v1.9.2

What's Changed

• Forward mentions from bot to management room by @H-Shay in #567

Security

• This release reintroduces the mention forwarding feature removed in 1.9.1. See GHSA-3jq6-xc85-m394 / CVE-2025-24024 for details.

Full Changelog: v1.9.1...v1.9.2

v1.9.1

Security Advisory

A security issue was discovered in the mention forwarding feature. We've backed it out in v1.9.1 (this release) and encourage admins to immediately upgrade to this version while we take a closer look.

Update January 21, 2025: This is GHSA-3jq6-xc85-m394 / CVE-2025-24024

What's Changed

• Revert "forward mentions to management room" feature by @turt2live in #565

Full Changelog: v1.9.0...v1.9.1

v1.9.0

Security Advisory

Please upgrade immediately to v1.9.1 instead of v1.9.0

Update January 21, 2025: This is GHSA-3jq6-xc85-m394 / CVE-2025-24024

What's Changed

• A few small fixes by @H-Shay in #536
• Add displayname mention spam protection by @H-Shay in #537
• Add users who activate mention spam protection to auto-redact list by @H-Shay in #541
• Remove notes from the default config.yaml that suggest mjolnir's wordlist feature supports regex, it does not. by @PC-Admin in #543
• Use Prettier to format code by @H-Shay in #542
• Use admin api for redactions if possible by @H-Shay in #538
• Add a test verifying messageIsMediaProtection by @H-Shay in #545
• Trim leading whitespace from !mjolnir command by @Half-Shot in #549
• Create CODEOWNERS by @turt2live in #550
• Don't ban users in moderator room by @H-Shay in #544
• Filter out rooms where user was never a member when redacting rooms by @H-Shay in #551
• Don't shut down protected rooms by @H-Shay in #554
• Notify moderation room when users in protected rooms mention the bot (configurable) by @Half-Shot in #553
• Add a test verifying unban command by @H-Shay in #557
• Stop printing help menu on unknown command by @H-Shay in #558
• Don't allow mods to demote bot or members of management room in protected rooms by @H-Shay in #555
• Use spoilers when mentioning targets of a rule by @H-Shay in #559
• v1.9.0 by @H-Shay in #563

New Contributors

• @PC-Admin made their first contribution in #543

Full Changelog: v1.8.3...v1.9.0

v1.8.3

What's Changed

• Fix default config to maintain backwards compatibility by @turt2live in #535

Full Changelog: v1.8.2...v1.8.3

v1.8.2

What's Changed

• Support non-password based login by @H-Shay in #533

Full Changelog: v1.8.1...v1.8.2

v1.8.1

What's Changed

• Add quote charaters to mxc match regex by @H-Shay in #532

Full Changelog: v1.8.0...v1.8.1

v1.8.0

What's Changed

• Resolve aliases and get via servers before storing watch list by @H-Shay in #518
• Support authenticated media (by updating bot-sdk / matrix-appservice-bridge) by @Half-Shot in #523
• Fix NSFW protection not awaiting redaction by @Half-Shot in #526
• Log the name of the failed protection to the moderation room when it fails. by @Half-Shot in #525
• Add protection for mention spam by @Half-Shot in #524
• Improve messaging and checks in NSFW protection by @H-Shay in #529
• Add native encryption support to Mjolnir by @H-Shay in #528

Note that configuration options related to Pantalaimon are now deprecated (as native encryption is now supported in mjolnir) and will be removed at a later date.

Full Changelog: v1.7.0...v1.8.0

v1.7.0

What's Changed

• Add some releasing instructions by @H-Shay in #500
• Update releasing instructions to use script by @H-Shay in #502
• Bump postcss from 8.4.16 to 8.4.39 by @dependabot in #507
• Bump crypto-js from 4.1.1 to 4.2.0 by @dependabot in #492
• Bump express from 4.18.1 to 4.19.2 by @dependabot in #512
• Bump braces from 3.0.2 to 3.0.3 by @dependabot in #511
• Bump sanitize-html from 2.7.1 to 2.13.0 by @dependabot in #510
• Bump ws from 7.5.5 to 7.5.10 by @dependabot in #509
• Bump follow-redirects from 1.15.1 to 1.15.6 by @dependabot in #508
• Add commands to suspend/unsuspend user by @H-Shay in #506
• Check for via servers before trying to join room in policy list manager by @H-Shay in #514
• Use modern language by @H-Shay in #513
• Do not interrupt redact sequences because of exceptions on backfilling by @maranda in #479
• remove real name requirement from DCO by @joshsimmons in #515
• Enhance media protections by @H-Shay in #516
• Add a NSFW protection by @H-Shay in #520
• Bump express from 4.19.2 to 4.20.0 by @dependabot in #521
• Bump micromatch from 4.0.4 to 4.0.8 by @dependabot in #519

New Contributors

• @joshsimmons made their first contribution in #515

Special Thanks

• Thanks to @Gnuxie for inspiration/groundwork on the NSFW protection

Full Changelog: v1.6.5...v1.7.0

v1.6.5

What's Changed

• Detect stickers as media by @RasmusRendal in #480
• Bump word-wrap from 1.2.3 to 1.2.4 by @dependabot in #486
• Bump semver from 5.7.1 to 5.7.2 by @dependabot in #484
• Bump yaml from 2.1.1 to 2.2.2 by @dependabot in #478
• Bump matrix-appservice-bridge from 8.0.0 to 8.1.2 by @dependabot in #487
• Bump node version to 18 by @H-Shay in #496
• Bump package version in preparation for release by @H-Shay in #498
• Bump package version to 1.6.5 by @H-Shay in #499

New Contributors

• @RasmusRendal made their first contribution in #480
• @H-Shay made their first contribution in #496

Full Changelog: v1.6.4...v1.6.5

v1.6.4

This is a bugfix release.

ChangeLog

Bot

• Bugfix: In Mjölnir-for-all, make sure that config.bot.displayName is always set, by @Yoric in 9693149