Draupnir/CHANGELOG.md

Changelog

All notable changes to Draupnir will be kept in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[Unreleased] - None

Added

• Simulated capabilities for all available protection capabilities. These allow protections to run without effects.

• A command !draupnir protections capability reset <protection name> to restore the default capability set.

[v2.1.0] - 2025-02-02

Fixed

• config.protectAllJoinedRooms was unimplemented in versions v2.0.2 and below. This went under the radar in the beta programme because it would have only been detectable for first time testers migrating over. Reported by @cremesk and @HReflex.

• Draupnir will now automatically unprotect rooms when the bot is kicked, and send an alert to the management room.

• config.commands.allowNoPrefix will include the full command arguments again. Reported by @JacksonChen666 and @heftig in https://github.com/the-draupnir-project/Draupnir/issues/707.

• Fixed an issue where the ProtectedRoomsSet would not be disposed on entering safe mode via the !draupnir safe mode command. This would cause duplicate protections to apply out of date policies to protected rooms. Reported by @TheArcaneBrony in https://github.com/the-draupnir-project/Draupnir/issues/687.

• An issue where sometimes Draupnir would crash if it were unable to fetch its own profile from the homeserver. We just fallback to nothing if this was the case https://github.com/the-draupnir-project/Draupnir/issues/703. Reported by @JokerGermany i think.

Added

• RoomSetBehaviourProtection to add the config.protectAllJoinedRoomsFunctionality. This is also responsible for unprotecting rooms as the bot is removed from them.

• The !draupnir rooms command will now distinguish between joined and protected rooms, joined but unprotected rooms, and protected but parted rooms.

Thank you to everyone who has been promptly reporting bugs and making these fixes possible <3

[v2.0.2] 2025-01-24

Added

• The unban command now has an --invite option to re-invite any users that are unbanned by the command. By @nexy7574 in https://github.com/the-draupnir-project/Draupnir/pull/666.

Fixed

• Draupnir will now refresh the room state cache in the background after startup when the backing store is in use. Fixed by @Gnuxie.

• Fixed issues where the bot wouldn't respond to pings from some SchildiChat, Element Web, and Element X. Reported by @Cknight70 in https://github.com/the-draupnir-project/Draupnir/issues/686. Fixed by @Gnuxie in https://github.com/the-draupnir-project/Draupnir/pull/699

• Fixed an issue where Draupnir would ignore the Retry-After http header and so not rate limit Draupnir properly. Reported and fixed by @nexy7574 in https://github.com/the-draupnir-project/Draupnir/pull/694.

• Draupnir will respond when the allowNoPrefix config option is used. Reported by @JacksonChen666 in https://github.com/the-draupnir-project/Draupnir/issues/678. Fixed by @Gnuxie in https://github.com/the-draupnir-project/Draupnir/pull/699.

• Draupnir will now ignore newlines in secret files, previously Draupnir was appending the newline to the secrets. Reported and fixed by @TheArcaneBrony in https://github.com/the-draupnir-project/Draupnir/pull/696.

[v2.0.1] 2025-01-18

Fixed

• Fixed an issue where the !draupnir unban and the unban prompt actually banned users again at the room level instead of unbanning them. Matching policy rules were still removed. This bug was introduced in v2.0.0-beta.5. Thanks to @nexy7574 for helping to debug the issue.

• Fixed an issue where default protections would be renabled on restart if disabled, thanks to @ll-SKY-ll and @mahdi1234 for helping with debugging this.

[v2.0.0] 2025-01-16

Upgrade Steps

There are no manual upgrade steps, the new protections are automatically enabled. The only thing you should note is that Draupnir now enables the new roomStateBackingStore by default. This improves the startup time of Draupnir considerably but if you need to disable it, see the config documentation here.

There are also no upgrade steps to upgrading to v2.0.0 from Mjolnir.

Please see the documentation if you are installing Draupnir for the first time.

What's changed

TL;DR everything is so much better.

• Draupnir is now much less dependant on commands and will automatically send prompts to the management room. Prompts are sent for inviting Draupnir to protect rooms, watch policy lists, banning users, and unbanning users.

• Draupnir is much more responsive. Draupnir now does not need to request any data from the homeserver before applying new bans or to ban new users.

• Draupnir now uses a persistent revision system for room state, members, policies, and policy matches. By using revisions, Draupnir only has to process room state once in terms of simple deltas as room state is updated.

• Draupnir offers a room state backing store, allowing Draupnir to startup quickly, even when deployed at distance from the homeserver.

• Protection messages have been revised to present information more efficiently in the management room.

• A safe mode has been introduced that can be used to recover Draupnir in situations where watched lists or protected rooms become unjoinable.

• All commands now use the new command-oriented interface-manager.

• Protection settings have been reworked. The !draupnir protections show command now shows all configurable settings for a given protection and describes how they can be modified.

In addition to hundreds of other significant fixes, UX improvements, and other changes that would be too detailed to list in this changelog. For a full list of changes, please review the CHANGELOG.

Special thanks to all contributors who helped in the beta programme: @avdb13, @bluesomewhere, @daedric7, @deepbluev7, @FSG-Cat, @HarHarLinks, @guillaumechauvat, @jimmackenzie, @jjj333-p, @JokerGermany, @julianfoad, @Kladki, @ll-SKY-ll, @mahdi1234, @Mikaela, @morguildir, @MTRNord, @nexy7574, @Philantrop, @ShadowJonathan, @tcpipuk, @TheArcaneBrony

[v2.0.0-beta.11] 2025-01-16

Changed

• Enable the room state backing store by default. This is configured with the roomStateBackingStore setting in config. by @FSG-Cat.

Fixed

• Fix the report poller so that it no longer repeatedly sends the same reports.

• WordListProtection: No longer send the banned word in the banned reason, by @nexy7574 in https://github.com/the-draupnir-project/Draupnir/pull/665.

• Fixed the reporter field in the abuse report UX displaying as the sender when the report came from the report poller. Reported by @HarHarLinks in https://github.com/the-draupnir-project/Draupnir/issues/408.

• Show invalid settings with red crosses in !draupnir protections show.

Added

• The number of unique matrix users in the protected rooms set is now shown in the status command as "protected users" .

• !draupnir protections config reset command to restore the default protection settings for a protection.

Removed

• Several unused config options have been removed from the template. fasterMembershipChecks no longer does anything or is needed. confirmWildcardBan is not used. protectedRooms config option is not used anymore because it has confusing semantics. by @FSG-Cat.

[v2.0.0-beta.10] 2025-01-09

Changed

• Make the unban command's --true option the default behaviour. Removing a policy will automatically matching unban users from protected rooms. Changed by @nexy7574 and reported in https://github.com/the-draupnir-project/Draupnir/issues/648

Fixed

• Stop the kick command from removing members who had left or were banned, Fixed and reported by @nexy7574 in https://github.com/the-draupnir-project/Draupnir/issues/649.

• Stop room's being added as server policies. Fixed by @nexy7574 reported by @FSG-Cat in https://github.com/the-draupnir-project/Draupnir/issues/458.

• Stop Draupnir's WordList and BasicFlooding protections from reacting to itself in the management room. Fixed by @nexy7574 reported by @TheArcaneBrony in https://github.com/the-draupnir-project/Draupnir/issues/579.

• Stop duplicate notice's that Draupnir is updating room ACL in https://github.com/the-draupnir-project/Draupnir/issues/450.

• Fixed serverACL's were not immediately updated after unwatching or watching a new policy list. https://github.com/the-draupnir-project/Draupnir/issues/451.

• Fixed an issue where remote aliases couldn't be resolved unless the homeserver was already present in the room. Reported by @TheArcaneBrony in https://github.com/the-draupnir-project/Draupnir/issues/460.

• Fixed an issue where it was not possible to unwatch a policy room. Reported by @JokerGermany in https://github.com/the-draupnir-project/Draupnir/issues/431, and @nexy7574 in https://github.com/the-draupnir-project/Draupnir/issues/647.

• Fixed an issue where if Draupnir was protecting a very large number of users then CPU could be starved for as long as a minute while matching users against policies. Reported by @TheArcaneBrony in https://github.com/the-draupnir-project/Draupnir/issues/498.

• Handle invalid forwarded reports properly. Reported by @Philantrop in https://github.com/the-draupnir-project/Draupnir/issues/643.

[v2.0.0-beta.9] 2024-12-14

Fixed

• The !draupnir protections config <protection> <set/add/remove> <value> commands are now working again. A tutorial has been written explaining how to use these commands https://the-draupnir-project.github.io/draupnir-documentation/protections/configuring-protections. Reviewed by @FSG-Cat.

• The BanPropagationProtection now shows a prompt for all unbans, even when there is no matching rule. This is to make it easier to unban a user from all the rooms draupnir is protecting, and not just when removing policy rules. Reported by @mahdi1234 in https://github.com/the-draupnir-project/Draupnir/issues/622.

• The JoinWaveShortCircuitProtection has been improved:

  • The JoinWaveShortCircuitProtection now uses a leaky bucket token algorithm, prior to this the entire bucket got dumped after a preconfigured time.
  • The status command for the protection has returned and will show how full each bucket is.

• A bug where providing a bad or missing argument could render the help hint poorly or crash draupnir has been fixed. https://github.com/the-draupnir-project/Draupnir/issues/642.

Added

• A new !draupnir protections show <protection> command that can display all of the settings and capability providers for a protection.

• A new command !draupnir protections capability <capability name> <provider name> to configure a protection's active capabilitity providers. This is experimental and is intended to be used in conjunction with the !draupnir protections show <protection> command. It's not clear whether we will demonstrate protection capabilities before or after the upcoming 2.0.0 release.

Special thanks

Special thanks to @TheArcaneBrony, @ll-SKY-ll, @MTRNord, and @daedric7 for providing support to myself and others in #draupnir:matrix.org.

[v2.0.0-beta.8] - 2024-10-22

Changed

• Breaking: The Node version required to run Draupnir has been updated from Node 18 to Node 20. If you are using Debian, please follow our documentation for using Debian and node source here, kindly contributed by @ll-SKY-ll. This is due to of the release policy of one of our major dependencies, matrix-appservice-bridge, by @MTRNord in https://github.com/the-draupnir-project/Draupnir/pull/609. We did this as part of larger work to attempt to fix issues with Element's "invisible crypto" documented in https://github.com/the-draupnir-project/Draupnir/issues/608.

• The Dockerfile now uses a multi-stage build, so docker build will just work again. Thanks to @ShadowJonathan for reporting. We also optimized the image size just slightly. Long term we've been blocked on for years on https://github.com/matrix-org/matrix-rust-sdk-crypto-nodejs/issues/19 which would allow us to use the alpine image and take the size down to under 200MB again. So if anyone can help out there it'll make a massive difference and be greatly appreciated.

• Dockerfile: entry-point was renamed from mjolnir-entrypoint.sh to draupnir-entrypoint.sh. If you have built a Dockerfile based on ours, you may need to make some changes.

• Dockerfile: source code was moved from /mjolnir to /draupnir. If you have built a custom docker image based on our Dockerfile based on ours, you may need to make some changes.

• The appservice registration file generator no longer emits mjolnir-registration.yaml as it has been renamed to draupnir-registration.yaml. This is only a concern if you have automated tooling that generates a registration file.

• The safe mode recovery command now prompts for confirmation.

• Some references to Mjolnir have been changed to Draupnir thanks to @FSG-Cat in https://github.com/the-draupnir-project/Draupnir/pull/591.

Development

• Enable proseWrap in prettier, by @Mikaela in https://github.com/the-draupnir-project/Draupnir/pull/605. We thought that this was enabled already but turns out we missed it.

• The no-confirm keyword argument now has special meaning, see the safe mode recover command and renderer description for an example.

Added

• Safe mode now shows a preview of the persistent configs, including the property or item that is causing Draupnir to fail to start. Special thanks for the feedback from @jimmackenzie and @TheArcaneBrony. Thanks to @julianfoad for documenting the use case for safe mode.

• Draupnir now logs at startup the path used to load its configuration file, and which options are used for loading secrets. We also show any non-default configuration values if Draupnir crashes. This is to to try make it very clear to system administrators which configuration options are being used by Draupnir and help them diagnose startup issues.

Deprecated

• Starting Draupnir without the --draupnir-config option will cause a deprecation warning.

Removed

• The spurious warnings about not being able to find a config file when the --draupnir-config option was used have been been removed.

• The documentation for the WordListProtection in the configuration file claimed that regexes where supported when this wasn't the case. Removed by @FSG-Cat in https://github.com/the-draupnir-project/Draupnir/pull/600. We will rewrite this protection entirely at a later date.

Fixed

• Fixed a bug where sometimes the help command wouldn't show if --keyword or options were used in an unrecognized command.

Versions v2.0.0-beta.7 and prior

Please see Releases for more information.