v1.11

Client-Server API

Deprecations

• Authentication using a query string is now deprecated, as per MSC4126. The Authorization header should be used instead. (#1808)
• Use of the /_matrix/media/* endpoints is now deprecated. New, authenticated, endpoints are available instead. (#1858)

New Endpoints

• GET /_matrix/client/v1/media/config (#1858)
• GET /_matrix/client/v1/media/download/{serverName}/{mediaId} (#1858)
• GET /_matrix/client/v1/media/download/{serverName}/{mediaId}/{fileName} (#1858)
• GET /_matrix/client/v1/media/preview_url (#1858)
• GET /_matrix/client/v1/media/thumbnail/{serverName}/{mediaId} (#1858)

Backwards Compatible Changes

• Add support for muting in VoIP calls, as per MSC3291. (#1755)
• Add optional animated query string option to GET /thumbnail, as per MSC2705. (#1757)
• Specify terms of services at registration, as per MSC1692. (#1812)
• Add support for mathematical messages, as per MSC2191. (#1816)
• Do not require UIA when first uploading cross-signing keys, as per MSC3967. (#1828)
• Add the new unsigned.membership property to events, as per MSC4115. (#1847)
• Media downloads and thumbnails are now authenticated, as per MSC3916. (#1858)
• Some media endpoints are now consistently under /_matrix/client/{version}/media/* instead of /_matrix/media/*, as per MSC3916. (#1858)

Spec Clarifications

• Add /logout and clarify the endpoints which do not take a JSON request body. (#1644)
• Clarify that the type of the POST /login request must be one of the types returned by the GET /login response. (#1776)
• Link to existing grammar where possible in types. (#1813)
• Rename "recovery key" to "backup decryption key". (#1819)
• Clarify that the device's Ed25519 signing key should be used in QR code verification (as opposed to the device's Curve25519 identity key). (#1829)
• Fix various typos throughout the specification. (#1832, #1841, #1852, #1853)
• Specify the encoding to be used when generating QR codes for device verification. (#1839)
• Clarify that an access token is optional on the POST /account/password and POST /account/deactivate endpoints. (#1843)
• Use RFC 2119 keywords more consistently. (#1846, #1861)
• Move size limits for user, room and event IDs into the appendix and clarify that the length is to be measured in bytes. (#1850)
• Clarify that relations recursion should be capped at a certain depth. (#1854)
• Add missing secrets, third-party invites and room tagging modules to feature profiles table. (#1860)
• Clarify when server name is used and link to the definition. (#1862)
• Clarify where keys reside when checking an m.room.encrypted event. (#1863)
• Clarify that /media/v3/upload/{serverName}/{mediaId} requires authentication. (#1872)

Server-Server API

Deprecations

• Use of the Client-Server API /_matrix/media/* endpoints is now deprecated. New, authenticated, endpoints are available instead. (#1858)

New Endpoints

• GET /_matrix/federation/v1/media/download/{mediaId} (#1858)
• GET /_matrix/federation/v1/media/thumbnail/{mediaId} (#1858)

Backwards Compatible Changes

• Media downloads and thumbnails are now authenticated, as per MSC3916. (#1858, #1869)

Spec Clarifications

• Link to existing grammar where possible in types. (#1813)
• Clarify that whitespace around commas is allowed in the X-Matrix Authorization header value params list. (#1818)
• Clarify that the event field of the /v2/send_join response is only required when the event is signed by the resident server. (#1834, #1840)
• Replace references to RFC 7235 and RFC 7230 that are obsoleted by RFC 9110. (#1844)
• Fix various typos throughout the specification. (#1877)

Application Service API

Spec Clarifications

• Clarify that appservices should be notified of events relating to the sender_localpart user. (#1810)

Identity Service API

Deprecations

• Authentication using a query string is now deprecated, as per MSC4126. The Authorization header should be used instead. (#1808)

Push Gateway API

No significant changes.

Room Versions

Spec Clarifications

• Clarify that redaction events are still subject to all applicable auth rules. (#1824)
• Fix various typos throughout the specification. (#1827, #1848)
• Fix the rendering of the event format for room versions 1 and 2. (#1883)
• Generate the Table of Contents with Hugo rather than JavaScript. (#1884)

Appendices

Deprecations

• Deprecate linking to events in rooms identified by alias, as per MSC4132. (#1823)

Spec Clarifications

• Define 'Opaque Identifier Grammar'. (#1791)
• Define common cryptographic key representation. (#1819)
• Move size limits for user, room and event IDs into the appendix and clarify that the length is to be measured in bytes. (#1850)

Internal Changes/Tooling

Spec Clarifications

• Update the spec release process and related documentation. (#1759)
• Fix npm release script for @matrix-org/spec. (#1765)
• Formatting fixes in CONTRIBUTING.rst. (#1769)
• Improve rendering on mobile devices. (#1770, #1771)
• Fix the OpenAPI definition of the security schemes. (#1772)
• Simplify uses of resolve-refs partial. (#1773)
• Fix Hugo warnings. (#1775, #1788)
• Fix github-labels.rst. (#1781)
• Update dependencies. (#1786, #1803, #1804)
• Solve allOf recursively in OpenAPI and JSON Schemas. (#1787)
• Fix property type resolution in render-object-table partial. (#1789)
• Factor out common definition of Tag type. (#1793)
• Update the version of Hugo used to render the spec to v0.124.1. (#1794)
• Add support for pattern formats for patternProperties. (#1796)
• Clean up unnecessary allOfs in OpenAPI definitions. (#1797)
• Show information about "Additional Properties" in object tables. (#1798)
• Fix anchors for schemas under oneOf. (#1799)
• Use reference to OneTimeKeys schema in OpenAPI definitions. (#1800)
• Do not use the title of objects containing only additionalProperties or patternProperties. (#1801)
• Add anchors in definition shortcode. (#1802)
• Set python version for the Towncrier CI job. (#1805)
• Replace set-output with environment files in CI. (#1806)
• Render response headers. (#1809)
• Use patternProperties in more places with supported formats. (#1813)
• Add support for rendering string formats. (#1814)
• Refactor the OpenAPI definitions of the content repository endpoints. (#1822)
• Clean up pull request template. (#1831)
• Do not add empty arrays to examples. (#1849)
• Generate the Table of Contents with Hugo rather than JavaScript. (#1851, #1885)
• Fix syntax errors in the spec release issue template. (#1856)
• Use environment variables for Netlify build job. (#1865)
• Render added/changed in info on request and response content types. (#1876)
• Fix validation errors in generated HTML. (#1880)
• Ensure most generated HTML IDs are unique. (#1881)
• Allow to specify a prefix for generated HTML IDs of API endpoints. (#1882)