Hey all,
Today’s release of Matrix 1.18 brings a total of 16 MSCs to the protocol. Many of those proposals improve Trust & Safety in Matrix, introducing features like invite blocking, policy servers, account suspension & locking, and general quality of life improvements to the reporting APIs. This blog post covers those safety features in a bit more detail - read on to the full changelog at the bottom for full details of everything in Matrix 1.18.
Continue reading…
Hey all,
At this year’s Matrix Conference we said we were aiming for this very spec release to be 2.0 proper. It looks like the MSCs still need a little bit more time to get over the line though, but they’re extremely close — one of the next few releases is expected to be Matrix 2.0.
Today we’re releasing Matrix 1.17 while the 2.0 MSCs continue to make forward progress. This release is smaller than some, with four MSCs merged, but as normal also includes a number of clarifications.
Improvements to the spec website include a dropdown to get at old spec versions more easily, and an index of HTTP endpoints at the top of each page.
This release of the spec also sees the incorporation of the specifications for the Olm and Megolm cryptographic ratchets. Olm and Megolm themselves haven’t changed, but we did want them to be on the spec site :)
Thanks especially to Johannes and Kévin for continuing to improve the quality of the spec with features, clarifications, and MSC text!
Continue reading…
The Spec Core Team would like to remind everyone that, now that MSC4153 has been accepted, the Matrix spec recommends that “Encrypted to-device messages SHOULD NOT be sent to non-cross-signed devices”.
In short: if, as a user, you have client devices which haven’t been correctly cross-signed with your identity key, then you’re going to start finding yourself unable to read encrypted messages from other users on those devices.
If you missed Andy’s talk on this at the Matrix Conference, we strongly recommend watching it as he explains the hows and whys of this change, but to summarise: this is an important improvement to the security of end-to-end encryption in Matrix.
As Andy also mentions in his talk, Element is planning to change the defaults in its clients to follow MSC4153’s recommendations to exclude non-cross-signed devices in April 2026. In preparation, the Element clients will very soon start to force users to verify their own devices so that those users are not shut out come April.
If you are a client developer, we encourage you to take a similar approach of encouraging users to verify their devices, so that they are not excluded from the conversation as the ecosystem moves towards MSC4153 compliance. And if you are a user, make sure your devices are verified!
Hey all,
Today’s Matrix 1.16 release brings two major features to the protocol: extensible profiles and room version 12 from Project Hydra! With room version 12, users should see fewer “state resets” and a clearer hierarchy for power levels in the room. The Project Hydra blog post covers the changes in more detail, so this post will focus on extensible profiles and our plan for Matrix 2.0.
As always, the full changelog and descriptions of the 9 MSCs released today is at the end of this post.
Continue reading…
Hey all,
Matrix 1.15 is here with improvements to authentication, room summaries, and rich topics! A few months ago we were starting to see the next generation authentication MSCs (led by MSC3861) enter Final Comment Period and work towards acceptance. In that time, they've progressed all the way to being merged with today's release thanks to Kévin Commaille's generous contributions.
This post covers some of the highlights from the 10 MSCs the release brings to the world, with the full changelog at the end as always.
Continue reading…
Hey all,
We're right at the end of Q1 2025 with a new spec release: Matrix 1.14! Our original plan was to cut this release around FOSDEM with some Matrix 2.0 functionality, but ended up needing to push the release out due to those MSCs not quite being ready. As we're cutting this release though, several of the Next Generation Authentication MSCs are progressing through FCP and could do with a release once written up as spec PRs. We anticipate that Matrix 1.15 will be that release, and go out early in Q2 2025.
This release brings just 3 MSCs to the world, largely because the SCT has been focusing so much on Matrix 2.0 objectives. The only feature introduced is the report user endpoint, to complement last release's report room endpoint - everything else is primarily maintenance of the spec. The full changelog is below, as always.
Continue reading…
Hey all,
Another 9 MSCs have been released today in Matrix 1.13! It’s just over 2 months since Matrix 1.12 went out, and the last scheduled release for 2024 - the next release is planned for around FOSDEM 2025. Today’s release contains more T&S features and a number of clarifications and improvements. The full changelog is at the end of this post, per usual :)
Continue reading…
Hey all,
Welcome to the Matrix 1.12! It’s been just over 3 months since Matrix 1.11 introduced authenticated media, and today we’re bringing more Trust & Safety features to the ecosystem, alongside the normal clarifications and general improvements to the protocol. This release is also technically a few days late on the quarter, but it’s for good reason! Folks from across the ecosystem got together in Berlin for the Matrix Conference, and after things wrapped up we were busy following up on ideas started on site. We can’t wait to see all of these ideas materialize as MSCs, but in the meantime, back to the honorary Q3 release of the spec:
Matrix 1.12 marks the recommended date for all servers to enable their media freeze, similar to matrix.org’s back in early September 2024. Servers which haven’t yet enabled their media freeze are strongly encouraged to do so, if it makes sense for their users. Matrix 1.12 also brings some improvements and clarifications to authenticated media, and a total of 9 MSCs covering a wide range of features.
Read on for a few highlights, and the full changelog at the end of this post.
Continue reading…
Hey all,
We’ve just released the milestone Matrix 1.11 update for the protocol. It’s been almost exactly 3 months since the last release, Matrix 1.10, keeping us on track for our once-a-quarter release schedule.
There are 9 MSCs released in Matrix 1.11 today, but there’s one specific MSC we’d like to draw your attention to: MSC3916 - Authenticated Media. Until today, Matrix had a design flaw which allows a user to access media unauthenticated if they knew the URL. This has been used to share files in social media posts, link images outside of chats, and generally imply that a homeserver is a CDN for the internet. Some of these use cases are legitimate, though many are not. This is fixed with MSC3916.
This post covers MSC3916 and its implementation guidelines in more detail, but the full changelog for Matrix 1.11 is available at the end, as always.
Continue reading…