[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-project] matrix room upgrades coming next week

To: tor-project@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-project] matrix room upgrades coming next week
From: Antoine Beaupré via tor-project <tor-project@xxxxxxxxxxxxxxxxxxxx>
Date: Thu, 04 Sep 2025 20:52:24 -0400
List-id: "Moderated discussion list for tor contributors." <tor-project.lists.torproject.org>
Organization: Tor
Reply-to: Antoine Beaupré <anarcat@xxxxxxxxxxxxxx>

Hi,

Matrix rooms will be "upgraded" next week due to a security issue with
the old room version. This involves clicking a link in your Matrix
client to keep communicating over Matrix in Tor rooms.

# What?

Concretely, this means you will see a message like this from me or
another Matrix admin in many rooms you are in:

> this room will be upgraded to v12 as per https://gitlab.torproject.org/tpo/tpa/team/-/issues/42240

Then a message in your Matrix client directing you to the new room. For
example, in Element, you will see:

> This room has been replaced and is no longer active.
> *The conversation continues here.*

The latter is a link, and you should click it to join the new room.

Once you do, you should see a message, again from me, like:

> this room was upgraded to v12 as per https://gitlab.torproject.org/tpo/tpa/team/-/issues/42240

That is all normal, even if it looks really fishy. Sorry, this is how
Matrix protocol upgrades work.

In theory, most room settings should be retained and everything should
work as normal.

The new room doesn't have the history of the old room, but the old room
is still there and *that* history is still available.

In practice, let us know (in the above issue) if you find any *new*
issue with the rooms.

# Who?

I'll be doing this work, and most people shouldn't be affected. There is
a small fraction (2-3% of users) who are on home servers that do *not*
support the new room versions.

Those users will not be able to join the new rooms, and are encouraged
to help their home server administrators to upgrade, or to switch to an
up to date home server.

If you use matrix.org or matrix.debian.social, you should be fine: those
servers are updated and your clients should follow the upgrade without
problem.

# When?

Some time next week. I don't have a precise coordinated time because I
need

# How?

This change is done for Security Reasons, across the entire Matrix
federation. It affects only servers (like matrix.org and
matrix.debian.social) that federate with other servers, so it affects
us.

The details upstream are somewhat scarce, but we're following this
announcement:

https://matrix.org/blog/2025/07/security-predisclosure/

... along with other news and documentation we find online. The issue is
tracked at TPA in:

https://gitlab.torproject.org/tpo/tpa/team/-/issues/42240

# Where?

The list of rooms that will be migrated, and the progress of the
migration, is tracked in the summary of the aforementioned issue.

A.
--
Antoine Beaupré
torproject.org system administration

Attachment: signature.asc
Description: PGP signature

_______________________________________________
tor-project mailing list -- tor-project@xxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to tor-project-leave@xxxxxxxxxxxxxxxxxxxx

Prev by Author: [tor-project] minutes from the sysadmin meeting
Next by Author: [tor-project] User Support Report for August 2025
Previous by thread: [tor-project] Anti-censorship team meeting notes, 2025-09-04
Next by thread: [tor-project] minutes from the sysadmin meeting
Index(es):
- Author
- Thread