2 weeks after the last update at the Website & Content Working Group we have some new updates worth mentioning:
The new ecosystem page listing distributions has landed!
We consider a Matrix distribution a collection of software related to Matrix that is deployed and automatically configured so the different pieces integrate with one another. Click the link to find some examples!
In organisational news, you may have noticed the Working Group is not just called "Website", but "Website & Content". This is because the WG is not only responsible for making sure the website works on a technical level, but also maintaining its content. Of course this also includes making sure that any contributions to the website are as good as they can reasonably be. One of our first big topics behind the scenes was thus the creation of the Review & Publishing Policy to try and set a bar we think we can meet, and as well as expectations that Working Group and contributors may assume of each other. The Governing Board has recommended to the Foundation to approve this policy, and it is now added to our repository's CONTRIBUTING.md alongside the already existing guidelines!
Next step: set up GitHub to support as much of this as possible with automation.
Of course that's only the big news. For the rest, check our commitlog or follow the Hookshot announcements in our public room #matrix.org-website:matrix.org!
This week we're delighted to welcome a new Associate Member to the Foundation: the Moonlight Institute!
Does your community or nonprofit use Matrix, or advocate for free and open source software, interoperability, privacy, or decentralisation? Join us for free as an Associate Member to show your support and participate in the open governance of Matrix.
Here's your weekly spec update! The heart of Matrix is the specification - and this is modified by Matrix Spec Change (MSC) proposals. Learn more about how the process works at https://spec.matrix.org/proposals.
Today’s Matrix 1.16 release brings two major features to the protocol: extensible profiles and room version 12 from Project Hydra! With room version 12, users should see fewer “state resets” and a clearer hierarchy for power levels in the room. The Project Hydra blog post covers the changes in more detail, so this post will focus on extensible profiles and our plan for Matrix 2.0.
As always, the full changelog and descriptions of the 9 MSCs released today is at the end of this post.
Hi all, we here at Element Towers recently ran a two day hackathon called “How Hard Can It Be?”. The idea being to try out a bunch of ideas that we’ve been noodling on. At the end of the event we ran a demos session and we thought we’d share the video with you.
This is the first time we’ve run an event like this, but it certainly won’t be the last. I’ve also been talking with Yan about the idea of expanding it to be Matrix wide, so anyone can get involved. Watch this space.
Disclaimer: Don't get too excited, it was just a two day hackathon, so everything you see is very much at the poc stage. Though, we may pick a few up in the coming months and ship for real.
Super exciting to see the European Commission soft-launch their first official Matrix Server (https://mathstodon.xyz/@Pol/115173504011566267), powered by Element Server Suite. Watch this space for more info :D
This week I'm excited to share some quick transparency update from the Governing Board. Together with the Website & Content Working Group, we have updated the Governing Board area of the matrix.org homepage, adding more info about the Governing Board's current Committees! We have mentioned the Committees before and named them on the website. The Committee names are mostly speaking for themselves, but one of the goals in open governance is transparency, not guessing. 😉 So we have just added a new subpage at https://matrix.org/foundation/governing-board/committees/ where you can now find each Committee's charter, members, and meeting schedule.
We have also tweaked the main Governing Board page, restructuring the info about the elected representatives and chairs visually to be easier to grasp in the context of Foundation member constituencies and Committees respectively. Give it a whirl, and as always hit us with any questions about the Governing Board over at the #governing-board-office:matrix.org!
Due to things going on which I can't get into, I will not take new applications to Draupnir4All. Additionally, I plan to shut down the system at the end of the year. I suggest looking for alternatives, as I am unlikely to extend this timeframe.
I am at this time not aware of alternatives beyond selfhosting a draupnir. Draupnir4All is selfhostable by anyone via the appservice module of draupnir however.
We (Cat, Sky and I) are setting up a new server to help replace MTRNord's Draupnir4All service. Asgard will offer both Meowlnir and Draupnir instances to room admins who need a moderation bot, but can't host one themselves (or who want a secondary bot as backup). Expect more news in the coming weeks.
Please join me in welcoming the newest members of the Foundation! FlatTurtle has joined as a Silver Member, and c-base has joined as an Associate Member. We're grateful for their support!
Does your community or organisation use Matrix? Do you maintain an open source project that builds on Matrix? Join these organisations in demonstrating their support and apply to become a member today.
Today, Cat and Sky want to formally launch Muninn Hall.
Muninn Hall is a new community for public Matrix homeserver staff, from administrators to custodial and janitorial moderators.
We want to provide a space to pool knowledge, collaborate, and support each other in the efforts of running publix Matrix homeservers. This can range from Trust & Safety, systems administration, or general community management.
Why Muninn Hall?
While there are various Matrix rooms that may look similar to what we aim to do, we couldnt find anything with a comparable concept yet.
The plan is to:
meet in the Matrix space for easy exchange and coordination between each other
have the main Muninn Hall website where we want to pool all kinds of relevant documentation regarding public Matrix homeservers
publish blogs like Introducing Muninn Hall, or maybe a homeserver admin sharing their experiences with $topic
Here's your weekly spec update! The heart of Matrix is the specification - and this is modified by Matrix Spec Change (MSC) proposals. Learn more about how the process works at https://spec.matrix.org/proposals.
This big news this week is the Project Hydra coordinated security release. On August 11th, 2025, updated homeserver implementations were put out to address the vulnerabilities. And the following Thursday, August 14th, the associated spec updates were put out as well (which divulge further details).
The largest part of this is the new Room Version 12, which had a spec PR merged on the same. It explains the changes servers and clients need to make to address the vulnerabilities.
The relevant MSCs and spec PRs were merged and homeserver and client implementations should have already (or should do now if they haven't) updated to support the new changes. However, the changes to the spec won't actually appear in a new spec release until the next release cycle, keeping in line with the usual spec process. The next release is due to go out in the next few weeks as we approach the end of Q3 2025.
On July 16th 2025 we issued a pre-disclosure for vulnerabilities in the federation protocol, and announced new releases of Matrix homeservers on Mon August 11. Today we are ending the embargo and disclosing the remaining MSCs. This post will go into more detail about the changes and what led up to them.
This project has the codename “Hydra” and is an ongoing exercise in improving the security of the federation protocol. Given the security-sensitive nature of this work, it was done under embargo by the backend team at Element, the Matrix.org Security Team, the Spec Core Team, alongside Timo Kösters (who privately reported a related vulnerability, helping jumpstart the project) and Florian Jacob (at Karlsruher Institut für Technologie). The work was subsequently shared, reviewed and MSC’d under embargo with maintainers of all known Matrix homeserver implementations which implement State Resolution 2.0 on June 13th, so they could prepare for the coordinated release on August 11. We have then given server admins 3 more days to upgrade before lifting the embargo and disclosing the vulnerability details here.
This entire process has been highly unusual for the ecosystem, and it’s unfortunate that we were unable to make these changes out in the open. Where possible, we moved to release redacted versions of the MSCs as soon as we were comfortable from a security perspective (e.g. releasing MSC4289 and MSC4291 ahead of time, with redacted sections). Furthermore, we’d like to apologise for the disruption in landing a new stable room version and specification release with immediate effect rather than allowing for a period of public review. Going forwards, normal MSC work will continue in public as it ever has, along with normal on-cycle specification releases.
Last month we issued a Pre-disclosure: Upcoming coordinated security fix for all Matrix server implementations, describing a coordinated release to fix two high severity protocol vulnerabilities (CVE-2025-49090; the other not yet allocated a CVE). That release is now available as of 17:00 UTC on August 11, 2025. Server updates are now available, and MSCs & spec updates will follow on Thursday, August 14, 2025, bringing us to version 1.16 of the spec later in the month, and introducing room version 12.
