Hey all,

Matrix 1.6 is out there! Like Matrix 1.5 back in November, this release is largely a maintenance update. Matrix 1.1 through 1.4 have been relatively major upgrades, so a little time between features doesn’t feel like a bad idea :)

As with all spec releases, we encourage implementations to gradually update over the next few months rather than have support for everything on release day - please be kind to the projects you use, and help them gain support if able.

Matrix 1.6 sees just 7 MSCs get merged, though this is to be expected from a maintenance release. Check out Matthew’s Matrix 2.0 talk at FOSDEM for an idea of what’s expected over the next few releases.

We’ve covered a couple of the MSCs below, but read on to the full changelog for the full picture.

MSC3030: Jump to date API

It’s here! The time machine we’ve been waiting for!

Primarily part of the Gitter feature parity project (congratulations to the team going all-in on Matrix, by the way) to drive the Matrix Public Archive, the new API gives clients the ability to jump back in time to a nearby event. Being able to find something that was posted on a given day/week, but not being sure of which keywords to look for is a major usability improvement - many thanks to the Gitter team for making Matrix better!

MSC3706: Faster joins (part 1)

Matrix is going voom

Synapse 1.76 enabled faster joins by default, and while there’s a lot of Python going into making joins as fast as possible, the specification side is a relatively small change at the moment: just don’t send as many events during joins (omit_members).

There’s potentially more work on the horizon for making faster joins even faster and more robust, and some of that might involve spec work: keep an eye on Synapse releases and TWIM for updates as we make our way to faster joins in Matrix 2.0 :)

The full changelog

MSCs are how the spec changes in the way it does - adding, fixing, and maintaining features for the whole ecosystem to use. Check out the full changelog below, and the Spec Change Proposals page for more information on how these MSCs got merged (hint: they submitted a proposal, which anyone can do - take a look at the Matrix Live episode where Matthew covers the proposal process).

Client-Server API

• Add information on standard error responses for unknown endpoints/methods, as per MSC3743. (#1347)
• Add /rooms/<roomID>/timestamp_to_event endpoint, as per MSC3030. (#1366)
• Define hkdf-hmac-sha256.v2 MAC method for SAS verification, as per MSC3783. (#1412)

• Clarify the power levels integer range. (#1169, #1355)
• Clarify that /context always returns event even if limit is zero. Contributed by @sumnerevans at @beeper. (#1239)
• Clarify what fields are required when deleting a pusher (#1321)
• Improve the presentation of push rule kinds and actions. (#1348)
• Add missing description to m.call.answer schema. (#1353)
• Fix various typos throughout the specification. (#1363)
• Clarify parts of the end-to-end encryption sections. (#1381)
• Move login API definitions to the right heading. Contributed by @HarHarLinks. (#1382)
• Clarify which events will be included in Stripped State. Contributed by @andybalaam. (#1409)
• Add links to the spec for the definition of 3PID medium. (#1417)
• Correct the order of the default override pushrules in the spec. (#1421)
• Improve distinction between tags and their attributes in the rich text section. Contributed by Nico. (#1433)

Server-Server API

• Remove keyId from the server /keys endpoints, as per MSC3938. (#1350)

• Add information on standard error responses for unknown endpoints/methods, as per MSC3743. (#1347)
• Add /timestamp_to_event/<roomID> endpoint, as per MSC3030. (#1366)
• Extend /_matrix/federation/v2/send_join to allow omitting membership events, per MSC3706. (#1393, #1398)
• Note that /_matrix/federation/v2/send_join should include heroes for nameless rooms, even when allowed to omit membership events, per MSC3943. (#1425)

• Include examples inline instead of using a reference for invite endpoint definitions. (#1349)
• Fix POST _matrix/federation/v1/user/keys/claim response schema. (#1351)
• Correct the default invite level definition in the "Checks performed on receipt of a PDU" section. (#1371)
• Clarify that CNAMEs are permissible for server names. (#1376)
• Fix edu_type in EDU examples. (#1383)

Application Service API

• Add information on standard error responses for unknown endpoints/methods, as per MSC3743. (#1347)

Identity Service API

• Add information on standard error responses for unknown endpoints/methods, as per MSC3743. (#1347)

Push Gateway API

• Add information on standard error responses for unknown endpoints/methods, as per MSC3743. (#1347)

Room Versions

• Update the default room version to 10, as per MSC3904. (#1397)

• Clarify the grammar for room versions. (#1422)
• Fix various typos throughout the specification. (#1423)

Appendices

No significant changes.

Internal Changes/Tooling

• Add link to the unstable spec to the README. (#1357)
• Improve safety of the proposals retrieval script in the event of failure. (#1368)
• Rename <content> to content in the OpenAPI files for content uploads. (#1370)
• Stop autogenerating examples where we already have an example. (#1384)
• Improve formatting of definitions in the Push Notifications section. (#1415)

Hey all,

We’ve just released Matrix 1.5, a largely maintenance update for the spec. We intentionally haven’t landed any major features in this release as Matrix 1.4, just shy of 2 months ago, had introduced fairly large features for clients and servers to consider. As with all spec releases, we encourage implementations to gradually update over the next few months rather than expect them to have support for everything on release day.

Matrix 1.5 sees just 2 MSCs get merged, though this is to be expected from a maintenance release. We expect that the next release (in Q1 2023) will have a few more exciting features to it :)

We’ve covered both MSCs below, but read on to the full changelog for the full picture.

MSC3267: Reference relations

Already supported implicitly by the spec up until now, reference relations are a way to simply reference another event. Usually these sorts of relations are used for events which need to be related to each other, but a dedicated relationship type doesn’t make a lot of sense.

In-room verification and MSC3381: Polls are examples of how these relations get used.

MSC3905: Clarify appservice interest in user IDs

MSC3905 fixes an issue in the specification where appservices (usually bridges) specifying a users regex without homeserver domain would end up receiving far more event traffic than they would have intended. With the MSC, appservices are now only considered interested in “local” users, regardless of how vague their users namespace is.

Overall this should have no effect on most bridges/appservices, however if an appservice in the wild really does need to listen to all users on all homeservers, it can specify a non-exclusive namespace on all rooms instead.

While writing this MSC into the spec we took some time to clarify the appservice registration requirements more generally: check them out here.

The full changelog

MSCs are how the spec changes in the way it does - adding, fixing, and maintaining features for the whole ecosystem to use. Check out the full changelog below, and the Spec Change Proposals page for more information on how these MSCs got merged (hint: they submitted a proposal, which anyone can do - take a look at the Matrix Live episode where Matthew covers the proposal process).

Client-Server API

• Add m.reference relations, as per MSC3267. (#1206)
• Add missing documentation for m.key.verification.request msgtype for in-room verification. (#1271)

• Fix various typos throughout the specification. (#1260, #1265, #1276)
• Fix naming of device_one_time_keys_count in /sync. (#1266)
• Improve display of event subtypes. (#1283)
• Improve documentation about ephemeral events. (#1284)
• Define a 400 response from /_matrix/client/v3/directory/rooms/{roomAlias}. (#1286)
• Clarify parts of the end-to-end encryption sections. (#1294, #1345)
• Various clarifications throughout the specification. (#1306)
• Replace set_sound push rule action by set_tweak. (#1318)
• Clarify the behavior of PUT /_matrix/client/v3/pushrules/{scope}/{kind}/{ruleId}. (#1319)
• Clarify that .m.rule.master has a higher priority than any push rule. (#1320)
• Require request field refresh_token at endpoint POST /_matrix/client/v3/refresh. (#1323)
• Fix a number of broken links in the specification. (#1330)
• Add example read receipt to GET /_matrix/client/v3/sync response example. (#1341)

Server-Server API

• Fix a number of broken links in the specification. (#1330)

Application Service API

• Clarify that application services can only register an interest in local users, as per MSC3905. (#1305)

Identity Service API

• Fix a number of broken links in the specification. (#1330)

Push Gateway API

No significant changes.

Room Versions

• Reword the event auth rules to clarify that users cannot demote other users with the same power level. (#1269)
• Various clarifications to the text on event authorisation rules. (#1270)
• Fix a number of broken links in the specification. (#1330)

Appendices

No significant changes.

Internal Changes/Tooling

• Update docsy theme to v0.5.0 + matrix.org modifications (https://github.com/matrix-org/docsy/commit/a0032f8db919a6c67ba6cdef2c455f105b6272a2). (#1295)

• Improve error messages emitted by resolve-additional-types template. (#1303)
• Fix link to API viewer. (#1308)
• Stop rendering the subsections of the Client-Server API and Room Versions specs as their own separate pages. (#1317)
• Use a link checker to ensure that we do not have broken links. (#1329, #1338)
• Update instructions to preview Swagger definitions. (#1331)
• Make definition anchors more unique. (#1339)
• Generate the unstable changelogs with towncrier, for consistency. (#1340)
• Update CONTRIBUTING.md to mention that non-content changes to this repo should have an "internal" changelog entry. (#1342)
• Update module summary table with new modules: Event Replacements, Threading and Reference Relations. (#1344)
• Disable RSS generation for the spec. (#1346)

Hey all,

It’s finally here: threads, edits, and private read receipts. v1.4 has been a little later than usual in the quarter because we wanted to make sure we nailed down all the core MSCs for threads before publishing the spec itself, but we’ve done that now and we’re excited about it.

Matrix 1.3 was just over 3 months ago, though with the relatively large features there and the colossal implementation effort of v1.4 we’re not expecting everyone to have implementations on day 1. Instead, as with all spec releases, we encourage implementations to gradually update over the next few months. We’re additionally planning to make v1.5 (Q4 2022) more of a maintenance update to help make the backlog a bit easier on everyone, though we might prioritize a couple cool features in there too :)

Matrix 1.4 sees 14 MSCs get merged, but we can’t possibly go into detail on them all here. We’ve instead focused on the 3 major features we’re excited about - check out the changelog at the end for the full picture.

🧵 Threads

Threads, a critical feature in terms of parity with other chat systems, have landed thanks to a whopping 6 MSCs: MSC3440, MSC3816, MSC3856, MSC3715, MSC3771, and MSC3773. It’s been a lot of iteration on the reference implementations to get threads this far, and we’re excited to see how the client implementations evolve to provide more structured and less noisy communication for everyone - keep us updated with TWIM posts, please!

Threads have involved changes to event relationships (which were fixed in v1.3), read receipts, and notification counts, resulting in several different models and ways of solving the problem. We think we’ve reached a point that works for conversational threads, though there’s work on the horizon for threads-only rooms, Twitter-style free-form threads, etc to cover more needs of users.

Currently, the demonstration implementation of threads in Synapse and Element is working its way out of the proof-of-concept and beta stages (which were sufficient to validate the MSCs) and are on their way to exiting beta. Keep an eye on the respective blogs for news about production-ready threads!

📝 Edits

Similar to reactions, err, aggregations, MSC2676 and its predecessors have been around for a long while. Edits have existed in the Element clients seemingly forever, and other clients have had troubles trying to implement the same feature: with it now in the spec, it should be a lot easier to bring edits into clients.

For edits, we’ve taken the route of making the MSC match reality, for better or worse. MSCs which improve or add functionality to the system are very much welcome - writing an MSC is relatively easy and helps the whole community.

👥 Private read receipts

Not everyone wants to broadcast that they’ve read a message, but also with read receipts tied into notifications those same people also probably don’t want stuck notifications. To address the problem, we’ve added a new m.read.private receipt type which behaves exactly like m.read, but is only visible to you.

We still have a rework of the notifications system in our long-term plan, but this should hopefully cover the privacy concerns for the time being :)

The full changelog

MSCs are how the spec changes in the way it does - adding, fixing, and maintaining features for the whole ecosystem to use. The blog post can’t cover them all, but that doesn’t make them any less important! Check out the full changelog below, and the Spec Change Proposals page for more information on how these MSCs got merged (hint: they submitted a proposal, which anyone can do - take a look at the Matrix Live episode where Matthew covers the proposal process).

Client-Server API

• Remove unused policy room sharing mechanism, as per MSC3844. (#1196)

• Add a .m.rule.room.server_acl push rule to match m.room.server_acl events, as per MSC3786. (#1190, #1201)
• Add Cross-Origin-Resource-Policy (CORP) headers to media repository, as per MSC3828. (#1197)
• Copy a room's type when upgrading it, as per MSC3818. (#1198)
• Add room_types filter and room_type response to /publicRooms, as per MSC3827. (#1199)
• Add m.replace relations (event edits), as per MSC2676. (#1211)
• Add m.read.private receipts, as per MSC2285. (#1216)
• Make m.fully_read optional on /read_markers, as per MSC2285. (#1216)
• Allow m.fully_read markers to be set from /receipts, as per MSC2285. (#1216)
• Add threading via m.thread relations, as per MSC3440, MSC3816, MSC3856, and MSC3715. (#1254)
• Add per-thread notifications and read receipts, as per MSC3771 and MSC3773. (#1255)

• Mention that the /rooms/{roomId}/invite endpoint will return a 200 response if the user is already invited to the room. (#1084)
• Fix various typos throughout the specification. (#1135, #1161, #1164, #1170, #1180, #1215, #1238, #1243)
• Describe return codes for account data endpoints, and clarify that per-room data does not inherit from the global data. (#1155)
• Clarify that policy rule globs work like ACL globs. Contributed by Nico. (#1165)
• Clarify the format of some structures in the End-to-end encryption module. (#1166)
• Add HTML anchors for object definitions in the formatted specification. (#1174)
• Tweak the styling of <code> snippets in tables rendered from OpenAPI definitions. (#1179)
• Update "API Standards" section to clarify how JSON is used. (#1185)
• Clarify that the "device_id", "user_id" and "access_token" fields are required in the response body of POST /_matrix/client/v3/login. (#1210)
• Reinforce the relationship of refreshed access tokens to transaction IDs. (#1236)
• Clarify enum values by separating possible values with commas. (#1240)

Server-Server API

• Add per-thread notifications and read receipts, as per MSC3771 and MSC3773. (#1255)

• Add HTML anchors for object definitions in the formatted specification. (#1174)
• Tweak the styling of <code> snippets in tables rendered from OpenAPI definitions. (#1179)
• Update "API Standards" section to clarify how JSON is used. (#1185)

Application Service API

• Replace homeserver authorization approach with an Authorization header instead of access_token when talking to the application service, as per MSC2832. (#1200)

• Add HTML anchors for object definitions in the formatted specification. (#1174)

Identity Service API

• Add HTML anchors for object definitions in the formatted specification. (#1174)
• Update "API Standards" section to clarify how JSON is used. (#1185)

Push Gateway API

• Add HTML anchors for object definitions in the formatted specification. (#1174)

Room Versions

• For room versions 1 through 10, clarify that events with rejected auth_events must be rejected. (#1137)
• For room versions 2–10: correct a mistaken clarification to the state resolution algorithm. (#1158)
• For room versions 7 through 10: Clarify that invite->knock is actually a legal transition. (#1175)

Appendices

No significant changes.

Internal Changes/Tooling

• Add internal changes changelog section. (#1194)

• Render HTML anchors for object definition tables. (#1191)
• Give rendered-data sections a background and some padding. (#1195)
• Fix rendering of shortcodes within the client-server API. (#1205)
• Fix the spacing of mapping types generated from the OpenAPI spec. (#1230)

Hey all,

It’s another quarter and therefore another spec release! Matrix 1.2 was released back in February, and while a bit late in the quarter this time around we’ve still got some exciting additions coming to you in this release.

Like last time, the speed of these releases might feel a bit quick for developers: fret not if you’re still working on v1.1 or v1.2 implementations. We’re not expecting that implementations update as soon as a new spec release is published, but rather that the ecosystem gradually update over the course of the next few months. Implementations should be aiming for as close to realtime as they can get though, particularly considering v1.4 is expected to have some large features (more on that later on).

Matrix 1.3 sees 14 MSCs get merged, but we can’t possibly go into detail on them all here. We’ve picked some notable highlights and recommend the full changelog at the bottom for a complete idea of what’s been going on.

Aggregations and the relationships made along the way

It’s no secret that MSC1849-style server-side aggregation of related messages have been in the review backlog for a while. We ended up splitting MSC1849 down into more reviewable chunks like MSC2675, allowing us to finally land the first pieces into Matrix 1.3 today.

In the spec there aren’t currently any defined relationships which make use of aggregations or even the rel_type described by MSC2674, but we do expect that v1.4 of the spec will have support for at least threads (MSC3440) and edits (MSC2676), filling the gap. For now, we’ve decided that holding aggregations back until v1.4 doesn’t make a lot of sense, so we have launched them into the world as-is for custom relations or for clients & servers to prepare for what’s expected to be coming in v1.4 of the spec.

To further prepare for threads, we’ve also removed some restrictions of rich replies through MSC3676, thus allowing replies to be constructed with non-text messages like images. Check out the new rich replies module for more information.

Join if you can, or just knock

When we launched restricted rooms in Matrix 1.2 we noted that we forgot to handle a case where someone might want to support both knocking and restricted rooms at the same time. We’ve fixed that with a stop-gap join rule from MSC3787 in room version 10.

The new knock_restricted join rule allows the room to keep its desire to be restricted whilst also allowing members who do not meet the criteria to knock on the room instead. We’ll likely expand on this sort of mixing of join rules in proposals like MSC3386 down the line, however for now this should cover the gap in support. Next up: figuring out how to make encrypted room history available to these new joiners in a safe way.

A thread for next time

Originally planned for this release, MSC3440-style threads are anticipated to be ready for v1.4 (next quarter) with support for notifications and, of course, a whole new way to communicate in a room.

Threads are one of the more complicated features we’ve tried to land in recent history as it has a large impact on a wide variety of the spec: everything from event relationships (fixed in this release) to read receipts to push notifications needs to be worked out to build a system that not only users can understand, but also the developers trying to build it. With this massive surface area we just weren’t comfortable with adding threads to v1.3 as-is, given problems like notifications aren’t yet fully solved.

Alongside threads, we also anticipate that MSC2676-style message editing will be landing in v1.4, finally specifying how to update an event’s contents without having to redact & re-send. Although message editing has been supported for a long time in some clients, we're excited that it will finally become part of the official specification, meaning it can be implemented more widely. Messaging clients are encouraged to give the proposal an early read and possibly even attempt implementation if not already done to help us ensure the system is in a reasonable state for inclusion in the spec, though we do note that feature requests for edits will likely be deferred to a future MSC.

Keep an eye on This Week In Matrix for updates on what v1.4 is expected to include, and how things are progressing.

The full changelog

MSCs are how the spec changes in the way it does - adding, fixing, and maintaining features for the whole ecosystem to use. The blog post can’t cover them all, but that doesn’t make them any less important! Check out the full changelog below, and the Spec Change Proposals page for more information on how these MSCs got merged (hint: they submitted a proposal, which anyone can do - take a look at the Matrix Live episode where Matthew covers the proposal process).

Client-Server API

• Deprecate the sender_key and device_id on m.megolm.v1.aes-sha2 events, and the sender_key on m.room_key_request to-device messages, as per MSC3700. (#1101)

• Make from optional on GET /_matrix/client/v3/messages to allow requesting events from the start or end of the room history, as per MSC3567. (#1002)
• Add refresh tokens, per MSC2918. (#1056, #1113)
• Relax the restrictions on Rich Replies, as per MSC3676. (#1062)
• Describe a structured system for event relationships, as per MSC2674. (#1062)
• Describe how relationships between events can be "aggregated", as per MSC2675 and MSC3666. (#1062)
• Add support for a new knock_restricted join rule in supported room versions, as per MSC3787. (#1099)

• Clarify that the url field in m.room.avatar events is not required. (#987)
• Clarify that the type in user-interactive authentication can be omitted. (#989)
• Adjust the OpenAPI specification so that the type Flow information is explicitly defined when the client-server API is rendered. (#1003)
• Correct the default value for invite where it is not specified in an m.room.power_levels event. (#1021)
• Update various links which pointed to the old matrix-doc github repository. (#1032)
• Removed m.room.message.feedback per MSC3582. (#1035)
• Fix various typos throughout the specification. (#1051, #1054, #1059, #1081, #1097, #1110, #1115, #1126, #1127, #1128, #1129, #3681, #3708)
• Clarify that state keys starting with @ are in fact reserved. Regressed from #3658. (#1100)
• Remove unenforced size limit on the name field of m.room.name events. (#3669)
• Remove erroneous room_id field from examples of m.read, m.typing in /sync and m.fully_read in room account data. (#3679)
• Clarify the behaviour of event_match in push rule conditions. (#3690)
• Fix incorrectly referenced m.login.appservice login identifier, instead using m.login.application_service. (#3711)
• Fix membership state transitions to denote that invite->knock and external->leave are valid transitions. (#3730)

Server-Server API

• Add a destination property to the Authorization header, as per MSC3383. (#1067)

• Remove largely unused origin field from PDUs. (#998)
• Update various links which pointed to the old matrix-doc github repository. (#1032)
• Clarify the format for the Authorization header. (#1038, #1067)
• Clarify what a "valid event" means when performing checks on a received PDU. (#1045)
• Clarify that valid_until_ts is in milliseconds, like other timestamps used in Matrix. (#1055)
• Clarify that checks on PDUs should refer to the state before an event. (#1070)
• Clarify the historical handling of non-integer power levels. (#1099)
• Fix various typos throughout the specification. (#1110)
• Correct misleading text for /send_join response. (#3703)
• Clarify that the content for X-Matrix signature validation is the parsed JSON body. (#3727)

Application Service API

• Add timestamp massaging as per MSC3316. (#1094)

Identity Service API

No significant changes.

Push Gateway API

No significant changes.

Room Versions

• Add room version 10 as per MSC3604. (#1099)
• Enforce integer power levels in room version 10 as per MSC3667. (#1099)
• Add a knock_restricted join rule supported by room version 10 as per MSC3787. (#1099)
• Update the default room version to 9 as per MSC3589. (#3739)

• Improve readability and understanding of the state resolution algorithms. (#1037, #1042, #1043, #1120)
• Improve readability of the authorization rules. (#1050)
• For room versions 8, 9, and 10: clarify which homeserver is required to sign the join event. (#1093)
• Clarify that room versions 1 through 9 accept stringy power levels, as noted by MSC3667. (#1099)
• For all room versions: Add m.federate to the authorization rules, as originally intended. (#1103)
• For room versions 2 through 10: More explicitly define the mainline of a power event and the mainline ordering of other events. (#1107)
• For room versions 7, 8, 9, and 10: fix join membership authorization rules when join_rule is knock. (#3737)

Appendices

No significant changes.

Hey all,

Welcome to the second installment of our quarterly spec releases. If it feels like it hasn’t been long since our last release, you’re not alone! Our last release was just 3 months ago, introducing the new platform and world we build within.

This improvement in speed might seem too fast, but fret not: implementations are not expected to update as soon as the new spec is published. Rather, it is more realistic to expect that the ecosystem gradually update over the course of the following few months/year. Particularly after the massive release that was v1.1.

So, what’s new in v1.2? With 18 MSCs merged there’s a lot to cover - we’ve picked some notable highlights and recommend the full changelog at the bottom for a complete idea of what’s been going on.

Rearchitecting with Spaces

Spaces launched into beta last May, redefining how we can use rooms on Matrix to represent different data structures. Described mostly as MSC1772, Spaces are simply rooms with a specific type in their m.room.create event. With state events being used to define which other rooms (meaning Spaces too) are part of that Space, the possibilities for tree-like structured data become endless.

There’s still quite a lot of work to do in the Spaces space (hah), though we’re excited to see it all land. For instance, MSC3216 and MSC2962 target power level syncing, MSC3219 aims for flair, and MSC3089 looks at file structures using Spaces. We might even be able to replace the public room directory with a server-wide space, making writing clients a little bit easier.

Public, but not too public, join rules

Restricted rooms are new in this release from MSC3083. In these rooms (and therefore Spaces too!), the join rules can be configured such that a member of another room can join without needing an invite. In a typical setup, this means that a Space could be set as invite-only, but all the rooms and Spaces underneath that Space could allow joins for members of the parent Space. When someone wishes to explore the universe you’ve laid out in your Space they can simply join the interesting rooms without having to ask for invites constantly.

This feature changes how membership events are authorized, so is only available in room versions 8 and 9 (both introduced in this release). Room version 9 fixes a relatively rare bug from version 8, so we’d recommend using v9 if you’re planning an upgrade for this functionality.

Further work in this area involves figuring out how to keep membership lists perfectly in sync between the rooms, which is currently done by external tooling. For example, evicting someone from the parent Space could (optionally) evict the user from all the subsequent rooms and Spaces too.

We also need to figure out how to support both knocking and restricted rooms at the same time (oops). MSC3613 and MSC3386 both tackle this problem in different ways and timescales.

Matrix: A URI

A massive shoutout goes to kitsune and the whole community for working on MSC2312, giving us a URI we can pass around outside of Matrix to bring us back in. The early work on this dates all the way back to 2014, the very beginning of Matrix’s development, and has since been marked Provisional by the IANA.

The full spec is available here - feel free to discuss it at matrix:r/matrix-spec:matrix.org ;)

The full changelog

MSCs are how the spec changes in the way it does - adding, fixing, and maintaining features for the whole ecosystem to use. The blog post can’t cover them all, but that doesn’t make them any less important! Check out the full changelog below, and the Spec Change Proposals page for more information on how these MSCs got merged (hint: they submitted a proposal, which anyone can do - take a look at the Matrix Live episode where Matthew covers the proposal process).

Client-Server API

• The prev_content field is now returned inside the unsigned property of events, rather than at the top level, as per MSC3442. (#3524)
• The aliases property from the chunks returned by /publicRooms, as per MSC2432. (#3624)

• Add the Space Hierarchy API (GET /_matrix/client/v1/rooms/{roomId}/hierarchy) as per MSC2946. (#3610)
• Add /_matrix/client/v1/register/m.login.registration_token/validity as per MSC3231. (#3616)

• Extend /_matrix/client/r0/login to accept a m.login.appservice, as per MSC2778. (#3324)
• Add support for restricted rooms as per MSC3083, MSC3289, and MSC3375. (#3387)
• Add is_guest to /account/whoami as per MSC3069. (#3605)
• Expand guest access to sending any room event and state event as per MSC3419. (#3605)
• Add Spaces and room types as per MSC1772 and MSC2946. (#3610)
• Add new m.set_displayname, m.set_avatar_url, and m.3pid_changes capabilities as per MSC3283. (#3614)
• Add support for fallback keys (optional keys used once one-time keys run out), as per MSC2732. (#3615)
• Add token-authenticated registration support as per MSC3231. (#3616)

• Make AesHmacSha2KeyDescription consistent with KeyDescription in marking name as optional. (#3481)
• Fix various typos throughout the specification. (#3482, #3495, #3509, #3535, #3591, #3601, #3611, #3671, #3680)
• Explicitly mention RFC5870 in the definition of m.location events (#3492)
• Add 403 M_FORBIDDEN error code to /profile/{userId} as per MSC3550. (#3530)
• Clarify the description of the /sync API, including a fix to an ASCII art diagram. (#3543)
• Clarify that base_url in client well_known may or may not include trailing slash. (#3562)
• Clarify which signature to check when decrypting m.olm.v1.curve25519-aes-sha2 messages. (#3573)
• Clarify what "Stripped State" is and what purpose it serves, as per MSC3173. (#3606)
• Clarify how to interpret missing one-time key counts. (#3636)
• Correct the schema for the responses for various API endpoints. (#3650)
• Clarify that group mentions are no longer in the specification. (#3652)
• Distinguish between "federation" event format as exchanged by the Federation API, and the "client" event formats as used in the client-server and AS APIs. (#3658)
• Fix the rendering of the responses for various API endpoints. (#3674)

Server-Server API

• Add the Space Hierarchy API (GET /_matrix/federation/v1/hierarchy/{roomId}) as per MSC2946. (#3610, #3660)

• Add support for restricted rooms as per MSC3083, MSC3289, and MSC3375. (#3387)

• Fix various typos throughout the specification. (#3527)
• Clarify that GET /_matrix/federation/v1/event_auth/{roomId}/{eventId} does not return the auth chain for the full state of the room. (#3583)
• Fix the rendering of the responses for various API endpoints. (#3674)

Application Service API

• Distinguish between "federation" event format as exchanged by the Federation API, and the "client" event formats as used in the client-server and AS APIs. (#3658)
• Fix the rendering of the responses for various API endpoints. (#3674)
• Correct the documentation for the response value for GET /_matrix/app/v1/thirdparty/protocol/{protocol}. (#3675)

Identity Service API

• Add the room_type to stored invites as per MSC3288. (#3610)

• Fix the rendering of the responses for various API endpoints. (#3674)

Push Gateway API

• Fix the rendering of the responses for various API endpoints. (#3674)

Room Versions

• Add Room Version 8 as per MSC3289. (#3387)
• Add Room Version 9 as per MSC3375. (#3387)

• Fully specify room versions to indicate what exactly is carried over from parent versions. (#3432, #3661)
• Clarifications to sections on event IDs and event formats. (#3501)
• Remove a number of fields which were incorrectly shown to form part of the unsigned data of a Federation PDU. (#3522)
• Fix heading order of room version specifications to be consistent. (#3683)
• Add missing "Signing key validity period" section to room version 6. (#3683)
• Fix auth rules to allow membership of knock -> leave in v7, v8, and v9. (#3694)

Appendices

• Describe "Common Namespaced Identifier Grammar" as per MSC2758. (#3171)
• Describe the matrix: URI scheme as per MSC2312. (#3608)

Hey all,

Once again it's been a little while since we've done a spec release (sorry; we're aiming for quarterly releases from here on out), but this time we have some pretty big news: we've got an all-new spec platform and a new versioning scheme. The new spec platform has been needed for a long time to make better sense of what Matrix is, and as part of getting that out the door we reduced the number of "Matrix versions" to just one.

Huge thanks to Will Bamberg for building it out for us, anoa for working out the deployment details, and everyone for testing it all. They talk at length about what this specification even is and about the platform itself on Matrix Live S6E19. It's the single greatest improvement to the spec we've seen to date.

The new versioning scheme presents the whole specification as a single document, making it easier to check compatibility between implementations and the spec itself. Previously, a grid would have to be drawn to show whether Server-Server r0.1.4 is compatible with Client-Server r0.6.1 - while obvious at release time, the historical context gets lost quite easily. Now, with a single version number, the entire specification is compatible across a single version number: servers implementing Matrix 1.1 will be compatible with clients implementing v1.1, and vice versa. For the specification itself, this means we no longer have to carefully point and update links between the APIs, as they'll instead be versioned together.

Changing the versioning of the specification does have an impact on the Client-Server API in particular, however. You may have noticed that Client-Server APIs are currently versioned at "r0". By removing rX.Y.Z versioning, all of the endpoints suddenly don't have a version to reference. All endpoints across the specification are now versioned individually to allow for breaking changes at the endpoint level. They no longer require the whole specification to be listed as a breaking change: a v1 endpoint can get additions/changes which are backwards compatible, but if we need to change format (for example) then it'll get bumped up to v2, leaving v1 in its last known state.

For the Client-Server API, a slight complication is that v1 and v2 (alpha) are already versions familiar to those that have been around for a while - to avoid confusing those people, existing Client-Server API endpoints will start at v3. New endpoints introduced after v1.1 will start at v1 instead.

It's been well over a year since the last release, which means there's a whole lot of features and changes to cover. Here we'll try to cover the things most clients/servers will have to worry about, but we do still recommend reading through the changelog included below. Overall, 28 MSCs have been merged through this release, but some have had to be excluded in the interest of getting the spec release out there. Many of them are expected to be in the next anticipated release (which should hopefully be next quarter).

Clients: There's a lot of stuff

In Matrix 1.1, client developers get all sorts of new features to play with. Clients which support end-to-end encryption should explore key backups, cross-signing, SSSS, and breaking changes to verification. Quite a lot of this stuff has existed for a while, but has made it into the specification formally now. As an added bonus, the emoji for SAS verification have been translated (contribute here).

Knocking has also landed in the spec (thanks Sorunome for leading the charge on this!), opening up the ability for rooms to optionally allow people to request invites to join. This can be helpful for semi-private rooms where it can be easier to approve/deny requests compared to finding someone's MXID and manually inviting them. This does require a v7 room to work, however.

Thanks again to Sorunome, Message Spoilers have been officially included in Matrix. People can now safely discuss the ending to the latest movie without being banned for spoilers. Though, as a new feature, there's a chance that the spoiler text still gets included in the message: clients should update as soon as possible to avoid their users accidentally getting banned for spoiling the conclusion to the Spaces saga ;)

There's a few other smaller improvements/additions, and of course the regular "various clarifications and bug fixes" to take a look at. For a sample checklist, check out element-web's issue on the subject.

Servers: Knock knock, it's a new room version

Room version 7 has landed, bringing forth the ability for users to knock on rooms (requesting an invite to join). The changes are largely scoped to using the reserved keywords for join rules and membership, and are described through the auth rules. Thankfully, the changes over v6 are minimally invasive so should be quick to implement.

Additionally, the cross-signing bits have been included in the API responses and EDU definitions. Matthew's blog post from last year (it really has been that long...) describes cross-signing and the history of its implementation.

As per usual, there's also various specification errors corrected to aid understanding. Synapse has an exhaustive issue to detail what servers might need to do.

PS: Room versions 8 and 9 are also out there, but will be included in a future spec release.

The full changelog

We haven't mentioned identity servers, bridges, etc in this post but they have changes too! Below is the whole changelog, the entire year and a bit of it. Thank you to everyone who has submitted MSCs, and congratulations on getting them released. If we forgot yours, please mention it in #matrix-spec:matrix.org so we can apologize and correct.

PS: The MSC process is how changes to Matrix are made, and you (yes, you) can propose those changes too. Check out the Matrix Live episode where Matthew talks about how this process works, and how we avoid blocking clients from implementing their proposals behind the relatively slow spec release cycles.

Client-Server API

• Document curve25519-hkdf-sha256 key agreement method for SAS verification, and deprecate old method as per MSC2630. (#2687)
• Add m.key.verification.ready and m.key.verification.done to key verification framework as per MSC2366. (#3139)

• Deprecate starting verifications that don't start with m.key.verification.request as per MSC3122. (#3199)

• Add key backup (/room_keys/*) endpoints as per MSC1219. (#2387, #2639)
• Add POST /keys/device_signing/upload and POST /keys/signatures/upload as per MSC1756. (#2536)
• Add /knock endpoint as per MSC2403. (#3154)
• Add /login/sso/redirect/{idpId} as per MSC2858. (#3163)

• Remove unimplemented m.login.oauth2 and m.login.token user-interactive authentication mechanisms as per MSC2610 and MSC2611. (#2609)

• Document how clients can advise recipients that it is withholding decryption keys as per MSC2399. (#2399)
• Add cross-signing properties to the response of POST /keys/query as per MSC1756. (#2536)
• Document Secure Secret Storage and Sharing as per MSC1946 and MSC2472. (#2597)
• Add a device_id parameter to login fallback as per MSC2604. (#2709)
• Added a common set of translations for SAS Emoji. (#2728)
• Added support for reason on all membership events and related endpoints as per MSC2367. (#2795)
• Add a 404 M_NOT_FOUND error to push rule endpoints as per MSC2663. (#2796)
• Make reason and score parameters optional in the content reporting API as per MSC2414. (#2807)
• Allow guests to get the list of members for a room as per MSC2689. (#2808)
• Add support for spoilers as per MSC2010 and MSC2557, and color attribute as per MSC2422. (#3098)
• Add <details> and <summary> to the suggested HTML subset as per MSC2184. (#3100)
• Add key verification using in-room messages as per MSC2241. (#3139, #3150)
• Add information about using SSSS for cross-signing and key backup. (#3147)
• Add key verification method using QR codes as per MSC1544. (#3149)
• Document how clients can simplify usage of Secure Secret Storage as per MSC2874. (#3151)
• Add support for knocking, as per MSC2403. (#3154, #3254)
• Multiple SSO providers are possible through m.login.sso as per MSC2858. (#3163)
• Add device_id to /account/whoami response as per MSC2033. (#3166)
• Downgrade identity server discovery failures to FAIL_PROMPT as per MSC2284. (#3169)
• Re-version all endpoints to be v3 as a starting point instead of r0 as per MSC2844. (#3421)

• Fix issues with age and unsigned being shown in the wrong places. (#2591)
• Fix definitions for room version capabilities. (#2592)
• Fix various typos throughout the specification. (#2594, #2599, #2809, #2878, #2885, #2888, #3116, #3339)
• Clarify link to OpenID Connect specification. (#2605)
• Clarify the behaviour of SSO login and UI-Auth. (#2608)
• Remove spurious room_id from /sync examples. (#2629)
• Reorganize information in Push Notifications module for clarity. (#2634)
• Improve consistency and clarity of event schema titles. (#2647)
• Fix schema issues in m.key.verification.accept and secret storage. (#2653)
• Reword "UI Authorization" to "User-Interactive Authentication" to be more clear. (#2667)
• Fix schemas for push rule actions to represent their alternative object form. (#2669)
• Fix usage of highlight tweak for consistency. (#2670)
• Clarify the behaviour of state for /sync with lazy-loading. (#2754)
• Clarify description of m.room.redaction event. (#2814)
• Mark messages as a required JSON body field in PUT /_matrix/client/r0/sendToDevice/{eventType}/{txnId} calls. (#2928)
• Correct examples of client_secret request body parameters so that they do not include invalid characters. (#2985)
• Fix example MXC URI for m.presence. (#3091)
• Clarify that event bodies are untrusted, as per MSC2801. (#3099)
• Fix the maximum event size restriction (65535 bytes -> 65536). (#3127)
• Update Access-Control-Allow-Headers recommendation to fit CORS specification. (#3225)
• Explicitly state that replacement_room is a room ID in m.room.tombstone events. (#3233)
• Clarify that all request bodies are required. (#3238, #3332)
• Add missing titles to some scheams. (#3330)
• Add User-Interactive Authentication fields to cross-signing APIs as per MSC1756. (#3331)
• Mention that a canonical alias event should be added when a room is created with an alias. (#3337)
• Add an 'API conventions' section to the Appendices. (#3350)
• Clarify the documentation around the pagination tokens used by /sync, /rooms/{room_id}/messages, /initialSync, /rooms/{room_id}/initialSync, and /notifications. (#3353)
• Remove the inaccurate 'Pagination' section. (#3366)
• Clarify how redacted_because is meant to work. (#3411)
• Remove extraneous mimetype from EncryptedFile examples, as per MSC2582. (#3412)
• Describe how MSC2844 affects the /versions endpoint. (#3420)
• Fix documentation errors around threepid_creds. (#3471)

Server-Server API

• Add /make_knock and /send_knock endpoints as per MSC2403. (#3154)

• Add cross-signing information to GET /user/keys and GET /user/devices/{userId}, m.device_list_update EDU, and a new m.signing_key_update EDU as per MSC1756. (#2536)
• Add support for knocking, as per MSC2403. (#3154)

• Specify that GET /_matrix/federation/v1/make_join/{roomId}/{userId} can return a 404 if the room is unknown. (#2688)
• Fix various typos throughout the specification. (#2888, #3116, #3128, #3207)
• Correct the /_matrix/federation/v1/user/devices/{userId} response which actually returns "self_signing_key" instead of "self_signing_keys". (#3312)
• Explain the reasons why <hostname> TLS certificate is needed rather than <delegated_hostname> for SRV delegation. (#3322)
• Tweak the example PDU diagram to better demonstrate situations with multiple prev_events. (#3340)

Application Service API

• Fix various typos throughout the specification. (#2888)

Identity Service API

• Add GET /_matrix/identity/versions API as per MSC2320. (#3101)

• The v1 identity service API has been removed in favour of the v2 API, as per MSC2713. (#3170)

• Fix various typos throughout the specification. (#2888)
• Clarify that some identifiers must be case folded prior to processing, as per MSC2265. (#3167, #3176)
• Describe how MSC2844 affects the /versions endpoint. (#3459)

Push Gateway API

• Clarify where to get information about the various parameter values for the notify endpoint. (#2763)