v1.3.7

Added

• A new global config option, repo.freezeUnauthenticatedMedia, is supported to enact the unauthenticated media freeze early. See config.sample.yaml for details.

Changed

• The default leaky bucket capacity has changed from 300mb to 500mb, allowing for more downloads to go through. The drain rate and overflow limit are unchanged (5mb/minute and 100mb respectively).

v1.3.6

Fixed

• Ensure a boundary is set on federation downloads, allowing the download to work.

v1.3.5

Added

• New datastore option to ignore Redis cache when downloading media served by a publicBaseUrl. This can help ensure more requests get redirected to the CDN.
• HEAD /download is now supported, as per MSC4120.
• S3 datastores can now specify a prefixLength to improve S3 performance on some providers. See config.sample.yaml for details.
• Add multipartUploads flag for running MMR against unsupported S3 providers. See config.sample.yaml for details.
• A new "leaky bucket" rate limit algorithm has been applied to downloads. See rateLimit.buckets in config.sample.yaml for details.
• Add support for MSC3916: Authentication for media.
  • To enable full support, use signingKeyPath in your config. See config.sample.yaml for details.
  • Server operators should point /_matrix/client/v1/media/* and /_matrix/federation/v1/media/* at MMR.

Changed

• The leaky bucket rate limiting introduced above is turned on by default. Administrators are encouraged to review the default settings and adjust as needed.

Fixed

• Metrics for redirected and HTML requests are tracked.
• Fixed more issues relating to non-dimensional media being thumbnailed (invalid image size: 0x0 errors).
• Long-running purge requests no longer fail when the requesting client times out. They are continued in the background.
• Purging old media has been fixed to actually identify old media.
• JPEG thumbnails will now use sensible extensions.
• Fixed directory permissions when exporting MMR to Synapse.
• In some rare cases, memory usage may have leaked due to thumbnail error handling. This has been fixed.
• Synapse signing keys with blank lines can now be decoded/combined with other keys.

v1.3.4

Added

• Dendrite homeservers can now have their media imported safely, and adminApiKind may be set to dendrite.
• Exporting MMR's data to Synapse is now possible with import_to_synapse. To use it, first run gdpr_export or similar.
• Errors encountered during a background task, such as an API-induced export, are exposed as error_message in the admin API.
• MMR will follow redirects on federated downloads up to 5 hops.
• S3-backed datastores can have download requests redirected to a public-facing CDN rather than being proxied through MMR. See publicBaseUrl under the S3 datastore config.

Changed

• Exports now use an internal timeout of 10 minutes instead of 1 minute when downloading files. This may still result in errors if downloading from S3 takes too long.
• MMR now requires Go 1.21 for compilation.
• ARM-supported Docker images are now available through GHCR.
  • The Docker Hub (docker.io) builds are deprecated and will not receive updates starting with v1.4.0
  • Docker Hub images are not guaranteed to have ARM compatibility.
• The latest Docker tag on both Docker Hub and GHCR now points to the latest release instead of the unstable development build.

Fixed

• Exports created with s3_urls now contain valid URLs.
• Exports no longer fail with "The requested range is not satisfiable".
• Exports no longer fail with "index out of range [0] with length 0".
• Requests requiring authentication, but lack a provided access token, will return HTTP 401 instead of HTTP 500 now.
• Downloads when using a self-hosted MinIO instance are no longer slower than expected.
• The DELETE /_matrix/media/unstable/admin/export/:exportId endpoint has been reinstated as described.
• If a server's downloads.maxSize is greater than the uploads.maxSize, remote media is no longer cut off at uploads.maxSize. The media will instead be downloaded at downloads.maxSize and error if greater.
• Content-Type on /download and /thumbnail is now brought in line with MSC2701.

v1.3.3

Fixed

• Improved handling when encountering an error attempting to populate Redis during uploads.
• Fixed Range requests failing by default by internally setting a default chunk size of 10mb.
• Stop logging "no exif data".
• Fixed admin API requests not working when authenticating as the shared secret user.

Changed

• Updated dependencies. Manually compiled deployments may need to recompile libheif as well.

v1.3.2

Fixed

• Fixed thumbnail generation causing thumbnails_index errors in some circumstances.

v1.3.1

From v1.3.0

• Mandatory configuration change: Please see docs.t2bot.io for details.
• Fix improper usage of Content-Disposition: inline and related Content-Type safety (CVE-2023-41318, GHSA-5crw-6j7v-xc72).

Fixed

• Fixed media purge API not being able to delete thumbnails.
• Fixed thumbnails being attempted for disabled media types.
• Fixed SVG and other non-dimensional media failing to be usefully thumbnailed in some cases.

v1.3.0

Mandatory Configuration Change

Please see docs.t2bot.io for details.

Security Fixes

• Fix improper usage of Content-Disposition: inline and related Content-Type safety (CVE-2023-41318, GHSA-5crw-6j7v-xc72).

Deprecations

• The GET /_matrix/media/unstable/local_copy/:server/:mediaId (and unstable/io.t2bot.media variant) endpoint is deprecated and scheduled for removal. If you are using this endpoint, please comment on this issue to explain your use case.

Added

• Added a federation.ignoredHosts config option to block media from individual homeservers.
• Support for MSC2246 (async uploads) is added, with per-user quota limiting options.
• Support for MSC4034 (self-serve usage information) is added, alongside a new "maximum file count" quota limit.
• The GET /_synapse/admin/v1/statistics/users/media endpoint from Synapse is now supported at the same path for local server admins.
• Thumbnailing support for:
  • BMP images.
  • TIFF images.
  • HEIC images.
• New metrics:
  • HTTP response times.
  • Age of downloaded/accessed media.
• Support for PGO builds has been enabled via pgo-fleet.

Removed

• IPFS support has been removed due to maintenance burden.
• Exports initiated through the admin API no longer support ?include_data=false. Exports will always contain data.
• Server-side blurhash calculation has been removed. Clients and bridges already calculate blurhashes locally where applicable.

Changed

• Mandatory configuration change: You must add datastore IDs to your datastore configuration, as matrix-media-repo will no longer manage datastores for you.
• If compiling matrix-media-repo, note that new external dependencies are required. See the docs.
  • Docker images already contain these dependencies.
• Datastores no longer use the enabled flag set on them. Use forKinds: [] instead to disable a datastore's usage.
• Per-user upload quotas now do not allow users to exceed the maximum values, even by 1 byte. Previously, users could exceed the limits by a little bit.
• Updated to Go 1.19, then Go 1.20 in the same release cycle.
• New CGO dependencies are required. See docs.t2bot.io for details.
• Logs are now less noisy by default.
• Connected homeservers must support at least Matrix 1.1 on the Client-Server API. Servers over federation are not affected.
• The example Grafana dashboard has been updated.

Fixed

• URL previews now follow redirects properly.
• Overall memory usage is improved, particularly during media uploads and API-initiated imports.
  • Note: If you use plugins then memory usage will still be somewhat high due to temporary caching of uploads.
  • Note: This affects RSS primarily. VSZ and other memory metrics may be higher than expected due to how Go releases memory to the OS. This is fixed when there's memory pressure.
• Fixed shutdown stall if the config was reloaded more than once while running.

v1.2.13

Deprecations

• In version 1.3.0, IPFS will no longer be supported as a datastore. Please migrate your data if you are using the IPFS support.

Added

• Added the Cross-Origin-Resource-Policy: cross-origin header to all downloads, as per MSC3828.
• Added metrics for tracking which S3 operations are performed against datastores.

Changed

• Swap out the HEIF library for better support towards ARM64 Docker Images.
• The development environment now uses Synapse as a homeserver. Test accounts will need recreating.
• Updated to Go 1.18
• Improved error message when thumbnailer cannot determine image dimensions.

Fixed

• Return default media attributes if none have been explicitly set.

v1.2.12

Note: v1.2.11 was released with a bug (sorry) in one of the new features to that release. Check out its changelog for more information on the new stuff.

Fixed

• Fixed a permissions check issue on the new statistics endpoint released in v1.2.11