Here's your weekly spec update! The heart of Matrix is the specification - and this is modified by Matrix Spec Change (MSC) proposals. Learn more about how the process works at https://spec.matrix.org/proposals.
This big news this week is the Project Hydra coordinated security release. On August 11th, 2025, updated homeserver implementations were put out to address the vulnerabilities. And the following Thursday, August 14th, the associated spec updates were put out as well (which divulge further details).
The largest part of this is the new Room Version 12, which had a spec PR merged on the same. It explains the changes servers and clients need to make to address the vulnerabilities.
The relevant MSCs and spec PRs were merged and homeserver and client implementations should have already (or should do now if they haven't) updated to support the new changes. However, the changes to the spec won't actually appear in a new spec release until the next release cycle, keeping in line with the usual spec process. The next release is due to go out in the next few weeks as we approach the end of Q3 2025.
Announcing the new room upgrade/creation CLI, for scripted use cases! It's still unfinished, but so far we're able to upgrade test rooms! If you run a larger community, you might find MatrixUtils.RoomUpgradeCLI to be an indispensable tool!
The core idea behind it, is that browser-based workflows for client-driven room upgrades don't scale very well in MatrixUtils. With this, we're offloading the task to a dedicated CLI app! RoomUpgradeCLI is built for automation. This means that you can import your entire room directory, run over the files with jq or manually, and then commit them in bulk!
For testing, you can create a duplicate of a room by using RoomUpgradeCLI modify myroom.json --version 12 in order to unbind the upgrade relation, and then RoomUpgradeCLI execute myroom.json! Keep in mind you'll need to remove the room alias from the json file!
I'm hoping to be able to write proper documentation soon on the process, but I'm hoping at the moment to collect feedback on room upgrades, so I can write the best tooling I'm able to provide!
But why should I care?
The main benefits of using the room upgrade CLI, is that you're in full control over the creation of the room. This means including all the state events you want, not including old room bans when you use a moderation bot, cleaning up your power levels, or other invasive changes! Additionally, we also account for clients that don't support displaying or following tombstones, by posting a regular message event in the old room! Additionally, there are options to automatically invite all users with a power level, or to invite all members for cases like spaces, where a good UX for room upgrades currently doesn't exist.
And, as always:
You can find the first party hosted version of RMU here!
This week the Element team put out several important releases fixing the vulnerabilities discussed in Project Hydra. Please upgrade to at least Synapse 1.135.2 if you have not already. Synapse 1.136.0, released on Tuesday, is a feature release that also includes the security fixes.
This is the first stable release of MAS, and sends a strong signal to its stability in production environments. If you haven't switched to MAS yet, we strongly recommend doing so.
Dear [matrix] ! < polycule > v0.3.0 was released !
The release mostly consists of refactoring and maintenance. Amongst the notable new changes, we now support Room Version 12, Tombstones, Room Upgrades, improved UnifiedPush on Android and added more translations.
We made a small security release of Nheko, that fixes a few issues around html escaping into the UI (how dare it!) and file permissions of downloaded files on Windows. We highly recommend you update!
Apart from that, the release includes also a few minor changes for room version 12 compatibility (but no power level changes yet!) and lots of other small improvements!
Please enjoy and sorry there was no pre-announcement, but I currently don't have the freedom to plan my time in advance and I really wanted to get this out finally! See ya next year for the next release! π
This marks the third week in a row where I remembered to write a TWIM entry! To celebrate this, we have released NeoChat 25.08 this week.
This update brings you, among others:
Configurability for when messages are marked as read
Improvements to how NeoChat shows video messages
Nicer dialogs for creating rooms and spaces
Improved compatibility with OIDC login and registration
An improved view for invited rooms
Improvements to NeoChat's markdown flavor:
Adding strikethrough with ~~
Adding spoilers with ||
A possibility to read a message's text using text-to-speech
Knock, knock, knockβ¦ on wood rooms, baby π΅ Ooh ooh ooh ooh ooh ooh πΆ That's right, Fractal 12 adds support for knocking, among other things. Read all about the improvements since 11.2:
Requesting invites to rooms (aka knocking) is now possible, as is enabling such requests for room admins.
The upcoming room version 12 is supported, with the special power level of room creators.
A room can be marked as unread via the context menu in the sidebar.
You can now see if a section in the sidebar has any notifications or activity when it is collapsed.
Clicking on the name of the sender of a message adds a mention to them in the composer.
The safety setting to hide media previews in rooms is now synced between Matrix clients and we added another safety setting (which is also synced) to hide avatars in invites.
As usual, this release includes other improvements and fixes thanks to all our contributors, and our upstream projects.
We want to address special thanks to the translators who worked on this version. We know this is a huge undertaking and have a deep appreciation for what youβve done. If you want to help with this effort, head over to Damned Lies.
Version 25.08.3 was released to the App Store on Monday with support for v12 rooms and their new Owner/Creator roles.
Version 25.08.5 is available in TestFlight (or should be very soon) with the expectation of being released to the App Store next week. We added a workaround for v12 tombstone links, passing a selection of server names from the room members to help your homeserver discover the room when it hasnβt seen it before.
Work on Spaces continues and we got our first glimpses of receiving /hierarchy results in the app from the SDK.
Cinny v4.9.0: A Fresh Look at Profiles, Enhanced Room Creation & More
We're excited to announce the release of Cinny v4.9.0, a feature-rich update packed with UI enhancements, security improvements, and behind-the-scenes refinements. One of the most important changes in this release is support for Room Version 12, which is required for the Matrix security disclosure effective August 11.
A major highlight in this release is the redesigned user profile. Profiles are now more informative and interactive β you can view a list of mutual rooms, see detailed cards for users who are invited, kicked, or banned, and easily share a user's profile link with a one-click button. Presence indicators have been added when supported by the server, giving users a clearer sense of activity. Notably, the option to view another user's device sessions has been removed due to recent protocol updates that allow servers to mask device identifiers with opaque strings.
In line with Matrixβs evolving ecosystem, Cinny now fully supports Room Version 12. The room and space creation panels have been overhauled for clarity and functionality. You can now assign multiple Founders when creating or upgrading a room.
On the customization front, Cinny users now have the option to enable a 24-hour time format and define their preferred date format, offering better localization and personal preference support. Timeline navigation has also been improved with a "Jump to Time" feature, allowing you to scroll back to specific moments in the chat with ease. For threads, there's now a convenient button to start a thread from a reply β though threads still appear in the timeline with an icon, fully threaded views are on the roadmap.
This release also delivers a variety of quality-of-life improvements and bug fixes. Highlights include better focus management when navigating pages, fixes for room alias conflicts, enhancements to thread reply layouts, improved virtual keyboard support on WebKit, and better DM room handling.
Additionally, Cinny has refined its code block display with language headers, collapsible sections, copy functionality, and polished syntax highlighting using Prism styles. Youβll also find clearer error messages for file uploads, stricter validation for publishing rooms, and an improved avatar fallback for DM group chats.
For users relying on OIDC authentication, Cinny now links device account management more seamlessly with OIDC provider. Be cautious when using multiple accounts in the same browser β always verify youβre logged into the correct one before managing sessions.
For the full details and to see the code in action, check out the GitHub release page. As always, weβre grateful for the community's feedback and contributions. Feel free to join our space at #cinny:matrix.org.
A new release, 0.9.4, is out, mainly to support v12 rooms but also with an assortment of tweaks and fixes backported from the development branch. The release notes are in a usual place. Client authors and packagers are strongly recommended to upgrade!
A few compatibility issues were found with v12 rooms in NioBot earlier today, along with a couple other bugs, so v1.3.0a2 has been released to resolve some of the painful bits. Due to a lack of time, I've not had the chance to backport these changes, so the latest release will remain "incompatible" (power level checks won't work) with v12 rooms, and there may be other dragons within.
I have been quite busy doing side quests in other parts of the ecosystem, so niobot hasn't received the love and care I would prefer to give it, but rest assured I'll be planning to pick up the slack around January 2026. Great things lay ahead!
WHY2025 was a nonprofit outdoors hacker camp taking place in Geestmerambacht, the Netherlands (approx 42km North of Amsterdam), on 8-12 August 2025. It is the latest edition of the quadrannial series of hacker camps in the Netherlands.
The event also perfectly overlapped with the "Hydra" coordinated security release on its last full day. This allowed some of the Matrix hackers in attendance to co-work on finishing the Room Upgrade Guide and indeed we got it out the door just in time! I would say this was a perfect demonstration of the progress we can achieve when we come together and collaborate towards a common goal. β€οΈ
Huuuge thanks to all involved: the T&S WGs contributing to the collection of info at #2704, David Mehren for co-working heavily on reviews at the WHY2025 chaos-DACH co-working office, Thib (m.org) and Jim from the Foundation side, all other invisible reviewers, and all client developers contributing info about their feature level!
Homeserver admins took the opportunity to organise a Matrix Upgrade Party, exchanging knowledge and background info about room upgrades and the risk assessment of the release.
Matrix community admins waiting for the synapse room version 12 release to drop during the WHY2025 Matrix Upgrade Party
FrOSCon is the yearly Free and Open Source Software Conference taking place at Hochschule Bonn-Rhein-Sieg in Sankt Augustin by Bonn, Germany. Indeed this year is the 20th anniversary and bound to be a great celebration of FOSS!
For many years, the Matrix community has been representing the Matrix project there, and this year shall be no different. Come by our stand on the project exhibition floor, grab a sticker, join the group photo, and chat about room upgrades. π
As of today, 12712 Matrix federateable servers have been discovered by matrixrooms.info, 3662 (28.8%) of them are publishing their rooms directory over federation.
The published directories contain 18391 rooms.
See you next week, and be sure to stop by #twim:matrix.org with your updates!
To learn more about how to prepare an entry for TWIM check out the TWIM guide.
The Foundation needs you
The Matrix.org Foundation is a non-profit and only relies
on donations to operate. Its core mission is to maintain
the Matrix Specification, but it does much more than that.
It maintains the matrix.org homeserver and hosts several
bridges for free. It fights for our collective rights to
digital privacy and dignity.