v1.2.11

This version has a known bug.

Please use v1.2.12 instead of this version.

---

Added

• New config option to set user agent when requesting URL previews.
• Added support for image/jxl thumbnailing.
• Built-in early support for content ranges (being able to skip around in audio and video). This is only available if caching is enabled.
• New config option for changing the log level.
• New (currently undocumented) binary s3_consistency_check to find objects in S3 which might not be referenced by the media repo database. Note that this can include uploads in progress.
• Admin endpoint to GET users' usage statistics for a server.

Removed

• Support for the in-memory cache has been removed. Redis or having no cache are now the only options.
• Support for the Redis config under features has been removed. It is now only available at the top level of the config. See the sample config for more details.

Fixed

• Fixed media being permanently lost when transferring to an (effectively) readonly S3 datastore.
• Purging non-existent files now won't cause errors.
• Fixed HEIF/HEIC thumbnailing. Note that this thumbnail type might cause increased memory usage.
• Ensure endpoints register in a stable way, making them predictably available.
• Reduced download hits to datastores when using Redis cache.

Changed

• Updated support for post-MSC3069 homeservers.
• Updated the built-in oEmbed providers.json

v1.2.10

Deprecation notices

In a future version (likely the next), the in-memory cache support will be removed. Instead, please use the Redis
caching that is now supported properly by this release, or disable caching if not applicable for your deployment.

Added

• Added support for setting the Redis database number.

Fixed

• Fixed an issue with the Redis config not being recognized at the root level.

v1.2.9

Deprecation notices

In a future version (likely the next), the in-memory cache support will be removed. Instead, please use the Redis
caching that is now supported properly by this release, or disable caching if not applicable for your deployment.

Added

• Added support for HEAD at the /healthz endpoint.
• Added X-Content-Security-Policy: sandbox in contexts where the normal CSP
  header would be served. This is a limited, pre-standard form of CSP supported
  by IE11, in order to have at least some mitigation of XSS attacks.
• Added support for the org.matrix.msc2705.animated query parameter.
• Added support for S3 storage classes (optional).
• Added support for listening on Matrix 1.1 endpoints (/_matrix/media/v3/*).

Changed

• Support the Redis config at the root level of the config, promoting it to a proper feature.

Fixed

• Improved performance of datastore selection when only one datastore is eligible to contain media.
• Fixed blurhash not enabling itself.
• Fixed blurhash implementation to match MSC.

v1.2.8

Fixed

• Fixed crashes when internal workers encounter panics.

v1.2.7

Security advisories

This release includes a fix for CVE-2021-29453.

Server administrators are recommended to upgrade as soon as possible. This issue is considered to be exploited in the wild
due to some deployments being affected unexpectedly.

Added

• Added support for structured logging (JSON).

Changed

• Turned color-coded logs off by default. This can be changed in the config.

Fixed

• Fixed memory exhaustion when thumbnailing maliciously crafted images.

v1.2.6

Added

• Added ffmpeg and ImageMagick to Docker image to support specialized thumbnail types.

Fixed

• Handle guest accounts properly. Previously they were still declined, though by coincidence.

v1.2.5

Added

• Added a -verify mode to imports to determine if large imports were successful.
• Added optional support for Sentry (error reporting).

Changed

• Content-Disposition of plain text files now defaults to inline.

Fixed

• Fixed rich oEmbed URL previews (Twitter).
• Fixed photo oEmbed URL previews (Giphy).
• Fixed orientation parsing for some thumbnails.
• Fixed file name being incorrect on the first download from remote servers.
• Fixed a download inefficiency where remote downloads could use extra bandwidth.
• Fixed a problem where secondary imports can never finish.
• Fixed imports not handling duplicate media IDs.
• Fixed some database connection errors not being handled correctly.

v1.2.4

Fixed

• Fixed build error for modern versions of Go, improving IPFS implementation.

v1.2.3

Added

• Introduced early plugin support (only for antispam for now).
  • Includes a simple OCR plugin to help mitigate text-based image spam.
• Added an X-Robots-Tag header to help prevent indexing. Thanks @jellykells!

Fixed

• Fixed crash when generating some thumbnails of audio.
• Fixed various artifact problems with APNG and GIF thumbnails. Thanks @Sorunome!
• Fixed a missing "unlimited size" check for thumbnails. Thanks @Sorunome!

v1.2.2

Fixed

• Generate JPEG thumbnails for JPEG for reduced file size. Thanks @Sorunome!
• Strip charset parameter off binary media for better compatibility with other homeservers.