Rocket.Chat 0.70 released

Back with another exciting release!

This release brings beta release of end to end encryption! This one is pretty exciting! More details about that here: https://rocket.chat/docs/user-guides/end-to-end-encryption/

It also brings blockstack as a decentralized auth provider.

Ability to bring in files from webdav or save a file to your own webdav. Think Nextcloud :wink:

Apps are now on by default! With that brings support for apps to define their own api endpoints.

Enjoy!

Rocket.Chat 0.70.0

Engine versions

  • Node: 8.11.3
  • NPM: 5.6.0

:warning: BREAKING CHANGES

  • Update the default port of the Prometheus exporter (#11351 by @thaiphv)
  • [IMPROVE] New emails design (#12009)

:tada: New features

  • Allow multiple subcommands in MIGRATION_VERSION env variable (#11184 by @arch119)
  • Support for end to end encryption (#10094)
  • Livechat Analytics and Reports (#11238 by @pkgodara)
  • Apps: Add handlers for message updates (#11993)
  • Livechat notifications on new incoming inquiries for guest-pool (#10588)
  • Customizable default directory view (#11965 by @ohmonster)
  • Blockstack as decentralized auth provider (#12047)
  • Livechat REST endpoints (#11900)
  • REST endpoints to get moderators from groups and channels (#11909)
  • User preference for 24- or 12-hour clock (#11169 by @vynmera)
  • REST endpoint to set groupsā€™ announcement (#11905)
  • Livechat trigger option to run only once (#12068 by @edzluhan)
  • REST endpoints to create roles and assign roles to users (#11855 by @aferreira44)
  • Informal German translations (#9984)
  • Apps: API provider (#11938)
  • Apps are enabled by default now (#12189)
  • Add Livechat Analytics permission (#12184)
  • WebDAV Integration (User file provider) (#11679 by @karakayasemi)

:rocket: Improvements

  • Cache livechat get agent trigger call (#12083)
  • BigBlueButton joinViaHtml5 and video icon on sidebar (#12107)
  • Use eslint-config package (#12044)

:bug: Bug fixes

  • Livechat agent joining on pick from guest pool (#12097)
  • Apps: Add missing reactions and actions properties to app message object (#11780)
  • Broken slack compatible webhook (#11742)
  • Changing Mentions.userMentionRegex pattern to include
    tag (#12043)
  • Double output of message actions (#11902)
  • Login error message not obvious if user not activated (#11785 by @crazy-max)
  • Adding scroll bar to read receipts modal (#11919)
  • Fixing translation on ā€˜yesterdayā€™ word when calling timeAgo function (#11946)
  • Fixing spacement between tags and words on some labels (#12018)
  • video message recording, issue #11651 (#12031 by @flaviogrossi)
  • Prevent form submission in Files List search (#11999)
  • Re-add the eye-off icon (#12079 by @MIKI785)
  • Internal error when cross-origin with CORS is disabled (#11953)
  • Message reaction in GraphQL API (#11967)
  • Direct messages leaking into logs (#11863)
  • Wrong build path in install.sh (#11879)
  • Permission check on joinRoom for private room (#11857)
  • Close popover on shortcuts and writing (#11562)
  • Typo in a configuration key for SlackBridge excluded bot names (#11872 by @TobiasKappe)
  • Real Name on Direct Messages (#12154)
  • Position of popover component on mobile (#12038)
  • Duplicate email and auto-join on mentions (#12168)
  • Horizontal scroll on user info tab (#12102)
  • Markdown ampersand escape on links (#12140)
  • Saving user preferences (#12170)
  • Apps being able to see hidden settings (#12159)
  • Allow user with ā€œbulk-register-userā€ permission to send invitations (#12112)
  • IRC Federation no longer working (#11906)
  • Files list missing from popover menu when owner of room (#11565)
  • Not able to set per-channel retention policies if no global policy is set for this channel type (#11927 by @vynmera)
  • app engine verbose log typo (#12126 by @williamriancho)
šŸ” Minor changes
  • Release 0.69.2 (#12026 by @kaiiiiiiiii)
  • LingoHub based on develop (#11936)
  • Better organize package.json (#12115)
  • Fix using wrong variable (#12114)
  • Fix the style lint (#11991)
  • Merge master into develop & Set version to 0.70.0-develop (#11921 by @c0dzilla & @rndmh3ro & @ubarsaiyan & @vynmera)
  • Release 0.69.2 (#12026 by @kaiiiiiiiii)
  • Regression: fix message box autogrow (#12138)
  • Regression: Modal height (#12122)
  • Fix: Change wording on e2e to make a little more clear (#12124)
  • Improve: Moved the e2e password request to an alert instead of a popup (#12172)
  • New: Option to change E2E key (#12169)
  • Improve: Decrypt last message (#12173)
  • Fix: e2e password visible on always-on alert message. (#12139)
  • Improve: Expose apps enable setting at General > Apps (#12196)
  • Fix: Message changing order when been edited with apps enabled (#12188)
  • Improve: E2E setting description and alert (#12191)
  • Improve: Do not start E2E Encryption when accessing admin as embedded (#12192)
  • Fix: Add e2e doc to the alert (#12187)
  • Improve: Switch e2e doc to target _blank (#12195)
  • Improve: Rename E2E methods (#12175)

:woman_technologist::man_technologist: Contributors :heart_eyes:

:woman_technologist::man_technologist: Core Team :nerd_face:

2 Likes

Iā€™ve come to see that you give an official node version as a reference version. While I find this to be good in general, currently 8.11.3 is not the latest version. If 8.11.4 would have been a maintenance-only release, Iā€™d see no problem, yet it is a security-release. Quoting from the release notes:

This is a security release, fixing a number of vulnerabilities in OpenSSL and Node.js. Refer to the August 2018 Security Releases announcement for full details.

Notable Changes

  • buffer : Fix out-of-bounds (OOB) write in Buffer.write() for UCS-2 encoding (CVE-2018-12115)
  • deps : Upgrade to OpenSSL 1.0.2p, fixing:
    • Client DoS due to large DH parameter (CVE-2018-0732)
    • ECDSA key extraction via local side-channel (CVE not assigned)

So my suggestion would be to update :slight_smile: I know this causes testing effortsā€¦ but what can you doā€¦ itā€™s security.

EDIT: Ah! As I see just know, even 8.12.0 is out (though not listing security-changes).

Cheers
Thomas

So our official node version is actually based on the version the particular meteor version is tested against.

It might be possible for us to recommend 8.11.4 since just a security fix. In the past there have been issues (I think you encountered them actually) when using slightly newer version of node.js.

Will take a look into it. :smile:

Ah, I see. That makes senseā€¦

Indeed I have, very much so :smiley: I myself will always default to using the latest version of node.js unless itā€™s explicitly known to cause issues.

So I guess adhering to Meteor suggestions is indeed the better choice for the general audience.

Cheers & thanks for getting back
Thomas

1 Like