Skip to content

7.13.0

Latest
Latest

Choose a tag to compare

View all tags
@rocketchat-github-ci rocketchat-github-ci released this 05 Dec 01:47
· 62 commits to develop since this release
7.13.0
98c9d57

Summary

What's new

This release introduces foundational infrastructure for upcoming Attribute-Based Access Control (ABAC), with the key addition being the ability for admins to create, edit, and delete room attributes that will later power ABAC rules. It also rolls out a unified v2 encryption model across platforms, strengthens password requirements, adopts authenticated encryption for new data, improves key handling, and adds versioning to support a smooth transition, while the web password reset flow now enforces stronger custom passwords with automatic passphrases planned later. Voice calling received major upgrades, including better extension support in autocomplete, clearer transfer and DTMF behavior, presence-aware call UI, improved client session reliability, and a new Drachtio image underpinning the updated stack, plus real-time call state synchronization for all participants and automatic call summary blocks posted to the correct DM after calls end. Additionally, the expandable message composer preview item was stabilized ahead of the 8.0.0 release, and the livechat:saveUnit API method was prepared for deprecation to align with the new 8.0.0 architecture.

Bug fixes

The batch of fixes in this release improves stability across voice, teams, security, and UI. Voice calling bugs were addressed (missing buttons on small screens, LDAP extension sync, transfer restrictions, WebRTC renegotiation conflicts, and correct call summary labeling). Team deletion now properly removes associated teams when their main room is deleted, edited canned responses remain visible with consistent API behavior, and Outlook Windows notifications now show correct timestamps. Regressions were fixed for private channel Directory search and inconsistent favicons, multiple Email 2FA and TOTP edge cases were resolved, and Enhanced Navigation sidebar behavior was tightened. Other improvements include more reliable lead capture, corrected Omnichannel tag labels, safer delete confirmation handling, proper saving of cleared Bio fields, controlled room deletion with full cleanup/events, and correct editing of encrypted attachment descriptions.

For further details, check out the release notes.

Details

Engine versions

  • Node: 22.16.0
  • Deno: 1.43.5
  • MongoDB: 5, 6, 7, 8
  • Apps-Engine: 1.58.0

Minor Changes

  • (#37327) Adds complexity requirements to end-to-end encryption passphrase

  • (#36807 by @tiagoevanp) Adds a deletedRooms field to the users.delete endpoint response, indicating which rooms were deleted as part of the user deletion process.

  • (#37547) Adds the getUserRoomIds method to the UserRead accessor in the Apps-Engine, graduating it from the experimental bridge to the stable user bridge.

  • (#37368) Allows users to enable TOTP-based two factor authentication without requiring a verified email address.

  • (#37119 by @ergot-rp) Adds missing legend for fieldset in profile page to meet WCAG compliance

  • (#37524) Moves the expandable message composer out of feature preview

  • (#37378) Introduces in-chat messages for when a voice call ends

  • (#37276) Disables the delete message confirmation button to prevent the action from being triggered while the request is in progress

  • (#37318) Fixes the time display in calendar event notifications by converting the UTC time to the local time.

  • (#37167) Changes a behavior that would store the result of every status transition that happened to apps

    This caused intermediate status to be saved to the database, which could prevent apps from being restored to the desired status when restarted or during server startup.

  • (#37245) Replaces old Assign Extension button and modal by introducing a proper input in the user edit form.

  • (#37505) Introduces a new user preference to enable/disable desktop voice call notifications.

  • (#36807 by @tiagoevanp) Fix issue where a team would become orphaned when its last owner was deleted.

  • (#37134 by @ergot-rp) Adds missing legend for fieldset in accessibility page to meet WCAG compliance

  • (#36308 by @sandranymark) Improves inline error in report message modal to meet WCAG compliance.

  • (#37313) Includes the voice call extension to the users.autocomplete endpoint resulting users properties

  • (#37250) Updates AutoTranslate to fetch supported languages dynamically from DeepL API.

Patch Changes

Assets 2
Loading