Element Web/Desktop 1.11.4 - A security update, deferred DMs and more
We’ve got a new release for you, and it has security fixes so please make sure you upgrade. We’ll disclose the details of the issue down the line, but stress that this update is important.
Over the weekend we received a report from Val Lorentz (thank you!) that it was possible to create a situation where Element wouldn’t show all of the user’s rooms or Spaces, causing minor (temporary) corruption and Denial of Service (DoS).
As part of our regular process for handling security issues like this, we performed an audit and found a couple more related problems which are also fixed in this release.
We are not aware of the attack ever being used maliciously in the wild. However we are aware of some users who may have been impacted by the issue accidentally, due to some unintentional public testing. If you are one of these people, please update Element Web/Desktop first then go to Settings -> Help to “Clear Cache and Reload”. If you encounter further issues, let us know in #element-web:matrix.org.
For more information on the issue, please see the matrix.org blog for the security notice.
Now, onto the features we’ve been working on.
Have you experienced the awkwardness of direct messaging someone for the first time, and realising they've got an invite to a DM before you've even had a chance to send your first message? Or maybe you've been on the other side of it, and been invited to a new DM, then sat there for a while wondering what the other person is going to say?
Well, we've changed the flow so that now the invite will only be sent when you send your first message. It’s far more natural, and means you have as much time as you need to start a great conversation!
Deferred DMs are now live in Web/Desktop, and will be released for mobile in September.
Labs: New session manager
We’re still working on the implementation (so it’s not live in this release), but there’s a new session manager coming your way soon. It can be difficult to manage which devices you’re logged in to and sometimes even identify which sessions are still important to keep around. With additional features, some design improvements, and a touch of spec work, we’re aiming to improve the experience massively.
We’ll be sure to talk more about it once it’s live :)
The latest on Element Call integration
It wasn’t too long ago when we last talked about Element Call; voice and video calling powered entirely by Matrix.
The team has been working on getting Sean DuBois’s (lead of the Pion WebRTC project) incredible open source contribution hooked up, and have also been laying the groundwork for getting Element Call into Element Web/Desktop, replacing Jitsi. The development of Element Call embedding has been kindly sponsored by one of Element's customers.
On the technical side, Element Web/Desktop will be using widgets to host Element Call in a room.
That’s all for now
There’s been a few updates to the general user experience within the app recently. Check out the release notes and please let us know how we can improve using the in-app feedback buttons.