Summary
What's new
Rocket.Chat has introduced several key updates. Enterprise users can now leverage add-ons like RC AI, VoIP for Team Collaboration, and WhatsApp 360 Dialog for expanded capabilities. The Starter Plan now supports up to 50 users, and Community Edition users can upgrade via the Cloud Portal.
Security enhancements include the removal of the Compatible Sandbox in favor of a Secure Sandbox for integration scripts. Omnichannel optimizations have significantly improved visitor processing times, and ACH Debit is now available as a payment option.
A new VoIP for Team Collaboration beta feature allows direct calls within the platform. MongoDB 7.0 is supported, while MongoDB 4.4 has been deprecated. The platform has been upgraded to Node.js 20.x and Meteor 3.0 for better performance.
E2EE now has a confirmation modal and an option to reset room keys. Uploading private apps is limited to premium plans, and air-gapped environments are only supported on premium plans for licensing compliance. Admins now have enhanced control over team permissions, and the sidebar has gained collapsible categories and a recent room view as part of Feature preview.
Bug fixes
Support window restrictions now work as intended, and issues causing E2EE room freezes, and multiple LDAP sync cron jobs have been resolved. Login button customization properly applies WCAG warnings, and a broken translation in the "Forgot Password" email has been fixed. Deprecated endpoints have been removed.
For more detailed information, check out our release notes and deprecated and phasing out of the features document.
Details
Engine versions
- Node:
20.17.0
- MongoDB:
5.0, 6.0, 7.0
Major Changes
-
(#33316) Changes some displays to reflect new rules for private apps and adds a new modal before uploading a private app
-
(#32212) Fixed broken translation in "Forgot Password" e-mail
-
(#33503) Adds modal confirmation to enable and disable End-to-end encryption
Adds a reset room key option to the modal that disables End-to-end encryption, this is useful when all the members of a room lose their room E2EE keys
-
(#33038) Remove support of filtering by agent's username on the following endpoint:
/v1/livechat/rooms
The performance of the endpoint was improved when filtering by:
- Agent
- Deparment
- Open chats
-
(#33474) Removes deprecated endpoint
pw.getPolicyReset
. Moving forward, use thepw.getPolicy
endpoint. -
(#32162) As per MongoDB Lifecycle Schedules (mongodb.com/legal/support-policy/lifecycles) we're removing official support to MongoDB version 4.4 that has reached end of life in February 2024.
We recommend upgrading to at least MongoDB 6.0+, though 5.0 is still a supported version.
Here are official docs on how to upgrade to some of the supported versions:
-
(#33333) Login services button was not respecting the button color and text color settings. Implemented a fix to respect these settings and change the button colors accordingly.
Added a warning on all settings which allow admins to change OAuth button colors, so that they can be alerted about WCAG (Web Content Accessibility Guidelines) compliance.
-
(#32162) Added MongoDB 7.0 support
-
(#33449) Removes deprecated method
livechat:webhookTest
. Moving forward use the endpointlivechat/webhook.test
. -
(#33373) This adjustment removes the deprecated method
livechat:searchAgent
. Moving forward, uselivechat/users/agent/:_id
endpoint. -
(#33442) Removes deprecated
livechat:getAnalyticsOverviewData
method. Moving forward use thelivechat/analytics/overview
endpoint. -
(#31889) Removed upsert behavior on
users.update
endpoint (joinDefaultChannels
param or emptyuserId
are not allowed anymore) -
(#33802) Changes groups messages listing endpoint by moving query params from the 'query' attribute to standard query parameters.
-
(#32159) Api login should not suggest which credential is wrong (password/username)
Failed login attemps will always return
Unauthorized
instead of the internal fail reason -
(#31117) Adds a new set of permissions to provide a more granular control for the creation and deletion of rooms within teams
create-team-channel
: controls the creations of public rooms within teams, it is checked within the team's main room scope and overrides the globalcreate-c
permission check. That is, granting this permission to a role allows users to create channels in teams even if they do not have the permission to create channels globally;create-team-group
: controls the creations of private rooms within teams, it is checked within the team's main room scope and overrides the globalcreate-p
permission check. That is, granting this permission to a role allows users to create groups in teams even if they do not have the permission to create groups globally;delete-team-channel
: controls the deletion of public rooms within teams, it is checked within the team's main room scope and complements the globaldelete-c
permission check. That is, users must have both permissions (delete-c
in the channel scope anddelete-team-channel
in its team scope) in order to be able to delete a channel in a team;delete-team-group
: controls the deletion of private rooms within teams, it is checked within the team's main room scope and complements the globaldelete-p
permission check. That is, users must have both permissions (delete-p
in the group scope anddelete-team-group
in its team scope) in order to be able to delete a group in a team;;
Renames
add-team-channel
permission (used for adding existing rooms to teams) tomove-room-to-team
, since it is applied to groups and channels. -
(#33391) Removed deprecated method
livechat:loginByToken
. Moving forward, use the endpointlivechat/visitor/:token
. -
(#33473) Removes deprecated method
getPasswordPolicy
. Moving forward, use the endpointpw.getPolicy
. -
(#33210) Removes private App installation via URL method following a deprecation warning.
-
(#33429) Removed deprecated methods
livechat:saveTrigger
andlivechat:removeTrigger
. Moving forward use the endpointslivechat/triggers (POST)
andlivechat/triggers/:_id (DELETE)
respectively. -
(#33465) Removes deprecated method
addOAuthApp
. Moving forward, use the endpointoauth-apps.create
instead. -
(#33472) Removes deprecated
deleteMessage
method. Moving forward, use thechat.delete
endpoint. -
(#33447) Removes deprecated method
livechat:saveInfo
. Moving forward use the enpointlivechat/room/save.info
. -
(#31438) Upgrades the version of the Meteor framework to 3.0
The main reason behind this is the upgrade of the Node.js version, where version 14 will be removed and version 20 will be used instead.
Internally, significant changes have been made, mostly due to the removal of fibers.
As a result, it was necessary to adapt our code to work with the new version.
No functionality should have been affected by this, but if you are running Rocket.Chat in unconventional ways, please note that you need to upgrade your Node.js version.
-
(#33426) Removed deprecated method
livechat:getNextAgent
. Moving forward, use thelivechat/agent.next/:token
endpoint. -
(#33526) Removes deprecated method
livechat:setDepartmentForVisitor
. Moving forward, use the endpointlivechat/visitor
. -
(#33241) Adds restrictions to air-gapped environments without a license
-
(#33042) Removes
view-history
permission due to lack of usage -
(#33448) Removes the deprecated method
livechat:saveAppearance
. Moving forward use the endpointlivechat/appearance
. -
(#33445) Removes deprecated
livechat:getAgentOverviewData
method. Moving forward uselivechat/analytics/agent-overview
endpoint. -
(#33444) Removes deprecated method
livechat:setCustomField
. The custom fields can be directly set via thelivechat/visitor
endpoint. -
(#33471) Removes deprecated endpoint
channels.images
. Moving forward, userooms.images
endpoint. -
(#33650) Changes custom emoji listing endpoint by moving query params from the 'query' attribute to standard query parameters.
-
(#32856) Adds a new collection to store all the workspace cloud tokens to defer the race condition management to MongoDB instead of having to handle it within the settings cache.
Removes the Cloud_Workspace_Access_Token & Cloud_Workspace_Access_Token_Expires_At settings since they are not going to be used anymore. -
(#33423) Removed deprecated methods
livechat:removeAgent
,livechat:removeManager
andlivechat:removeDepartment
. Moving forward, uselivechat/users/agent/:_id
, andlivechat/users/manager/:_id
andlivechat/department/:_id
respectively.` -
(#31438) Node.js 20.x support
-
(#33801) Changes channels messages listing endpoint by moving query params from the 'query' attribute to standard query parameters.
-
(#32154) Removed the ability to import data in the HipChat Enterprise format, as it was discontinued over five years ago.
-
(#33419) Changes End-to-end encryption default setting to enable mention in encrypted messages
-
(#33451) Removes deprecated method
livechat:saveIntegration
. Moving forward, use the endpointomnichannel/integrations (POST)
. -
(#33443) Removed deprecated method
livechat:saveSurveyFeedback
. Moving forward use the endpointlivechat/room.survey
. -
(#33787) Changes settings public listing endpoint by moving query params from the 'query' attribute to standard query parameters.
-
Removed the deprecated "Compatible Sandbox" option from integration scripts and the dependencies that this sandbox mode relied on.
-
(#33453) Removes deprecated
livechat/inquiries.queued
endpoint. Moving forward use thelivechat/inquiries.queuedForUser
endpoint. -
(#31438) Remove linkedin oauth package, now linkedin oauth must to me configured as custom oauth
-
(#32285) Fixed issue with LDAP sync triggering multiple cron jobs in case an invalid sync interval is provided
-
(#33328) Allows authorized users to reset the encryption key for end-to-end encrypted rooms. This aims to prevent situations where all users of a room have lost the encryption key, and as such, the access to the room.
-
(#33539) Removes deprecated method
livechat:registerGuest
. Moving forward, use the endpointlivechat/visitor
. -
(#33520) Fixes a behavior of E2EE room creation that allowed any user on the room to define room keys before the room creator, causing race conditions.
-
(#33329) Randomizes
e2eKeyId
generation instead of derive it from encoded key. Previously, we used the stringified & encoded version of the key to extract a keyID, however this generated the same keyID for all rooms. As we didn't use this keyID, and rooms didn't have the capability of having multiple keys, this was harmless.
This PR introduces a new way of generating that identifier, making it random and unique, so multiple room keys can be used on the same room as long as the keyID is different.NOTE: new E2EE rooms created after this PR is merged will not be compatible with older versions of Rocket.Chat. Old rooms created before this update will continue to be compatible.
-
(#33361) Change the E2EE setting - "Access unencrypted content in encrypted rooms" default value, making the current behavior not allow to send unencrypted messages in end-to-end encrypted channels.
-
(#33470) Removes deprecated endpoints
licenses.isEnterprise
andlicenses.get
. Moving forward use the endpointlicenses.info.
-
(#33371) This adjustment removes deprecated
livechat:getCustomFields
method. Moving forward use thelivechat/custom-fields
endpoint. -
(#33605) Updates End-to-end settings translations and removes beta wording
-
(#33572) Removes the ability of changing room's encryption status from the
key
icon placed on the room's header. Icon's purpose is now only informative, showing when a room uses E2EE. Use the kebab menu to enable/disable E2EE. -
(#33432) Removed deprecated methods
livechat:requestTranscript
andlivechat:discardTranscript
. Moving forward uselivechat/transcript/:rid
endpoint's POST and DELETE methods. -
(#31383) No longer shows archived rooms in
rooms.autocomplete.channelAndPrivate
endpoint -
(#33807) Changes ims and dms messages listing endpoint by moving query params from the 'query' attribute to standard query parameters.
-
(#32532) Removed
meteor/check
fromchat
endpoints -
(#33434) Renames the settings group 'Voice Channel' to 'Omnichannel voice channel (VoIP)' to better reflect its responsibility.
-
(#33427) Removed deprecated method
livechat:pageVisited
. Moving forward, use thelivechat/page.visited
endpoint. -
(#33446) Removed deprecated method
livechat:saveDepartmentAgents
. Moving forward, use the endpointlivechat/department/:_id/agents
. -
(#33630) Changes the payload of the startImport endpoint to decrease the amount of data it requires
-
(#33238) Adds new empty states for the marketplace view
-
(#33452) Removes deprecated method
livechat:sendOfflineMessage
. Moving forward, use the endpointlivechat/offline.message
. -
(#33450) Removes deprecated method
livechat:getAgentData
. Moving forward use the endpointlivechat/agent.info/:rid/:token
. -
(#33461) Removes deprecated endpoint
livechat/room.visitor
.
Minor Changes
-
(#32194) Adds methods to the Apps-Engine to interact with unread messages to enhance message capabilities on Apps.
-
(#33377) Send messages with encrypted attachments to mobile notification service
-
(#33489) Adds
Recent
button on the new sidebar Search section to replicate the previous behavior of focusing the search bar - show recent chats. -
(#33562) Introduces a new featured action on the room header for action buttons using the non-default category to enhance user accessibility.
-
(#33592) Adds ability to collapse/expand sidebar groups
-
(#33294) Improves the accessibility of the report user modal by adding an appropriate label, description, and ARIA attributes.
-
(#33283) Adds a warning to inform users they are about to send unencrypted messages in an E2E Encrypted room if they have the
Unencrypted messages in encrypted rooms
setting enabled. -
(#33066) Introduces new property
category
for Rocket.Chat Apps to register UI action buttons. This property is used to group buttons in the UI. -
(#33386) Fixes the departments filter on the omnichannel current chats page by ensuring that the selected department is fetched and
added if it was not part of the initial department list. This prevents the filter from becoming blank and avoids potential
UX issues. -
(#33598) Adds a new setting to allow mapping LDAP attributes to the user's extension
-
(#33496) Applied category reorder from admin setting also on new sidebar - Enhanced navigation feature preview
-
(#33433) Added support for interacting with add-ons issued in the license
-
(#33483) Introduces new visual components into marketplace pages to inform an add-on necessity into the workspace.
Patch Changes
-
Bump @rocket.chat/meteor version.
-
Bump @rocket.chat/meteor version.
-
Bump @rocket.chat/meteor version.
-
Bump @rocket.chat/meteor version.
-
Bump @rocket.chat/meteor version.
-
Bump @rocket.chat/meteor version.
-
Bump @rocket.chat/meteor version.
-
(#32648 by @AllanPazRibeiro) This adjustment removes the deprecated
eraseRoom
method. Moving forward, use theroom.delete
endpoint to delete rooms. -
(#33381) Fixes a race condition that causes livechat conversations to get stuck in the agent's sidebar panel after being forwarded.
-
(#33355) This adjustment removes the deprecated
removeWebdavAccount
method. Moving forward, use thewebdav.removeWebdavAccount
endpoint to remove WebDAV accounts. -
(#33527) Fixes E2EE composer freezing when the room state changes
-
(#33332) Fixes an issue where a thread message was not scrolled to view when it was opened using its link.
-
(#33028) Fixes an issue where ignore threads parameter were not being affected by retention policy overriding in old channels
-
(#33346) Implements integration with FreeSwitch to enable VoIP calls for team collaboration workspaces
-
(#33364) Fixed Twilio request validation by accepting URLs with query strings
-
(#33330) Security Hotfix (https://docs.rocket.chat/docs/security-fixes-and-updates)
-
(#33606) Fixed the regex for domains in the isValidDomain function
-
(#33375) Fixes title missing in thread list for threads starting with attachment in E2EE rooms
-
(#33435) Fixes an issue causing server to not notify users via websocket of new E2EE keys suggested by other users to them when running in development environments.
-
(#33770) Fixes page loading during reconnections
-
(#33412) Fixes a logical error when updating the
responseBy
property of a room whilewaitingResponse
property was still defined. -
(#33631) Fixes E2EE not rendering new navigation feature preview
-
(#33417) Fixes issue with previously disabled private apps being auto enabled on update
-
(#33583) Security Hotfix (https://docs.rocket.chat/docs/security-fixes-and-updates)
-
(#33424) Fixes a problem with custom sounds causing files to not be playable when using filesystem storage.
-
(#28042) Changes the default base Docker image to Alpine. Previously we were shipping Alpine as an alternative flavor under the tag rocketchat/rocket.chat:{release}.alpine , we have been testing this for a while now so we're migrating to use the official one to Alpine.
We'll still ship a Debian variant under the tag rocketchat/rocket.chat:{release}.debian.
-
(#33390) Removed deprecated method
livechat:loadHistory
method. Moving forward use theivechat/messages.history/:rid
endpoint -
(#33358) This adjustment removes the deprecated
Mailer.sendMail
andMailer:unsubscribe
methods. Moving forward, use themailer
andmailer.unsubscribe
endpoints. -
(#33405) Fixes an issue where a user may receive an indefinite amount of "suggested keys" from all the users on a room even when a user already suggested a key for them, duplicating the work on server.
Now, the endpoint that returns users waiting for keys will return only users that don't have neither
E2EKey
norE2ESuggestedKey
. -
(#33652) Fixes message toolbar showing in End-to-end encrypted room when messages are not decrypted
-
(#33372) This adjustment removes deprecated
livechat:addAgent
andlivechat:addManager
method. Moving forward uselivechat/users/agent
andlivechat/users/manager
endpoints to add agent and manager respectively. -
(#33507) Fixed an issue where "Filter by room type" was selectable in the Rooms filter.
-
(#33378) Fixes async E2EE key exchange in development environments where change streams are no longer used
-
Updated dependencies [c5b0c98, 2806cb5, 3395c82, d44f614, 34ed9ad, 6b5b91f, d1e14a0, 687f1ef, bcacbb1, 9274cf4, 9bcb802, f33c07e, 9cf0797, b167db0, f4365b7, d9fe5bb, b338807, 5f9826b, bf05700, debd3ff, a5f25e7, 1bdfd20, 3ea02d3, e3629e0, b19ae4d, 03d1485, 3f9c3f1, 760ae5c, 4aa731d, 53cc111, 81998f3, e3dac4a, 2bc9692, 50943a0, 5acb59b, 509143d, 31eb47f, fa501ec]:
- @rocket.chat/[email protected]
- @rocket.chat/[email protected]
- @rocket.chat/[email protected]
- @rocket.chat/[email protected]
- @rocket.chat/[email protected]
- @rocket.chat/[email protected]
- @rocket.chat/[email protected]
- @rocket.chat/[email protected]
- @rocket.chat/[email protected]
- @rocket.chat/[email protected]
- @rocket.chat/[email protected]
- @rocket.chat/[email protected]
- @rocket.chat/[email protected]
- @rocket.chat/[email protected]
- @rocket.chat/[email protected]
- @rocket.chat/[email protected]
- @rocket.chat/[email protected]
- @rocket.chat/[email protected]
- @rocket.chat/[email protected]
- @rocket.chat/[email protected]
- @rocket.chat/[email protected]
- @rocket.chat/[email protected]
- @rocket.chat/[email protected]
- @rocket.chat/[email protected]
- @rocket.chat/[email protected]
- @rocket.chat/[email protected]
- @rocket.chat/[email protected]
- @rocket.chat/[email protected]
- @rocket.chat/[email protected]