v0.16.0

Docker image

Regular image:

• Digest:

  ghcr.io/element-hq/matrix-authentication-service@sha256:bf3daeb5a37a7aab92d351028e8b6406a750977d716eb2da92f7a61e27fe05fc
  

• Tags:

  ghcr.io/element-hq/matrix-authentication-service:0.16.0
  ghcr.io/element-hq/matrix-authentication-service:0.16
  ghcr.io/element-hq/matrix-authentication-service:0
  ghcr.io/element-hq/matrix-authentication-service:sha-2816124
  ghcr.io/element-hq/matrix-authentication-service:latest
  

Debug variant:

• Digest:

  ghcr.io/element-hq/matrix-authentication-service@sha256:15a53d49fcea7d17e2bda592410b8e7e63652d4c17ac962165ee443a0b27e4ce
  

• Tags:

  ghcr.io/element-hq/matrix-authentication-service:0.16.0-debug
  ghcr.io/element-hq/matrix-authentication-service:0.16-debug
  ghcr.io/element-hq/matrix-authentication-service:0-debug
  ghcr.io/element-hq/matrix-authentication-service:sha-2816124-debug
  ghcr.io/element-hq/matrix-authentication-service:latest-debug
  

What's Changed

Bug Fixes

• Avoid deadlocks when flushing session activities by @sandhose in #4463
• Don't check for availability of usernames that aren't ASCII by @sandhose in #4469

New Features

• Allow using a separate key file when setting up 'Sign in with Apple' by @defaultdino in #4393
• Make the new migration tool generally available by @sandhose in #4444
• New logging output by @sandhose in #4424
• Allow setting custom names on sessions by @sandhose in #4459

Documentation

• fix(docs): add token_endpoint_auth_method in Authentik SSO example by @rom4nik in #4387
• Remove reference to unsupported aws_ses email transport by @hughns in #4435
• Fix headings in config doc by @V02460 in #4419
• Remove the old migration tool and document the new one by @sandhose in #4447

Translations

• Translations updates for main by @matrixbot in #4483
• Translations updates for v0.16 by @matrixbot in #4498

Internal Changes

• Automatic merge back to main by @matrixbot in #4411
• Automatic merge back to main by @matrixbot in #4441
• Fix cargo doc choking on invalid [DEPRECATED] 'link' by @reivilibre in #4446
• perf: avoid unnecessary parsing of user-agents by @sandhose in #4449
• perf: avoid unnecessary clones of the log context by @sandhose in #4451
• Fix the ordering of the middlewares by @sandhose in #4452
• Record the axum route in the Sentry context by @sandhose in #4468
• Allow user deactivation on the Synapse side to take longer than 30s by @sandhose in #4471
• Remove duplicate OTEL meter for the Tokio runtime by @sandhose in #4473
• Rework the error fallback to better report the error to Sentry by @sandhose in #4474
• Insert client_name when upserting statically registered clients by @defaultdino in #4417
• Bump all the frontend dependencies by @sandhose in #4481
• syn2mas: allow setting the db name via the database field by @sandhose in #4496

Dependency Updates

• build(deps-dev): bump msw from 2.7.3 to 2.7.4 in /frontend by @dependabot in #4399
• build(deps-dev): bump the vite group across 1 directory with 2 updates by @dependabot in #4420
• build(deps): bump sqlx from 0.8.4 to 0.8.5 by @dependabot in #4418
• build(deps): bump swagger-ui-dist from 5.20.7 to 5.21.0 in /frontend by @dependabot in #4409
• build(deps): bump codecov/codecov-action from 5.4.0 to 5.4.2 by @dependabot in #4412
• build(deps): bump sigstore/cosign-installer from 3.8.1 to 3.8.2 by @dependabot in #4440
• build(deps): bump psl from 2.1.100 to 2.1.102 by @dependabot in #4439
• build(deps-dev): bump the vite group across 1 directory with 2 updates by @dependabot in #4430
• build(deps): bump clap from 4.5.36 to 4.5.37 by @dependabot in #4429
• build(deps): bump der from 0.7.9 to 0.7.10 by @dependabot in #4428
• build(deps): bump sea-query from 0.32.3 to 0.32.4 in the sea-query group by @dependabot in #4426
• build(deps-dev): bump knip from 5.50.2 to 5.51.0 in /frontend by @dependabot in #4475
• build(deps): bump rustls-platform-verifier from 0.5.1 to 0.5.2 by @dependabot in #4466
• build(deps): bump docker/bake-action from 6.5.0 to 6.6.0 by @dependabot in #4460
• build(deps-dev): bump storybook-react-i18next from 3.2.1 to 3.3.1 in /frontend in the storybook group by @dependabot in #4477
• build(deps): bump tokio-util from 0.7.14 to 0.7.15 by @dependabot in #4455
• build(deps-dev): bump vite from 6.3.2 to 6.3.3 in /frontend in the vite group by @dependabot in #4454
• build(deps): bump chrono from 0.4.40 to 0.4.41 by @dependabot in #4480
• build(deps-dev): bump the vitest group in /frontend with 2 updates by @dependabot in #4453
• build(deps): bump psl from 2.1.102 to 2.1.105 by @dependabot in #4479
• build(deps): bump insta from 1.42.2 to 1.43.1 by @dependabot in #4478
• build(deps-dev): bump @tanstack/react-router-devtools from 1.119.0 to 1.119.1 in /frontend in the tanstack-router group by @dependabot in #4482

New Contributors

• @rom4nik made their first contribution in #4387
• @defaultdino made their first contribution in #4393
• @V02460 made their first contribution in #4419

Full Changelog: v0.15.0...v0.16.0

v0.16.0-rc.1

Docker image

Regular image:

• Digest:

  ghcr.io/element-hq/matrix-authentication-service@sha256:bec0a2890dabddeb54a1f8b19a707f99695a17459cf945fe04a867059b5def86
  

• Tags:

  ghcr.io/element-hq/matrix-authentication-service:0.16.0-rc.1
  ghcr.io/element-hq/matrix-authentication-service:sha-b2a4cef
  

Debug variant:

• Digest:

  ghcr.io/element-hq/matrix-authentication-service@sha256:2e45aedd979621d693144dbcfa02c0f041b8e1318efa60e218976da24c360a78
  

• Tags:

  ghcr.io/element-hq/matrix-authentication-service:0.16.0-rc.1-debug
  ghcr.io/element-hq/matrix-authentication-service:sha-b2a4cef-debug
  

What's Changed

Translations

• Translations updates for v0.16 by @matrixbot in #4498

Internal Changes

• syn2mas: allow setting the db name via the database field by @sandhose in #4496

Full Changelog: v0.16.0-rc.0...v0.16.0-rc.1

v0.16.0-rc.0

Docker image

Regular image:

• Digest:

  ghcr.io/element-hq/matrix-authentication-service@sha256:5eafb3e6aa31210b953107dd5dc16002cdc7077b7cb5cabe236b0f9f9d71c85f
  

• Tags:

  ghcr.io/element-hq/matrix-authentication-service:0.16.0-rc.0
  ghcr.io/element-hq/matrix-authentication-service:sha-b9c409f
  

Debug variant:

• Digest:

  ghcr.io/element-hq/matrix-authentication-service@sha256:0fd9a346140173b59718073942d267b0c0915d317d334416c9f8d9c54251eaa4
  

• Tags:

  ghcr.io/element-hq/matrix-authentication-service:0.16.0-rc.0-debug
  ghcr.io/element-hq/matrix-authentication-service:sha-b9c409f-debug
  

What's Changed

Bug Fixes

• Avoid deadlocks when flushing session activities by @sandhose in #4463
• Don't check for availability of usernames that aren't ASCII by @sandhose in #4469

New Features

• Allow using a separate key file when setting up 'Sign in with Apple' by @defaultdino in #4393
• Make the new migration tool generally available by @sandhose in #4444
• New logging output by @sandhose in #4424
• Allow setting custom names on sessions by @sandhose in #4459

Documentation

• fix(docs): add token_endpoint_auth_method in Authentik SSO example by @rom4nik in #4387
• Remove reference to unsupported aws_ses email transport by @hughns in #4435
• Fix headings in config doc by @V02460 in #4419
• Remove the old migration tool and document the new one by @sandhose in #4447

Translations

• Translations updates for main by @matrixbot in #4483

Internal Changes

• Automatic merge back to main by @matrixbot in #4411
• Automatic merge back to main by @matrixbot in #4441
• Fix cargo doc choking on invalid [DEPRECATED] 'link' by @reivilibre in #4446
• perf: avoid unnecessary parsing of user-agents by @sandhose in #4449
• perf: avoid unnecessary clones of the log context by @sandhose in #4451
• Fix the ordering of the middlewares by @sandhose in #4452
• Record the axum route in the Sentry context by @sandhose in #4468
• Allow user deactivation on the Synapse side to take longer than 30s by @sandhose in #4471
• Remove duplicate OTEL meter for the Tokio runtime by @sandhose in #4473
• Rework the error fallback to better report the error to Sentry by @sandhose in #4474
• Insert client_name when upserting statically registered clients by @defaultdino in #4417

Dependency Updates

• build(deps-dev): bump msw from 2.7.3 to 2.7.4 in /frontend by @dependabot in #4399
• build(deps-dev): bump the vite group across 1 directory with 2 updates by @dependabot in #4420
• build(deps): bump sqlx from 0.8.4 to 0.8.5 by @dependabot in #4418
• build(deps): bump swagger-ui-dist from 5.20.7 to 5.21.0 in /frontend by @dependabot in #4409
• build(deps): bump codecov/codecov-action from 5.4.0 to 5.4.2 by @dependabot in #4412
• build(deps): bump sigstore/cosign-installer from 3.8.1 to 3.8.2 by @dependabot in #4440
• build(deps): bump psl from 2.1.100 to 2.1.102 by @dependabot in #4439
• build(deps-dev): bump the vite group across 1 directory with 2 updates by @dependabot in #4430
• build(deps): bump clap from 4.5.36 to 4.5.37 by @dependabot in #4429
• build(deps): bump der from 0.7.9 to 0.7.10 by @dependabot in #4428
• build(deps): bump sea-query from 0.32.3 to 0.32.4 in the sea-query group by @dependabot in #4426
• build(deps-dev): bump knip from 5.50.2 to 5.51.0 in /frontend by @dependabot in #4475
• build(deps): bump rustls-platform-verifier from 0.5.1 to 0.5.2 by @dependabot in #4466
• build(deps): bump docker/bake-action from 6.5.0 to 6.6.0 by @dependabot in #4460
• build(deps-dev): bump storybook-react-i18next from 3.2.1 to 3.3.1 in /frontend in the storybook group by @dependabot in #4477
• build(deps): bump tokio-util from 0.7.14 to 0.7.15 by @dependabot in #4455
• build(deps-dev): bump vite from 6.3.2 to 6.3.3 in /frontend in the vite group by @dependabot in #4454
• build(deps): bump chrono from 0.4.40 to 0.4.41 by @dependabot in #4480
• build(deps-dev): bump the vitest group in /frontend with 2 updates by @dependabot in #4453
• build(deps): bump psl from 2.1.102 to 2.1.105 by @dependabot in #4479
• build(deps): bump insta from 1.42.2 to 1.43.1 by @dependabot in #4478
• build(deps-dev): bump @tanstack/react-router-devtools from 1.119.0 to 1.119.1 in /frontend in the tanstack-router group by @dependabot in #4482
• Bump all the frontend dependencies by @sandhose in #4481

New Contributors

• @rom4nik made their first contribution in #4387
• @defaultdino made their first contribution in #4393
• @V02460 made their first contribution in #4419

Full Changelog: v0.15.0...v0.16.0-rc.0

v0.15.0

Upgrade notes

This update adds many database indexes, which can take time on larger deployments. It is advised to first run the database migrations before rolling out the new version, using mas-cli database migrate

Docker image

Regular image:

• Digest:

  ghcr.io/element-hq/matrix-authentication-service@sha256:c4853e7a553d85f22ece68ba9f2751523abcb746c5cf6e189c15f04709a3d433
  

• Tags:

  ghcr.io/element-hq/matrix-authentication-service:0.15.0
  ghcr.io/element-hq/matrix-authentication-service:0.15
  ghcr.io/element-hq/matrix-authentication-service:0
  ghcr.io/element-hq/matrix-authentication-service:sha-2daa9bf
  ghcr.io/element-hq/matrix-authentication-service:latest
  

Debug variant:

• Digest:

  ghcr.io/element-hq/matrix-authentication-service@sha256:8a5ebf8d0dbf7085af712616879a1cd17e918dfaf5fc8c81a96ab3cd22b1cbed
  

• Tags:

  ghcr.io/element-hq/matrix-authentication-service:0.15.0-debug
  ghcr.io/element-hq/matrix-authentication-service:0.15-debug
  ghcr.io/element-hq/matrix-authentication-service:0-debug
  ghcr.io/element-hq/matrix-authentication-service:sha-2daa9bf-debug
  ghcr.io/element-hq/matrix-authentication-service:latest-debug
  

syn2mas migration tool:

• Digest:

  ghcr.io/element-hq/matrix-authentication-service/syn2mas@sha256:61aba2f09e759257376a83b6cbf1683109f5b186c82e49b0dfdd6ea1b91384d1
  

• Tags:

  ghcr.io/element-hq/matrix-authentication-service/syn2mas:0.15.0
  ghcr.io/element-hq/matrix-authentication-service/syn2mas:0.15
  ghcr.io/element-hq/matrix-authentication-service/syn2mas:0
  ghcr.io/element-hq/matrix-authentication-service/syn2mas:sha-2daa9bf
  ghcr.io/element-hq/matrix-authentication-service/syn2mas:latest
  

What's Changed

Bug Fixes

• Fix the HTTP status code for the user creation admin endpoint by @sandhose in #4040
• Fix upstream OAuth 2.0 callbacks using the form_post method by @sandhose in #4057
• Fix some old Synapse access tokens not being recognised by @sandhose in #4093
• Allow compat session devices to have spaces by @sandhose in #4067
• Don't delete devices marked as dehydrated devices by @uhoreg in #4268
• Support database poolers: clean up LISTEN/NOTIFY state when opening a connection by @sandhose in #4367
• Clear the session cookie on logout from the GraphQL API by @sandhose in #4328
• Create missing indexes for all the foreign keys in the database. by @sandhose in #4385
• Fix starting up when no telemetry config is set by @sandhose in #4437

New Features

• Allow banning IPs and user agents through the policy by @sandhose in #4048
• Convert IPv6-mapped IPv4 addresses to IPv4 addresses by @sandhose in #4058
• Only show the password change section if the user has a password by @sandhose in #4100
• Support for allowing/banning specific username patterns during registration by @sandhose in #4131
• Allow configuring a 'read-only' connection to the homeserver by @sandhose in #4145
• Handle AS users with invalid localparts edge case by @sandhose in #4133
• Require confirming account password before changing account emails by @sandhose in #4158
• Align user deactivation behaviour with Synapse by @sandhose in #4197
• Better feedback on failure cases during login by @sandhose in #4198
• Allow users to deactivate their own account in the UI by @sandhose in #4209
• Observe metrics from the Tokio runtime by @sandhose in #4284
• Deduplicate client registrations by hashing the metadata by @sandhose in #4293
• Record auth related metrics by @sandhose in #4301
• Expose more Sentry configuration by @sandhose in #4352
• compat login: support using client-provided device ID by @reivilibre in #4342
• Allow logging in using an email address by @mcalinghee in #4337
• Always ask for consent, never for reauth by @sandhose in #4386
• Lookup usernames case insensitively by @sandhose in #4378

Changes to the admin API

• Admin API to add and delete user email addresses by @sandhose in #4039
• Admin API to dynamically set policy data by @sandhose in #4115
• Admin API for adding and removing upstream oauth links by @tonkku107 in #4255

Documentation

• Disable Verification for Microsoft Azure AD OIDC config example by @kieranlane in #4258
• Document how to setup Discord as upstream OAuth 2.0 provider, add missing token_endpoint_auth_method field in GitHub sample config by @ChurchOfTheSubgenius in #4310
• Document how to migrate passwords from Synapse with a pepper set by @speatzle in #4353

Translations

• Translations updates for main by @matrixbot in #4356
• Translations updates for main by @matrixbot in #4377
• Translations updates for main by @matrixbot in #4406
• Translations updates for main by @matrixbot in #4407
• Translations updates for v0.15 by @matrixbot in #4438

Internal Changes

• Automatic merge back to main by @matrixbot in #4035
• Automatic merge back to main by @matrixbot in #4056
• Automatic merge back to main by @matrixbot in #4070
• Allow logging in using the deprecated 'user' property on the compat login API by @sandhose in #4075
• Remove warnings about password auth not being feature complete by @wrjlewis in #4106
• Trigger the build workflow on PRs with a label by @sandhose in #4119
• Remove spuriuous ICU errors from the logs by @sandhose in #4132
• Ignore guest devices and empty IPs when migrating from Synapse by @sandhose in #4121
• Pass the MasWriter as owned to the various migration functions by @sandhose in #4120
• Properly ignore devices, threepids and access tokens from AS users by @sandhose in #4122
• Adjust the jobs retry delays and number of attempts by @sandhose in #4169
• Ignore RUSTSEC-2024-0436 and RUSTSEC-2024-0437 for now by @sandhose in #4172
• Properly accumulate form errors on the upstream register page by @sandhose in #4173
• syn2mas: better performance, output tweaks, tracing tweaks, access token fixes by @reivilibre in #4175
• Order the OAuth providers in the UI by their order in the config file by @sandhose in #4199
• syn2mas: disable logging of slow statements, better access token query perf by @reivilibre in #4208
• syn2mas: Add progress reporting to log and to opentelemetry metrics by @reivilibre in #4215
• Add expires_in to ...

v0.15.0-rc.0

Upgrade notes

This update adds many database indexes, which can take time on larger deployments. It is advised to first run the database migrations before rolling out the new version, using mas-cli database migrate

Docker image

Regular image:

• Digest:

  ghcr.io/element-hq/matrix-authentication-service@sha256:f4cc34cbd99902e7a8eadf676303e4526f5a51135c4eb3b1a5e1d94e5393097a
  

• Tags:

  ghcr.io/element-hq/matrix-authentication-service:0.15.0-rc.0
  ghcr.io/element-hq/matrix-authentication-service:sha-a8f58d4
  

Debug variant:

• Digest:

  ghcr.io/element-hq/matrix-authentication-service@sha256:c38802f8371599e19b368b7f3fa37fc232f445233c6213af28e2831d5f72049a
  

• Tags:

  ghcr.io/element-hq/matrix-authentication-service:0.15.0-rc.0-debug
  ghcr.io/element-hq/matrix-authentication-service:sha-a8f58d4-debug
  

syn2mas migration tool:

• Digest:

  ghcr.io/element-hq/matrix-authentication-service/syn2mas@sha256:cf93776e9aa003d45a78abb5857238ecbfa17e2ca3cdf335a2c5ddc5a2844d8f
  

• Tags:

  ghcr.io/element-hq/matrix-authentication-service/syn2mas:0.15.0-rc.0
  ghcr.io/element-hq/matrix-authentication-service/syn2mas:sha-a8f58d4
  

What's Changed

Bug Fixes

• Fix the HTTP status code for the user creation admin endpoint by @sandhose in #4040
• Fix upstream OAuth 2.0 callbacks using the form_post method by @sandhose in #4057
• Fix some old Synapse access tokens not being recognised by @sandhose in #4093
• Allow compat session devices to have spaces by @sandhose in #4067
• Don't delete devices marked as dehydrated devices by @uhoreg in #4268
• Support database poolers: clean up LISTEN/NOTIFY state when opening a connection by @sandhose in #4367
• Clear the session cookie on logout from the GraphQL API by @sandhose in #4328
• Create missing indexes for all the foreign keys in the database. by @sandhose in #4385

New Features

• Allow banning IPs and user agents through the policy by @sandhose in #4048
• Convert IPv6-mapped IPv4 addresses to IPv4 addresses by @sandhose in #4058
• Only show the password change section if the user has a password by @sandhose in #4100
• Support for allowing/banning specific username patterns during registration by @sandhose in #4131
• Allow configuring a 'read-only' connection to the homeserver by @sandhose in #4145
• Handle AS users with invalid localparts edge case by @sandhose in #4133
• Require confirming account password before changing account emails by @sandhose in #4158
• Align user deactivation behaviour with Synapse by @sandhose in #4197
• Better feedback on failure cases during login by @sandhose in #4198
• Allow users to deactivate their own account in the UI by @sandhose in #4209
• Observe metrics from the Tokio runtime by @sandhose in #4284
• Deduplicate client registrations by hashing the metadata by @sandhose in #4293
• Record auth related metrics by @sandhose in #4301
• Expose more Sentry configuration by @sandhose in #4352
• compat login: support using client-provided device ID by @reivilibre in #4342
• Allow logging in using an email address by @mcalinghee in #4337
• Always ask for consent, never for reauth by @sandhose in #4386
• Lookup usernames case insensitively by @sandhose in #4378

Changes to the admin API

• Admin API to add and delete user email addresses by @sandhose in #4039
• Admin API to dynamically set policy data by @sandhose in #4115
• Admin API for adding and removing upstream oauth links by @tonkku107 in #4255

Documentation

• Disable Verification for Microsoft Azure AD OIDC config example by @kieranlane in #4258
• Document how to setup Discord as upstream OAuth 2.0 provider, add missing token_endpoint_auth_method field in GitHub sample config by @ChurchOfTheSubgenius in #4310
• Document how to migrate passwords from Synapse with a pepper set by @speatzle in #4353

Translations

• Translations updates for main by @matrixbot in #4356
• Translations updates for main by @matrixbot in #4377
• Translations updates for main by @matrixbot in #4406
• Translations updates for main by @matrixbot in #4407

Internal Changes

• Automatic merge back to main by @matrixbot in #4035
• Automatic merge back to main by @matrixbot in #4056
• Automatic merge back to main by @matrixbot in #4070
• Allow logging in using the deprecated 'user' property on the compat login API by @sandhose in #4075
• Remove warnings about password auth not being feature complete by @wrjlewis in #4106
• Trigger the build workflow on PRs with a label by @sandhose in #4119
• Remove spuriuous ICU errors from the logs by @sandhose in #4132
• Ignore guest devices and empty IPs when migrating from Synapse by @sandhose in #4121
• Pass the MasWriter as owned to the various migration functions by @sandhose in #4120
• Properly ignore devices, threepids and access tokens from AS users by @sandhose in #4122
• Adjust the jobs retry delays and number of attempts by @sandhose in #4169
• Ignore RUSTSEC-2024-0436 and RUSTSEC-2024-0437 for now by @sandhose in #4172
• Properly accumulate form errors on the upstream register page by @sandhose in #4173
• syn2mas: better performance, output tweaks, tracing tweaks, access token fixes by @reivilibre in #4175
• Order the OAuth providers in the UI by their order in the config file by @sandhose in #4199
• syn2mas: disable logging of slow statements, better access token query perf by @reivilibre in #4208
• syn2mas: Add progress reporting to log and to opentelemetry metrics by @reivilibre in #4215
• Add expires_in to introspection responses by @reivilibre in #4241
• syn2mas: use ChaCha20 for all operations by @reivilibre in #4256
• syn2mas: Synapse configuration fixes by @reivilibre in #4266
• syn2mas: remove obsolete TODOs by @reivilibre in #4267
• Use automatic route code splitting by @sandhose in #4290
• Replace data-encoding with base64ct by @sandhose in #4294
• Speed up local docker rebuilds & CI cache exports by @sandhose...

v0.14.1

Docker image

Regular image:

• Digest:

  ghcr.io/element-hq/matrix-authentication-service@sha256:5a24857b4cf429d21eb823cc80bf0bc78ffc055c303ef898a0f2e32cbf57c194
  

• Tags:

  ghcr.io/element-hq/matrix-authentication-service:0.14.1
  ghcr.io/element-hq/matrix-authentication-service:0.14
  ghcr.io/element-hq/matrix-authentication-service:0
  ghcr.io/element-hq/matrix-authentication-service:sha-5d838ed
  ghcr.io/element-hq/matrix-authentication-service:latest
  

Debug variant:

• Digest:

  ghcr.io/element-hq/matrix-authentication-service@sha256:da8d550dea7c237f417fe737ec884e7e1dd07e72be97a8da800b8bb22be167d4
  

• Tags:

  ghcr.io/element-hq/matrix-authentication-service:0.14.1-debug
  ghcr.io/element-hq/matrix-authentication-service:0.14-debug
  ghcr.io/element-hq/matrix-authentication-service:0-debug
  ghcr.io/element-hq/matrix-authentication-service:sha-5d838ed-debug
  ghcr.io/element-hq/matrix-authentication-service:latest-debug
  

syn2mas migration tool:

• Digest:

  ghcr.io/element-hq/matrix-authentication-service/syn2mas@sha256:0da9243f23d7979a1f033ff750d743f733dca88b84fcd82682fae683030355e1
  

• Tags:

  ghcr.io/element-hq/matrix-authentication-service/syn2mas:0.14.1
  ghcr.io/element-hq/matrix-authentication-service/syn2mas:0.14
  ghcr.io/element-hq/matrix-authentication-service/syn2mas:0
  ghcr.io/element-hq/matrix-authentication-service/syn2mas:sha-5d838ed
  ghcr.io/element-hq/matrix-authentication-service/syn2mas:latest
  

What's Changed

Bug Fixes

• Fix a crash on startup when a listener has an empty prefix by @sandhose in #4069

Full Changelog: v0.14.0...v0.14.1

v0.14.0

Docker image

Regular image:

• Digest:

  ghcr.io/element-hq/matrix-authentication-service@sha256:834ea54370f056ef5c2622344424adc39ea64b890c57697462bf0b5087ad4853
  

• Tags:

  ghcr.io/element-hq/matrix-authentication-service:0.14.0
  ghcr.io/element-hq/matrix-authentication-service:0.14
  ghcr.io/element-hq/matrix-authentication-service:0
  ghcr.io/element-hq/matrix-authentication-service:sha-c39dcd6
  ghcr.io/element-hq/matrix-authentication-service:latest
  

Debug variant:

• Digest:

  ghcr.io/element-hq/matrix-authentication-service@sha256:91202e32913c1f712ed17021cd34379b525eb42a5356f79825c165d5bb511fd6
  

• Tags:

  ghcr.io/element-hq/matrix-authentication-service:0.14.0-debug
  ghcr.io/element-hq/matrix-authentication-service:0.14-debug
  ghcr.io/element-hq/matrix-authentication-service:0-debug
  ghcr.io/element-hq/matrix-authentication-service:sha-c39dcd6-debug
  ghcr.io/element-hq/matrix-authentication-service:latest-debug
  

syn2mas migration tool:

• Digest:

  ghcr.io/element-hq/matrix-authentication-service/syn2mas@sha256:8480dc0062e4ea9604d5dfcae391021379b8c4951300340a0c896f620f4d7088
  

• Tags:

  ghcr.io/element-hq/matrix-authentication-service/syn2mas:0.14.0
  ghcr.io/element-hq/matrix-authentication-service/syn2mas:0.14
  ghcr.io/element-hq/matrix-authentication-service/syn2mas:0
  ghcr.io/element-hq/matrix-authentication-service/syn2mas:sha-c39dcd6
  ghcr.io/element-hq/matrix-authentication-service/syn2mas:latest
  

What's Changed

Bug Fixes

• Allow logging in with the full MXID by @sandhose in #3908
• Fix the account page crash introduced in #3893 by @sandhose in #3920
• Fix the upstream OAuth 2.0 callback form deserialisation by @sandhose in #4010

New Features

• Support compatibility sessions that do not have devices by @reivilibre in #3801
• Notify the service state through sd_notify by @sandhose in #3903
• Experimental feature to automatically expire inactive sessions by @sandhose in #4022
• Polish the session list and details view by @sandhose in #4029

Changes to the admin API

• Admin API to list and get user emails by @sandhose in #4001
• Admin API to list and get compatibility sessions by @sandhose in #4002
• Fix the definition of the set-password success response in the OpenAPI spec by @sandhose in #4003
• Admin API to list and get user sessions by @sandhose in #4004
• Fix the user session admin API docs by @sandhose in #4011
• Enable operation deep-linking in the admin API docs by @sandhose in #4013
• Admin API to list and get upstream OAuth links by @sandhose in #4012
• Fix the rendering of the embedded API doc by @sandhose in #4023

Documentation

• Add 'introspection_endpoint' to homeserver config example by @Stogas in #3790
• Document more mas-cli subcommands and standardise the format by @wrjlewis in #3988
• Update links to policy files by @turt2live in #3982
• Simplify the setup documentation introduction by @escix in #3994

Translations

• Translations updates for main by @matrixbot in #4033
• Translations updates for v0.14 by @matrixbot in #4055

Internal Changes

• Release branch 0.13.0-rc.1 by @matrixbot in #3877
• (merge progress on syn2mas tool into main branch) by @reivilibre in #3895
• syn2mas: Add tests for reading and writing threepids by @reivilibre in #3907
• Don't prevent starting up if the mail backend is unavailable by @sandhose in #3918
• Buffer reading of translation files by @sandhose in #3909
• syn2mas: Support migrating external IDs as upstream OAuth2 providers by @reivilibre in #3917
• Fetch the upstream OIDC metadata in the background on startup by @sandhose in #3925
• syn2mas: migrate access tokens, refresh tokens and devices by @reivilibre in #3926
• Stop using cargo-chef in the docker build by @sandhose in #3961
• Use the x86-64-v2 pseudo-ABI when building for x86_64 targets by @sandhose in #3960
• Always run the build workflow on PRs by @sandhose in #3971
• Speed-up CI by splitting binary builds for each architecture by @sandhose in #3970
• Enable fat LTO & reduce the number of codegen units by @sandhose in #3969
• Use the ubuntu-24.04 runners in CI by @sandhose in #3972
• Refactor actions to reuse shared steps by @sandhose in #3973
• Fix the unstable build CI job by @sandhose in #3975
• syn2mas: make the MAS writer connection owned by @sandhose in #3985
• Encapsulate migration state in a single structure by @sandhose in #3991
• Move from zod to valibot to reduce the frontend bundle size by @sandhose in #4026
• Fix the release workflow references to scripts by @sandhose in #4034

Other Changes

• Merge back release branch to main by @sandhose in #3954

Dependency Updates

• build(deps-dev): bump knip from 5.43.1 to 5.43.3 in /frontend by @dependabot in #3867
• build(deps): bump codecov/codecov-action from 5.2.0 to 5.3.0 by @dependabot in #3863
• build(deps): bump docker/bake-action from 6.2.0 to 6.3.0 by @dependabot in #3862
• build(deps): bump psl from 2.1.80 to 2.1.81 by @dependabot in #3892
• build(deps): bump insta from 1.42.0 to 1.42.1 by @dependabot in #3891
• build(deps): bump actions/setup-node from 4.1.0 to 4.2.0 by @dependabot in #3888
• build(deps): bump codecov/codecov-action from 5.3.0 to 5.3.1 by @dependabot in #3887
• build(deps-dev): bump @types/node from 22.10.7 to 22.10.10 in /tools/syn2mas in the development group by @dependabot in #3886
• build(deps): bump i18next from 24.2.1 to 24.2.2 in /frontend in the i18next group by @dependabot in #3885
• build(deps-dev): bump vite-plugin-graphql-codegen from 3.4.4 to 3.4.5 in /frontend in the vite group by @dependabot in #3884
• build(deps-dev): bump the storybook group in /frontend with 6 updates by @dependabot in #3883
• build(deps-dev): bump the types group across 1 directory with 2 updates by @dependabot in #3882
• Upgrade axum to 0.8 by @sandhose in #3893
• build(deps): bump rustls-pki-types from 1.10.1 to 1.11.0 by @dependabot in #3901
• build(deps): bump tokio-stream from 0.1.16 to 0.1.17 by @dependabot in https://github.com/element-hq/matrix-authentication-service/pull/...

v0.14.0-rc.0

Docker image

Regular image:

• Digest:

  ghcr.io/element-hq/matrix-authentication-service@sha256:4fd5b78892c21fbb744e68b0e731b276e0a8b7482e68c324119ce69d917889a4
  

• Tags:

  ghcr.io/element-hq/matrix-authentication-service:0.14.0-rc.0
  ghcr.io/element-hq/matrix-authentication-service:sha-23e7855
  

Debug variant:

• Digest:

  ghcr.io/element-hq/matrix-authentication-service@sha256:4e16f53213fb14a926673caf2ccc3d71ea00f013961c661b656818d5eb8107a3
  

• Tags:

  ghcr.io/element-hq/matrix-authentication-service:0.14.0-rc.0-debug
  ghcr.io/element-hq/matrix-authentication-service:sha-23e7855-debug
  

syn2mas migration tool:

• Digest:

  ghcr.io/element-hq/matrix-authentication-service/syn2mas@sha256:d953e91b724551d99acb430b14a7ffc742f0ad29c9aeca03060f69244a5770af
  

• Tags:

  ghcr.io/element-hq/matrix-authentication-service/syn2mas:0.14.0-rc.0
  ghcr.io/element-hq/matrix-authentication-service/syn2mas:sha-23e7855
  

What's Changed

Bug Fixes

• Allow logging in with the full MXID by @sandhose in #3908
• Fix the account page crash introduced in #3893 by @sandhose in #3920
• Fix the upstream OAuth 2.0 callback form deserialisation by @sandhose in #4010

New Features

• Support compatibility sessions that do not have devices by @reivilibre in #3801
• Notify the service state through sd_notify by @sandhose in #3903
• Experimental feature to automatically expire inactive sessions by @sandhose in #4022
• Polish the session list and details view by @sandhose in #4029

Changes to the admin API

• Admin API to list and get user emails by @sandhose in #4001
• Admin API to list and get compatibility sessions by @sandhose in #4002
• Fix the definition of the set-password success response in the OpenAPI spec by @sandhose in #4003
• Admin API to list and get user sessions by @sandhose in #4004
• Fix the user session admin API docs by @sandhose in #4011
• Enable operation deep-linking in the admin API docs by @sandhose in #4013
• Admin API to list and get upstream OAuth links by @sandhose in #4012
• Fix the rendering of the embedded API doc by @sandhose in #4023

Documentation

• Add 'introspection_endpoint' to homeserver config example by @Stogas in #3790
• Document more mas-cli subcommands and standardise the format by @wrjlewis in #3988
• Update links to policy files by @turt2live in #3982
• Simplify the setup documentation introduction by @escix in #3994

Translations

• Translations updates for main by @matrixbot in #4033

Internal Changes

• Release branch 0.13.0-rc.1 by @matrixbot in #3877
• (merge progress on syn2mas tool into main branch) by @reivilibre in #3895
• syn2mas: Add tests for reading and writing threepids by @reivilibre in #3907
• Don't prevent starting up if the mail backend is unavailable by @sandhose in #3918
• Buffer reading of translation files by @sandhose in #3909
• syn2mas: Support migrating external IDs as upstream OAuth2 providers by @reivilibre in #3917
• Fetch the upstream OIDC metadata in the background on startup by @sandhose in #3925
• syn2mas: migrate access tokens, refresh tokens and devices by @reivilibre in #3926
• Stop using cargo-chef in the docker build by @sandhose in #3961
• Use the x86-64-v2 pseudo-ABI when building for x86_64 targets by @sandhose in #3960
• Always run the build workflow on PRs by @sandhose in #3971
• Speed-up CI by splitting binary builds for each architecture by @sandhose in #3970
• Enable fat LTO & reduce the number of codegen units by @sandhose in #3969
• Use the ubuntu-24.04 runners in CI by @sandhose in #3972
• Refactor actions to reuse shared steps by @sandhose in #3973
• Fix the unstable build CI job by @sandhose in #3975
• syn2mas: make the MAS writer connection owned by @sandhose in #3985
• Encapsulate migration state in a single structure by @sandhose in #3991
• Move from zod to valibot to reduce the frontend bundle size by @sandhose in #4026
• Fix the release workflow references to scripts by @sandhose in #4034

Other Changes

• Merge back release branch to main by @sandhose in #3954

Dependency Updates

• build(deps-dev): bump knip from 5.43.1 to 5.43.3 in /frontend by @dependabot in #3867
• build(deps): bump codecov/codecov-action from 5.2.0 to 5.3.0 by @dependabot in #3863
• build(deps): bump docker/bake-action from 6.2.0 to 6.3.0 by @dependabot in #3862
• build(deps): bump psl from 2.1.80 to 2.1.81 by @dependabot in #3892
• build(deps): bump insta from 1.42.0 to 1.42.1 by @dependabot in #3891
• build(deps): bump actions/setup-node from 4.1.0 to 4.2.0 by @dependabot in #3888
• build(deps): bump codecov/codecov-action from 5.3.0 to 5.3.1 by @dependabot in #3887
• build(deps-dev): bump @types/node from 22.10.7 to 22.10.10 in /tools/syn2mas in the development group by @dependabot in #3886
• build(deps): bump i18next from 24.2.1 to 24.2.2 in /frontend in the i18next group by @dependabot in #3885
• build(deps-dev): bump vite-plugin-graphql-codegen from 3.4.4 to 3.4.5 in /frontend in the vite group by @dependabot in #3884
• build(deps-dev): bump the storybook group in /frontend with 6 updates by @dependabot in #3883
• build(deps-dev): bump the types group across 1 directory with 2 updates by @dependabot in #3882
• Upgrade axum to 0.8 by @sandhose in #3893
• build(deps): bump rustls-pki-types from 1.10.1 to 1.11.0 by @dependabot in #3901
• build(deps): bump tokio-stream from 0.1.16 to 0.1.17 by @dependabot in #3900
• build(deps): bump compact_str from 0.8.0 to 0.8.1 by @dependabot in #3899
• build(deps): bump thiserror-ext from 0.2.0 to 0.2.1 by @dependabot in #3898
• build(deps-dev): bump the graphql-codegen group in /frontend with 2 updates by @dependabot in #3902
• build(deps): bump the tanstack-query group in /frontend with 2 updates by @dependabot in #3905
• build(deps-dev): bump @types/node from 22.10.10 to...

v0.13.0

Docker image

Regular image:

• Digest:

  ghcr.io/element-hq/matrix-authentication-service@sha256:289273750e51b7525faa302de6b1743f4401cc95fcf77569a0bf3a1c97697607
  

• Tags:

  ghcr.io/element-hq/matrix-authentication-service:0.13.0
  ghcr.io/element-hq/matrix-authentication-service:0.13
  ghcr.io/element-hq/matrix-authentication-service:0
  ghcr.io/element-hq/matrix-authentication-service:sha-cb55901
  ghcr.io/element-hq/matrix-authentication-service:latest
  

Debug variant:

• Digest:

  ghcr.io/element-hq/matrix-authentication-service@sha256:a2ead5d50f8147d159144d08ef7d485f2c2a3fb5ecadd70a9ea888ae73f10e27
  

• Tags:

  ghcr.io/element-hq/matrix-authentication-service:0.13.0-debug
  ghcr.io/element-hq/matrix-authentication-service:0.13-debug
  ghcr.io/element-hq/matrix-authentication-service:0-debug
  ghcr.io/element-hq/matrix-authentication-service:sha-cb55901-debug
  ghcr.io/element-hq/matrix-authentication-service:latest-debug
  

syn2mas migration tool:

• Digest:

  ghcr.io/element-hq/matrix-authentication-service/syn2mas@sha256:50f7511a3286c5f1409bb07e696e50b61e4a20749d7cb81827c4e29f84b725ba
  

• Tags:

  ghcr.io/element-hq/matrix-authentication-service/syn2mas:0.13.0
  ghcr.io/element-hq/matrix-authentication-service/syn2mas:0.13
  ghcr.io/element-hq/matrix-authentication-service/syn2mas:0
  ghcr.io/element-hq/matrix-authentication-service/syn2mas:sha-cb55901
  ghcr.io/element-hq/matrix-authentication-service/syn2mas:latest
  

What's Changed

Bug Fixes

• syn2mas: import the admin flag on users by @sandhose in #3447
• Make sure refreshing OAuth token is idempotent by @sandhose in #3650
• Make sure to consume the device grant to avoid replays by @sandhose in #3656
• Shutdown the server if any of the tasks crashes by @sandhose in #3672

New Features

• syn2mas - Use row streaming for pg so that all users aren't loaded into memory at once by @hughns in #3205
• Update the client registration to comply with MSC2966 by @sandhose in #3202
• Use CancellationToken and a TaskTracker to handle graceful shutdowns by @sandhose in #3352
• Add a CLI tool to add an email address to a user by @sandhose in #3235
• Reset/restore scroll when navigating through the app by @sandhose in #3410
• Support for HTTP proxy: replace the HTTP client with reqwest by @sandhose in #3424
• Better compatibility with Python implementation of upstream OAuth 2.0 mapping templates by @sandhose in #3433
• Implement login_hint as per MSC4198 by @tonkku107 in #3343
• Support Sign in with Apple by @sandhose in #3521
• Allow fetching user claims through the userinfo_endpoint for upstream OAuth 2.0 providers by @MatMaul in #3363
• Concatenate arrays in the config when loading multiple files by @sandhose in #3599
• Make the id_token optional on upstream OAuth 2.0 providers by @sandhose in #3591
• Allow setting an explicit upstream account name by @sandhose in #3600
• Rewrite of the async job queue by @sandhose in #3629
• Report version from git describe in metrics & CLI by @sandhose in #3671
• Add metrics to the job queue by @sandhose in #3678
• Upstream OAuth 2.0 providers: Support signed userinfo and customising the expected id_token signature algorithm by @MatMaul in #3664
• Make the issuer optional on upstream OAuth 2.0 providers by @sandhose in #3685
• Allow longer & shorter usernames, complying with the MXID length spec by @sandhose in #3719
• Polish the registration flow by @sandhose in #3727
• Polish the password recovery flow and other small design tweaks by @sandhose in #3780
• Rework how email verification works by @sandhose in #3784

Documentation

• Fix link to setup docs for the mdbook by @morguldir in #3251
• Add SSO sample configuration for Authelia by @ginkel in #3384
• Fix loading MSW in Storybook in the documentation by @sandhose in #3522
• Add note about password schemes to migration docs by @tonkku107 in #3463
• fix sso exemple config for authelia by @hatch01 in #3462
• Update configuration.md to include a missing parameter by @Thanhphan1147 in #3574
• Add documentation against using database transaction poolers by @reivilibre in #3617
• Include example SSO config for Rauthy. by @ChurchOfTheSubgenius in #3725
• Document the new upstream OAuth 2.0 configuration options by @sandhose in #3707

Translations

• Better error message when a translation file fails to load by @sandhose in #3684
• Translations updates by @matrixbot in #3775
• Translations updates for main by @matrixbot in #3870
• Translations updates for v0.13 by @matrixbot in #3876
• Translations updates for v0.13 by @matrixbot in #3933
• Translations updates for v0.13 by @matrixbot in #3953

Internal Changes

• syn2mas - Use element-hq links to GitHub issues for migration advisor by @hughns in #3204
• syn2mas - reflect that CAPTCHA is supported by MAS now by @hughns in #3207
• Format code with latest nightly by @sandhose in #3258
• Remove unused sqlx query introspection data by @sandhose in #3259
• Clean up how pagination parameters are handled by @sandhose in #3272
• Enable codecov bundle analysis by @sandhose in #3313
• dependabot: ignore eslint and apalis major versions for now by @sandhose in #3317
• Switch from eslint to biome by @sandhose in #3390
• Better error when the email addresses in the config are invalid by @sandhose in #3377
• Remove Prettier by @sandhose in #3402
• Remove unnecessary sleep by @sandhose in #3409
• Split the cross-signing reset pages & adapt the wording by @sandhose in #3411
• Use enums as types in the GraphQL codegen by @sandhose in #3418
• Speed up tests with cargo-nextest by @sandhose in #3438
• Fix uploading of codecov bundle reports by @sandhose in #3515
• Switch to @tanstack/react-query for GraphQL requests by @sandhose in #3504
• Fix non-form_post upstream OAuth 2.0 callbacks by @sandhose in #3554
• dependabot: group Tanstack Query dependencies by @sandhose in #3571
• Fix t...

v0.13.0-rc.2

Docker image

Regular image:

• Digest:

  ghcr.io/element-hq/matrix-authentication-service@sha256:a2ca459829e41b02bf3a74379d1f26a3c91325e69e56a7053076659c4cbae3eb
  

• Tags:

  ghcr.io/element-hq/matrix-authentication-service:0.13.0-rc.2
  ghcr.io/element-hq/matrix-authentication-service:sha-5827925
  

Debug variant:

• Digest:

  ghcr.io/element-hq/matrix-authentication-service@sha256:71174d3ece75f6087db44d4185de7f2f19a53fc26390a3964f905294715ee0d4
  

• Tags:

  ghcr.io/element-hq/matrix-authentication-service:0.13.0-rc.2-debug
  ghcr.io/element-hq/matrix-authentication-service:sha-5827925-debug
  

syn2mas migration tool:

• Digest:

  ghcr.io/element-hq/matrix-authentication-service/syn2mas@sha256:bdbdae151a20bb94b65dad259ca700b728aee05254d2d77daf02491924af7668
  

• Tags:

  ghcr.io/element-hq/matrix-authentication-service/syn2mas:0.13.0-rc.2
  ghcr.io/element-hq/matrix-authentication-service/syn2mas:sha-5827925
  

What's Changed since v0.13.0-rc.1

Translations

• Translations updates for v0.13 by @matrixbot in #3933

Other Changes

• Fix reporting of version in prebuilt binaries & docker image by @sandhose in #3881

Full Changelog: v0.13.0-rc.1...v0.13.0-rc.2