matrix-sdk-base 0.14.1

What's Changed

Security Fixes

• Fix a panic in the RoomMember::normalized_power_level method.
  (#5635) (Low, CVE-2025-59047, GHSA-qhj8-q5r6-8q6j).

matrix-sdk 0.14.0

What's Changed

Features

• Client::fetch_thread_subscriptions implements support for the companion endpoint of the experimental MSC4308, allowing to fetch thread subscriptions for a given range, as specified by the MSC.
  (#5590)

• Add a Client::joined_space_rooms method that allows retrieving the list of joined spaces.

• Room::enable_encryption and Room::enable_encryption_with_state_event_encryption will poll the encryption state for up to 3 seconds, rather than checking once after a single sync has completed.
  (#5559)

• Add Room::enable_encryption_with_state to enable E2E encryption with encrypted state event support, gated behind the experimental-encrypted-state-events feature.
  (#5557)

• Add ignore_timeout_on_first_sync to the SyncSettings, which should allow to have a quicker first response when using one of the sync, sync_with_callback, sync_with_result_callback or sync_stream methods on Client, if the response is empty.
  (#5481)

• The methods to use the /v3/sync endpoint set the use_state_after field, which means that, if the server supports it, the response will contain the state changes between the last sync and the end of the timeline.
  (#5488)

• Add experimental support for MSC4306, with the Room::fetch_thread_subscription(), Room::subscribe_thread() and Room::unsubscribe_thread() methods.
  (#5439)

• [breaking] RoomMemberRole has a new Creator variant, that differentiates room creators with infinite power levels, as introduced in room version 12.
  (#5436)

• Add Account::fetch_account_data_static to fetch account data from the server with a statically-known type, with a signature similar to Account::account_data.
  (#5424)

• Add support to accept historic room key bundles that arrive out of order, i.e. the bundle arrives after the invite has already been accepted.
  (#5322)

• [breaking] OAuth::login now allows requesting additional scopes for the authorization code grant.
  (#5395)

Refactor

• [breaking] Upgrade ruma to 0.13.0
  (#5623)
• [breaking] SyncSettings token is now SyncToken enum type which has default behaviour of SyncToken::ReusePrevious token. This breaks Client::sync_once. For old behaviour, set the token to SyncToken::NoToken with the usual SyncSettings::token setter.
• [breaking] Change the upload_encrypted_file and make it clone the client instead of owning it. The lifetime of the UploadEncryptedFile request returned by Client::upload_encrypted_file() only depends on the request lifetime now.
• [breaking] Add an IsPrefix = False bound to the account_data() and fetch_account_data_static() methods of Account. These methods only worked for events where the full event type is statically-known, and this is now enforced at compile-time. account_data_raw() and fetch_account_data() respectively can be used instead for event types with a variable suffix.
  (#5444)
• [breaking] RoomMemberRole::suggested_role_for_power_level() and RoomMemberRole::suggested_power_level() now use UserPowerLevel to represent power levels instead of i64 to differentiate the infinite power level of creators, as introduced in room version 12.
  (#5436)
• [breaking] The reason argument of Room::report_room() is now required, due to a clarification in the spec.
  (#5337)
• [breaking] The join_rule field of RoomPreview is now a JoinRuleSummary. It has the same variants as SpaceRoomJoinRule but contains as summary of the allow rules for the restricted variants.
  (#5337)
• [breaking] The MSRV has been bumped to Rust 1.88.
  (#5431)
• [breaking] Room::send_call_notification and Room::send_call_notification_if_needed have been removed, since the event type they send is outdated, and Client is not actually supposed to be able to join MatrixRTC sessions (yet). In practice, users of these methods probably already rely on another MatrixRTC implementation to participate in sessions, and such an implementation should be capable of sending notifications itself.

Bugfix

• The event handlers APIs now properly support events whose type is not fully statically-known. Before, those events would never trigger an event handler.
  (#5444)
• All HTTP requests now have a default read_timeout of 60s, which means they'll disconnect if the connection stalls.
  RequestConfig::timeout is now optional and can be disabled on a per-request basis. This will be done for the requests used to download media, so they don't get cancelled after the default 30s timeout for no good reason.
  (#5437)

matrix-sdk 0.13.0

What's Changed

Security Fixes

• Fix SQL injection vulnerability in EventCache
  (d0c0100, Moderate, CVE-2025-53549, GHSA-275g-g844-73jh)

Bug fixes

• When joining a room via Client::join_room_by_id(), if the client has enable_share_history_on_invite enabled,
  we will correctly check for received room key bundles. Previously this was only done when calling Room::join.
  (#5043)

Features

• Add Client::supported_versions(), which returns the results of both Client::server_versions() and
  Client::unstable_features() with a single call.
  (#5357)
• WidgetDriver::send_to_device Now supports sending encrypted to-device messages.
  (#5252)
• Client::add_event_handler: Set Option<EncryptionInfo> in EventHandlerData for to-device messages.
  If the to-device message was encrypted, the EncryptionInfo will be set. If it is None the message was sent in clear.
  (#5099)
• EventCache::subscribe_to_room_generic_updates is added to subscribe to all
  room updates without having to subscribe to all rooms individually
  (#5247)
• [breaking] The element call widget URL configuration struct uses the new header url parameter
  instead of the now deprecated hideHeader parameter. This is only compatible with EC v0.13.0 or newer.
• [breaking] RoomEventCacheGenericUpdate gains a new Clear variant, and sees
  its TimelineUpdated variant being renamed to UpdateTimeline.
  (#5363)

Refactor

• [breaking]: Client::unstable_features() returns a BTreeSet<FeatureFlag>, containing only
  the features whose value was set to true in the response to the /versions endpoint.
  (#5357)
• ClientServerCapabilities has been renamed to ClientServerInfo. Alongside this,
  Client::reset_server_info is now Client::reset_server_info and Client::fetch_server_capabilities
  is now Client::fetch_server_versions, returning the server versions response directly.
  (#5167)
• RoomEventCacheListener is renamed RoomEventCacheSubscriber
  (#5269)
• RoomPreview::join_rule is now optional, and will be set to None if the join rule state event
  is missing for a given room.
  (#5278)

Bug fixes

• m.room.avatar has been added as required state for sliding sync until the existing backend issue
  causing deleted room avatars to not be flagged is fixed. (#5293)

matrix-sdk-crypto-ffi-0.11.1

What's Changed

Security Fixes

• Check the sender of an event matches owner of session, preventing sender spoofing by homeserver owners.
  13c1d20 (High, CVE-2025-48937, GHSA-x958-rvg6-956w).

Bug Fixes

• Remove a wildcard enum variant import which breaks compilation if used with tracing-attributes version 0.1.29. This is a workaround for a bug in tracing-attributes.
  (#5190) (#5191) (#5193)

matrix-sdk-crypto 0.11.1

What's Changed

Security Fixes

• Check the sender of an event matches owner of session, preventing sender spoofing by homeserver owners.
  13c1d20 (High, CVE-2025-48937, GHSA-x958-rvg6-956w).

Bug Fixes

• Remove a wildcard enum variant import which breaks compilation if used with tracing-attributes version 0.1.29. This is a workaround for a bug in tracing-attributes.
  (#5190) (#5191) (#5193)

matrix-sdk 0.12.0

What's Changed

Security Fixes

• Check the sender of an event matches owner of session, preventing sender spoofing by homeserver owners.
  13c1d20 (High, CVE-2025-48937, GHSA-x958-rvg6-956w).

Features

• Client::send_call_notification_if_needed now returns Result<bool> instead of Result<()> so we can check if
  the event was sent.
• Added SendMediaUploadRequest wrapper for SendRequest, which checks the size of the request to
  upload making sure it doesn't exceed the m.upload.size value that can be fetched through
  Client::load_or_fetch_max_upload_size.
• Add ClientBuilder::with_enable_share_history_on_invite to enable experimental support for sharing encrypted room history on invite, per MSC4268.
  (#5141)
• Room::list_threads() is a new method to list all the threads in a room.
  (#4972)
• Room::relations() is a new method to list all the events related to another event
  ("relations"), with additional filters for relation type or relation type + event type.
  (#4972)
• The EventCache's persistent storage has been enabled by default. This means that all the events
  received by sync or back-paginations will be stored, in memory or on disk, by default, as soon as
  EventCache::subscribe() has been called (which happens automatically if you're using the
  matrix_sdk_ui::Timeline). This offers offline access and super quick back-paginations (when the
  cache has been filled) whenever the event cache is enabled. It's also not possible to disable the
  persistent storage anymore. Note that by default, the event cache store uses an in-memory store,
  so the events will be lost when the process exits. To store the events on disk, you need to use
  the sqlite event cache store.
  (#4308)
• Room::set_unread_flag() now sets the stable m.marked_unread room account data, which was
  stabilized in Matrix 1.12. Room::is_marked_unread() also ignores the unstable
  com.famedly.marked_unread room account data if the stable variant is present.
  (#5034)
• Encryption::encrypt_and_send_raw_to_device: Introduced as an experimental method for
  sending custom encrypted to-device events. This feature is gated behind the
  experimental-send-custom-to-device flag, as it remains under active development and may undergo changes.
  (4998)
• Room::send_single_receipt() and Room::send_multiple_receipts() now also unset the unread
  flag of the room if an unthreaded read receipt is sent.
  (#5055)
• Client::is_user_ignored(&UserId) can be used to check if a user is currently ignored.
• (#5081)
• RoomSendQueue::send_gallery has been added to allow sending MSC4274-style media galleries
  via the send queue under the unstable-msc4274 feature.
  (#4977)

Bug fixes

• A invited DM room joined with Client::join_room_by_id() or Client::join_room_by_id_or_alias()
  will now be correctly marked as a DM.
  (#5043)
• API responses with an HTTP status code 520 won't be retried anymore, as this is used by some proxies
  (including Cloudflare) to warn that an unknown error has happened in the actual server.
  (#5105)

Refactor

• Room::push_context() has been renamed into Room::push_condition_room_ctx(). The newer
  Room::push_context now returns a matrix_sdk::Room::PushContext, which can be used to compute
  the push actions for any event.
  (#4962)
• Room::decrypt_event() now requires an extra matrix_sdk::Room::PushContext parameter to
  compute the push notifications for the decrypted event.
  (#4962)
• SlidingSyncRoom has been removed. With it, the SlidingSync::get_room,
  get_all_rooms, get_rooms, get_number_of_rooms, and
  FrozenSlidingSync methods and type have been removed.
  (#5047)
• Room::set_unread_flag() is now a no-op if the unread flag already has the wanted value.
  (#5055)

matrix-sdk-crypto-ffi-0.11.0

Features

• [breaking] OlmMachine.receive_sync_changes returns now a list of ProcessedToDeviceEvent
  instead of a list of Raw<AnyToDeviceEvent>. With variants like Decrypted|UnableToDecrypt|PlainText|NotProcessed.
  This allows for example to make the difference between an event sent in clear and an event successfully decrypted.
  For quick compatibility a helper ProcessedToDeviceEvent::to_raw allows to map back to the previous behaviour.

• [breaking] Add support for the shared history flag defined in
  MSC3061.
  The shared history flag is now respected when room keys are received as an
  m.room_key event as well as when they are imported from a backup or a file
  export. We also ensure to set the flag when we send out room keys. Due to
  this, a new argument to the constructor for room_key::MegolmV1AesSha2Content
  has been added and PickledInboundGroupSession has received a new
  shared_history field that defaults to false.
  (#4700)

• Have the RoomIdentityProvider return processing changes when identities transition
  to IdentityState::Verified too.
  (#4670)

• [breaking] CollectStrategy::DeviceBasedStrategy is now split into three
  separate strategies (AllDevices, ErrorOnVerifiedUserProblem,
  OnlyTrustedDevices), to make the behaviour clearer.
  (#4581)

• Accept stable identifier sender_device_keys for MSC4147 (Including device
  keys with Olm-encrypted events).
  (#4420)

• Room keys are not shared with unsigned dehydrated devices.
  (#4551)

• [breaking] Expose new API
  DehydratedDevices::get_dehydrated_device_pickle_key,
  DehydratedDevices::save_dehydrated_device_pickle_key and
  DehydratedDevices::delete_dehydrated_device_pickle_key to store/load the
  dehydrated device pickle key. This allows client to automatically rotate
  the dehydrated device to avoid one-time-keys exhaustion and to_device
  accumulation.
  DehydratedDevices::keys_for_upload and
  DehydratedDevices::rehydrate now use the DehydratedDeviceKey as parameter
  instead of a raw byte array. Use DehydratedDeviceKey::from_bytes to migrate.
  (#4383)

• Add extra logging in OtherUserIdentity::pin_current_master_key and
  OtherUserIdentity::withdraw_verification.
  (#4415)

• Added new UtdCause variants WithheldForUnverifiedOrInsecureDevice and WithheldBySender.
  These variants provide clearer categorization for expected Unable-To-Decrypt (UTD) errors
  when the sender either did not wish to share or was unable to share the room_key.
  (#4305)

• UtdCause has two new variants that replace the existing HistoricalMessage:
  HistoricalMessageAndBackupIsDisabled and HistoricalMessageAndDeviceIsUnverified.
  These give more detail about what went wrong and allow us to suggest to users
  what actions they can take to fix the problem. See the doc comments on these
  variants for suggested wording.
  (#4384)

matrix-sdk 0.11.0

What's Changed

Features

• Room::load_or_fetch_event() is a new method that will find an event in the event cache (if
  enabled), or using network like Room::event() does.
  (#4837)

• [breaking]: The element call widget URL configuration struct
  (VirtualElementCallWidgetOptions) and URL generation have changed.

  • It supports the new fields: hide_screensharing, posthog_api_host, posthog_api_key,
    rageshake_submit_url, sentry_dsn, sentry_environment.
  • The widget URL will no longer automatically add /room to the base domain. For backward compatibility
    the app itself would need to add /room to the element_call_url.
  • And replaced:
    • analytics_id -> posthog_user_id (The widget URL query parameters will
      include analytics_id & posthog_user_id for backward compatibility)
    • skip_lobby -> intent (Intent.StartCall, Intent.JoinExisting.
      The widget URL query parameters will include skip_lobby if intent is
      Intent.StartCall for backward compatibility)
  • VirtualElementCallWidgetOptions now implements Default.
    (#4822)

• [breaking]: The RoomPagination::run_backwards method has been removed and replaced by two
  simpler methods:

  • RoomPagination::run_backwards_until(), which will retrigger back-paginations until a certain
    number of events have been received (and retry if the timeline has been reset in the background).
  • RoomPagination::run_backwards_once(), which will run a single back-pagination (and retry if
    the timeline has been reset in the background).
    (#4689)

• [breaking]: The OAuth::account_management_url method now caches the
  result of a call, subsequent calls to the method will not contact the server
  for a while, instead the cached URI will be returned. If caching of this URI
  is not desirable, the OAuth::fetch_account_management_url method can be used.
  (#4663)

• The MediaRetentionPolicy can now trigger regular cleanups with its new
  cleanup_frequency setting.
  (#4603)

• [breaking] The HTTP client only allows TLS 1.2 or newer, as recommended by
  BCP 195.
  (#4647)

• Add Room::report_room api. (#4713)

• Client::notification_client will create a copy of the existing Client,
  but now it'll make sure it doesn't handle any verification events to
  avoid an issue with these events being received and processed twice if
  NotificationProcessSetup was SingleSetup.

• [breaking] Room::is_encrypted is replaced by
  Room::latest_encryption_state which returns a value of the new
  EncryptionState enum; another Room::encryption_state non-async and
  infallible method is added to get the EncryptionState without calling
  Room::request_encryption_state. This latter method is also now public.
  (#4777). One can
  safely replace:

  room.is_encrypted().await?

  by

  room.latest_encryption_state().await?.is_encrypted()

• LocalServerBuilder, behind the local-server feature, can be used to spawn
  a server when the end-user needs to be redirected to an address on localhost.
  It was used for SsoLoginBuilder and can now be used in other cases, like for
  login with the OAuth 2.0 API.
  (#4804)

• The OAuth api is no longer gated behind the experimental-oidc cargo
  feature.
  (#4830)

• Re-export SqliteStoreConfig and add
  ClientBuilder::sqlite_store_with_config_and_cache_path to configure the
  SQLite store with the new SqliteStoreConfig structure
  (#4870)

• Add Client::logout() that allows to log out regardless of the AuthApi that
  is used for the session.
  (#4886)

Bug Fixes

• Ensure all known secrets are removed from secret storage when invoking the
  Recovery::disable() method. While the server is not guaranteed to delete
  these secrets, making an attempt to remove them is considered good practice.
  Note that all secrets are uploaded to the server in an encrypted form.
  (#4629)
• Most of the features in the OAuth API should now work under WASM
  (#4830)

Refactor

• [breaking] Switched from the unmaintained backoff crate to the backon
  crate. As part of this change, the RequestConfig::retry_limit method was
  renamed to RequestConfig::max_retry_time and the parameter for the method was
  updated from a u64 to a usize.
  (#4916)
• [breaking] We now require Rust 1.85 as the minimum supported Rust version to compile.
  Yay for async closures!
  (#4745)
• [breaking] The server_url and server_response methods of
  SsoLoginBuilder are replaced by server_builder(), which allows more
  fine-grained settings for the server.
  (#4804
• [breaking]: OidcSessionTokens and MatrixSessionTokens have been merged
  into SessionTokens. Methods to get and watch session tokens are now
  available directly on Client.
  (MatrixAuth/Oidc)::session_tokens_stream(), can be replaced by
  Client::subscribe_to_session_changes() and then calling
  Client::session_tokens() on a SessionChange::TokenRefreshed.
  (#4772)
• [breaking] Oidc::url_for_oidc() doesn't take the VerifiedClientMetadata
  to register as an argument, the one in OidcRegistrations is used instead.
  However it now takes the redirect URI to use, instead of always using the
  first one in the client metadata.
  (#4771)
• [breaking] The server_url and server_response methods of
  SsoLoginBuilder are replaced by server_builder(), which allows more
  fine-grained settings for the server.
• [breaking]: Rename the Oidc API to OAuth, since it's using almost
  exclusively OAuth 2.0 rather than OpenID Connect.
  (#4805)
  • The oidc module was renamed to oauth.
  • Client::oidc() was renamed to Client::oauth() and the AuthApi::Oidc
    variant was renamed to AuthApi::OAuth.
  • OidcSession was renamed to OAuthSession and the AuthSession::Oidc
    variant was renamed to AuthSession::OAuth.
  • OidcAuthCodeUrlBuilder and OidcAuthorizationData were renamed to
    OAuthAuthCodeUrlBuilder and OAuthAuthorizationData.
  • OidcError was renamed to OAuthError and the RefreshTokenError::Oidc
    variant was renamed to RefreshTokenError::OAuth.
  • Oidc::provider_metadata() was renamed to OAuth::server_metadata().
• [breaking]: OAuth::finish_login() must always be called, instead of OAuth::finish_authorization()
  (#4817)
  • OAuth::abort_authorization() was renamed to OAuth::abort_login().
  • OAuth::finish_login() can be called several times for the same session,
    but it will return an error if it is called with a new session.
  • OAuthError::MissingDeviceId was removed, it cannot occur anymore.
• [breaking] OidcRegistrations was renamed to OAuthRegistrationStore.
  (#4814)
  • OidcRegistrationsError was renamed to OAuthRegistrationStoreError.
  • The registrations module was renamed and is now private.
    OAuthRegistrationStore and ClientId are exported from oauth, and
    OAuthRegistrationStoreError is exported from oauth::error.
  • All the methods of OAuthRegistrationStore are now async and return a
    Result: errors when reading the file are no longer ignored, and blocking
    I/O is performed in a separate thread.
  • OAuthRegistrationStore::new() takes a PathBuf instead of a Path.
  • OAuthRegistrationStore::new() no longer takes a static_registrations
    parameter. It should be provided if needed with
    OAuthRegistrationStore::with_static_registrations().
• [breaking] Allow to use any registration method with OAuth::login() and
  OAuth::login_with_qr_code().
  (#4827)
  • OAuth::login takes an optional ClientRegistrationData to be able to
    register and login with a single function call.
  • OAuth::url_for_oidc() was removed, it can be replaced by a call to
    OAuth::login().
  • OAuth::login_with_qr_code() takes an optional ClientRegistrationData
    instead of the client metadata.
  • OAuth::finish_login takes a UrlOrQuery instead of an
    AuthorizationCode. The deserialization of the query string will occur
    inside the method and eventual errors will be handled.
  • OAuth::login_with_oidc_callback() was removed, it can be replaced by a
    call to OAuth::finish_login().
  • AuthorizationResponse, AuthorizationCode and AuthorizationError are
    now private.
• [**break...

matrix-sdk 0.10.0

What's Changed

Features

• Allow to set and check whether an image is animated via its ImageInfo.
  (#4503)
• Implement Default for BaseImageInfo, BaseVideoInfo, BaseAudioInfo and
  BaseFileInfo.
  (#4503)
• Expose Client::server_versions() publicly to allow users of the library to
  get the versions of Matrix supported by the homeserver.
  (#4519)
• Create RoomPrivacySettings helper to group room settings functionality
  related to room access and visibility.
  (#4401)
• Enable HTTP/2 support in the HTTP client.
  (#4566)
• The media contents stored in the media cache can now be controlled with a
  MediaRetentionPolicy and the new Media methods media_retention_policy(),
  set_media_retention_policy(), clean_up_media_cache().
  (#4571)

Refactor

• [breaking]: The reexported types SyncTimelineEvent and TimelineEvent have been fused into a single type TimelineEvent, and its field push_actions has been made Optional (it is set to None when we couldn't compute the push actions, because we lacked some information).
  (#4568)
• [breaking] Move the optional RequestConfig argument of the
  Client::send() method to the with_request_config() builder method. You
  should call Client::send(request).with_request_config(request_config).await
  now instead.
  (#4443)
• [breaking] Remove the AttachmentConfig::with_thumbnail() constructor and
  replace it with the AttachmentConfig::thumbnail() builder method. You should
  call AttachmentConfig::new().thumbnail(thumbnail) now instead.
  (#4452)
• [breaking] Room::send_attachment() and RoomSendQueue::send_attachment()
  now take any type that implements Into<String> for the filename.
  (#4451)
• [breaking] Recovery::are_we_the_last_man_standing() has been renamed to is_last_device().
  (#4522)
• [breaking] The matrix_auth module is now at authentication::matrix.
  (#4575)
• [breaking] The oidc module is now at authentication::oidc.
  (#4575)

matrix-sdk 0.9.0

What's Changed

Bug Fixes

• Use the inviter's server name and the server name from the room alias as
  fallback values for the via parameter when requesting the room summary from
  the homeserver. This ensures requests succeed even when the room being
  previewed is hosted on a federated server.
  (#4357)

• Do not use the encrypted original file's content type as the encrypted
  thumbnail's content type.
  (#ecf4434)

Features

• Enable persistent storage for the EventCache. This allows events received
  through the /sync endpoint or backpagination to be stored persistently,
  enabling client applications to restore a room's view, including events,
  without requiring server communication.
  (#4347)

• [BREAKING] Make all fields of Thumbnail required
  (#4324)

• Backups::exists_on_server, which always fetches up-to-date information from the
  server about whether a key storage backup exists, was renamed to
  fetch_exists_on_the_server, and a new implementation of exists_on_server
  which caches the most recent answer is now provided.