v1.9.1

Security Advisory

A security issue was discovered in the mention forwarding feature. We've backed it out in v1.9.1 (this release) and encourage admins to immediately upgrade to this version while we take a closer look.

What's Changed

• Revert "forward mentions to management room" feature by @turt2live in #565

Full Changelog: v1.9.0...v1.9.1

v1.9.0

Security Advisory

Please upgrade immediately to v1.9.1 instead of v1.9.0

What's Changed

• A few small fixes by @H-Shay in #536
• Add displayname mention spam protection by @H-Shay in #537
• Add users who activate mention spam protection to auto-redact list by @H-Shay in #541
• Remove notes from the default config.yaml that suggest mjolnir's wordlist feature supports regex, it does not. by @PC-Admin in #543
• Use Prettier to format code by @H-Shay in #542
• Use admin api for redactions if possible by @H-Shay in #538
• Add a test verifying messageIsMediaProtection by @H-Shay in #545
• Trim leading whitespace from !mjolnir command by @Half-Shot in #549
• Create CODEOWNERS by @turt2live in #550
• Don't ban users in moderator room by @H-Shay in #544
• Filter out rooms where user was never a member when redacting rooms by @H-Shay in #551
• Don't shut down protected rooms by @H-Shay in #554
• Notify moderation room when users in protected rooms mention the bot (configurable) by @Half-Shot in #553
• Add a test verifying unban command by @H-Shay in #557
• Stop printing help menu on unknown command by @H-Shay in #558
• Don't allow mods to demote bot or members of management room in protected rooms by @H-Shay in #555
• Use spoilers when mentioning targets of a rule by @H-Shay in #559
• v1.9.0 by @H-Shay in #563

New Contributors

• @PC-Admin made their first contribution in #543

Full Changelog: v1.8.3...v1.9.0

v1.8.3

What's Changed

• Fix default config to maintain backwards compatibility by @turt2live in #535

Full Changelog: v1.8.2...v1.8.3

v1.8.2

What's Changed

• Support non-password based login by @H-Shay in #533

Full Changelog: v1.8.1...v1.8.2

v1.8.1

What's Changed

• Add quote charaters to mxc match regex by @H-Shay in #532

Full Changelog: v1.8.0...v1.8.1

v1.8.0

What's Changed

• Resolve aliases and get via servers before storing watch list by @H-Shay in #518
• Support authenticated media (by updating bot-sdk / matrix-appservice-bridge) by @Half-Shot in #523
• Fix NSFW protection not awaiting redaction by @Half-Shot in #526
• Log the name of the failed protection to the moderation room when it fails. by @Half-Shot in #525
• Add protection for mention spam by @Half-Shot in #524
• Improve messaging and checks in NSFW protection by @H-Shay in #529
• Add native encryption support to Mjolnir by @H-Shay in #528

Note that configuration options related to Pantalaimon are now deprecated (as native encryption is now supported in mjolnir) and will be removed at a later date.

Full Changelog: v1.7.0...v1.8.0

v1.7.0

What's Changed

• Add some releasing instructions by @H-Shay in #500
• Update releasing instructions to use script by @H-Shay in #502
• Bump postcss from 8.4.16 to 8.4.39 by @dependabot in #507
• Bump crypto-js from 4.1.1 to 4.2.0 by @dependabot in #492
• Bump express from 4.18.1 to 4.19.2 by @dependabot in #512
• Bump braces from 3.0.2 to 3.0.3 by @dependabot in #511
• Bump sanitize-html from 2.7.1 to 2.13.0 by @dependabot in #510
• Bump ws from 7.5.5 to 7.5.10 by @dependabot in #509
• Bump follow-redirects from 1.15.1 to 1.15.6 by @dependabot in #508
• Add commands to suspend/unsuspend user by @H-Shay in #506
• Check for via servers before trying to join room in policy list manager by @H-Shay in #514
• Use modern language by @H-Shay in #513
• Do not interrupt redact sequences because of exceptions on backfilling by @maranda in #479
• remove real name requirement from DCO by @joshsimmons in #515
• Enhance media protections by @H-Shay in #516
• Add a NSFW protection by @H-Shay in #520
• Bump express from 4.19.2 to 4.20.0 by @dependabot in #521
• Bump micromatch from 4.0.4 to 4.0.8 by @dependabot in #519

New Contributors

• @joshsimmons made their first contribution in #515

Special Thanks

• Thanks to @Gnuxie for inspiration/groundwork on the NSFW protection

Full Changelog: v1.6.5...v1.7.0

v1.6.5

What's Changed

• Detect stickers as media by @RasmusRendal in #480
• Bump word-wrap from 1.2.3 to 1.2.4 by @dependabot in #486
• Bump semver from 5.7.1 to 5.7.2 by @dependabot in #484
• Bump yaml from 2.1.1 to 2.2.2 by @dependabot in #478
• Bump matrix-appservice-bridge from 8.0.0 to 8.1.2 by @dependabot in #487
• Bump node version to 18 by @H-Shay in #496
• Bump package version in preparation for release by @H-Shay in #498
• Bump package version to 1.6.5 by @H-Shay in #499

New Contributors

• @RasmusRendal made their first contribution in #480
• @H-Shay made their first contribution in #496

Full Changelog: v1.6.4...v1.6.5

v1.6.4

This is a bugfix release.

ChangeLog

Bot

• Bugfix: In Mjölnir-for-all, make sure that config.bot.displayName is always set, by @Yoric in 9693149

v1.6.3

ChangeLog

Bot

• Bugfix: !mjolnir config get was broken, should now be fixed by @jesopo in 5824539.
• Feature: Support for decentralized abuse report (MSC3215). Use command !mjolnir rooms setup <room alias/ID> reporting to setup a room so that users can decide to send abuse reports to moderators (who can read the offending messages) instead of homeserver administrators (who typically cannot) by @Yoric in fa5fbee, 5b509a2. Sending an abuse report this way currently requires Element Web Develop with Labs feature report_to_moderator.
• Feature: Mjölnir-for-all bot now has a nicer name and is easier to invite by @Yoric in d83127e.

Hosting

• Feature: Early support for OpenMetrics/Prometheus. If you are hosting your Mjölnir, this will let you monitor e.g. CPU usage, memory usage, number of Matrix errors, ... Additional probes may be added in the future. Off by default. By @Yoric in c3cb22b

Security

• Bumping up dependency json5 to 1.0.2 by @dependabot in 1451ac9