react-sdk#11209)). Contributed by @toger5. * Allow creating knock rooms ([\#11182](matrix-org/matrix-react-sdk#11182)). Contributed by @charlynguyen. * Expose and pre-populate thread ID in devtools dialog ([\#10953](matrix-org/matrix-react-sdk#10953)). * Hide URL preview if it will be empty ([\#9029](matrix-org/matrix-react-sdk#9029)). * Change wording from avatar to profile picture ([\#7015](matrix-org/matrix-react-sdk#7015)). Fixes element-hq/element-meta#1331. Contributed by @aaronraimist. * Quick and dirty devtool to explore state history ([\#11197](matrix-org/matrix-react-sdk#11197)). * Consider more user inputs when calculating zxcvbn score ([\#11180](matrix-org/matrix-react-sdk#11180)). * GYU: Account Notification Settings ([\#11008](matrix-org/matrix-react-sdk#11008)). Fixes #24567. Contributed by @justjanne. * Compound Typography pass ([\#11103](matrix-org/matrix-react-sdk#11103)). Fixes #25548. * OIDC: navigate to authorization endpoint ([\#11096](matrix-org/matrix-react-sdk#11096)). Fixes #25574. Contributed by @kerryarchibald. ## 🐛 Bug Fixes * Fix read receipt sending behaviour around thread roots ([\#3600](matrix-org/matrix-js-sdk#3600)). * Fix missing metaspace notification badges ([\#11269](matrix-org/matrix-react-sdk#11269)). Fixes #25679. * Make checkboxes less rounded ([\#11224](matrix-org/matrix-react-sdk#11224)). Contributed by @andybalaam. * GYU: Fix issues with audible keywords without activated mentions ([\#11218](matrix-org/matrix-react-sdk#11218)). Contributed by @justjanne. * PosthogAnalytics unwatch settings on logout ([\#11207](matrix-org/matrix-react-sdk#11207)). Fixes #25703. * Avoid trying to set room account data for pinned events as guest ([\#11216](matrix-org/matrix-react-sdk#11216)). Fixes #6300. * GYU: Disable sound for DMs checkbox when DM notifications are disabled ([\#11210](matrix-org/matrix-react-sdk#11210)). Contributed by @justjanne. * force to allow calls without video and audio in embedded mode ([\#11131](matrix-org/matrix-react-sdk#11131)). Contributed by @EnricoSchw. * Fix room tile text clipping ([\#11196](matrix-org/matrix-react-sdk#11196)). Fixes #25718. * Handle newlines in user pills ([\#11166](matrix-org/matrix-react-sdk#11166)). Fixes #10994. * Limit width of user menu in space panel ([\#11192](matrix-org/matrix-react-sdk#11192)). Fixes #22627. * Add isLocation to ComposerEvent analytics events ([\#11187](matrix-org/matrix-react-sdk#11187)). Contributed by @andybalaam. * Fix: hide unsupported login elements ([\#11185](matrix-org/matrix-react-sdk#11185)). Fixes #25711. Contributed by @kerryarchibald. * Scope smaller font size to user info panel ([\#11178](matrix-org/matrix-react-sdk#11178)). Fixes #25683. * Apply i18n to strings in the html export ([\#11176](matrix-org/matrix-react-sdk#11176)). * Inhibit url previews on MXIDs containing slashes same as those without ([\#11160](matrix-org/matrix-react-sdk#11160)). * Make event info size consistent with state events ([\#11181](matrix-org/matrix-react-sdk#11181)). * Fix markdown content spacing ([\#11177](matrix-org/matrix-react-sdk#11177)). Fixes #25685. * Fix font-family definition for emojis ([\#11170](matrix-org/matrix-react-sdk#11170)). Fixes #25686. * Fix spurious error sending receipt in thread errors ([\#11157](matrix-org/matrix-react-sdk#11157)). * Consider the empty push rule actions array equiv to deprecated dont_notify ([\#11155](matrix-org/matrix-react-sdk#11155)). Fixes #25674. * Only trap escape key for cancel reply if there is a reply ([\#11140](matrix-org/matrix-react-sdk#11140)). Fixes #25640. * Update linkify to 4.1.1 ([\#11132](matrix-org/matrix-react-sdk#11132)). Fixes #23806. Changes in [1.11.35](https://github.com/vector-im/element-web/releases/tag/v1.11.35) (2023-07-04) ================================================================================================= ## 🦖 Deprecations * Remove `feature_favourite_messages` as it is has been abandoned for now ([\#11097](matrix-org/matrix-react-sdk#11097)). Fixes #25555. ## ✨ Features * Don't setup keys on login when encryption is force disabled ([\#11125](matrix-org/matrix-react-sdk#11125)). Contributed by @kerryarchibald. * OIDC: attempt dynamic client registration ([\#11074](matrix-org/matrix-react-sdk#11074)). Fixes #25468 and #25467. Contributed by @kerryarchibald. * OIDC: Check static client registration and add login flow ([\#11088](matrix-org/matrix-react-sdk#11088)). Fixes #25467. Contributed by @kerryarchibald. * Improve message body output from plain text editor ([\#11124](matrix-org/matrix-react-sdk#11124)). Contributed by @alunturner. * Disable encryption toggle in room settings when force disabled ([\#11122](matrix-org/matrix-react-sdk#11122)). Contributed by @kerryarchibald. * Add .well-known config option to force disable encryption on room creation ([\#11120](matrix-org/matrix-react-sdk#11120)). Contributed by @kerryarchibald. * Handle permalinks in room topic ([\#11115](matrix-org/matrix-react-sdk#11115)). Fixes #23395. * Add at room avatar for RTE ([\#11106](matrix-org/matrix-react-sdk#11106)). Contributed by @alunturner. * Remove new room breadcrumbs ([\#11104](matrix-org/matrix-react-sdk#11104)). * Update rich text editor dependency and associated changes ([\#11098](matrix-org/matrix-react-sdk#11098)). Contributed by @alunturner. * Implement new model, hooks and reconcilation code for new GYU notification settings ([\#11089](matrix-org/matrix-react-sdk#11089)). Contributed by @justjanne. * Allow maintaining a different right panel width for thread panels ([\#11064](matrix-org/matrix-react-sdk#11064)). Fixes #25487. * Make AppPermission pane scrollable ([\#10954](matrix-org/matrix-react-sdk#10954)). Fixes #25438 and #25511. Contributed by @luixxiul. * Integrate compound design tokens ([\#11091](matrix-org/matrix-react-sdk#11091)). Fixes vector-im/internal-planning#450. * Don't warn about the effects of redacting state events when redacting non-state-events ([\#11071](matrix-org/matrix-react-sdk#11071)). Fixes #8478. * Allow specifying help URLs in config.json ([\#11070](matrix-org/matrix-react-sdk#11070)). Fixes #15268. ## 🐛 Bug Fixes * Fix error when generating error for polling for updates ([\#25609](element-hq/element-web#25609)). * Fix spurious notifications on non-live events ([\#11133](matrix-org/matrix-react-sdk#11133)). Fixes #24336. * Prevent auto-translation within composer ([\#11114](matrix-org/matrix-react-sdk#11114)). Fixes #25624. * Fix caret jump when backspacing into empty line at beginning of editor ([\#11128](matrix-org/matrix-react-sdk#11128)). Fixes #22335. * Fix server picker not allowing you to switch from custom to default ([\#11127](matrix-org/matrix-react-sdk#11127)). Fixes #25650. * Consider the unthreaded read receipt for Unread dot state ([\#11117](matrix-org/matrix-react-sdk#11117)). Fixes #24229. * Increase RTE resilience ([\#11111](matrix-org/matrix-react-sdk#11111)). Fixes #25277. Contributed by @alunturner. * Fix RoomView ignoring alias lookup errors due to them not knowing the roomId ([\#11099](matrix-org/matrix-react-sdk#11099)). Fixes #24783 and #25562. * Fix style inconsistencies on SecureBackupPanel ([\#11102](matrix-org/matrix-react-sdk#11102)). Fixes #25615. Contributed by @luixxiul. * Remove unknown MXIDs from invite suggestions ([\#11055](matrix-org/matrix-react-sdk#11055)). Fixes #25446. * Reduce volume of ring sounds to normalised levels ([\#9143](matrix-org/matrix-react-sdk#9143)). Contributed by @JMoVS. * Fix slash commands not being enabled in certain cases ([\#11090](matrix-org/matrix-react-sdk#11090)). Fixes #25572. * Prevent escape in threads from sending focus to main timeline composer ([\#11061](matrix-org/matrix-react-sdk#11061)). Fixes #23397.
- Loading branch information