0.38.0 (2023-04-12)

Bugfixes

• Fix leak of secret channels (name, topic, and member count) to the public room directory due to a regressive refactor in a previous release. (#1660, #1698)
• Fix unlink command showing an error. (#1692)

Internal Changes

• RoomAccessSyncer: Await processing of cached channel modes that changed. (#1620)
• Fix tests when running with 'yarnpkg link matrix-appservice-bridge'. (#1679)
• Add tests that cover publicity syncing behaviour. (#1698)

0.37.1 (2023-03-07)

Bugfixes

• Fix provisioning API base URL in setup widgets. (#1677)

Internal Changes

• Update matrix-appservice-bridge to 8.1.1. (#1676)

0.37.0 (2023-02-08)

Features

• Add support for Node.JS 19. (#1646)
• Refactor provisioning API to use matrix-appservice-bridge, adding support for OpenID token auth among other improvements. (#1655)
• Add a UI in the form of a Matrix widget for linking and unlinking channels from a Matrix room. (#1656)

Bugfixes

• Document 8090 to be the default port, to match the code's behaviour. (#1427)
• Fix the configured bind port being overridden in Docker. (#1654)

Internal Changes

• Update builder image for Freebind from Stretch (EOL) to Buster. (#1653)

0.36.0 (2022-10-25)

Bugfixes

• Disable metrics by default. (#1596)
• Fix distribution of IrcServer.randomDomain() which tended to pick domains with a lower index when there are a lot of addresses for a server. (#1612)
• Prevent runtime errors by provisisioning a room with a specific roomID. (#1614)

Improved Documentation

• Fix typos in the documentation. (#1599)
• Update bridged networks doc to point towards GitHub issue #1483. (#1626)

Deprecations and Removals

• Breaking change: Raises the required NodeJS version to 16.
  Fixes Room visibility setting being broken for appservice directories. (#1616)
• User activity tracking is now disabled by default, unless userActivity is enabled in the config. (#1638)

Internal Changes

• docker: prune dev dependencies from node_modules. (#1541)
• Logging: Use Map instead of object. (#1608)
• Refactor Logging: Increase explicit TypeScript types and safer loops. (#1609)
• Refactors: Reduce use of Bluebird, increase explicit types, use safer loops. (#1611)
• Replace uses of the deprecated String.prototype.substr(). (#1615)
• Add support for running tests against a real IRCd and Matrix homeserver in CI. (#1622)
• Update to matrix-appservice-bridge 6.0.0. (#1631)

0.35.1 (2022-09-26)

🔒 Security

This release addresses a security vulnerability in the bridge. Please update as a matter of urgency. A matrix.org blog post detailing the specifics of the bugs will be available soon.

Mitigation

A new security vulnerability was found in the matrix-appservice-irc bridge, for which we are releasing 0.35.1 as a fix. If you have the provisioning API enabled, this is potentially exploitable, so we advise you to upgrade immediately.

In case you cannot upgrade at the moment, we advise to update your IRC bridge configuration as a mitigation as follows:

• Change user permissions to prevent untrusted users from issuing !plumb commands.
• Disable provisioning if enabled.

You may revert these configuration changes after patching.

---

Bugfixes

• Prevent possible attack by provisisioning a room with a specific roomID. (#1619)

0.35.0 (2022-09-13)

🔒 Security

This release addresses security vulnerabilities in the bridge. Please update as a matter of urgency. A matrix.org blog post detailing the specifics of the bugs will be available soon.

Features

• Add new Debug API /warnReapUsers which allows bridges to send a warning to users when they are going to be idle reaped. (#1571)

Bugfixes

• Truncated messages now default to wrapping URLs in angle brackets. (#1573)

Internal Changes

• Include the bridge version and homeserver in the CTCP VERSION response body. (#1559)
• BREAKING: Remove (IRC) as a default displayName suffix. (#1567)
• Update CONTRIBUTING.md (#1570)
• Add new CI workflow to check for signoffs. (#1585)
• Strongly type emitted events from the IRC client. (#1604)

0.34.0 (2022-05-04)

This release fixes a High severity security vulnerability. See the matrix blog for more details.

Internal Changes

• Updated node-irc to 1.2.1

0.33.1 (2022-03-30)

This release fixes a critical bug which would cause bans across the bridge when using the new ban list feature.

Bugfixes

• Fix an issue where synchronising a ban list would cause all users to get banned. (#1551)

Deprecations and Removals

• Remove several scripts in scripts/ which were unmaintained and obsolete. (#1531)

Internal Changes

• Fix towncrier script for summarising the newsfiles. (#1549)

0.33.0 (2022-03-02)

Features

• Support splitting users from different homeservers into different IPv6 blocks. (#1514)
• Added a new metric clientpool_by_homeserver which lists the states of IRC clients, by the top 25 homeservers. (#1517)
• Add support for subscribing to moderation policy. See http://matrix-org.github.io/matrix-appservice-irc/administrators_guide.html#subscribing-to-moderation-policies for more information. (#1532)

Bugfixes

• Matrix message edits no longer bridge as a diff if it's longer than the new message (#1477)
• Fix a duplicate metric that would prevent the bridge from starting. (#1534)

Improved Documentation

• Update the list of bridged networks after hackint started offering a bridge once again. (#1501)
• Removed freenode from bridged networks. (#1523)

Deprecations and Removals

• The bridge will no longer treat invites without a is_direct: true as DM invites (and will henceforth reject group room invites). This may break some Matrix
  clients that do not supply this metadata when creating a room. (#1506)
• Minimum required Node version is now 14. Users on Node 12 are advised to update to newer versions. (#1515)

Internal Changes

• Check changelog.d entries in CI. (#1527)
• Update various packages that were out of date. (#1530)

0.33.0-rc2 (2022-02-18)

Bugfixes

• Fix a duplicate metric that would prevent the bridge from starting. (#1534)