v1.2.8

Fixed

• Fixed crashes when internal workers encounter panics.

v1.2.7

Security advisories

This release includes a fix for CVE-2021-29453.

Server administrators are recommended to upgrade as soon as possible. This issue is considered to be exploited in the wild
due to some deployments being affected unexpectedly.

Added

• Added support for structured logging (JSON).

Changed

• Turned color-coded logs off by default. This can be changed in the config.

Fixed

• Fixed memory exhaustion when thumbnailing maliciously crafted images.

v1.2.6

Added

• Added ffmpeg and ImageMagick to Docker image to support specialized thumbnail types.

Fixed

• Handle guest accounts properly. Previously they were still declined, though by coincidence.

v1.2.5

Added

• Added a -verify mode to imports to determine if large imports were successful.
• Added optional support for Sentry (error reporting).

Changed

• Content-Disposition of plain text files now defaults to inline.

Fixed

• Fixed rich oEmbed URL previews (Twitter).
• Fixed photo oEmbed URL previews (Giphy).
• Fixed orientation parsing for some thumbnails.
• Fixed file name being incorrect on the first download from remote servers.
• Fixed a download inefficiency where remote downloads could use extra bandwidth.
• Fixed a problem where secondary imports can never finish.
• Fixed imports not handling duplicate media IDs.
• Fixed some database connection errors not being handled correctly.

v1.2.4

Fixed

• Fixed build error for modern versions of Go, improving IPFS implementation.

v1.2.3

Added

• Introduced early plugin support (only for antispam for now).
  • Includes a simple OCR plugin to help mitigate text-based image spam.
• Added an X-Robots-Tag header to help prevent indexing. Thanks @jellykells!

Fixed

• Fixed crash when generating some thumbnails of audio.
• Fixed various artifact problems with APNG and GIF thumbnails. Thanks @Sorunome!
• Fixed a missing "unlimited size" check for thumbnails. Thanks @Sorunome!

v1.2.2

Fixed

• Generate JPEG thumbnails for JPEG for reduced file size. Thanks @Sorunome!
• Strip charset parameter off binary media for better compatibility with other homeservers.

v1.2.1

Added

• Added a new tool, export_synapse_for_import, which can be used to do an offline import from Synapse.
  • After running this tool, use the gdpr_import tool to bring the export into the media repo.
• Added thumbnailing support for some audio waveforms (MP3, WAV, OGG, and FLAC).
• Added audio metadata (duration, etc) to the unstable /info endpoint. Aligns with MSC2380.
• Added simple thumbnailing for MP4 videos.
• Added an asAttachment query parameter to download requests per MSC2702.

Fixed

• Fixed thumbnails for invalid JPEGs.
• Fixed incorrect metrics being published when using the Redis cache.
• Fixed errors generating thumbnails when bad EXIF headers were provided.
• Use r0 instead of v1 for federation requests. No changes should be needed to configurations or routing - it'll just work.

v1.2.0

Upgrade notes

This release contains a database change which might take a while. In order to support quotas, this
release tracks how much a user has uploaded, which might take a while to initially calculate. If you have
a large database (more than about 100k uploaded files), run the following steps before upgrading:

1. The PostgreSQL script described here.
   This can be run while the server is running.
2. If you have no intention of using stats or quotas, you're done (the stats table will be inaccurate). If
   you do plan on using either, run INSERT INTO user_stats SELECT user_id, SUM(size_bytes) FROM media GROUP BY user_id;
   which may take a while.
3. Change the owner of the table and function to your media repo's postgresql user. For example, if your postgres
   user is media, then run:

   ALTER TABLE user_stats OWNER TO media;
   ALTER FUNCTION track_update_user_media() OWNER TO media; 

Added

• Add webp image support. Thanks @Sorunome!
• Add apng image support. Thanks @Sorunome!
• Experimental support for Redis as a cache (in preparation for proper load balancing/HA support).
• Added oEmbed URL preview support.
• Added support for dynamic thumbnails.
• Added a way to prevent certain media from being quarantined (attributes API).
• Added support for quotas.

Changed

• Remove deprecated support for restricting uploads to certain mime types.
• Remove deprecated support for forUploads.
• Clarified what uploads.minBytes is intended to be used for.

Fixed

• GIFs now thumbnail correctly. Thanks @Sorunome!
• Fixed empty Content-Type header on retrieved remote media. Thanks @silkeh!
• Fixed various issues with IPv6 handling. Thanks @silkeh!
• Fixed high database usage for uploads when only one datastore is present.
• Fixed incorrect HTTP status codes for bad thumbnail requests.
• Fixed dimension checking on thumbnails.
• Fixed handling of EXIF metadata. Thanks @Sorunome!
• Fixed handling of URL previews for some encodings.
• Fixed Cache-Control headers being present on errors.

v1.1.3

Added

• Added options to cache access tokens for users. This prevents excessive calls to /account/whoami on your homeserver, particularly for appservices.
• Documentation on how to set up delegation with the media repo and Traefik. Thanks @dereisele!

Changed

• Deprecated support for restricting uploads to certain mime types, due to inability to make it work correctly with encrypted media.
• Removed deprecated storagePaths config option. Please use datastores.

Fixed

• Fixed federation with some homeserver setups (delegation with ports). Thanks @MatMaul!
• Fixed the Synapse import script to not skip duplicated media. Thanks @jaywink!
• Fixed requests to IPv6 hosts. Thanks @MatMaul!
• Removed excessive calls to the database during upload.