Release v1.5.1

Tuwunel 1.5.1

March 6, 2026

Security Fixes

• A security audit of SSO/OIDC released with 1.5.0 uncovered several issues. We strongly advise everyone using SSO/OIDC upgrade to this release. Users should also note that until MSC2454 is implemented (tracked by #314) accounts will have to set a password to access functionality protected by User Interactive Authentication (e.g. when removing devices). We are deeply grateful to @outfrost and @exodrifter for their effort and professionalism as security researchers.

• Case-sensitive comparisons in Room Access Control Lists were fixed by @velikopter (ruma/ruma#2358) (matrix-construct/ruma#3) (814cbc2).

New Features & Enhancements

• New options for identity_provider configurations include: trusted allowing association of SSO accounts to existing matrix users (#252); unique_id_fallbacks to disable random-string users; registration to prevent registration through an IdP altogether; check_cookie for deployments that cannot use cookies.

• Thanks to @Enginecrafter77 password authorization flows can now be disabled by configuring login_with_password = false. Clients will hide the input boxes for username and password. This option is useful for an e.g. SSO-only server. (#336)

• Thanks to @Lymia users of btrfs will see reduced space usage if they configure the new option rocksdb_allow_fallocate = false. (#322) (PR also has links to more information)

• Instructions for how to configure the TURN server built into Livekit and several corrections were contributed by serial documentation author @winyadepla in (#285).

• Many users will appreciate substantial documentation by @alametti for configuring well-known and root domain delegation in (#352).

• Thank you @the-hazelnut for updating TURN and Matrix RTC documentation with ports to be forwarded for NAT. (#305) (#306)

• The username claim is now recognized when deciding the MXID during SSO account registration thanks to a suggestion by @aazf in (#287).

• The max limit for /messages was increased from 100 to 1000 by @dasha-uwu which should match the limit on Synapse but with far less of a performance hazard.

• @dasha-uwu properly optimized certain checked-math macros; other checked-math macros were also optimized for inlining.

• Concurrent batch requests can now be made to a notary server. The default concurrency is now two, and the size of the batches have been decreased by a third. This should reduce the time it takes to join large rooms.

• Optimization of functions which hurt performance for syncing user-presence were partially completed, though with marked improvement from before.

• Optimization of new state-resolution functionality added during Project Hydra took place. Along with additional optimization for auth-chain gathering, CPU use for large/complex rooms (so-called "bad rooms") has been greatly reduced.

Bug Fixes

• Special thanks to @hatomist for fixing an error which changes a users's account-type when they set a password (#313). This impacted LDAP and some SSO users. We apologize for the inconvenience this may have caused.

• We appreciate effort by @Jeidnx for addressing various issues with SSO/OIDC Identity Provider configuration in (#281). Also noteworthy was the idea to derive the callback_url from other parameters by default rather than explicitly requiring it. Thanks to @Magnitaizer for reporting initially in (#276).

• Thanks @VlaDexa for fixing the missing output formatting for the oauth delete command. (#321)

• Thank you @risu729 for updating the default port number in the docker run command documentation. (#298)

• Thank you @Lamby777 for removing an errant version field in the docker-compose example. (299)

• Thank you @cornerot for updating the docker-compose with-traefik which still said Conduit instead of Tuwunel after all this time. (#308)

• Thank you @exodrifter for fixing errors and typos in the MatrixRTC documentation (#343) based on a report by @RhenCloud (#338).

• Thank you @wuyukai0403 for proofreading and fixing a typo in the troubleshooting document. (#312)

• A report by @BVollmerhaus lead to the reopening of (#240) to use Livekit/lk-jwt-service when federation is disabled. This was re-resolved by @dasha-uwu in (b79920a).

• Thanks to @Jeidnx for identifying a missing SSO redirect route in (#290) which was fixed in (matrix-construct/ruma@0130f6a).

• We appreciate the panic report by @Spaenny in #296 which occurred during SSL-related upgrades on the main branch. Fixed by @dasha-uwu (87faf81).

• Thanks to report (#302) by @data-niklas whitespace in the configured client_secret_file is now properly ignored thanks to @dasha-uwu (6f5ae17).

• After @Giwayume reported in (#303) that URL previews failed for some sites, an investigation by @dasha-uwu discovered Tuwunel's User-Agent header required some adjustment.

• @dasha-uwu refactored the Unix socket listener with main-branch testing by @VlaDexa (#310) and follow-up fixes in (488bd62).

• @jonathanmajh reported in (#315) and @wmstens simultaneously reported in (#318) that admin status was not granted to the server's first user when registering with SSO/OIDC. This was fixed by (e74186a).

• After a report by @tcyrus in (#328) that the RPM postinst script is not properly creating the tuwunel user. This was fixed by @x86pup in (5a55f84).

• Thank you @cloudrac3r for reporting in (#330) that events were being unnecessarily sent to some appservices. This was fixed by @dasha-uwu in (d073e17).

• Thanks to the report in (#331) by @BVollmerhaus the first registered user is not granted admin when originating from an appservice. Fixed by @dasha-uwu in (9dfba59).

• The report by @rexbron in (#337) discovered that some distributions set modest limits on threads per process. On many-core (32+) we may exceed these limits. The RLIMIT_NPROC is now raised (9e09162) to mitigate this.

• @x86pup set ManagedOOMPreference=avoid due to systemd not recognizing pressure-based deallocation with madvise(2) is not an out-of-memory condition.

• @dasha-uwu removed unnecessary added delays in the client endpoint for reporting.

• Server shutdown did not properly indicate offline status of the conduit user due to a recent regression, now fixed.

• @dasha-uwu fixed logic issues in the client /members query filter. These same logic errors were also found in Synapse and Dendrite.

• @dasha-uwu fixed the missing advertisement for org.matrix.msc3827.stable in client /versions.

• Custom profile fields were sometimes being double-escaped in responses to clients due to a JSON re-interpretation issue which is now fixed.

• @dasha-uwu fixed checks related to canonical aliases (0381547).

• @dasha-uwu relaxed the encryption_enabled_by_default_for_room_type "invite" option to not match all rooms.

• @x86pup fixed an issue with display_name and avatar_url omitted in /joined_members (fixed in our Ruma).

• Event processing of missing prev_event's are no longer interrupted by an error from a sibling prev_event. This reduces CPU use by not repeating event processing before it would otherwise succeed.

Release v1.5.0

Tuwunel 1.5.0

January 31, 2026

New Features & Enhancements

• SSO/OIDC support. This feature allows users to register and login via authorizations from OIDC Identity Providers. For example, you can now use your GitHub account to register on the server. Tuwunel implements the OIDC client protocol directly. This is referred to as "legacy SSO" in the Matrix specification; Matrix client support is widespread. Credit to @samip5 for opening the feature-issue (#7), the most 👍 feature of the project.

• MSC2815 has been implemented, allowing configurable redacted event retention and retrieval by room admins. The content of redacted events is persisted for sixty days by default. Redacted events can be viewed using Gomuks.

• Secure limited-use registration token support was implemented by @dasha-uwu building off earlier work by @gingershaped in (56f3f5e). Use this feature with the new !admin token set of commands.

• An outstanding major rework of the presence system by @lhjt in (#264) coordinates conflicting updates from multiple devices and further builds on push suppression features first introduced by @tototomate123.

• MSC3706 has been implemented, improving the performance and reliability of joining rooms over federation (b33e736).

• @VlaDexa implemented reading the client_secret configuration for an SSO Identity Provider from a separate file; a recommended secure practice (#256).

• Special thanks to @winyadepla for adding highly sought Matrix RTC (Element Call) documentation for Tuwunel in (#265) and for having a kind heart to follow up with maintenance in (#270).

• Thank you @Xerusion for documenting Traefik for deploying Tuwunel in (#259). This will save a lot of time and headache for many new users!

• At the request of @ChronosXYZ in (#260), @dasha-uwu implemented a configurable feature to include all local users in search results, rather than limiting to those in public or shared rooms (95121ad).

• Thanks to a collaboration by @x86pup and @VlaDexa working through Nix maintenance we can now upgrade the MSRV to 1.91.1 (#275).

• Thank you @scvalex for updating the README indicating Tuwunel is in stable NixOS (#233).

• Thank you @divideableZero for updating the README with great news about an Alpine Package (#248).

• Storage hardware characteristics for mdraid devices on Linux are now detected. On these systems we can now shape database requests to increase performance above generic defaults.

• EdDSA is now a supported algorithm for JWT logins. Thank you @vnhdx for the excellent report in (#258).

• Optimizations were made to maximize concurrency and cache performance when gathering the auth_chain.

• An admin command to manually remove a pusher is available (note: not intended for normal use).

• An admin command to list local users by recent activity was added.

Bug Fixes

• LDAP users are now auto-joined to configured rooms upon creation. Thank you @yefimg for (#234), we especially appreciate help from domain-experts on these features.

• A surgical fix by @kuhnchris in (#254) addressed a pesky bug where LDAP logins would result in admin privileges being removed for the user. Thank you @foxing-quietly for reporting in (#236).

• @OptimoSupreme fixed issues with unread notification counting, including eliminating one of the last remaining non-async database calls in the codebase in (#253).

• @x86pup fixed linker issues for platforms without static builds of io_uring. Thanks @darix for reporting in (#238).

• @x86pup fixed compatibility for our optimized jemalloc build on macOS (#239).

• @dasha-uwu made Livekit operate properly even when federation is disabled (b5f50c3). Thank you @apodavalov for reporting in (#240).

• Thank you @VlaDexa for updating the Cache-Control header to cache media as private which is more appropriate now in the Authenticated Media era.

• Appservices now receive events properly matching on the sender MXID's localpart thanks to @dasha-uwu (c5508bb).

• Additional PDU format and compliance checks were added by @dasha-uwu (7b2079f).

• Codepaths in sync systems which assumed device_id from appservices were fixed by @dasha-uwu.

• Auto-joining version 12 rooms was inhibited from a bug fixed by @dasha-uwu in (7115fb2).

• Thank you @x86pup for updating our ldap3 dependency with SSL/TLS enhancements in (#243) and fixing errors reported by @fruzitent in (#108).

• Thanks to @x86pup join_rule is now properly defaulted in /publicRooms responses in (#244); additional compliance tests now pass!

• Thank you @bdfd9 for reporting a regression where tracing spans around registrations did not filter out passwords from the list of fields.

• The timezone and extended profile features were not correctly stabilized last summer and the m.tz field was incorrectly labeled tz. Thank you @BunnyBlack:matrix.org for reporting in #tuwunel:matrix.org.

• @dasha-uwu fixed git tags not being pulled and applied to CI builds (eadc9e7).

• @dasha-uwu fixed a bug in sliding-sync which may result in lost invites (fd519ff).

• since tokens in legacy sync are now clamped to a maximum when the client sends a value greater than expected, preventing a possibility of missing events during the request.

• Media deletion commands which are time-based suffered a bug from incorrect creation timestamps on some filesystems. This was resolved by exclusively using the mtime attribute, which is acceptable because Matrix media is immutable.

• Queries for the deprecated _matrix._tcp SRV record have been reactivated due to an ineffective and unenforced sunset by the specification and other implementations.

• Thank you @x86pup and @dasha-uwu for various maintenance and linting efforts for the latest rustc versions and in general.

Honorable Mentions

• Please take a moment to recognize how lucky we are to have @scvalex as our NixOS package maintainer. From having the wherewithal to rise above the noise and lend this project trust from the very first days, time and again this gentleman has gone above and beyond on our behalf. Thank you @symphorien at NixOS as well for the patch applied surgically in NixOS/nixpkgs#462394.

Release v1.4.9.1

Tuwunel 1.4.9

December 30, 2025

All federating deployments must upgrade for follow-up mitigations similar to those patched by 1.4.8 now uncovered as a wider class of vulnerabilities in additional locations. This is an off-schedule coordinated security release. Full release notes will be included with the next scheduled release.

Security Fixes

• Federation responses processed from a remote server assisting in membership state transitions lacked input validation: trusting, signing, and disseminating an event crafted by the remote server. These vulnerabilities were uncovered in a classic follow-up to the initial forgery attack pattern described in patch 1.4.8 also present in additional locations.

Release v1.4.8

Tuwunel 1.4.8

December 21, 2025

All federating deployments must upgrade to this patch for mitigations to severe vulnerabilities in Matrix protocol implementation logic. This is an off-schedule coordinated security release. Full release notes will be included with the next scheduled release.

Security Fixes

• Requests to the Federation Invite API lacked sufficient validation on all input fields. An attacker can use this route to process other kinds of events: upon acceptance, they are signed by the victim's server as specified by the Matrix protocol. The attacker can therefore forge events on behalf of the victim's authority to gain control of a room. This vulnerability was present in all versions and derivatives of Conduit.

Release v1.4.7

Tuwunel 1.4.7

December 3, 2025

Tuwunel is now deployed at scale serving the citizens of Switzerland in production. Some optimizations were requested to reduce operating costs from projected growth over product lifespan: this release delivers with markedly reduced CPU usage and improves responsiveness. However, complications during routine dependency upgrades consumed valuable time planned for features and issues which could not be completed for this release.

New Features

• Upgrade Support for Room Version 12 is now available. Though this room version has been supported for the entire 1.4 series, all Tuwunel servers have been protected by Hydra Backports on all room versions. As such, other work was able to be prioritized for the preceding releases.

Enhancements

• Recursive relations have been enabled. This is an optimization which allows the server to gather more data using fewer client requests, for example, of a thread with many reactions and replies. The implementation is now optimal and utilizes the full capabilities of Tuwunel's asynchronous database.

• Several miscellaneous but significant optimizations took place at the direction of memory profiling. This reduced load on the allocator for database queries and JSON serialization of complex objects. Heroes calculations and the joined room hot-path on sync v3 were further optimized to reduce the database query load itself.

• Jemalloc has been repackaged with platform-specific optimizations enhancing the build. The upgrade to the dev branch of libjemalloc itself was considered as too much variability for the same release, it is planned for an upcoming release.

• Thanks to element-hq/synapse#18970 by @dasha-uwu, we have very slightly turned down the amount of randomness when selecting join-servers, More retries also occur within a single request if necessary. Thanks to @gogo199432 and @lifeofguenter for reporting problems in (#128) and (#205) respectively. More opportunities are still available to make large room joins robust.

Bug Fixes

• Special thanks to @yefimg for fixing LDAP logout in (#231) from a report kindly made by @orhtej2 in (#97); thank you for your patience waiting for domain expertise to assist here.

• Thanks to @Radiant-Xyz the example configurations have been updated to remove allow_check_for_updates. This fixes any warnings for the item no longer existing. (#221)

• Thanks again to @Radiant-Xyz reporting in (#219) the /whoami endpoint now returns spec-compliant errors for Mautrix bridges (fe12dae). Thanks also to @bobobo1618 for confirming the fix is working.

• Relations responses were sometimes incorrect in the forwards direction. This was fixed by (5147b54) bringing those responses into full compliance. Note the prior release had also fixed compliance issues but in the backwards direction.

• Server selection for backfill struggled sometimes for version 12 rooms. These rooms might fail to load history after join. Additional servers are now found using creators and additional_creators instead.

• Room leave compliance has been fixed for an edge-case where a room becomes empty except for a locally invited user which does not have its leave event sent down /sync.

• Thanks to @grinapo for a report which lead to the discovery of events acquired over backfill not being checked for whether they already exist.

Upcoming

• As stated in the summary, several planned items could not be cut into this release. These include SSO/OIDC support (#7), Element Call setup assistance and documentation (#217)(#225), User-level Admin Room and Media deletion (#192), and any other assigned issue. These items are on the short-list for the next cycle and mean a lot to us; to all participants: your issues are not being ignored and we hear you.

Release v1.4.6

Tuwunel 1.4.6

November 6, 2025

New Features

• Element Call discovery support was implemented by @tototomate123 in (#209). Adding a [[global.well_known.rtc_transports]] section in your config file enables discovery. More information on setting up Element Call can be found at Spaetzblog, skipping step one, and performing step three in your Tuwunel config.

• Dehydrated Device support (MSC3814) is now available (#200). This feature allows users to receive encrypted messages without being logged in. Supporting clients will setup the dehydrated device automatically and it will "just work" behind the scenes; in fact, these clients will also hide it from the sessions list to avoid confusion. Support is not widespread yet but it has been tested with matrix-js-sdk clients such as Element-web. This feature was commissioned and made public by an enterprise sponsor.

• Notification panel (the 🔔 button) has been implemented in (#201). Even though Element-web now requires enabling it in the Labs menu, the underlying support (GET /_matrix/client/v3/notifications) enhances the push-notification handling of other clients.

• Live room previews are now available. This support (GET /_matrix/client/v3/events) allows users, including guests, to sync updates for a public room without joining (4afd6f3).

• Thanks to a suggestion by @cyberdoors in (#29), the configuration option encryption_enabled_by_default_for_room_type is now available. This feature can enable encryption for a room even when the client does not. The values all or invite are accepted, the latter roughly meaning DM's only. Neither are enabled by default.

Enhancements

• Thank you @tototomate123 for improving the reverse-proxy docs, adding dedicated pages for both Caddy and Nginx in (#209). Thanks to @tycode for pointing out the docs were missing for alternative proxies in (#197).

• Thanks to an observation by @iwalkalone69 in (#40), the last-seen time for a device in the session list is now updated acceptably. This function piggybacks on the presence system to prevent writing too frequently; testing has never shown it more than a minute or few out of date.

• Thanks to an inquiry by @EntityinArray in (#189) guest-accounts can now be enabled while registration tokens are also enabled to prevent fully open account registration. Note that registration tokens don't apply to guest-accounts and those are still fully open.

• Courtesy of @dasha-uwu the list of servers attempted when joining a room is now properly shuffled to increase the odds of finding a viable server, especially if an additional join attempt is made.

Bug Fixes

• Special thanks to @BVollmerhaus for finding the TURN secret file configured by turn_secret_file was broken in (#211), forcing users to configure turn_secret directly. Thank you for fixing this in (#212).

• Thank you @scvalex for updating the nix build for Tuwunel's integration tests and re-enabling all checks. (#215)

• Thanks to a report by @Anagastes in (#146) Nheko and NeoChat users can now enjoy properly verified devices. Special thanks for the assistance of @deepbluev7 with diagnosing the cross-signing signature issue.

• Database columns intended for deletion, notably roomsynctoken_shortstatehash, never had the deletion command actually invoked on them 😭 explaining the lack of enthusiasm after the 1.4.3 release introduced stateless sync. Users will now see the free disk space they were promised. This was uncovered during an unrelated issue investigation courtesy of @frebib.

• Thanks to investigation by @dasha-uwu the pagination tokens in the /relations endpoint were buggy and now operate correctly.

• Thanks to @Polve for identifying the DynamicUser=yes directive in the systemd files was invalid and advising a replacement in (#207).

• Thanks to @daudix for reporting an edge-case where the server will refuse to start rather than robustly reporting errors during startup checks and recreate a missing media directory (#213).

• Push rule evaluation was never implemented for invites arriving over federation. Notifications are now properly sent in this case.

• Sliding-sync handlers were susceptible to errors under rare circumstances escaping to cause an HTTP 500, which wreaks havoc on the rust-sdk. This has now been prevented.

• Federating with Conduit over several non-essential endpoints was broken. It is unclear whether this affected an actual Conduit release version, but thanks to @Kladki a fix is scheduled and we have included a workaround now on this end.

Release v1.4.5

Tuwunel 1.4.5

October 24, 2025

All deployments serving ElementX, Element Pro, SchildiChat Next, or any client using sliding-sync should upgrade to this patch for an improved experience.

Bug Fixes

• Progress made for sliding-sync in 1.4.3 was effectively reverted by 1.4.4. This release puts sliding-sync back on track with further progress exceeding 1.4.3. This release is now shipping without any known issues. Please report all issues. IMPORTANT: Issues from prior releases (such as stuck or incorrect unread counts) benefit from clearing the app's cache to immediately resolve. Go to settings, tap the version number 7 times, then enter the menu to select clear cache.

Release v1.4.4.0

Tuwunel 1.4.4

October 15, 2025

All deployments serving ElementX, SchildiChat Next, or any client using sliding-sync must upgrade from Tuwunel 1.4.3 to this patch.

Bug Fixes

• The sliding-sync updates in Tuwunel 1.4.3 failed to protect against the lack of idempotency in the current protocol. When sync requests are made, the server updates state which affects future sync requests. If the client interrupts or discards the result of a request, the connection will stray out of sync; messages can be missed. This fix inserts a guard to reset the server-side state upon such an expectation failure. Thank you @canarysnort01 for reporting this in (#190) as well as others who were inconvenienced by this issue. This fix is being released on an emergency basis. Future revisions will improve its efficiency. Some users may notice regressive behavior with unread-markers not disappearing instantly. Please open additional issue tickets so we can finally get this right. Thank you all for your patience and kindness through this difficult time.

Corrections

• Release notes for 1.4.3 missed citing @boarfish55 for their participation in (#175).

All release notes are intentionally written by hand to personally thank everyone for their participation. Please let us know if anything was incorrect or omitted in these notes.

Release v1.4.3.1

Tuwunel 1.4.3

October 10, 2025

Featured

Sync Tokens have been eliminated now with stateless sync. Users should notice a reduction in database size after running this version. Long-time users, including from conduwuit and even Conduit will benefit the most. New users may not notice reductions, but nevertheless will be preventing database growth going forward. With the prior addition of room deletions courtesy of @dasha-uwu, only enhanced media retention remains between Tuwunel and sustainable cost-of-ownership.

Sliding Sync has been fixed (Element X) after a third pass was made to install an entirely new architecture based on the latest evolution of the highly active MSC4186. For background, the first work done earlier this year was for optimization without logical changes to what was inherited from conduwuit. The existing implementation worked by all appearances, but didn't meet specific production quality demands. The second pass made last month to rapidly prepare this passé implementation for production use against highly developed modern clients did not turn out well. More tests passed; fewer things worked. This time the core logic had been rewritten. These three iterations have now modernized the entire module to keep up with the final stages of the specification's development. It is still not perfect, so your input and issue reports are greatly appreciated as always.

Enhancements

• Configuration options passed after arguments --option or -O now accept dots to address the TOML tables found in the config file. Thanks to the suggestion by @lucat1 while trying to configure ldap.bind_password_file from the command line (#162). This was separately uncovered by @andrewerf trying to configure the tls section (#167).

• Configuring log_to_stderr now provides an explicit way to redirect logging and tracing to stderr. This is often requested for use with systemd.

• The !admin query raw commands no longer require the redundant raw- prefix on every command name.

• Thanks to @SophiaH67 for pointing out that our new verbose-logging docker images aren't very useful without being pushed to registries, then taking the initiative to host it themselves until we corrected that.

• After a report by @munkinasack in (#186), @dasha-uwu determined we could solve a lot of recurring network issues by clearing the well-known cache entry for a destination that becomes unreachable.

• Thanks to @dasha-uwu for general improvements, refactoring and fixes for the room alias and presence subsystems.

• Thanks to a report by @ohitsdylan a cryptic error message from the DNS resolver has now been caught and reworded to indicate a missing or empty /etc/resolv.conf (#179).

• Inspired by @boarfish offering due confusion about our many build variants in (#175), some documentation about x86_64-v1 -v2 and -v3 has been improved. Special thanks to @Hashbrown777 for providing a quick one-liner shell script which made its way to the documentation.

• Various performance improvements took place in s2s request handlers, and the ubiquitous matrix event Pdu structure.

• Nix builds have been added to CI.

Bug Fixes

• Thanks to @HarHarLinks for reporting the Code of Conduct link on our github-pages was 404. Also thanks to @Tronde for reporting additional broken links in (#165). This helped discover pages had stopped deploying at some point and needed fixing.

• Thanks to @agx for contributing a fix for the systemd units on multiple platforms which contained unknown or deprecated keys (#168). And thanks again for adding missing documentation to the well-known sections of the example configuration which many users will greatly appreciate (#173).

• @mitch9911:matrix.org reported the device_signing/upload endpoint was omitted when adding JWT as a UIAA flow to other API's. This was subsequently patched (#169).

• The report by @orhtej2 of an invalid ?via parameter sent by FluffyChat when joining a version 12 room was greatly appreciated, even though there was nothing more we could do on our end (#171). Thanks to @dasha-uwu for triaging and investigating this issue to conclusion.

• Thanks to a follow-up by @alaviss in (#176) the DNS-passthru feature was found to still be enforcing a large minimum-TTL for its DNS cache. This was subsequently corrected.

• Thank you @canarysnort01 for the apropos and rather surgical off-by-one fix to sliding-sync range selection in (#188). Unfortunately this entire unit had to be rewritten for the latest iteration of sliding-sync, but the fix carried value in any case to improve the rewrite.

Notices

It has come to our attention courtesy of @andrewerf that the Arch packages are built with --no-default-features. This may be a problem for an ideal experience. The backstory is that conduwuit underwent a "feature skew" over its lifetime which still remains today: our default-features are basically minimal requirements, while --all-features should be default features. Let us first take a moment to reiterate our gratitude to AUR package maintainers @drrossum and @Kimiblock who have supported this project from the first hours of its existence. No action is required on their part as the plan now is to remove several optional features by the next release to make --no-default-features viable. We still recommend default features in general unless this conflicts with AUR policies or philosophies.

Release v1.4.2

Tuwunel 1.4.2

September 12, 2025

Users running maubot, neochat, or any client or bridge not excluded below should update to this patch as soon as possible to reduce unnecessary resource consumption. (see: Bug Fixes)

New Features

• Requested by @alaviss an alternative DNS resolver has been implemented for use with appservices and other configured targets intended for local networks. This passthru performs minimal caching and cannot be used for federation. Enable with dns_passthru_appservices = true or specifying hosts in dns_passthru_domains (#158)

• Contributed by @tototomate123 a nifty experimental feature can disable push notifications when you're active on one device from being sent to others. This can be enabled with suppress_push_when_active. Please thank them when your pocket stops vibrating while chatting on your desktop! (#150)

• Thanks to a report by @DetermineAbsurd the m.federate field can be defaulted to false when creating a room using the new federate_created_rooms config option. (#151)

• At the request of @grinapo verbose logging builds are now bundled with this release. These builds are found with the feature-set -logging- which is otherwise similar to -all-. This contains more messages at all levels optimized away in other release modes; it comes at some performance penalty.

• JWT tokens can now be used for authentication on any endpoint which supports UIA. For example: an external forgot-password service can send a token to the client/account/password endpoint to reset a user's password. This feature was commissioned and made public by an enterprise sponsor.

Enhancements

• Sliding-sync has been significantly refactored. Performance has massively increased with many bugs and compliance issues also fixed. Please be aware we are tracking an issue related to read-marker behavior in Element X. The 🟢 dot does not unconditionally clear at every touch. Whether this is a feature or a bug, or both, is being investigated for v1.5.

• Hydra backports are now enabled by default. The change should be completely transparent. If you do notice any increased load try to increase the cache_capacity_modifier above default.

• Room deletions now also purge synctokens which can be significant to the overall storage consumed by a room. Users who have already deleted rooms please be assured an update planned for v1.5 will deal with cleansing synctokens in general.

• Room version 1 and 2 support took a step forward, possibly working for some rooms but is not yet considered adequately supported and the ticket remains open. (#12)

• Thanks to @AreYouLoco for contributing an updated Kubernetes Helm Chart; link added to docs.

Bug Fixes

• Special thanks to @frebib for investigating a bug which triggers the uploading of unnecessary encryption one-time-keys. Running over ten maubot instances it became obvious after observing increased resources and laggy bot response. This update removes any excess keys for a device. Thanks to @Duckbuster for confirming neochat is affected. Clients confirmed unaffected include: Element, Element X, Nheko. Fractal, Cinny, matrix-rust-sdk and matrix-js-sdk clients and bots are probably unaffected. Mautrix-based bridges are probably affected. Users of unaffected clients should still upgrade.

• Thanks @dasha_uwu for refactoring alias resolution logic with fixes to remain compatible with the upcoming element-web release. This was an incredibly valuable contribution which will spare all of us from impending grief; the kind of ahead-of-the-game initiative I don't think a project like this could exist without. (adadafa)

• Room deletions now preserve a small number of records to properly synchronize with local clients and remote servers after the room vanishes. Prior behavior is maintained with a --force flag added to the command.

• Thanks @scvalex for once again cleaning up our mess after Nix found the github CI was not running doctests. Thank you for contributing the patch 🙏 (#152).

• Thanks @Tronde for reporting a broken link to the CoC in the mdbook documentation. (#155)

• Specification compliance required the /joined_rooms endpoint be restricted to current members rather than including past members. (4b49aaa)

• Specification compliance required state events be made visible to prior members of a room where history_visibility=shared. (8678152)

• The limit parameter to the /context endpoint is now divided with de facto compatibility (matrix-org/matrix-spec#2202)

• The room avatar in sliding sync is now computed with greater compliance to the specification (3deebea). This builds off earlier work done by @tmayoff in (a340e67).

• The canonical alias for a room is considered invalid if the primary alias is missing or removed (7221d46). This is a T&S concern and we encourage reports for any other contexts where this condition should be applied.

• Presence is no longer updated by the private read-receipt or read-marker paths, only public receipts.

Deprecations

• Hardened Malloc support had to be removed after the build broke. We will gladly add support back upon request or contribution.