Skip to content

Releases: t2bot/matrix-media-repo

v1.3.8

16 Jan 18:39
Compare
Choose a tag to compare

Security

Added

  • Allow guests to access uploaded media, as per MSC4189.
  • The thumbnailer can now be run independently with the thumbnailer binary. See thumbnailer -help for details.

Changed

  • MMR now requires Go 1.22 for compilation.
  • MMR now builds on a base image of alpine:3.21.
  • The global repo.freezeUnauthenticatedMedia option now defaults to true, enabling authenticated media by default. A future release will remove this option, requiring the freeze behaviour. See config.sample.yaml for details.
  • For SVG and JPEGXL files, ImageMagick 7 is now required.
  • For MP4 files, ffmpeg 6 or 7 (use 7 for best results) is now required.

Fixed

  • Return a 404 instead of 500 when clients access media which is frozen.
  • Return a 403 instead of 500 when guests access endpoints that are for registered users only.
  • Ensure the request parameters are correctly set for authenticated media client requests.
  • Ensure remote signing keys expire after at most 7 days.
  • Fixed parsing of Authorization headers for federated servers.
  • Ensure ignoredHosts is applied to unauthenticated requests.

v1.3.7

30 Jul 21:31
Compare
Choose a tag to compare

Added

  • A new global config option, repo.freezeUnauthenticatedMedia, is supported to enact the unauthenticated media freeze early. See config.sample.yaml for details.

Changed

  • The default leaky bucket capacity has changed from 300mb to 500mb, allowing for more downloads to go through. The drain rate and overflow limit are unchanged (5mb/minute and 100mb respectively).

v1.3.6

10 Jul 17:12
Compare
Choose a tag to compare

Fixed

  • Ensure a boundary is set on federation downloads, allowing the download to work.

v1.3.5

10 Jul 14:39
Compare
Choose a tag to compare

Security

This release fixes the following security concerns:

Added

  • New datastore option to ignore Redis cache when downloading media served by a publicBaseUrl. This can help ensure more requests get redirected to the CDN.
  • HEAD /download is now supported, as per MSC4120.
  • S3 datastores can now specify a prefixLength to improve S3 performance on some providers. See config.sample.yaml for details.
  • Add multipartUploads flag for running MMR against unsupported S3 providers. See config.sample.yaml for details.
  • A new "leaky bucket" rate limit algorithm has been applied to downloads. See rateLimit.buckets in config.sample.yaml for details.
  • Add support for MSC3916: Authentication for media.
    • To enable full support, use signingKeyPath in your config. See config.sample.yaml for details.
    • Server operators should point /_matrix/client/v1/media/* and /_matrix/federation/v1/media/* at MMR.

Changed

  • The leaky bucket rate limiting introduced above is turned on by default. Administrators are encouraged to review the default settings and adjust as needed.

Fixed

  • Metrics for redirected and HTML requests are tracked.
  • Fixed more issues relating to non-dimensional media being thumbnailed (invalid image size: 0x0 errors).
  • Long-running purge requests no longer fail when the requesting client times out. They are continued in the background.
  • Purging old media has been fixed to actually identify old media.
  • JPEG thumbnails will now use sensible extensions.
  • Fixed directory permissions when exporting MMR to Synapse.
  • In some rare cases, memory usage may have leaked due to thumbnail error handling. This has been fixed.
  • Synapse signing keys with blank lines can now be decoded/combined with other keys.

v1.3.4

10 Feb 00:14
Compare
Choose a tag to compare

Added

  • Dendrite homeservers can now have their media imported safely, and adminApiKind may be set to dendrite.
  • Exporting MMR's data to Synapse is now possible with import_to_synapse. To use it, first run gdpr_export or similar.
  • Errors encountered during a background task, such as an API-induced export, are exposed as error_message in the admin API.
  • MMR will follow redirects on federated downloads up to 5 hops.
  • S3-backed datastores can have download requests redirected to a public-facing CDN rather than being proxied through MMR. See publicBaseUrl under the S3 datastore config.

Changed

  • Exports now use an internal timeout of 10 minutes instead of 1 minute when downloading files. This may still result in errors if downloading from S3 takes too long.
  • MMR now requires Go 1.21 for compilation.
  • ARM-supported Docker images are now available through GHCR.
    • The Docker Hub (docker.io) builds are deprecated and will not receive updates starting with v1.4.0
    • Docker Hub images are not guaranteed to have ARM compatibility.
  • The latest Docker tag on both Docker Hub and GHCR now points to the latest release instead of the unstable development build.

Fixed

  • Exports created with s3_urls now contain valid URLs.
  • Exports no longer fail with "The requested range is not satisfiable".
  • Exports no longer fail with "index out of range [0] with length 0".
  • Requests requiring authentication, but lack a provided access token, will return HTTP 401 instead of HTTP 500 now.
  • Downloads when using a self-hosted MinIO instance are no longer slower than expected.
  • The DELETE /_matrix/media/unstable/admin/export/:exportId endpoint has been reinstated as described.
  • If a server's downloads.maxSize is greater than the uploads.maxSize, remote media is no longer cut off at uploads.maxSize. The media will instead be downloaded at downloads.maxSize and error if greater.
  • Content-Type on /download and /thumbnail is now brought in line with MSC2701.

v1.3.3

31 Oct 03:32
Compare
Choose a tag to compare

Fixed

  • Improved handling when encountering an error attempting to populate Redis during uploads.
  • Fixed Range requests failing by default by internally setting a default chunk size of 10mb.
  • Stop logging "no exif data".
  • Fixed admin API requests not working when authenticating as the shared secret user.

Changed

  • Updated dependencies. Manually compiled deployments may need to recompile libheif as well.

v1.3.2

13 Sep 19:20
Compare
Choose a tag to compare

Fixed

  • Fixed thumbnail generation causing thumbnails_index errors in some circumstances.

v1.3.1

08 Sep 23:39
Compare
Choose a tag to compare

From v1.3.0

Fixed

  • Fixed media purge API not being able to delete thumbnails.
  • Fixed thumbnails being attempted for disabled media types.
  • Fixed SVG and other non-dimensional media failing to be usefully thumbnailed in some cases.

v1.3.0

08 Sep 05:02
Compare
Choose a tag to compare

Mandatory Configuration Change

Please see docs.t2bot.io for details.

Security Fixes

Deprecations

  • The GET /_matrix/media/unstable/local_copy/:server/:mediaId (and unstable/io.t2bot.media variant) endpoint is deprecated and scheduled for removal. If you are using this endpoint, please comment on this issue to explain your use case.

Added

  • Added a federation.ignoredHosts config option to block media from individual homeservers.
  • Support for MSC2246 (async uploads) is added, with per-user quota limiting options.
  • Support for MSC4034 (self-serve usage information) is added, alongside a new "maximum file count" quota limit.
  • The GET /_synapse/admin/v1/statistics/users/media endpoint from Synapse is now supported at the same path for local server admins.
  • Thumbnailing support for:
    • BMP images.
    • TIFF images.
    • HEIC images.
  • New metrics:
    • HTTP response times.
    • Age of downloaded/accessed media.
  • Support for PGO builds has been enabled via pgo-fleet.

Removed

  • IPFS support has been removed due to maintenance burden.
  • Exports initiated through the admin API no longer support ?include_data=false. Exports will always contain data.
  • Server-side blurhash calculation has been removed. Clients and bridges already calculate blurhashes locally where applicable.

Changed

  • Mandatory configuration change: You must add datastore IDs to your datastore configuration, as matrix-media-repo will no longer manage datastores for you.
  • If compiling matrix-media-repo, note that new external dependencies are required. See the docs.
    • Docker images already contain these dependencies.
  • Datastores no longer use the enabled flag set on them. Use forKinds: [] instead to disable a datastore's usage.
  • Per-user upload quotas now do not allow users to exceed the maximum values, even by 1 byte. Previously, users could exceed the limits by a little bit.
  • Updated to Go 1.19, then Go 1.20 in the same release cycle.
  • New CGO dependencies are required. See docs.t2bot.io for details.
  • Logs are now less noisy by default.
  • Connected homeservers must support at least Matrix 1.1 on the Client-Server API. Servers over federation are not affected.
  • The example Grafana dashboard has been updated.

Fixed

  • URL previews now follow redirects properly.
  • Overall memory usage is improved, particularly during media uploads and API-initiated imports.
    • Note: If you use plugins then memory usage will still be somewhat high due to temporary caching of uploads.
    • Note: This affects RSS primarily. VSZ and other memory metrics may be higher than expected due to how Go releases memory to the OS. This is fixed when there's memory pressure.
  • Fixed shutdown stall if the config was reloaded more than once while running.

v1.2.13

12 Feb 07:15
Compare
Choose a tag to compare

Deprecations

  • In version 1.3.0, IPFS will no longer be supported as a datastore. Please migrate your data if you are using the IPFS support.

Added

  • Added the Cross-Origin-Resource-Policy: cross-origin header to all downloads, as per MSC3828.
  • Added metrics for tracking which S3 operations are performed against datastores.

Changed

  • Swap out the HEIF library for better support towards ARM64 Docker Images.
  • The development environment now uses Synapse as a homeserver. Test accounts will need recreating.
  • Updated to Go 1.18
  • Improved error message when thumbnailer cannot determine image dimensions.

Fixed

  • Return default media attributes if none have been explicitly set.