chore: Release

CHANGELOG.md

@@ -1,3 +1,28 @@
+# Continuwuity 0.5.2 (2026-01-09)
+
+## Features
+
+- Added support for issuing additional registration tokens, stored in the database, which supplement the existing registration token hardcoded in the config file. These tokens may optionally expire after a certain number of uses or after a certain amount of time has passed. Additionally, the `registration_token_file` configuration option is superseded by this feature and **has been removed**. Use the new `!admin token` command family to manage registration tokens. Contributed by @ginger (#783).
+- Implemented a configuration defined admin list independent of the admin room. Contributed by @Terryiscool160. (#1253)
+- Added support for invite and join anti-spam via Draupnir and Meowlnir, similar to that of synapse-http-antispam. Contributed by @nex. (#1263)
+- Implemented account locking functionality, to complement user suspension. Contributed by @nex. (#1266)
+- Added admin command to forcefully log out all of a user's existing sessions. Contributed by @nex. (#1271)
+- Implemented toggling the ability for an account to log in without mutating any of its data. Contributed by @nex. (#1272)
+- Add support for custom room create event timestamps, to allow generating custom prefixes in hashed room IDs. Contributed by @nex. (#1277)
+- Certain potentially dangerous admin commands are now restricted to only be usable in the admin room and server console. Contributed by @ginger.
+
+## Bugfixes
+
+- Fixed unreliable room summary fetching and improved error messages. Contributed by @nex. (#1257)
+- Client requested timeout parameter is now applied to e2ee key lookups and claims. Related federation requests are now also concurrent. Contributed by @nex. (#1261)
+- Fixed the whoami endpoint returning HTTP 404 instead of HTTP 403, which confused some appservices. Contributed by @nex. (#1276)
+
+## Misc
+
+- The `console` feature is now enabled by default, allowing the server console to be used for running admin commands directly. To automatically open the console on startup, set the `admin_console_automatic` config option to `true`. Contributed by @ginger.
+- We now (finally) document our container image mirrors. Contributed by @Jade
+
+
 # Continuwuity 0.5.0 (2025-12-30)
 
 **This release contains a CRITICAL vulnerability patch, and you must update as soon as possible**

Cargo.lock

@@ -940,7 +940,7 @@ dependencies = [
 
 [[package]]
 name = "conduwuit"
-version = "0.5.1"
+version = "0.5.2"
 dependencies = [
  "clap",
  "conduwuit_admin",
@@ -972,7 +972,7 @@ dependencies = [
 
 [[package]]
 name = "conduwuit_admin"
-version = "0.5.1"
+version = "0.5.2"
 dependencies = [
  "clap",
  "conduwuit_api",
@@ -994,7 +994,7 @@ dependencies = [
 
 [[package]]
 name = "conduwuit_api"
-version = "0.5.1"
+version = "0.5.2"
 dependencies = [
  "async-trait",
  "axum 0.7.9",
@@ -1027,14 +1027,14 @@ dependencies = [
 
 [[package]]
 name = "conduwuit_build_metadata"
-version = "0.5.1"
+version = "0.5.2"
 dependencies = [
  "built",
 ]
 
 [[package]]
 name = "conduwuit_core"
-version = "0.5.1"
+version = "0.5.2"
 dependencies = [
  "argon2",
  "arrayvec",
@@ -1095,7 +1095,7 @@ dependencies = [
 
 [[package]]
 name = "conduwuit_database"
-version = "0.5.1"
+version = "0.5.2"
 dependencies = [
  "async-channel",
  "conduwuit_core",
@@ -1114,7 +1114,7 @@ dependencies = [
 
 [[package]]
 name = "conduwuit_macros"
-version = "0.5.1"
+version = "0.5.2"
 dependencies = [
  "itertools 0.14.0",
  "proc-macro2",
@@ -1124,7 +1124,7 @@ dependencies = [
 
 [[package]]
 name = "conduwuit_router"
-version = "0.5.1"
+version = "0.5.2"
 dependencies = [
  "axum 0.7.9",
  "axum-client-ip",
@@ -1159,7 +1159,7 @@ dependencies = [
 
 [[package]]
 name = "conduwuit_service"
-version = "0.5.1"
+version = "0.5.2"
 dependencies = [
  "async-trait",
  "base64 0.22.1",
@@ -1200,7 +1200,7 @@ dependencies = [
 
 [[package]]
 name = "conduwuit_web"
-version = "0.5.1"
+version = "0.5.2"
 dependencies = [
  "askama",
  "axum 0.7.9",
@@ -1635,7 +1635,7 @@ dependencies = [
 [[package]]
 name = "draupnir-antispam"
 version = "0.1.0"
-source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=79abd5d331bca596b7f37e367a9f2cebccd9f64d#79abd5d331bca596b7f37e367a9f2cebccd9f64d"
+source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=f9e74cb206cfa45cf5f17d39282253b43a15fcd5#f9e74cb206cfa45cf5f17d39282253b43a15fcd5"
 dependencies = [
  "ruma-common",
  "serde",
@@ -2995,7 +2995,7 @@ checksum = "f52b00d39961fc5b2736ea853c9cc86238e165017a493d1d5c8eac6bdc4cc273"
 [[package]]
 name = "meowlnir-antispam"
 version = "0.1.0"
-source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=79abd5d331bca596b7f37e367a9f2cebccd9f64d#79abd5d331bca596b7f37e367a9f2cebccd9f64d"
+source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=f9e74cb206cfa45cf5f17d39282253b43a15fcd5#f9e74cb206cfa45cf5f17d39282253b43a15fcd5"
 dependencies = [
  "ruma-common",
  "serde",
@@ -4085,7 +4085,7 @@ checksum = "88f8660c1ff60292143c98d08fc6e2f654d722db50410e3f3797d40baaf9d8f3"
 [[package]]
 name = "ruma"
 version = "0.10.1"
-source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=79abd5d331bca596b7f37e367a9f2cebccd9f64d#79abd5d331bca596b7f37e367a9f2cebccd9f64d"
+source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=f9e74cb206cfa45cf5f17d39282253b43a15fcd5#f9e74cb206cfa45cf5f17d39282253b43a15fcd5"
 dependencies = [
  "assign",
  "draupnir-antispam",
@@ -4107,7 +4107,7 @@ dependencies = [
 [[package]]
 name = "ruma-appservice-api"
 version = "0.10.0"
-source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=79abd5d331bca596b7f37e367a9f2cebccd9f64d#79abd5d331bca596b7f37e367a9f2cebccd9f64d"
+source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=f9e74cb206cfa45cf5f17d39282253b43a15fcd5#f9e74cb206cfa45cf5f17d39282253b43a15fcd5"
 dependencies = [
  "js_int",
  "ruma-common",
@@ -4119,7 +4119,7 @@ dependencies = [
 [[package]]
 name = "ruma-client-api"
 version = "0.18.0"
-source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=79abd5d331bca596b7f37e367a9f2cebccd9f64d#79abd5d331bca596b7f37e367a9f2cebccd9f64d"
+source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=f9e74cb206cfa45cf5f17d39282253b43a15fcd5#f9e74cb206cfa45cf5f17d39282253b43a15fcd5"
 dependencies = [
  "as_variant",
  "assign",
@@ -4142,7 +4142,7 @@ dependencies = [
 [[package]]
 name = "ruma-common"
 version = "0.13.0"
-source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=79abd5d331bca596b7f37e367a9f2cebccd9f64d#79abd5d331bca596b7f37e367a9f2cebccd9f64d"
+source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=f9e74cb206cfa45cf5f17d39282253b43a15fcd5#f9e74cb206cfa45cf5f17d39282253b43a15fcd5"
 dependencies = [
  "as_variant",
  "base64 0.22.1",
@@ -4174,7 +4174,7 @@ dependencies = [
 [[package]]
 name = "ruma-events"
 version = "0.28.1"
-source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=79abd5d331bca596b7f37e367a9f2cebccd9f64d#79abd5d331bca596b7f37e367a9f2cebccd9f64d"
+source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=f9e74cb206cfa45cf5f17d39282253b43a15fcd5#f9e74cb206cfa45cf5f17d39282253b43a15fcd5"
 dependencies = [
  "as_variant",
  "indexmap",
@@ -4199,7 +4199,7 @@ dependencies = [
 [[package]]
 name = "ruma-federation-api"
 version = "0.9.0"
-source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=79abd5d331bca596b7f37e367a9f2cebccd9f64d#79abd5d331bca596b7f37e367a9f2cebccd9f64d"
+source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=f9e74cb206cfa45cf5f17d39282253b43a15fcd5#f9e74cb206cfa45cf5f17d39282253b43a15fcd5"
 dependencies = [
  "bytes",
  "headers",
@@ -4221,7 +4221,7 @@ dependencies = [
 [[package]]
 name = "ruma-identifiers-validation"
 version = "0.9.5"
-source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=79abd5d331bca596b7f37e367a9f2cebccd9f64d#79abd5d331bca596b7f37e367a9f2cebccd9f64d"
+source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=f9e74cb206cfa45cf5f17d39282253b43a15fcd5#f9e74cb206cfa45cf5f17d39282253b43a15fcd5"
 dependencies = [
  "js_int",
  "thiserror 2.0.17",
@@ -4230,7 +4230,7 @@ dependencies = [
 [[package]]
 name = "ruma-identity-service-api"
 version = "0.9.0"
-source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=79abd5d331bca596b7f37e367a9f2cebccd9f64d#79abd5d331bca596b7f37e367a9f2cebccd9f64d"
+source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=f9e74cb206cfa45cf5f17d39282253b43a15fcd5#f9e74cb206cfa45cf5f17d39282253b43a15fcd5"
 dependencies = [
  "js_int",
  "ruma-common",
@@ -4240,7 +4240,7 @@ dependencies = [
 [[package]]
 name = "ruma-macros"
 version = "0.13.0"
-source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=79abd5d331bca596b7f37e367a9f2cebccd9f64d#79abd5d331bca596b7f37e367a9f2cebccd9f64d"
+source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=f9e74cb206cfa45cf5f17d39282253b43a15fcd5#f9e74cb206cfa45cf5f17d39282253b43a15fcd5"
 dependencies = [
  "cfg-if",
  "proc-macro-crate",
@@ -4255,7 +4255,7 @@ dependencies = [
 [[package]]
 name = "ruma-push-gateway-api"
 version = "0.9.0"
-source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=79abd5d331bca596b7f37e367a9f2cebccd9f64d#79abd5d331bca596b7f37e367a9f2cebccd9f64d"
+source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=f9e74cb206cfa45cf5f17d39282253b43a15fcd5#f9e74cb206cfa45cf5f17d39282253b43a15fcd5"
 dependencies = [
  "js_int",
  "ruma-common",
@@ -4267,7 +4267,7 @@ dependencies = [
 [[package]]
 name = "ruma-signatures"
 version = "0.15.0"
-source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=79abd5d331bca596b7f37e367a9f2cebccd9f64d#79abd5d331bca596b7f37e367a9f2cebccd9f64d"
+source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=f9e74cb206cfa45cf5f17d39282253b43a15fcd5#f9e74cb206cfa45cf5f17d39282253b43a15fcd5"
 dependencies = [
  "base64 0.22.1",
  "ed25519-dalek",
@@ -6228,7 +6228,7 @@ dependencies = [
 
 [[package]]
 name = "xtask"
-version = "0.5.1"
+version = "0.5.2"
 dependencies = [
  "clap",
  "serde",
@@ -6237,7 +6237,7 @@ dependencies = [
 
 [[package]]
 name = "xtask-generate-commands"
-version = "0.5.1"
+version = "0.5.2"
 dependencies = [
  "clap-markdown",
  "clap_builder",

Cargo.toml

@@ -12,7 +12,7 @@ license = "Apache-2.0"
 # See also `rust-toolchain.toml`
 readme = "README.md"
 repository = "https://forgejo.ellis.link/continuwuation/continuwuity"
-version = "0.5.1"
+version = "0.5.2"
 
 [workspace.metadata.crane]
 name = "conduwuit"
@@ -342,7 +342,7 @@ version = "0.1.2"
 # Used for matrix spec type definitions and helpers
 [workspace.dependencies.ruma]
 git = "https://forgejo.ellis.link/continuwuation/ruwuma"
-rev = "79abd5d331bca596b7f37e367a9f2cebccd9f64d"
+rev = "f9e74cb206cfa45cf5f17d39282253b43a15fcd5"
 features = [
     "compat",
     "rand",
@@ -840,7 +840,7 @@ unknown_lints = "allow"
 ###################
 cargo = { level = "warn", priority = -1 }
 # Nobody except for us should be consuming these crates, they don't need metadata
-cargo_common_metadata = { level = "allow"}
+cargo_common_metadata = { level = "allow" }
 
 ## some sadness
 multiple_crate_versions = { level = "allow", priority = 1 }

changelog.d/+6de5f7b2.misc.md

@@ -1 +0,0 @@
-The `console` feature is now enabled by default, allowing the server console to be used for running admin commands directly.

changelog.d/+f4a756d9.feature.md

@@ -1 +0,0 @@
-Certain potentially dangerous admin commands are now restricted to only be usable in the admin room and server console.

changelog.d/1253.feature

@@ -1 +0,0 @@
-Implemented a configuration defined admin list independent of the admin room. (@Terryiscool160).

changelog.d/1257.bugfix

@@ -1 +0,0 @@
-Fixed unreliable room summary fetching and improved error messages. Contributed by @nex.

changelog.d/1261.bugfix

@@ -1,2 +0,0 @@
-Client requested timeout parameter is now applied to e2ee key lookups and claims. Related federation requests are now
-also concurrent. Contributed by @nex.

changelog.d/1263.feature

@@ -1,2 +0,0 @@
-Added support for invite and join anti-spam via Draupnir and Meowlnir, similar to that of synapse-http-antispam.
-Contributed by @nex.

changelog.d/1266.feature

@@ -1 +0,0 @@
-Implemented account locking functionality, to complement user suspension. Contributed by @nex.

changelog.d/1271.feature

@@ -1 +0,0 @@
-Added admin command to forcefully log out all of a user's existing sessions. Contributed by @nex.

changelog.d/1272.feature

@@ -1 +0,0 @@
-Implemented toggling the ability for an account to log in without mutating any of its data. Contributed by @nex.

changelog.d/783.feature.md

@@ -1 +0,0 @@
-Added support for issuing additional registration tokens, stored in the database, which supplement the existing registration token hardcoded in the config file. These tokens may optionally expire after a certain number of uses or after a certain amount of time has passed. Additionally, the `registration_token_file` configuration option is superseded by this feature and **has been removed**.

src/api/client/account.rs

@@ -724,7 +724,7 @@ pub(crate) async fn change_password_route(
 	Ok(change_password::v3::Response {})
 }
 
-/// # `GET _matrix/client/r0/account/whoami`
+/// # `GET /_matrix/client/v3/account/whoami`
 ///
 /// Get `user_id` of the sender user.
 ///
@@ -733,11 +733,17 @@ pub(crate) async fn whoami_route(
 	State(services): State<crate::State>,
 	body: Ruma<whoami::v3::Request>,
 ) -> Result<whoami::v3::Response> {
+	let is_guest = services
+		.users
+		.is_deactivated(body.sender_user())
+		.await
+		.map_err(|_| {
+			err!(Request(Forbidden("Application service has not registered this user.")))
+		})? && body.appservice_info.is_none();
 	Ok(whoami::v3::Response {
 		user_id: body.sender_user().to_owned(),
 		device_id: body.sender_device.clone(),
-		is_guest: services.users.is_deactivated(body.sender_user()).await?
-			&& body.appservice_info.is_none(),
+		is_guest,
 	})
 }
 

src/api/client/room/create.rs

@@ -238,6 +238,7 @@ pub(crate) async fn create_room_route(
 				event_type: TimelineEventType::RoomCreate,
 				content: to_raw_value(&create_content)?,
 				state_key: Some(StateKey::new()),
+				timestamp: body.origin_server_ts,
 				..Default::default()
 			},
 			sender_user,
@@ -256,6 +257,14 @@ pub(crate) async fn create_room_route(
 		},
 	};
 	drop(state_lock);
+	if let Some(expected_room_id) = body.room_id.as_ref() {
+		if expected_room_id.as_str() != room_id.as_str() {
+			return Err!(Request(InvalidParam(
+				"Custom room ID {expected_room_id} does not match the generated room ID \
+				 {room_id}.",
+			)));
+		}
+	}
 	debug!("Room created with ID {room_id}");
 	let state_lock = services.rooms.state.mutex.lock(&room_id).await;
 

src/service/rooms/event_handler/handle_incoming_pdu.rs

@@ -131,10 +131,6 @@ pub async fn handle_incoming_pdu<'a>(
 		.await?
 		.origin_server_ts();
 
-	if incoming_pdu.origin_server_ts() < first_ts_in_room {
-		return Ok(None);
-	}
-
 	// 9. Fetch any missing prev events doing all checks listed here starting at 1.
 	//    These are timeline events
 	let (sorted_prev_events, mut eventid_info) = self

src/service/rooms/timeline/create.rs

@@ -15,7 +15,6 @@
 use ruma::{
 	CanonicalJsonObject, CanonicalJsonValue, OwnedEventId, OwnedRoomId, RoomId, RoomVersionId,
 	UserId,
-	canonical_json::to_canonical_value,
 	events::{StateEventType, TimelineEventType, room::create::RoomCreateEventContent},
 	uint,
 };
@@ -210,7 +209,7 @@ fn from_evt(
 		} else {
 			Some(to_raw_value(&unsigned)?)
 		},
-		hashes: EventHash { sha256: "aaa".to_owned() },
+		hashes: EventHash { sha256: String::new() },
 		signatures: None,
 	};
 
@@ -269,12 +268,6 @@ fn from_evt(
 		},
 	}
 
-	pdu_json.insert(
-		"origin".to_owned(),
-		to_canonical_value(self.services.globals.server_name())
-			.expect("server name is a valid CanonicalJsonValue"),
-	);
-
 	trace!("hashing and signing event {}", pdu.event_id);
 	if let Err(e) = self
 		.services