Releases: t2bot/matrix-media-repo
Releases · t2bot/matrix-media-repo
v1.3.4
Added
- Dendrite homeservers can now have their media imported safely, and
adminApiKind
may be set todendrite
. - Exporting MMR's data to Synapse is now possible with
import_to_synapse
. To use it, first rungdpr_export
or similar. - Errors encountered during a background task, such as an API-induced export, are exposed as
error_message
in the admin API. - MMR will follow redirects on federated downloads up to 5 hops.
- S3-backed datastores can have download requests redirected to a public-facing CDN rather than being proxied through MMR. See
publicBaseUrl
under the S3 datastore config.
Changed
- Exports now use an internal timeout of 10 minutes instead of 1 minute when downloading files. This may still result in errors if downloading from S3 takes too long.
- MMR now requires Go 1.21 for compilation.
- ARM-supported Docker images are now available through GHCR.
- The Docker Hub (docker.io) builds are deprecated and will not receive updates starting with v1.4.0
- Docker Hub images are not guaranteed to have ARM compatibility.
- The
latest
Docker tag on both Docker Hub and GHCR now points to the latest release instead of the unstable development build.
Fixed
- Exports created with
s3_urls
now contain valid URLs. - Exports no longer fail with "The requested range is not satisfiable".
- Exports no longer fail with "index out of range [0] with length 0".
- Requests requiring authentication, but lack a provided access token, will return HTTP 401 instead of HTTP 500 now.
- Downloads when using a self-hosted MinIO instance are no longer slower than expected.
- The
DELETE /_matrix/media/unstable/admin/export/:exportId
endpoint has been reinstated as described. - If a server's
downloads.maxSize
is greater than theuploads.maxSize
, remote media is no longer cut off atuploads.maxSize
. The media will instead be downloaded atdownloads.maxSize
and error if greater. Content-Type
on/download
and/thumbnail
is now brought in line with MSC2701.
v1.3.3
Fixed
- Improved handling when encountering an error attempting to populate Redis during uploads.
- Fixed
Range
requests failing by default by internally setting a default chunk size of 10mb. - Stop logging "no exif data".
- Fixed admin API requests not working when authenticating as the shared secret user.
Changed
- Updated dependencies. Manually compiled deployments may need to recompile
libheif
as well.
v1.3.2
v1.3.1
From v1.3.0
- Mandatory configuration change: Please see docs.t2bot.io for details.
- Fix improper usage of
Content-Disposition: inline
and relatedContent-Type
safety (CVE-2023-41318, GHSA-5crw-6j7v-xc72).
Fixed
- Fixed media purge API not being able to delete thumbnails.
- Fixed thumbnails being attempted for disabled media types.
- Fixed SVG and other non-dimensional media failing to be usefully thumbnailed in some cases.
v1.3.0
Mandatory Configuration Change
Please see docs.t2bot.io for details.
Security Fixes
- Fix improper usage of
Content-Disposition: inline
and relatedContent-Type
safety (CVE-2023-41318, GHSA-5crw-6j7v-xc72).
Deprecations
- The
GET /_matrix/media/unstable/local_copy/:server/:mediaId
(andunstable/io.t2bot.media
variant) endpoint is deprecated and scheduled for removal. If you are using this endpoint, please comment on this issue to explain your use case.
Added
- Added a
federation.ignoredHosts
config option to block media from individual homeservers. - Support for MSC2246 (async uploads) is added, with per-user quota limiting options.
- Support for MSC4034 (self-serve usage information) is added, alongside a new "maximum file count" quota limit.
- The
GET /_synapse/admin/v1/statistics/users/media
endpoint from Synapse is now supported at the same path for local server admins. - Thumbnailing support for:
- BMP images.
- TIFF images.
- HEIC images.
- New metrics:
- HTTP response times.
- Age of downloaded/accessed media.
- Support for PGO builds has been enabled via pgo-fleet.
Removed
- IPFS support has been removed due to maintenance burden.
- Exports initiated through the admin API no longer support
?include_data=false
. Exports will always contain data. - Server-side blurhash calculation has been removed. Clients and bridges already calculate blurhashes locally where applicable.
Changed
- Mandatory configuration change: You must add datastore IDs to your datastore configuration, as matrix-media-repo will no longer manage datastores for you.
- If compiling
matrix-media-repo
, note that new external dependencies are required. See the docs.- Docker images already contain these dependencies.
- Datastores no longer use the
enabled
flag set on them. UseforKinds: []
instead to disable a datastore's usage. - Per-user upload quotas now do not allow users to exceed the maximum values, even by 1 byte. Previously, users could exceed the limits by a little bit.
- Updated to Go 1.19, then Go 1.20 in the same release cycle.
- New CGO dependencies are required. See docs.t2bot.io for details.
- Logs are now less noisy by default.
- Connected homeservers must support at least Matrix 1.1 on the Client-Server API. Servers over federation are not affected.
- The example Grafana dashboard has been updated.
Fixed
- URL previews now follow redirects properly.
- Overall memory usage is improved, particularly during media uploads and API-initiated imports.
- Note: If you use plugins then memory usage will still be somewhat high due to temporary caching of uploads.
- Note: This affects RSS primarily. VSZ and other memory metrics may be higher than expected due to how Go releases memory to the OS. This is fixed when there's memory pressure.
- Fixed shutdown stall if the config was reloaded more than once while running.
v1.2.13
Deprecations
- In version 1.3.0, IPFS will no longer be supported as a datastore. Please migrate your data if you are using the IPFS support.
Added
- Added the
Cross-Origin-Resource-Policy: cross-origin
header to all downloads, as per MSC3828. - Added metrics for tracking which S3 operations are performed against datastores.
Changed
- Swap out the HEIF library for better support towards ARM64 Docker Images.
- The development environment now uses Synapse as a homeserver. Test accounts will need recreating.
- Updated to Go 1.18
- Improved error message when thumbnailer cannot determine image dimensions.
Fixed
- Return default media attributes if none have been explicitly set.
v1.2.12
v1.2.11
This version has a known bug.
Please use v1.2.12 instead of this version.
Added
- New config option to set user agent when requesting URL previews.
- Added support for
image/jxl
thumbnailing. - Built-in early support for content ranges (being able to skip around in audio and video). This is only available if caching is enabled.
- New config option for changing the log level.
- New (currently undocumented) binary
s3_consistency_check
to find objects in S3 which might not be referenced by the media repo database. Note that this can include uploads in progress. - Admin endpoint to GET users' usage statistics for a server.
Removed
- Support for the in-memory cache has been removed. Redis or having no cache are now the only options.
- Support for the Redis config under
features
has been removed. It is now only available at the top level of the config. See the sample config for more details.
Fixed
- Fixed media being permanently lost when transferring to an (effectively) readonly S3 datastore.
- Purging non-existent files now won't cause errors.
- Fixed HEIF/HEIC thumbnailing. Note that this thumbnail type might cause increased memory usage.
- Ensure endpoints register in a stable way, making them predictably available.
- Reduced download hits to datastores when using Redis cache.
Changed
- Updated support for post-MSC3069 homeservers.
- Updated the built-in oEmbed
providers.json
v1.2.10
Deprecation notices
In a future version (likely the next), the in-memory cache support will be removed. Instead, please use the Redis
caching that is now supported properly by this release, or disable caching if not applicable for your deployment.
Added
- Added support for setting the Redis database number.
Fixed
- Fixed an issue with the Redis config not being recognized at the root level.
v1.2.9
Deprecation notices
In a future version (likely the next), the in-memory cache support will be removed. Instead, please use the Redis
caching that is now supported properly by this release, or disable caching if not applicable for your deployment.
Added
- Added support for
HEAD
at the/healthz
endpoint. - Added
X-Content-Security-Policy: sandbox
in contexts where the normal CSP
header would be served. This is a limited, pre-standard form of CSP supported
by IE11, in order to have at least some mitigation of XSS attacks. - Added support for the
org.matrix.msc2705.animated
query parameter. - Added support for S3 storage classes (optional).
- Added support for listening on Matrix 1.1 endpoints (
/_matrix/media/v3/*
).
Changed
- Support the Redis config at the root level of the config, promoting it to a proper feature.
Fixed
- Improved performance of datastore selection when only one datastore is eligible to contain media.
- Fixed blurhash not enabling itself.
- Fixed blurhash implementation to match MSC.