v0.11.0

Docker image

Regular image:

• Digest:

  ghcr.io/matrix-org/matrix-authentication-service@sha256:ccac0c43386a2b2b2d6f060e4024f5c60e8821a0400d6a7fd35672022fdba8da
  

• Tags:

  ghcr.io/matrix-org/matrix-authentication-service:0.11.0
  ghcr.io/matrix-org/matrix-authentication-service:0.11
  ghcr.io/matrix-org/matrix-authentication-service:0
  ghcr.io/matrix-org/matrix-authentication-service:sha-91f1c7a
  ghcr.io/matrix-org/matrix-authentication-service:latest
  

Debug variant:

• Digest:

  ghcr.io/matrix-org/matrix-authentication-service@sha256:36d90530328c974ad9977493a73f3671ea9da41e2cc3630aca6d2d20550bfff6
  

• Tags:

  ghcr.io/matrix-org/matrix-authentication-service:0.11.0-debug
  ghcr.io/matrix-org/matrix-authentication-service:0.11-debug
  ghcr.io/matrix-org/matrix-authentication-service:0-debug
  ghcr.io/matrix-org/matrix-authentication-service:sha-91f1c7a-debug
  ghcr.io/matrix-org/matrix-authentication-service:latest-debug
  

syn2mas migration tool:

• Digest:

  ghcr.io/matrix-org/matrix-authentication-service/syn2mas@sha256:171b3ec5bf6586a94d845e7ff130e3c4cdd2a0184a4857d04bbe8d0be8dde858
  

• Tags:

  ghcr.io/matrix-org/matrix-authentication-service/syn2mas:0.11.0
  ghcr.io/matrix-org/matrix-authentication-service/syn2mas:0.11
  ghcr.io/matrix-org/matrix-authentication-service/syn2mas:0
  ghcr.io/matrix-org/matrix-authentication-service/syn2mas:sha-91f1c7a
  ghcr.io/matrix-org/matrix-authentication-service/syn2mas:latest
  

What's changed

• Document the email policy in the reference by @MTRNord in #3134
• Iterate cross signing reset flows by @t3chguy in #3102
• Update redirect URIs when syncing clients from the config by @sandhose in #3156
• docker: remove redundant target platform by @sandhose in #3158
• Document policy settings for changing the policy wasm file by @MTRNord in #3133
• Fix the email policy documentation indentation by @sandhose in #3169
• Translations updates from Localazy in #3145 and #3171
• Dependencies updates in #3096, #3113, #3116, #3118, #3125, #3127, #3129, #3131, #3137, #3138, #3141, #3144, #3146, #3147, #3148, #3149, #3150, #3151, #3152, #3153, #3154, #3155, #3159, #3163, #3165 and #3166

New Contributors

• @MTRNord made their first contribution in #3134

Full Changelog: v0.10.0...v0.11.0

v0.11.0-rc.0

Docker image

Regular image:

• Digest:

  ghcr.io/matrix-org/matrix-authentication-service@sha256: d9bdea29144b6ffca92901f9e0294270bf540c725581e373fd43dadcb2707f1b
  

• Tags:

  ghcr.io/matrix-org/matrix-authentication-service:0.11.0-rc.0
  ghcr.io/matrix-org/matrix-authentication-service:sha-7012e32
  

Debug variant:

• Digest:

  ghcr.io/matrix-org/matrix-authentication-service@sha256: d74f126b888680d2deca9d97e0ac694eaba2d4e38f164f421d5feb9074543d6a
  

• Tags:

  ghcr.io/matrix-org/matrix-authentication-service:0.11.0-rc.0-debug
  ghcr.io/matrix-org/matrix-authentication-service:sha-7012e32-debug
  

syn2mas migration tool:

• Digest:

  ghcr.io/matrix-org/matrix-authentication-service/syn2mas@sha256: c695beee1b6ad4d6964492f3feb4bf98c5ede766147a2d0dabb67c68d298f646
  

• Tags:

  ghcr.io/matrix-org/matrix-authentication-service/syn2mas:0.11.0-rc.0
  ghcr.io/matrix-org/matrix-authentication-service/syn2mas:sha-7012e32
  

Full list of changes (excluding dependency upgrades)

• Document the email policy in the reference by @MTRNord in #3134
• Iterate cross signing reset flows by @t3chguy in #3102
• Update redirect URIs when syncing clients from the config by @sandhose in #3156

New Contributors

• @MTRNord made their first contribution in #3134

Full Changelog: v0.10.0...v0.11.0-rc.0

v0.10.0

Breaking changes

• Due to complexity in the build process and low demand, pre-built macOS binaries are not distributed anymore in releases. macOS is still supported when building from the sources
• Open password-based registration is disabled by default
• The basic password policy has been replaced
• Password-based logins and other actions are now rate-limited by default
• The GraphQL API is now internal-only by default, replaced by the new Admin API

Changes since 0.10.0-rc.0

• frontend: remove double separator when password auth is disabled in #3105
• Small documentation fixes in #3123

New features

CAPTCHA protection on the registration form

Password-based registration can now be protected with a CAPTCHA challenge. MAS supports Google’s reCAPTCHA, hCAPTCHA, as well as Cloudflare Turnstile

Email-based password recovery

When enabled, this feature allows users to recover their account, by sending a link to their confirmed email addresses.

Self-service password change

In addition to password recovery, users can change​ their password themselves through the new password-change interface

Admin API

Need to build administrative or automation tools for MAS? Check out the new admin API!
This replaces the GraphQL API, which is now restricted for internal use by default. If you rely on the GraphQL API through an OAuth 2.0 token, you need to set the undocumented_oauth2_access setting on the graphql listener.

Proper password complexity calculation

To make sure your users have strong-enough passwords, MAS now calculates password complexity using the popular zxcvbn algorithm. This algorithm gives a score from 0 to 4, with suggestions on how to improve the password. By default, MAS will require new passwords to have at least 3, which has a good balance between security and convenience.
This means that the parameters to set a minimum password length and require some symbols are now removed.

Rate-limiting

Some operations are more sensitive than others. You wouldn’t want someone to be able to brute force your password, would you? MAS will now rate-limit such operations, both per-IP and per account to avoid that. See the configuration documentation to learn more.

Other improvements

• Upstream OAuth 2.0 providers removed from the configuration are now automatically disabled when the server starts up. This means that you no longer need to run mas-cli config sync --prune to apply the change. They will still be kept in the database, to avoid losing existing links.
• The account management UI is generally faster, with a smaller initial loading time and prefetching of other pages
• Optional configuration sections are now truly optional. In 0.9.0 we made most configuration sections optional, but the upstream_oauth2 and clients sections were still required to start up. If you kept those to work around the bug in 0.9.0, you can now remove them if you don’t use them.
• The syn2mas migration tool will now supports TLS certificates when connecting to the Synapse and the MAS PostgreSQL databases
• Administrators can choose whether their users are allowed to perform certain actions or not. In particular, self-service registration and email-based password recovery are disabled by default, and must be enabled in the account configuration section
• Administrators can also choose to disable the self-service password change functionality and prevent users from changing their display name or email address through the same configuration section
• Whenever a user logs in or logs out, the list of sessions is now fully synced with the homeserver, making it less likely for it to get out of sync
• A new CLI tool to help registering users:
  

Docker image

Regular image:

• Digest:

  ghcr.io/matrix-org/matrix-authentication-service@sha256:cdf3c4e39afa88297bfa72e317bbde929777bbb5ad1e01082ba74303c170333d
  

• Tags:

  ghcr.io/matrix-org/matrix-authentication-service:0.10.0
  ghcr.io/matrix-org/matrix-authentication-service:0.10
  ghcr.io/matrix-org/matrix-authentication-service:0
  ghcr.io/matrix-org/matrix-authentication-service:sha-d3eb5be
  ghcr.io/matrix-org/matrix-authentication-service:latest
  

Debug variant:

• Digest:

  ghcr.io/matrix-org/matrix-authentication-service@sha256:468fec0860182ec7e7f4282a766ba134794356701636384d9363ef8d0c9e5a07
  

• Tags:

  ghcr.io/matrix-org/matrix-authentication-service:0.10.0-debug
  ghcr.io/matrix-org/matrix-authentication-service:0.10-debug
  ghcr.io/matrix-org/matrix-authentication-service:0-debug
  ghcr.io/matrix-org/matrix-authentication-service:sha-d3eb5be-debug
  ghcr.io/matrix-org/matrix-authentication-service:latest-debug
  

syn2mas migration tool:

• Digest:

  ghcr.io/matrix-org/matrix-authentication-service/syn2mas@sha256:3c16bf6ea862152259294ab2317dbc296a8841688ecfce8688ae1f95c8485534
  

• Tags:

  ghcr.io/matrix-org/matrix-authentication-service/syn2mas:0.10.0
  ghcr.io/matrix-org/matrix-authentication-service/syn2mas:0.10
  ghcr.io/matrix-org/matrix-authentication-service/syn2mas:0
  ghcr.io/matrix-org/matrix-authentication-service/syn2mas:sha-d3eb5be
  ghcr.io/matrix-org/matrix-authentication-service/syn2mas:latest
  

Full list of changes (excluding dependency upgrades)

• Allow disabling registrations by @sandhose in #2553
• Soft-delete upstream providers by @sandhose in #2581
• Don't format within eslint, use prettier standalone instead by @sandhose in #2589
• User registration CLI tool by @sandhose in #2634
• Allow restricting some self-service capabilities by @sandhose in #2562
• Fix navigation links in the frontend by using absolute URLs by @sandhose in #2715
• Relax alphabet restrictions on device IDs by @sandhose in #2718
• Skip the device code form when using the full verification URI by @sandhose in #2738
• Make the consent screens (almost completely) translatable by @sandhose in #2740
• Better organise the documentation, document the policy engine, the authorisation process and the scopes by @sandhose in #2637
• Always show the primary email first by @sandhose in #2767
• CAPTCHA verification during registration by @sandhose in #2759
• Don't panic when the repository fails on the introspection endpoint by @sandhose in #2774
• Minor drive-by tweaks by @reivilibre in #2779
• Merge the mas_graphql crate into the mas_handlers crate by @reivilibre in #2783
• Allow parameters in UserInfo endpoint's response's content-type by @zecakeh in #2808
• Add a setPassword GraphQL mutation for setting a user's password by @reivilibre in #2820
• Improve errors when MAS contacts the Synapse homeserver by @reivilibre in #2794
• Inject custom Jinja2 environment when rendering the subject template by @sandhose in #2847
• Fix param name in error messages on the compatibility SSO login errors by @sandhose in #2846
• GraphQL API: Add password_change_allowed to SiteConfig by @reivilibre in #2857
• Add Self-service Password Change by @reivilibre in #2863
• Remove the old password change page by @reivilibre in ...

v0.10.0-rc.0

Breaking changes

• Due to complexity in the build process and low demand, pre-built macOS binaries are not distributed anymore in releases. macOS is still supported when building from the sources
• Open password-based registration is disabled by default
• The basic password policy has been replaced
• Password-based logins and other actions are now rate-limited by default
• The GraphQL API is now internal-only by default, replaced by the new Admin API

New features

CAPTCHA protection on the registration form

Password-based registration can now be protected with a CAPTCHA challenge. MAS supports Google’s reCAPTCHA, hCAPTCHA, as well as Cloudflare Turnstile

Email-based password recovery

When enabled, this feature allows users to recover their account, by sending a link to their confirmed email addresses.

Self-service password change

In addition to password recovery, users can change​ their password themselves through the new password-change interface

Admin API

Need to build administrative or automation tools for MAS? Check out the new admin API!
This replaces the GraphQL API, which is now restricted for internal use by default. If you rely on the GraphQL API through an OAuth 2.0 token, you need to set the undocumented_oauth2_access setting on the graphql listener.

Proper password complexity calculation

To make sure your users have strong-enough passwords, MAS now calculates password complexity using the popular zxcvbn algorithm. This algorithm gives a score from 0 to 4, with suggestions on how to improve the password. By default, MAS will require new passwords to have at least 3, which has a good balance between security and convenience.
This means that the parameters to set a minimum password length and require some symbols are now removed.

Rate-limiting

Some operations are more sensitive than others. You wouldn’t want someone to be able to brute force your password, would you? MAS will now rate-limit such operations, both per-IP and per account to avoid that. See the configuration documentation to learn more.

Other improvements

• Upstream OAuth 2.0 providers removed from the configuration are now automatically disabled when the server starts up. This means that you no longer need to run mas-cli config sync --prune to apply the change. They will still be kept in the database, to avoid losing existing links.
• The account management UI is generally faster, with a smaller initial loading time and prefetching of other pages
• Optional configuration sections are now truly optional. In 0.9.0 we made most configuration sections optional, but the upstream_oauth2 and clients sections were still required to start up. If you kept those to work around the bug in 0.9.0, you can now remove them if you don’t use them.
• The syn2mas migration tool will now supports TLS certificates when connecting to the Synapse and the MAS PostgreSQL databases
• Administrators can choose whether their users are allowed to perform certain actions or not. In particular, self-service registration and email-based password recovery are disabled by default, and must be enabled in the account configuration section
• Administrators can also choose to disable the self-service password change functionality and prevent users from changing their display name or email address through the same configuration section
• Whenever a user logs in or logs out, the list of sessions is now fully synced with the homeserver, making it less likely for it to get out of sync
• A new CLI tool to help registering users:

Docker image

Regular image:

• Digest:

  ghcr.io/matrix-org/matrix-authentication-service@sha256:07d50fc40b0ad9fb3a6b4965fccd5129c2380718794d0ee17d0e9f17da46fa61
  

• Tags:

  ghcr.io/matrix-org/matrix-authentication-service:0.10.0-rc.0
  ghcr.io/matrix-org/matrix-authentication-service:sha-0d81cfd
  

Debug variant:

• Digest:

  ghcr.io/matrix-org/matrix-authentication-service@sha256:735c0e9daaf9fe781648130d98a7375bfefb315b897ecbac1b1c8c2785a15196
  

• Tags:

  ghcr.io/matrix-org/matrix-authentication-service:0.10.0-rc.0-debug
  ghcr.io/matrix-org/matrix-authentication-service:sha-0d81cfd-debug
  

syn2mas migration tool:

• Digest:

  ghcr.io/matrix-org/matrix-authentication-service/syn2mas@sha256:b3686ccfead9af26e5970d5010845c977b00eadce96ec80c2f19aee838e656e6
  

• Tags:

  ghcr.io/matrix-org/matrix-authentication-service/syn2mas:0.10.0-rc.0
  ghcr.io/matrix-org/matrix-authentication-service/syn2mas:sha-0d81cfd
  

v0.9.0

matrix-authentication-service will soon be forked by Element under an AGPLv3.0 licence (with CLA, for proprietary dual licensing). You can read more about this here:

• https://matrix.org/blog/2023/11/06/future-of-synapse-dendrite/
• https://element.io/blog/element-to-adopt-agplv3/

Any changes needed by server administrators will be communicated via our usual announcements channels, but we are striving to make this as seamless as possible.

Breaking changes

Configuration options

The following options are now invalid:

• the jaeger and zipkin values in telemetry.tracing.exporter (see below)
• the b3 and b3multi values in telemetry.tracing.propagator (see below)
• the spa resource type in http.listeners[*].resources. This was deprecated before the 0.1.0 release, but only showed a warning. It is now removed.

The mas-cli config dump and mas-cli config generate commands now strip less common options if they are kept to their default value.
This means that those commands will skip the telemetry, policy, templates, upstream_oauth2, branding and experimental sections if no custom value is set.
Users should remove those sections from their configuration file if they haven't set any custom value and want to simplify it.

Tracing exporters

The Zipkin and Jaeger traces exporters have been removed.
Users should migrate to using the OTLP exporter instead.

The OTLP exporter now uses OTLP over HTTP instead of OTLP over gRPC.

The b3 and b3multi propagators have been removed.
Users should migrate to using the tracecontext or the jaeger propagator instead.

Pre-built binaries now use glibc instead of musl

Pre-built Linux binaries attached to the releases are now built with glibc instead of musl.
This means that the binaries are not fully static anymore, as it requires glibc 2.17 or later, which is available on most systems.

Notable features

Easier upgrades (#2432)

MAS now apply database schema upgrades and configuration synchronisation automatically on startup.
This means upgrading MAS, most of time, should be as simple as replacing the image or binary and restarting the service.

New translations

MAS is now available in Chinise (Simplified) and Dutch, in addition to the already existing English, French and German translations.

This is thanks to community contributions, and we are always looking for more translations!
Head to the Localazy project to help translate MAS in your language.

Account UI improvements

The account management UI has been generally improved.
The general layout is more streamlined (#2371, #2364, #2362), with a better focus on the main actions.

A particular focus was put on the sessions management, with a new card-based list of sessions (#2393).
This list now shows more relevant information, like the kind of device, browser and operating system used (#2386, #2388)

The indidividual session view has also been improved (#2439, #2460), with more relevant information being displayed.

Thanks to many internal changes (#2351, #2359, #2369) , the UI should feel more responsive and faster, especially on slow connections.

Homeserver integration (#2421)

MAS integrates a bit more tightly with Synapse, to make sure only valid accounts are created.
This should help prevent de-synchronization between the homeserver and MAS.

Upstream OAuth 2.0 provider improvements (#2430)

Arbitrary parameters can now be passed to the upstream OAuth 2.0 provider during the authorization request.

---

Docker image

Regular image:

• Digest:

  ghcr.io/matrix-org/matrix-authentication-service@sha256:254134dba1887d792f727ddb88c8a8bf4b9f905f4306a32c12cb205de2ac681a
  

• Tags:

  ghcr.io/matrix-org/matrix-authentication-service:0.9.0
  ghcr.io/matrix-org/matrix-authentication-service:0.9
  ghcr.io/matrix-org/matrix-authentication-service:0
  ghcr.io/matrix-org/matrix-authentication-service:sha-e3944d1
  ghcr.io/matrix-org/matrix-authentication-service:latest
  

Debug variant:

• Digest:

  ghcr.io/matrix-org/matrix-authentication-service@sha256:85911dab839aec9b179e2605c0dce39f76b2383c6204d6fb3cf939653a826618
  

• Tags:

  ghcr.io/matrix-org/matrix-authentication-service:0.9.0-debug
  ghcr.io/matrix-org/matrix-authentication-service:0.9-debug
  ghcr.io/matrix-org/matrix-authentication-service:0-debug
  ghcr.io/matrix-org/matrix-authentication-service:sha-e3944d1-debug
  ghcr.io/matrix-org/matrix-authentication-service:latest-debug
  

syn2mas migration tool:

• Digest:

  ghcr.io/matrix-org/matrix-authentication-service/syn2mas@sha256:e8be5e40cada3355e1405442d29919195033124b05ec664cc6b689c2a18231b1
  

• Tags:

  ghcr.io/matrix-org/matrix-authentication-service/syn2mas:0.9.0
  ghcr.io/matrix-org/matrix-authentication-service/syn2mas:0.9
  ghcr.io/matrix-org/matrix-authentication-service/syn2mas:0
  ghcr.io/matrix-org/matrix-authentication-service/syn2mas:sha-e3944d1
  ghcr.io/matrix-org/matrix-authentication-service/syn2mas:latest
  

Full list of pull requests, excluding dependencies updates

• Replace jotai-urql with just urql by @sandhose in #2351
• Replace Jotai with @tanstack/router by @sandhose in #2359
• Update the email list to match the new design by @sandhose in #2362
• Move the cross-signing reset to its own page by @sandhose in #2364
• Fix the zh-Hans translation by @sandhose in #2367
• Make sure the locale fallback works as expected by @sandhose in #2368
• Remove unnecessary debugging printf in i18n crate by @sandhose in #2370
• Make the layout wider on "account" pages by @sandhose in #2371
• Use query parameters for sessions pagination by @sandhose in #2369
• Ignore Synapse appservice users in syn2mas by @jaywink in #2283
• Remove the unique constraint on device IDs on compatibility sessions by @sandhose in #2378
• Save which user session created a compat session by @sandhose in #2383
• Bump all frontend dependencies by @sandhose in #2384
• Make all compound themes and all locales available in Storybook by @sandhose in #2385
• Record user agents on OAuth 2.0 and compat sessions by @sandhose in #2386
• Parse User Agents on the backend side by @sandhose in #2388
• Make sure the dummy router finished loading in the test environment by @sandhose in #2403
• Make the end session button more flexible by @sandhose in #2404
• Fix dialogs being blurry and not scrollable by @sandhose in #2405
• Fix the dark high-constrast theme in Storybook by @sandhose in #2406
• Make sure the upstream OAuth callback pages are proxied to the backend by @sandhose in #2407
• Implement the user profile edit modal & new account header by @sandhose in #2408
• Bump Clippy to 1.75 and Rust to 1.76 by @sandhose in #2417
• Better session list by @sandhose in #2393
• Ask Homeserver for username availability upon registration by @sandhose in #2421
• Add Podman support to policies Makefile by @AndrewFerr in #2425
• Add arbitrary OAuth 2.0 parameters on the authorization endpoint by @sandhose in https...

v0.9.0-rc.1

Breaking changes

Configuration options

The following options are now invalid:

• the jaeger and zipkin values in telemetry.tracing.exporter (see below)
• the b3 and b3multi values in telemetry.tracing.propagator (see below)
• the spa resource type in http.listeners[*].resources. This was deprecated before the 0.1.0 release, but only showed a warning. It is now removed.

The mas-cli config dump and mas-cli config generate commands now strip less common options if they are kept to their default value.
This means that those commands will skip the telemetry, policy, templates, upstream_oauth2, branding and experimental sections if no custom value is set.
Users should remove those sections from their configuration file if they haven't set any custom value and want to simplify it.

Tracing exporters

The Zipkin and Jaeger traces exporters have been removed.
Users should migrate to using the OTLP exporter instead.

The OTLP exporter now uses OTLP over HTTP instead of OTLP over gRPC.

The b3 and b3multi propagators have been removed.
Users should migrate to using the tracecontext or the jaeger propagator instead.

Pre-built binaries now use glibc instead of musl

Pre-built Linux binaries attached to the releases are now built with glibc instead of musl.
This means that the binaries are not fully static anymore, as it requires glibc 2.17 or later, which is available on most supported Linux environments.

Notable new features

TODO.

---

Docker image

Regular image:

• Digest:

  ghcr.io/matrix-org/matrix-authentication-service@sha256:1c7ed14e16485676d9d42b6eea44f1b142eeff5817ac90ce99e636a332bc1efa
  

• Tags:

  ghcr.io/matrix-org/matrix-authentication-service:0.9.0-rc.1
  ghcr.io/matrix-org/matrix-authentication-service:sha-c676a2e
  

Debug variant:

• Digest:

  ghcr.io/matrix-org/matrix-authentication-service@sha256:122ccbd394447c98110e58615015e5d79a781601ff7c23923d83f7c6fc16832f
  

• Tags:

  ghcr.io/matrix-org/matrix-authentication-service:0.9.0-rc.1-debug
  ghcr.io/matrix-org/matrix-authentication-service:sha-c676a2e-debug
  

syn2mas migration tool:

• Digest:

  ghcr.io/matrix-org/matrix-authentication-service/syn2mas@sha256:7371a3556a98cb12e20359259881d2abd5ac7d3cab1839bbc4917a8bf0144dd2
  

• Tags:

  ghcr.io/matrix-org/matrix-authentication-service/syn2mas:0.9.0-rc.1
  ghcr.io/matrix-org/matrix-authentication-service/syn2mas:sha-c676a2e
  

v0.8.0

Device code grant support

The OAuth 2.0 device code grant is a way for clients with limited input capabilities to obtain an access token.
This is useful for CLI tools, TV apps, but also as a general way to login through another device.

device-code.mp4

mas-cli doctor

Introducing a new command to help diagnose common issues with your setup!
This should help you identify common issues with your setup, and provide guidance on how to fix them.

German translation

This version includes an initial German translation!
If you want to contribute by helping translate the Matrix Authentication Service in your language, please head to the Localazy project.

Terms of Services agreement

The registration pages now include a checkbox to agree to the Terms of Services, if the branding.tos_uri is set in the configuration.
This records for each user which tos_uri they agreed to and when, helping you to track who agreed to which version of your terms and conditions.

Automatic database schema upgrades

Database schema upgrades are now automatically applied when the server starts.
Before, it was necessary to run mas-cli database upgrade every time the server was updated to a new version, or run the server with mas-cli server --migrate.

Now, mas-cli server will automatically apply the necessary schema upgrades when the server starts, making it easier to keep your server up to date.
You can opt-out of this behavior by setting the --no-migrate flag when starting the server.

---

Full Changelog: v0.7.0...v0.8.0

Docker image

Regular image:

• Digest:

  ghcr.io/matrix-org/matrix-authentication-service@sha256:4aa5316fab74faa6f62ff8dfaa98213b136ec048896bc29dd3f4907d600b98e4
  

• Tags:

  ghcr.io/matrix-org/matrix-authentication-service:0.8.0
  ghcr.io/matrix-org/matrix-authentication-service:0.8
  ghcr.io/matrix-org/matrix-authentication-service:0
  ghcr.io/matrix-org/matrix-authentication-service:sha-3d90d08
  ghcr.io/matrix-org/matrix-authentication-service:latest
  

Debug variant:

• Digest:

  ghcr.io/matrix-org/matrix-authentication-service@sha256:a37e667efb4fc58a6caec6027130d130239f15cab20b67f475ca0db1d07e5600
  

• Tags:

  ghcr.io/matrix-org/matrix-authentication-service:0.8.0-debug
  ghcr.io/matrix-org/matrix-authentication-service:0.8-debug
  ghcr.io/matrix-org/matrix-authentication-service:0-debug
  ghcr.io/matrix-org/matrix-authentication-service:sha-3d90d08-debug
  ghcr.io/matrix-org/matrix-authentication-service:latest-debug
  

syn2mas migration tool:

• Digest:

  ghcr.io/matrix-org/matrix-authentication-service/syn2mas@sha256:e77e30d70df19b067e1819ed05003dd3192384e4f758e60b72aac32b10eb9bf6
  

• Tags:

  ghcr.io/matrix-org/matrix-authentication-service/syn2mas:0.8.0
  ghcr.io/matrix-org/matrix-authentication-service/syn2mas:0.8
  ghcr.io/matrix-org/matrix-authentication-service/syn2mas:0
  ghcr.io/matrix-org/matrix-authentication-service/syn2mas:sha-3d90d08
  ghcr.io/matrix-org/matrix-authentication-service/syn2mas:latest
  

v0.8.0-rc.1

What's Changed

• Upgrade Compound Web by @sandhose in #2314
• Automatically run migrations on service startup by @sandhose in #2327
• Warn loudly about encrypted appservices being unsupported by @sandhose in #2328
• Make the user agree to T&C during registration & record which document they agreed to by @sandhose in #2325
• Fix Compound tooltips by @sandhose in #2329
• Allow Synapse OIDC provider idp_name to be null by @jaywink in #2306
• syn2mas: Skip access tokens that don't have a device ID by @jaywink in #2317
• Introduce mas-cli doctor, a simple diagnostic tool by @sandhose in #2332
• Upgrade compound and fix bad focus rings on inputs by @sandhose in #2334

Full Changelog: v0.8.0-rc.0...v0.8.0-rc.1

Docker image

Regular image:

• Digest:

  ghcr.io/matrix-org/matrix-authentication-service@sha256:60cb847e00004a54351b3965d55189abee7060158e9bf6d8550f87da9d613192
  

• Tags:

  ghcr.io/matrix-org/matrix-authentication-service:0.8.0-rc.1
  ghcr.io/matrix-org/matrix-authentication-service:sha-237e820
  

Debug variant:

• Digest:

  ghcr.io/matrix-org/matrix-authentication-service@sha256:da56df7ce87ab074d1e0fdace5a35f3bb39b55f3fce3899af5cd4d36eb5122b7
  

• Tags:

  ghcr.io/matrix-org/matrix-authentication-service:0.8.0-rc.1-debug
  ghcr.io/matrix-org/matrix-authentication-service:sha-237e820-debug
  

syn2mas migration tool:

• Digest:

  ghcr.io/matrix-org/matrix-authentication-service/syn2mas@sha256:5bd66a76b6dade98dc6a07a0cc51e1dd65c501dffc6958f509f4820a97b5e5c2
  

• Tags:

  ghcr.io/matrix-org/matrix-authentication-service/syn2mas:0.8.0-rc.1
  ghcr.io/matrix-org/matrix-authentication-service/syn2mas:sha-237e820
  

v0.8.0-rc.0

What's Changed

• Implement the device code authorisation grant by @sandhose in #2189
• Allow config dump to generate to a file directly instead of stdout #2146 by @dklimpel in #2234
• Exit syn2mas advisor with non-zero exit code on errors by @jaywink in #2289
• Initial German translation

Full Changelog: v0.7.0...v0.8.0-rc.0

Docker image

Regular image:

• Digest:

  ghcr.io/matrix-org/matrix-authentication-service@sha256:47042b6f75c623e984e02ccc2e12e962ac1a35688249e8a74e2fc60aeb83caa3
  

• Tags:

  ghcr.io/matrix-org/matrix-authentication-service:0.8.0-rc.0
  ghcr.io/matrix-org/matrix-authentication-service:sha-eb6a6d3
  

Debug variant:

• Digest:

  ghcr.io/matrix-org/matrix-authentication-service@sha256:d3b87193a995c9bc5ab65837ac0c85866899c71dc31e8d67d49da208c59704b6
  

• Tags:

  ghcr.io/matrix-org/matrix-authentication-service:0.8.0-rc.0-debug
  ghcr.io/matrix-org/matrix-authentication-service:sha-eb6a6d3-debug
  

syn2mas migration tool:

• Digest:

  ghcr.io/matrix-org/matrix-authentication-service/syn2mas@sha256:a6d6efa4118f8b6e719da2339964f4675f01669546739815238f6fe69e985e60
  

• Tags:

  ghcr.io/matrix-org/matrix-authentication-service/syn2mas:0.8.0-rc.0
  ghcr.io/matrix-org/matrix-authentication-service/syn2mas:sha-eb6a6d3
  

v0.7.0

What's Changed

The highlight of this version is the introduction of a UI to allow cross-signing reset, see #2142
This feature requires Synapse 1.97 or later.

• Allow config generate to generate to a file directly instead of stdout in #2146
• Bump Open Policy Agent version to 0.59.0 in #2171
• Remove manage register command from docs by @dklimpel in #2181
• Fix docs rename purge to prune by @dklimpel in #2180
• Implement account management discovery as per MSC2965 in #2183
• Allow users to temporarily allow cross-signing reset in #2142

Full Changelog: v0.6.1...v0.7.0

Docker image

Regular image:

• Digest:

  ghcr.io/matrix-org/matrix-authentication-service@sha256:a5f215553de47be8384e3170ec5d1fd91efc7dc48c7afae5d69f202936c820d0
  

• Tags:

  ghcr.io/matrix-org/matrix-authentication-service:0.7.0
  ghcr.io/matrix-org/matrix-authentication-service:0.7
  ghcr.io/matrix-org/matrix-authentication-service:0
  ghcr.io/matrix-org/matrix-authentication-service:sha-bd42916
  ghcr.io/matrix-org/matrix-authentication-service:latest
  

Debug variant:

• Digest:

  ghcr.io/matrix-org/matrix-authentication-service@sha256:e8ff107abffe38605cd879359c9540fd858e0da047313e9acfe0ad8398ab97b8
  

• Tags:

  ghcr.io/matrix-org/matrix-authentication-service:0.7.0-debug
  ghcr.io/matrix-org/matrix-authentication-service:0.7-debug
  ghcr.io/matrix-org/matrix-authentication-service:0-debug
  ghcr.io/matrix-org/matrix-authentication-service:sha-bd42916-debug
  ghcr.io/matrix-org/matrix-authentication-service:latest-debug
  

syn2mas migration tool:

• Digest:

  ghcr.io/matrix-org/matrix-authentication-service/syn2mas@sha256:9354296141781a40b2dc596caa1b3e91a8da010185111c1c2001bfb043316ee9
  

• Tags:

  ghcr.io/matrix-org/matrix-authentication-service/syn2mas:0.7.0
  ghcr.io/matrix-org/matrix-authentication-service/syn2mas:0.7
  ghcr.io/matrix-org/matrix-authentication-service/syn2mas:0
  ghcr.io/matrix-org/matrix-authentication-service/syn2mas:sha-bd42916
  ghcr.io/matrix-org/matrix-authentication-service/syn2mas:latest